From 020a99f864cc9350ea38494ab0d182bb4630f29c Mon Sep 17 00:00:00 2001
From: Manuel Abascal <mjabascal10@gmail.com>
Date: Mon, 3 Mar 2025 09:53:43 -0600
Subject: [PATCH 01/13] feat: add compliance reports

---
 .../20250227001_add_compliance_report.xml     | 1460 +++++++++++++++++
 .../resources/config/liquibase/master.xml     |    2 +-
 2 files changed, 1461 insertions(+), 1 deletion(-)
 create mode 100644 backend/src/main/resources/config/liquibase/changelog/20250227001_add_compliance_report.xml

diff --git a/backend/src/main/resources/config/liquibase/changelog/20250227001_add_compliance_report.xml b/backend/src/main/resources/config/liquibase/changelog/20250227001_add_compliance_report.xml
new file mode 100644
index 000000000..7aef8cffa
--- /dev/null
+++ b/backend/src/main/resources/config/liquibase/changelog/20250227001_add_compliance_report.xml
@@ -0,0 +1,1460 @@
+<?xml version="1.0" encoding="utf-8"?>
+<databaseChangeLog
+        xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd">
+
+    <changeSet id="20250127001" author="Manuel">
+
+        <sql dbms="postgresql" splitStatements="true" stripComments="true">
+            <![CDATA[
+                ALTER TABLE utm_menu DROP CONSTRAINT fk_dashboard_id;
+                ALTER TABLE utm_dashboard_visualization DROP CONSTRAINT fk_visualization_id;
+                ALTER TABLE utm_dashboard_visualization DROP CONSTRAINT fk_dashboard_id;
+            ]]>
+        </sql>
+
+        <sql dbms="postgresql" splitStatements="true" stripComments="true">
+            <![CDATA[
+
+                -- ##################################################################
+                -- # Delete old records into the utm_visualization table
+                -- ##################################################################
+                    DELETE from utm_visualization where id < 1000000;
+
+                -- ##################################################################
+                -- # Insert new records into the utm_visualization table
+                -- ##################################################################
+
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (49, 'O365 SharePoint File Access', null, '2023-03-13 20:21:55.192000', '2021-11-03 21:32:59.120000', 'system', null, null, '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"EXIST","field":"logx.o365.Operation.keyword"},{"operator":"IS","field":"logx.o365.Workload.keyword","value":"SharePoint"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Count"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.Operation.keyword","customLabel":"File Access operation","terms":{"sortBy":"_count","asc":false,"size":5}}}', 'log-o365-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (58, 'O365 Exchange Top Phish Target', null, '2023-03-13 20:21:55.194000', '2021-11-03 21:32:59.111000', 'system', null, null, '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{"top":0,"right":0,"left":"0","bottom":0}}', 'PIE_CHART', '[{"operator":"IS","field":"logx.o365.Verdict.keyword","value":"Phish"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Count"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.Recipients.keyword","customLabel":"User","terms":{"sortBy":"_count","asc":false,"size":5}}}', 'log-o365-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (60, 'O365 Alerts by Category', null, '2023-03-13 20:21:55.226000', '2021-11-03 21:32:59.114000', 'system', null, null, '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.85)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":"1","name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS","field":"dataType.keyword","value":"o365"}]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Count"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"category.keyword","customLabel":"Alerts","terms":{"sortBy":"_count","asc":false,"size":5}}}', 'alert-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (66, 'O365 Top 5 Exchange Operations', null, '2023-03-13 20:21:54.670000', '2021-11-03 21:32:59.129000', 'system', null, null, '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{"top":0,"right":0,"left":0,"bottom":0}}', 'PIE_CHART', '[{"operator":"IS","field":"logx.o365.Workload.keyword","value":"Exchange"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Count"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.Operation.keyword","customLabel":"Operations","terms":{"sortBy":"_count","asc":false,"size":5}}}', 'log-o365-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (468, 'O365 Top 5 events by Source', null, '2023-03-13 20:21:55.197000', '2023-02-04 18:36:11.967000', 'system', null, null, '{"pieType":"pie","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"O365 Logs by Source"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.Workload.keyword","customLabel":"Log Source","terms":{"sortBy":"_count","asc":false,"size":5}}}', 'log-o365-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (475, 'O365 SharePoint Top Operations', null, '2023-03-13 20:21:55.300000', '2021-07-23 16:24:08.289000', 'system', null, null, '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.85)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS","field":"logx.o365.Workload.keyword","value":"SharePoint"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Count"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.o365.Operation.keyword","customLabel":"Operation","terms":{"sortBy":"_count","asc":false,"size":10}}}', 'log-o365-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (480, 'VMWare Event by Severity', null, '2023-03-13 20:21:55.308000', '2023-02-04 19:43:55.253000', 'system', null, null, '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-7d","now"]}]', 24, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"level.keyword","customLabel":"Level","terms":{"sortBy":"_count","asc":false,"size":10}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (481, 'VMware Event Count Over Time', null, '2023-03-13 20:21:55.309000', '2023-02-04 19:42:40.336000', 'system', null, null, '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":"1","name":"","type":"line","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'LINE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-7d","now"]}]', 24, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"DATE_HISTOGRAM","type":"AXIS","field":"@timestamp","customLabel":"Dayli","dateHistogram":{"interval":"1d"}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (484, 'VMware Top 5 Hosts by Event Count', null, '2023-03-13 20:21:55.318000', '2023-02-04 19:45:13.221000', 'system', null, null, '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-7d","now"]}]', 24, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"dataSource.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (508, 'AWS IAM User Activity per Hour', null, '2023-03-13 20:21:55.388000', '2023-02-21 22:06:02.152000', 'system', null, null, '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":"1","name":"","type":"line","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]},"itemStyle":{"normal":{"areaStyle":{"type":"mint","normal":{"opacity":0.25}}}}}],"series":[]}', 'AREA_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-7d","now"]},{"operator":"IS","field":"logx.aws.userIdentity.type.keyword","value":"IAMUser"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"DATE_HISTOGRAM","type":"AXIS","field":"@timestamp","customLabel":"Events per hour","dateHistogram":{"interval":"1h"}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (509, 'AWS Events Over Time', null, '2023-03-13 20:21:55.392000', '2023-02-21 22:08:23.413000', 'system', null, null, '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":"1","name":"","type":"line","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'LINE_CHART', '[]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Log Count"}],"bucket":{"id":"1000","aggregation":"DATE_HISTOGRAM","type":"AXIS","field":"@timestamp","customLabel":"AWS Activity","dateHistogram":{"interval":"60m"}}}', 'log-aws-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (514, 'WAF Events Over Time', null, '2023-03-13 20:21:55.408000', null, 'system', null, null, '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":"1","name":"","type":"line","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'LINE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-24H","now"]}]', 11, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Attacks"}],"bucket":{"id":"1000","aggregation":"DATE_HISTOGRAM","type":"AXIS","field":"@timestamp","customLabel":"","dateHistogram":{"interval":"1h"}}}', 'log-azure-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (536, 'O365 AD Top Users by Activity', null, '2023-03-13 20:21:55.463000', null, 'system', null, null, '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":"1","name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Count"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.o365.UserId.keyword","customLabel":"Users","terms":{"sortBy":"_count","asc":false,"size":10}}}', 'log-o365-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (542, 'AWS User Activity', '', '2023-07-29 19:28:10.772000', '2023-08-12 17:15:40.143000', 'system', 'system', null, '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'HORIZONTAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Events"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.aws.username.keyword","customLabel":"User name","terms":{"sortBy":"_count","asc":false,"size":1000}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (549, 'Traffic by LINUX Logs', '', '2023-08-12 17:14:54.485000', null, 'system', null, null, '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"line","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]},"itemStyle":{"normal":{"areaStyle":{"type":"mint","normal":{"opacity":0.25}}}}}],"series":[]}', 'AREA_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-24h","now"]}]', 39, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"DATE_HISTOGRAM","type":"AXIS","field":"@timestamp","customLabel":"","dateHistogram":{"interval":"1h"}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (551, 'Top Process run with administrator privileges', '', '2023-08-12 17:14:54.497000', null, 'system', null, null, '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-7d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4688"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.NewProcessName.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (554, 'Top Severity in O365', '', '2023-08-12 17:14:54.510000', null, 'system', null, null, '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.o365.Severity.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (555, 'Windows Alerts by category', 'Windows Alerts by category', '2023-08-12 17:14:54.513000', null, 'system', null, null, '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-24h","now"]},{"operator":"IS","field":"dataType.keyword","value":"wineventlog"}]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Count"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"category.keyword","customLabel":"Category","terms":{"sortBy":"_count","asc":false,"size":10}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (557, 'Top Operation in Azure', '', '2023-08-12 17:14:54.525000', null, 'system', null, null, '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-24h","now"]},{"operator":"IS","field":"dataType.keyword","value":"azure"}]', 11, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.azure.operationName.keyword","customLabel":"Operation","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (558, 'Top users access Sharepoint', '', '2023-08-12 17:15:08.118000', null, 'system', null, null, '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-24h","now"]},{"operator":"IS","field":"logx.o365.Workload.keyword","value":"SharePoint"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.o365.UserId.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (565, 'CISCO Switch Activity By Host', '', '2023-08-12 17:15:23.176000', null, 'system', null, null, '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]}]', 50, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"host.keyword","customLabel":"Host name","terms":{"sortBy":"_count","asc":false,"size":1000}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (567, 'CISCO ASA Activity by Host', '', '2023-08-12 17:15:23.184000', null, 'system', null, null, '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]}]', 15, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"host.keyword","customLabel":"Host name","terms":{"sortBy":"_count","asc":false,"size":100}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (65, 'o365 Recent attack', 'o365 Recent attack', '2023-03-13 20:21:55.305000', '2021-11-03 21:32:58.452000', 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS","field":"logx.o365.Workload.keyword","value":"ThreatIntelligence"},{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.Verdict.keyword","customLabel":"Attack type","terms":{"sortBy":"_count","asc":false,"size":10}}}', 'log-o365-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (571, 'Azure Operations List', '', '2023-08-12 17:15:40.119000', null, 'system', null, null, '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]}]', 11, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Event Count"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.azure.operationName.keyword","customLabel":"Event Type","terms":{"sortBy":"_count","asc":false,"size":1000}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (576, 'Windows Privilege Escalations Over Time ', '', '2023-08-12 17:17:18.572000', '2023-07-29 18:43:24.952000', 'system', 'system', null, '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":"1","name":"","type":"line","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'LINE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_id","value":["4728","4732","4738","4741","4742","4746","4756","4761","4781","4720","4703"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Event Count"}],"bucket":{"id":"1004","aggregation":"DATE_HISTOGRAM","type":"AXIS","field":"@timestamp","customLabel":"Time","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"User Name","terms":{"sortBy":"_count","asc":false,"size":5}},"dateHistogram":{"interval":"1d"}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (579, 'Windows Logon success by Host', 'Top 10 Logon success', '2023-08-12 17:17:18.584000', '2023-07-29 18:42:55.087000', 'system', 'system', null, '{"pieType":"pie","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_id","value":["4624","4324"]},{"operator":"NOT_ENDS_WITH","field":"logx.wineventlog.event_data.TargetUserName","value":"$"},{"operator":"IS_NOT","field":"logx.wineventlog.event_data.TargetUserName.keyword","value":"-"},{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_data.LogonType.keyword","value":["3","2"]},{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.beat.hostname.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":10}}}', 'LOGX', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (580, 'Windows Failed Logon Attempts by Reason Status', '', '2023-08-12 17:17:18.587000', '2023-07-29 18:42:24.713000', 'system', 'system', null, '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Logon Failure"}],"bucket":{"id":"1001","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.StatusDescription.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (502, 'Windows Event Count', null, '2023-03-13 20:21:55.379000', '2023-02-04 19:13:46.634000', 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-7d","now"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_name.keyword","customLabel":"Events","terms":{"sortBy":"_count","asc":false,"size":100}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (662, 'Windows Account Logoff Count by User', '', '2025-01-07 19:40:48.802080', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@51dc3556', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4634"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"User","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (604, 'Windows Security Events by Category', '', '2025-01-02 01:51:49.264719', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@24aec713', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_id","value":["4722","4723","4725","4726"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_id","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (721, 'Windows Logging Unexpected System Shutdowns', '', '2025-01-16 19:48:45.360725', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@40b14ae6', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"6008"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Event ID","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.level.keyword","customLabel":"Level","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.created","customLabel":"Date","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"Host IP","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.name.keyword","customLabel":"OS","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.source_name.keyword","customLabel":"Source","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.param5.keyword","customLabel":"Process ID","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.mac.keyword","customLabel":"MAC Address","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.record_number","customLabel":"Record Number","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (665, 'Windows Password Reset Attempts', '', '2025-01-07 21:50:10.645579', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@4603ad23', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4724"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserSid.keyword","customLabel":"Subject Security ID","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Subject Account Name","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":"Subject Domain Name","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectLogonId.keyword","customLabel":"Subject Logon ID","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetSid.keyword","customLabel":"Target Security ID","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Target Account Name","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetDomainName.keyword","customLabel":"Target Domain Name","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host Name","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.name.keyword","customLabel":"Host OS","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"Host IP","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1012","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (729, 'Windows Application of Group Policies Errors', '', '2025-01-16 21:33:51.106712', '2025-01-16 21:38:23.187701', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@7560088b', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"1058"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.code.keyword","customLabel":"Event ID","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.created","customLabel":"Date","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"Host IP","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.DCName.keyword","customLabel":" Domain Controller","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ErrorCode.keyword","customLabel":"Error Code","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.FilePath.keyword","customLabel":"File Path","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.user.name.keyword","customLabel":" Affected User","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.name.keyword","customLabel":"OS","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (575, 'Windows Special privileges assigned to new logon', 'Windows Special privileges assigned to new logon', '2023-08-12 17:17:18.569000', '2024-12-30 20:15:05.979366', 'system', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@54a6ae22', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":"1","name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS","field":"logx.wineventlog.event_id","value":"4672"},{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"NOT_ENDS_WITH","field":"logx.wineventlog.event_data.SubjectUserName","value":"$"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":14}}}', 'LOGX', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (613, 'Windows Changes to Defender settings', '', '2025-01-02 05:31:28.224612', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@51263f98', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"5007"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.level.keyword","customLabel":"Event Level","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.created","customLabel":"Event Time","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.source_name.keyword","customLabel":"Event Source","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.message.keyword","customLabel":"Message","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host Name","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"IP Address","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.process_id","customLabel":"Process ID","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.param2.keyword","customLabel":"Network Adapter","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (479, 'VMware Total Events Processed', null, '2023-03-13 20:21:55.306000', '2023-02-04 19:42:03.244000', 'system', null, null, '[]', 'METRIC_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-7d","now"]}]', 24, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}]}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (487, 'Open Alerts Count', null, '2023-03-13 20:21:55.323000', '2023-02-04 15:29:32.896000', 'system', null, null, '[]', 'METRIC_CHART', '[{"operator":"IS","field":"statusLabel.keyword","value":"Open"},{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"isIncident","value":"false"}]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Alerts under Investigation"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"statusLabel.keyword","customLabel":"Total Open Alerts","terms":{"sortBy":"_count","asc":false,"size":5}}}', 'alert-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (702, 'O365 File Access and Activity by Client IP', '', '2025-01-10 05:26:39.140759', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@764c3e3a', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-1y","now"]},{"operator":"IS","field":"logx.o365.Operation","value":"FileTranscriptContentAccessed"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.o365.ClientIP.keyword","customLabel":"Client IP","terms":{"sortBy":"_count","asc":false,"size":100}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (498, 'Total Windows Alert Count', null, '2023-03-13 20:21:55.375000', '2023-02-04 19:12:49.093000', 'system', null, null, '[]', 'METRIC_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-7d","now"]},{"operator":"IS","field":"dataType.keyword","value":"wineventlog"}]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}]}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (503, 'Windows Alerts and Status', null, '2023-03-13 20:21:55.380000', '2025-01-11 00:37:53.658182', 'system', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@51e11d2b', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-7d","now"]},{"operator":"IS_ONE_OF","field":"dataType.keyword","value":["wineventlog"]}]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"name.keyword","customLabel":"Event name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"severityLabel.keyword","customLabel":"Severity","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"statusLabel.keyword","customLabel":"Status","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"category.keyword","customLabel":"Category","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"dataSource.keyword","customLabel":"Source","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"When","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (499, 'Open Windows Alerts', null, '2023-03-13 20:21:55.376000', '2023-02-04 19:11:30.081000', 'system', null, null, '[]', 'METRIC_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-7d","now"]},{"operator":"IS","field":"dataType.keyword","value":"wineventlog"},{"operator":"IS","field":"statusLabel.keyword","value":"Open"}]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}]}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (709, 'AWS GetBucketAcl Logs', '', '2025-01-11 05:16:47.953156', '2025-01-11 05:20:27.771066', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@558bac00', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.aws.eventName.keyword","value":"GetBucketAcl"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventID.keyword","customLabel":"Event ID","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventName.keyword","customLabel":"Event Name","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventTime","customLabel":"Event Time","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.awsRegion.keyword","customLabel":"AWS Region","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.requestID.keyword","customLabel":"Request ID","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.requestParameters.bucketName.keyword","customLabel":"Bucket Name","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.userIdentity.invokedBy.keyword","customLabel":"User Identity","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.sourceIPAddress.keyword","customLabel":"Source IP","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.additionalEventData.bytesTransferredOut","customLabel":"Bytes Transferred Out","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.additionalEventData.AuthenticationMethod.keyword","customLabel":"Authentication Method","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.additionalEventData.CipherSuite.keyword","customLabel":"Cipher Suite","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (500, 'Close Windows Alert Count', null, '2023-03-13 20:21:55.377000', '2023-02-04 19:13:24.748000', 'system', null, null, '[]', 'METRIC_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-7d","now"]},{"operator":"IS","field":"dataType.keyword","value":"wineventlog"},{"operator":"IS","field":"statusLabel.keyword","value":"Close"}]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}]}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (716, 'Windows Audit File Integrity Validation Failed by Host Over Time', '', '2025-01-15 23:02:05.636532', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@2c26286b', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"line","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'LINE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"5038"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event.created","customLabel":"Date","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (644, 'Windows Process Termination by Process', '', '2025-01-03 00:07:03.217026', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@15eaabaf', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"name":"Process","type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4689"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.ProcessName.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (762, 'AWS User Policy Removals - Daily Trend', '', '2025-02-04 01:30:51.775060', '2025-02-04 01:31:31.935346', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@2a0d3c9b', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"yAxis":{"name":null,"type":"value","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"name":null,"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{"top":null,"right":null,"left":null,"bottom":null},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","padding":null,"textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"width":null,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"},"left":null,"top":null,"right":null,"bottom":null},"seriesOption":[{"metricId":"1","name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]},"markLine":null,"itemStyle":null}]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.aws.eventName","value":"DetachUserPolicy"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.aws.eventTime","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (556, 'Azure Alerts', 'Azure Alerts', '2023-08-12 17:14:54.521000', null, 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-1y","now"]},{"operator":"IS","field":"dataType.keyword","value":"azure"}]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"name.keyword","customLabel":"Azure Alerts","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"severityLabel.keyword","customLabel":"Severity","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"category.keyword","customLabel":"Category","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"When","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"description.keyword","customLabel":"Description","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (559, 'O365 Sharepoint', 'O365 Sharepoint', '2023-08-12 17:15:08.123000', null, 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-7d","now"]},{"operator":"IS","field":"logx.o365.Workload.keyword","value":"SharePoint"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.Operation.keyword","customLabel":"Operation","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.ApplicationDisplayName.keyword","customLabel":"Application","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.SourceFileName.keyword","customLabel":"File Name","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.ClientIP.keyword","customLabel":"Client IP","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.UserId.keyword","customLabel":"User ID","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Time","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (650, 'Windows Service Installed by Service', '', '2025-01-03 02:14:13.159098', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@42faa263', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"name":"Services","type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4697"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.ServiceName.keyword","customLabel":"Service Name","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (577, 'Windows Privilege Escalation Attempts by User', 'Privilege escalation attempts', '2023-08-12 17:17:18.577000', '2025-01-02 17:05:45.806283', 'system', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@6cfbde67', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":false}', 'LIST_CHART', '[{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_id","value":["4728","4732","4738","4741","4742","4746","4756","4761","4781","4720","4703"]},{"operator":"NOT_ENDS_WITH","field":"logx.wineventlog.event_data.TargetUserName","value":"$"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Username","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.beat.hostname.keyword","customLabel":"Hostname","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Privilege","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', 'LOGX', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (578, 'Windows User Successful Logon Event by Host', null, '2023-08-12 17:17:18.579000', '2023-07-29 18:42:39.601000', 'system', 'system', null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_id","value":["4624","4672"]},{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"NOT_ENDS_WITH","field":"logx.wineventlog.event_data.TargetUserName","value":"$"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Count"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Username","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.beat.hostname.keyword","customLabel":"Host Name","terms":{"sortBy":"_count","asc":false,"size":1000}},"terms":{"sortBy":"_count","asc":false,"size":1000}}}', 'LOGX', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (560, 'Threat Intelligence by IP', '', '2023-08-12 17:15:08.127000', '2025-02-14 01:13:07.838227', 'system', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@63cbe6df', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"yAxis":{"name":null,"type":"value","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"name":null,"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{"top":null,"right":null,"left":null,"bottom":null},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","padding":null,"textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"width":null,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"},"left":null,"top":null,"right":null,"bottom":null},"seriesOption":[{"metricId":"1","name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]},"markLine":null,"itemStyle":null}]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"EXIST","field":"source.ip.keyword"},{"operator":"IS_NOT","field":"source.ip.keyword","value":""}]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"source.ip.keyword","customLabel":"Source IP","terms":{"sortBy":"_count","asc":false,"size":100}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (59, 'O365 AD Failed Login', null, '2023-03-13 20:21:55.188000', '2022-01-17 05:24:53.284000', 'system', null, null, '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS","field":"logx.o365.Operation.keyword","value":"UserLoginFailed"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.UserId.keyword","customLabel":"User","terms":{"sortBy":"_count","asc":false,"size":5}}}', 'log-o365-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (476, 'O365 Phishing Targets', null, '2023-03-13 20:21:55.301000', '2023-02-04 18:40:55.048000', 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS","field":"logx.o365.Workload.keyword","value":"ThreatIntelligence"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Count"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.Recipients.keyword","customLabel":"Targets","terms":{"sortBy":"_count","asc":false,"size":100}}}', 'log-o365-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (52, 'O365 Event Count', null, '2023-03-13 20:21:55.304000', '2021-11-03 21:32:58.446000', 'system', null, null, '[]', 'METRIC_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Event Count"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.Workload.keyword","customLabel":"Source","terms":{"sortBy":"_count","asc":false,"size":5}}}', 'log-o365-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (776, 'Windows Shared Network Object Creation by User', '', '2025-02-18 01:25:28.620066', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@6145f010', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"name":"User SID","type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"5142"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.SubjectUserSid.keyword","customLabel":"User SID","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (470, 'O365 Phishing Attacker IPs', null, '2023-03-13 20:21:55.289000', '2023-02-04 18:34:51.092000', 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS","field":"logx.o365.Workload","value":"ThreatIntelligence"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Count"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.SenderIp.keyword","customLabel":"Sender","terms":{"sortBy":"_count","asc":false,"size":100}}}', 'log-o365-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (55, 'O365 AD Successful Login Location', null, '2023-03-13 20:21:55.291000', '2023-02-04 18:32:24.353000', 'system', null, null, '{"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","padding":null,"textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"visualMap":{"type":"continuous","calculable":true,"realtime":true,"inRange":{"color":["#f5994e","#c05050"]},"orient":"horizontal","left":"center","top":"bottom","bottom":"15%"},"leaflet":{"center":[0,0],"zoom":1,"roam":true,"layerControl":{"position":"topleft"},"tiles":[{"label":"Open Street Map","urlTemplate":"https://{s}.tile.openstreetmap.fr/hot/{z}/{x}/{y}.png","options":{"attribution":""}}],"lat":0,"lon":0},"series":null,"top":10}', 'COORDINATE_MAP_CHART', '[{"operator":"IS","field":"logx.o365.Operation.keyword","value":"UserLoggedIn"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.ClientIP.keyword","customLabel":"Location","terms":{"sortBy":"_count","asc":false,"size":1000}}}', 'log-o365-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (472, 'O365 Threat Detection Method', null, '2023-03-13 20:21:55.294000', '2023-02-04 18:35:30.617000', 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Count"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.DetectionMethod.keyword","customLabel":"Detection","terms":{"sortBy":"_count","asc":false,"size":100}}}', 'log-o365-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (473, 'O365 Phishing Targets Count', null, '2023-03-13 20:21:55.295000', '2023-02-04 18:36:49.284000', 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Attacks count"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.Recipients.keyword","customLabel":"Targets","terms":{"sortBy":"_count","asc":false,"size":100}}}', 'log-o365-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (474, 'O365 SharePoint Most Active Users', null, '2023-03-13 20:21:55.299000', '2021-07-23 16:24:08.307000', 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS","field":"logx.o365.Workload","value":"SharePoint"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Count"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.UserId.keyword","customLabel":"User","terms":{"sortBy":"_count","asc":false,"size":20}}}', 'log-o365-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (482, 'VMware Event Details', null, '2023-03-13 20:21:55.310000', '2023-02-04 19:45:44.141000', 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-7d","now"]}]', 24, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"When","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"msg.keyword","customLabel":"Message","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"dataSource.keyword","customLabel":"Source","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"host.keyword","customLabel":"Hosname","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"dataType.keyword","customLabel":"Data type","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"process.keyword","customLabel":"Process","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (483, 'VMware Process Count', null, '2023-03-13 20:21:55.317000', '2023-02-04 19:44:22.183000', 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-7d","now"]}]', 24, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"process.keyword","customLabel":"Process Name","terms":{"sortBy":"_count","asc":false,"size":1000}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (485, 'Incident-Associated Open Alerts', null, '2023-03-13 20:21:55.319000', '2023-04-06 14:06:02.222000', 'system', 'admin', '{"size":0,"query":{"bool":{"filter":[{"match_all":{"boost":1.0}},{"range":{"@timestamp":{"from":"now-30d","to":"now","include_lower":true,"include_upper":false,"boost":1.0}}},{"match_phrase":{"isIncident":{"query":"true","slop":0,"zero_terms_query":"NONE","boost":1.0}}},{"bool":{"should":[{"match_phrase":{"statusLabel.keyword":{"query":"In review","slop":0,"zero_terms_query":"NONE","boost":1.0}}},{"match_phrase":{"statusLabel.keyword":{"query":"Open","slop":0,"zero_terms_query":"NONE","boost":1.0}}}],"adjust_pure_negative":true,"minimum_should_match":"1","boost":1.0}}],"adjust_pure_negative":true,"boost":1.0}},"track_total_hits":2147483647}', '[{"metricId":"1","icon":"icon-mail5","color":"#263238","decimal":0}]', 'METRIC_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"isIncident","value":"true"},{"operator":"IS_ONE_OF","field":"statusLabel.keyword","value":["In review","Open"]}]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Incident associated alerts"}]}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (486, 'All Alerts Count', null, '2023-03-13 20:21:55.322000', '2023-02-04 15:28:52.797000', 'system', null, null, '[{"metricId":1,"icon":"icon-bubble-notification","color":"#37474f","decimal":0}]', 'METRIC_CHART', '[{"operator":"EXIST","field":"name"},{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]}]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"id","customLabel":"Total Alerts"}]}', 'alert-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (490, 'Alert Count by Name', null, '2023-03-13 20:21:55.353000', '2023-02-04 15:47:10.533000', 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Alert Count"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"name.keyword","customLabel":"Alert Name","terms":{"sortBy":"_count","asc":false,"size":100}}}', 'alert-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (491, 'Alert Count by Source IP', null, '2023-03-13 20:21:55.354000', '2023-02-04 15:46:22.896000', 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"IP"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"source.ip.keyword","customLabel":"Alert Count","terms":{"sortBy":"_count","asc":false,"size":100}}}', 'alert-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (492, 'Alert Count by Target IP', null, '2023-03-13 20:21:55.358000', '2023-02-04 15:49:56.738000', 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"IP"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"destination.ip.keyword","customLabel":"Count","terms":{"sortBy":"_count","asc":false,"size":100}}}', 'EVENT', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (493, 'Total Log Count', null, '2023-03-13 20:21:55.361000', null, 'system', null, null, '[]', 'METRIC_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]}]', 1, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Total Log Count"}]}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (488, 'Alerts by Severity', null, '2023-03-13 20:21:55.325000', '2023-04-06 20:00:57.216000', 'system', 'admin', '{"size":0,"query":{"bool":{"filter":[{"match_all":{"boost":1.0}},{"range":{"@timestamp":{"from":"now-30d","to":"now","include_lower":true,"include_upper":false,"boost":1.0}}},{"exists":{"field":"severityLabel","boost":1.0}}],"adjust_pure_negative":true,"boost":1.0}},"track_total_hits":2147483647,"aggregations":{"1000":{"terms":{"field":"severityLabel.keyword","size":5,"min_doc_count":1,"shard_min_doc_count":0,"show_term_doc_count_error":false,"order":[{"_key":"desc"},{"_key":"asc"}]}}}}', '{"pieType":"pie","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#e5cf0d","#03A9F4","#F44336","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"EXIST","field":"severityLabel"}]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Alerts by Severity"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"severityLabel.keyword","customLabel":"Alerts by Severity","terms":{"sortBy":"_key","asc":false,"size":5}}}', 'alert-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (489, 'Top 5 Alert Count by Category', null, '2023-03-13 20:21:55.351000', '2023-02-04 15:42:00.460000', 'system', null, null, '{"color":["#e5cf0d","#03A9F4","#F44336","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":"1","name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"EXIST","field":"category"}]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Alerts by Category"}],"bucket":{"id":"1002","aggregation":"TERMS","type":"AXIS","field":"category.keyword","customLabel":"Alert Type","terms":{"sortBy":"_count","asc":false,"size":5}}}', 'alert-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (497, 'Windows Alerts in Review', null, '2023-03-13 20:21:55.371000', '2023-02-04 19:10:57.340000', 'system', null, null, '[]', 'METRIC_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-7d","now"]},{"operator":"IS","field":"dataType.keyword","value":"wineventlog"},{"operator":"IS","field":"statusLabel.keyword","value":"In review"}]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}]}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (501, 'Windows Services and Event Count', null, '2023-03-13 20:21:55.378000', '2023-04-06 03:07:06.994000', 'system', 'admin', '{"size":0,"query":{"bool":{"filter":[{"match_all":{"boost":1.0}},{"range":{"@timestamp":{"from":"now-24h","to":"now","include_lower":true,"include_upper":false,"boost":1.0}}},{"exists":{"field":"logx.wineventlog.event_data.ServiceName.keyword","boost":1.0}}],"adjust_pure_negative":true,"boost":1.0}},"track_total_hits":2147483647,"aggregations":{"1000":{"terms":{"field":"logx.wineventlog.event_data.ServiceName.keyword","size":1000,"min_doc_count":1,"shard_min_doc_count":0,"show_term_doc_count_error":false,"order":[{"_count":"desc"},{"_key":"asc"}]}}}}', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-24h","now"]},{"operator":"EXIST","field":"logx.wineventlog.event_data.ServiceName.keyword"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.ServiceName.keyword","customLabel":"Application Name and Route","terms":{"sortBy":"_count","asc":false,"size":1000}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (504, 'Windows Alert Count by Device', null, '2023-03-13 20:21:55.381000', '2023-02-04 19:15:20.164000', 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-7d","now"]},{"operator":"IS_ONE_OF","field":"dataType.keyword","value":["wineventlog"]}]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"dataSource.keyword","customLabel":"Data Source","terms":{"sortBy":"_count","asc":false,"size":100}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (505, 'AWS Events by Service', null, '2023-03-13 20:21:55.382000', '2023-02-21 22:07:55.127000', 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-7d","now"]}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.aws.eventSource.keyword","customLabel":"Event Source","terms":{"sortBy":"_count","asc":false,"size":1000}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (506, 'AWS Events by Asset', null, '2023-03-13 20:21:55.384000', '2023-02-21 22:09:02.986000', 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-7d","now"]}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"dataSource.keyword","customLabel":"Data source","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.sourceIPAddress.keyword","customLabel":"Assets","terms":{"sortBy":"_count","asc":false,"size":1000}},"terms":{"sortBy":"_count","asc":false,"size":1000}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (127, 'AWS Activity Console Logon', 'AWS Activity Console Logon Location', '2023-03-13 20:21:55.386000', '2023-02-21 22:06:42.224000', 'system', null, null, '{"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","padding":null,"textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"visualMap":{"type":"continuous","calculable":true,"realtime":true,"inRange":{"color":["#f5994e","#c05050"]},"orient":"horizontal","left":"center","top":"bottom","bottom":"15%"},"leaflet":{"center":[0,0],"zoom":1,"roam":true,"layerControl":{"position":"topleft"},"tiles":[{"label":"Open Street Map","urlTemplate":"https://{s}.tile.openstreetmap.fr/hot/{z}/{x}/{y}.png","options":{"attribution":""}}],"lat":0,"lon":0},"series":null,"top":10}', 'COORDINATE_MAP_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-7d","now"]}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Logon Location"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.sourceIPAddress.keyword","customLabel":"AWS Logon ","terms":{"sortBy":"_count","asc":false,"size":1000}}}', 'LOGX', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (510, 'WAF Events by Country', null, '2023-03-13 20:21:55.394000', '2023-02-04 18:57:01.973000', 'system', null, null, '{"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","padding":null,"textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"visualMap":{"type":"continuous","calculable":true,"realtime":true,"inRange":{"color":["#f5994e","#c05050"]},"orient":"horizontal","left":"center","top":"bottom","bottom":"15%"},"leaflet":{"center":[0,0],"zoom":1,"roam":true,"layerControl":{"position":"topleft"},"tiles":[{"label":"Open Street Map","urlTemplate":"https://{s}.tile.openstreetmap.fr/hot/{z}/{x}/{y}.png","options":{"attribution":""}}],"lat":0,"lon":0},"series":null,"top":10}', 'COORDINATE_MAP_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-24H","now"]}]', 11, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.azure.properties.clientIp.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":1000}}}', 'log-azure-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (511, 'WAF Event Count by URL ', null, '2023-03-13 20:21:55.397000', '2023-02-04 18:58:42.347000', 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-24H","now"]}]', 11, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.azure.properties.requestUri.keyword","customLabel":"URL","terms":{"sortBy":"_count","asc":false,"size":15}}}', 'log-azure-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (513, 'WAF top attack sources', null, '2023-03-13 20:21:55.405000', null, 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-24H","now"]}]', 11, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.azure.properties.clientIp.keyword","customLabel":"Sources","terms":{"sortBy":"_count","asc":false,"size":15}}}', 'log-azure-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (515, 'Processes Ran with Administrator Privileges', null, '2023-03-13 20:21:55.411000', null, 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_data.TokenElevationType","value":["%%1936","%%1937"]},{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-7d","now"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Count"}],"bucket":{"id":"1002","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.NewProcessName.keyword","customLabel":"Process Name","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ParentProcessName.keyword","customLabel":"Parent Process","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"User Name","terms":{"sortBy":"_count","asc":false,"size":1000}},"terms":{"sortBy":"_count","asc":false,"size":1000}},"terms":{"sortBy":"_count","asc":false,"size":1000}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (512, 'WAF Top 5 Events by Type', null, '2023-03-13 20:21:55.399000', null, 'system', null, null, '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-24H","now"]}]', 11, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.azure.properties.message.keyword","customLabel":"Attacks","terms":{"sortBy":"_count","asc":false,"size":5}}}', 'log-azure-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (528, 'Top 10 NIDS Alert Count by Name', null, '2023-03-13 20:21:55.441000', null, 'system', null, null, '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":"1","name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-24h","now"]},{"operator":"IS","field":"dataType.keyword","value":"nids"}]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Count"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"name.keyword","customLabel":"Alert Name","terms":{"sortBy":"_count","asc":false,"size":10}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (522, 'Meraki Top 100 Events by IP Source', null, '2023-03-13 20:21:55.432000', null, 'system', null, null, '{"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","padding":null,"textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"visualMap":{"type":"continuous","calculable":true,"realtime":true,"inRange":{"color":["#f5994e","#c05050"]},"orient":"horizontal","left":"center","top":"bottom","bottom":"15%"},"leaflet":{"center":[0,0],"zoom":1,"roam":true,"layerControl":{"position":"topleft"},"tiles":[{"label":"Open Street Map","urlTemplate":"https://{s}.tile.openstreetmap.fr/hot/{z}/{x}/{y}.png","options":{"attribution":""}}],"lat":0,"lon":0},"series":null,"top":10}', 'COORDINATE_MAP_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]}]', 13, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Count"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.meraki.src_ip.keyword","customLabel":"IP","terms":{"sortBy":"_count","asc":false,"size":1000}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (523, 'Meraki Events by Source IP and Port', null, '2023-03-13 20:21:55.434000', null, 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-24h","now"]}]', 13, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Event Count"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.meraki.src_ip.keyword","customLabel":"Events by IP","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.meraki.dest_port","customLabel":"Target Port","terms":{"sortBy":"_count","asc":false,"size":1000}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (527, 'NIDS Alerts Count per Device', 'Top 10 NIDS Alerts per server', '2023-03-13 20:21:55.439000', null, 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS","field":"dataType.keyword","value":"nids"}]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Alert Count"}],"bucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"destination.ip.keyword","customLabel":"IP Address","terms":{"sortBy":"_count","asc":false,"size":100}}}', 'EVENT', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (529, 'NIDS Alert Count by Category', null, '2023-03-13 20:21:55.443000', null, 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS","field":"dataType.keyword","value":"nids"},{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"isIncident","value":"false"}]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Count"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"category.keyword","customLabel":"NIDS Alert category","terms":{"sortBy":"_count","asc":false,"size":10}}}', 'EVENT', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (530, 'O365 Phishing Subject Count', null, '2023-03-13 20:21:55.444000', null, 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS","field":"logx.o365.Verdict.keyword","value":"Phish"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"count"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.Subject.keyword","customLabel":"Subject","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.P2Sender.keyword","customLabel":"Sender","terms":{"sortBy":"_count","asc":false,"size":100}},"terms":{"sortBy":"_count","asc":false,"size":100}}}', 'log-o365-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (531, 'O365 Top 5 Active Users', null, '2023-03-13 20:21:55.448000', null, 'system', null, null, '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.85)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS","field":"logx.o365.Workload.keyword","value":"Exchange"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Count"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.o365.UserId.keyword","customLabel":"User","terms":{"sortBy":"_count","asc":false,"size":5}}}', 'log-o365-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (532, 'O365 Phishing Attackers location', null, '2023-03-13 20:21:55.453000', null, 'system', null, null, '{"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","padding":null,"textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"visualMap":{"type":"continuous","calculable":true,"realtime":true,"inRange":{"color":["#f5994e","#c05050"]},"orient":"horizontal","left":"center","top":"bottom","bottom":"15%"},"leaflet":{"center":[0,0],"zoom":1,"roam":true,"layerControl":{"position":"topleft"},"tiles":[{"label":"Open Street Map","urlTemplate":"https://{s}.tile.openstreetmap.fr/hot/{z}/{x}/{y}.png","options":{"attribution":""}}],"lat":0,"lon":0},"series":null,"top":10}', 'COORDINATE_MAP_CHART', '[{"operator":"IS","field":"logx.o365.Workload.keyword","value":"ThreatIntelligence"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"count"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.SenderIp.keyword","customLabel":"Location","terms":{"sortBy":"_count","asc":false,"size":100}}}', 'log-o365-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (533, 'O365 AD Logon Error Count', null, '2023-03-13 20:21:55.455000', null, 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.LogonError.keyword","customLabel":"Error","terms":{"sortBy":"_count","asc":false,"size":1000}}}', 'log-o365-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (534, 'O365 AD Failed Logins by User', null, '2023-03-13 20:21:55.458000', null, 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS","field":"logx.o365.ResultStatus.keyword","value":"Failed"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.UserId.keyword","customLabel":"User name","terms":{"sortBy":"_count","asc":false,"size":1000}}}', 'log-o365-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (535, 'O365 AD Failed Operations Count', null, '2023-03-13 20:21:55.461000', null, 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS","field":"logx.o365.Workload.keyword","value":"AzureActiveDirectory"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.Operation.keyword","customLabel":"Operation","terms":{"sortBy":"_count","asc":false,"size":1000}}}', 'log-o365-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (537, 'Bitdefender Events by Type', null, '2023-03-20 11:09:52.529000', null, 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-24h","now"]}]', 53, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Count"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.bitdefender_gz.event_source.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (538, 'Bitdefender Malware Activity by IP', null, '2023-03-20 11:09:52.533000', null, 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-24h","now"]},{"operator":"IS","field":"logx.bitdefender_gz.event_source.keyword","value":"AntiMalware"}]', 53, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.bitdefender_gz.src_ip.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (539, 'Bitdefender Alert Name and Description Count', null, '2023-03-20 11:09:52.534000', null, 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-24h","now"]},{"operator":"IS","field":"dataType.keyword","value":"antivirus-bitdefender-gz"}]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"incidentDetail.incidentName.keyword","customLabel":"Description","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"description.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":100}},"terms":{"sortBy":"_count","asc":false,"size":100}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (540, 'Bitdefender Attack Detection by IP', null, '2023-03-20 11:09:52.608000', null, 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-24h","now"]}]', 53, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.bitdefender_gz.detection_name.keyword","customLabel":"Detection","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.bitdefender_gz.src_ip.keyword","customLabel":"IP","terms":{"sortBy":"_count","asc":false,"size":100}},"terms":{"sortBy":"_count","asc":false,"size":100}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (541, 'AWS Events', '', '2023-07-29 19:37:30.353000', '2023-08-12 17:15:40.142000', 'system', 'system', null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Events Count"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.aws.insightDetails.eventName.keyword","customLabel":"Event Name","terms":{"sortBy":"_count","asc":false,"size":100}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (543, 'Top Users Windows AD Policy Change', '', '2023-08-12 17:14:37.647000', null, 'system', null, null, '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-24h","now"]},{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_id","value":["5136","5137","5138","5139","5141"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (544, 'Windows AD Policy Change', 'Security', '2023-08-12 17:14:37.664000', '2021-11-11 03:32:18.378000', 'system', 'system', null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-7d","now"]},{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_id","value":["5136","5137","5138","5139","5141"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Action","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Who","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Where","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"When","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.message.keyword","customLabel":"Message","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (547, 'Threat Activity False Positives', '', '2023-08-12 17:14:37.691000', '2023-08-08 15:54:37.166000', 'system', 'system', null, '[]', 'METRIC_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"isIncident","value":"false"},{"operator":"IS","field":"statusLabel.keyword","value":"Completed"}]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"False Positive Count"}]}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (548, 'AWS Alerts', 'AWS Alerts', '2023-08-12 17:14:37.725000', null, 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-7d","now"]},{"operator":"IS","field":"dataType.keyword","value":"aws"}]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"name.keyword","customLabel":"Network Activity Alerts","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"severityLabel.keyword","customLabel":"Severity","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"category.keyword","customLabel":"Category","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"When","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"description.keyword","customLabel":"Description","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (546, 'File Related Events', '', '2023-08-12 17:14:37.674000', null, 'system', null, null, '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-90d","now"]},{"operator":"EXIST","field":"logx.wineventlog.event_data.AccessList.keyword"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Count"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_name.keyword","customLabel":"File Event","terms":{"sortBy":"_count","asc":false,"size":10}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (545, 'Windows File Access Events', '', '2023-08-12 17:14:37.669000', '2024-12-27 20:41:34.212448', 'system', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@2bc63921', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"EXIST","field":"logx.wineventlog.event_data.AccessList.keyword"},{"operator":"EXIST","field":"logx.wineventlog.event_data.AccessList.keyword"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Event count"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ProcessName.keyword","customLabel":"Process Name","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"User Name","terms":{"sortBy":"_count","asc":false,"size":100}},"terms":{"sortBy":"_count","asc":false,"size":100}},"terms":{"sortBy":"_count","asc":false,"size":100}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (550, 'Linux Alerts Reports', '', '2023-08-12 17:14:54.494000', '2023-08-10 16:19:37.272000', 'system', 'system', null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-24h","now"]}]', 39, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Time","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.linux.agent.name.keyword","customLabel":"Agent","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.linux.host.os.name.keyword","customLabel":"Operating System","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.linux.message.keyword","customLabel":"Messages","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (552, 'Process run with administrator privileges', 'Process run with administrator privileges', '2023-08-12 17:14:54.502000', '2023-08-02 08:11:08.549000', 'system', 'system', null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-7d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4688"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Time","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.NewProcessName.keyword","customLabel":"Process Name","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"computer_name.keyword","customLabel":"Computer Name","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.task.keyword","customLabel":"Task","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"User Name","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Status","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.message.keyword","customLabel":"Messages","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (553, 'Office 365 Alerts', 'Office 365 Alerts', '2023-08-12 17:14:54.505000', null, 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-7d","now"]},{"operator":"IS","field":"dataType.keyword","value":"o365"}]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"name.keyword","customLabel":"Office 365 Alerts","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"severityLabel.keyword","customLabel":"Severity","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"category.keyword","customLabel":"Category","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"When","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"description.keyword","customLabel":"Description","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (786, 'Windows Scheduled Task Creation', '', '2025-02-19 02:47:22.635943', '2025-02-19 02:49:29.075808', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@3b734131', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-24h","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4698"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Event ID","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.created","customLabel":"Date","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Subject User","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":"Domain","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TaskName.keyword","customLabel":"Task Name","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ClientProcessId.keyword","customLabel":"Client Process","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ParentProcessId.keyword","customLabel":"Parent Process","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.FQDN.keyword","customLabel":"FQDN","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.provider.keyword","customLabel":"Provider","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (562, 'O365 Exchange', 'O365 Exchange', '2023-08-12 17:15:08.141000', '2021-09-24 13:47:38.410000', 'system', 'system', null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-7d","now"]},{"operator":"IS","field":"logx.o365.Workload.keyword","value":"Exchange"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.Operation.keyword","customLabel":"Operation","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.Workload.keyword","customLabel":"workload","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.ResultStatus.keyword","customLabel":"Result status","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.UserId.keyword","customLabel":"User","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.ClientIP.keyword","customLabel":"Client IP","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"When","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.Category.keyword","customLabel":"Category","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (564, 'Linux Account Activity', '', '2023-08-12 17:15:23.150000', null, 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-24h","now"]},{"operator":"IS","field":"logx.linux.fileset.name.keyword","value":"auth"}]', 39, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Event Count"}],"bucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.linux.message.keyword","customLabel":"Log","terms":{"sortBy":"_count","asc":false,"size":1000}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (566, 'CISCO Switch Activity', '', '2023-08-12 17:15:23.181000', null, 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]}]', 50, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"host.keyword","customLabel":"Host","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.cisco_switch.cisco_msg.keyword","customLabel":"Message","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.cisco_switch.syslog_severity.keyword","customLabel":"Severity","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (563, 'Linux Account Activity by Host', '', '2023-08-12 17:15:23.142000', null, 'system', null, null, '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.linux.fileset.name.keyword","value":"auth"}]', 39, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Activity Count"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.linux.host.name.keyword","customLabel":"Host Name","terms":{"sortBy":"_count","asc":false,"size":1000}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (561, 'Windows Threat Intelligence Alerts', '', '2023-08-12 17:15:08.132000', '2025-02-14 01:13:45.613852', 'system', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@6a4d90e', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"name.keyword","value":"Connection attempt from a blacklisted IP address"}]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"name.keyword","customLabel":"Threat Event","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"source.ip.keyword","customLabel":"Source IP","terms":{"sortBy":"_count","asc":false,"size":1000}},"terms":{"sortBy":"_count","asc":false,"size":1000}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (568, 'CISCO ASA Activity', '', '2023-08-12 17:15:23.189000', null, 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-24h","now"]}]', 15, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"host.keyword","customLabel":"Host Name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.cisco_asa.message.keyword","customLabel":"Message","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (569, 'Azure Login Activity', '', '2023-08-12 17:15:23.192000', null, 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-24h","now"]},{"operator":"CONTAIN","field":"logx.azure.message","value":"\"Sign-in activity\""}]', 11, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Time","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.azure.message.keyword","customLabel":"Login Activity Log","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (570, 'Azure Event Count by Resource', '', '2023-08-12 17:15:40.115000', null, 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]}]', 11, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.azure.resourceUri.keyword","customLabel":"Azure Resource","terms":{"sortBy":"_count","asc":false,"size":1000}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (572, 'O365 AD Successful Login by User', null, '2023-08-12 17:15:40.123000', null, 'system', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS_NOT","field":"logx.o365.UserId.keyword","value":"Not Available"},{"operator":"IS","field":"logx.o365.Operation.keyword","value":"UserLoggedIn"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.UserId.keyword","customLabel":"User name","terms":{"sortBy":"_count","asc":false,"size":1000}}}', 'log-o365-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (573, 'O365 AD Unsuccesful Login Location', null, '2023-08-12 17:15:40.135000', '2023-02-04 18:32:24.353000', 'system', 'system', null, '{"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","padding":null,"textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"visualMap":{"type":"continuous","calculable":true,"realtime":true,"inRange":{"color":["#f5994e","#c05050"]},"orient":"horizontal","left":"center","top":"bottom","bottom":"15%"},"leaflet":{"center":[0,0],"zoom":1,"roam":true,"layerControl":{"position":"topleft"},"tiles":[{"label":"Open Street Map","urlTemplate":"https://{s}.tile.openstreetmap.fr/hot/{z}/{x}/{y}.png","options":{"attribution":""}}],"lat":0,"lon":0},"series":null,"top":10}', 'COORDINATE_MAP_CHART', '[{"operator":"IS","field":"logx.o365.Operation.keyword","value":"UserLoginFailed"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.ClientIP.keyword","customLabel":"Location","terms":{"sortBy":"_count","asc":false,"size":1000}}}', 'log-o365-*', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (574, 'Windows Special privileges assigned to new logon.', 'Windows Special privileges assigned to new logon.', '2023-08-12 17:17:18.557000', '2023-07-29 18:48:49.001000', 'system', 'system', null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":false}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-7d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4672"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Action","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Username","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.message.keyword","customLabel":"Description","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"When","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (581, 'Windows Logon Failure by User and Host', '', '2023-08-12 17:17:18.592000', '2023-07-29 18:42:10.338000', 'system', 'system', null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_data.StatusDescription.keyword","value":["Logon failure","Clients credentials have been revoked","Pre-authentication information was invalid","Account restriction"]},{"operator":"NOT_ENDS_WITH","field":"logx.wineventlog.event_data.TargetUserName","value":"$"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Failed Logon Count"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"User name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.beat.hostname.keyword","customLabel":"Host name","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.FailureReasonDescription.keyword","customLabel":"Failure reason","terms":{"sortBy":"_count","asc":false,"size":100}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":100}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (582, 'Windows User Accounts Created', '', '2021-02-03 20:56:07.726000', '2023-08-12 17:17:44.225000', 'system', 'system', null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS","field":"logx.wineventlog.event_id","value":"4720"},{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"NOT_ENDS_WITH","field":"logx.wineventlog.event_data.SubjectUserName","value":"$"},{"operator":"NOT_ENDS_WITH","field":"logx.wineventlog.event_data.TargetUserName","value":"$"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"The user who performed the action","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Created user account ","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.UserPrincipalName.keyword","customLabel":"Principal Name","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.DisplayName.keyword","customLabel":"Display Name","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.source_name.keyword","customLabel":"Source","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', 'LOGX', '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (583, 'Windows New Accounts Created Over Time', '', '2023-07-28 22:19:43.616000', '2024-12-27 17:32:11.283748', 'system', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@43679feb', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"yAxis":{"name":null,"type":"value","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"name":null,"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{"top":null,"right":null,"left":null,"bottom":null},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","padding":null,"textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"width":null,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"},"left":null,"top":null,"right":null,"bottom":null},"seriesOption":[{"metricId":"1","name":"","type":"line","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]},"markLine":null,"itemStyle":{"normal":{"areaStyle":{"type":"mint","normal":{"opacity":0.25}}}}}]}', 'AREA_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4720"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Account creation"}],"bucket":{"id":"1000","aggregation":"DATE_HISTOGRAM","type":"AXIS","field":"@timestamp","customLabel":"Created accounts","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Target User name","terms":{"sortBy":"_count","asc":false,"size":100}},"dateHistogram":{"interval":"1d"}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (722, 'Windows Logging Unexpected System Shutdowns by Host', '', '2025-01-16 19:54:57.902037', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@4b40632f', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"6008"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.host.ip.keyword","customLabel":"Host","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (597, 'Windows Logon attempt failed', 'Windows Logon attempt failed', '2024-12-30 23:36:57.027281', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@22480333', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4690"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.action.keyword","customLabel":"Event Action","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"User","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":"User Domain","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SourceHandleId.keyword","customLabel":"Source Handle ID","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetHandleId.keyword","customLabel":"Target Handle Id","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host Name","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (657, 'Windows Application Errors', '', '2025-01-04 00:17:35.639691', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@4296212', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"1000"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.beat.hostname.keyword","customLabel":"Host Name","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.log_name.keyword","customLabel":"Log Type","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.action.keyword","customLabel":"Event Name","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.code.keyword","customLabel":"Event Code","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.param1.keyword","customLabel":"Application Name","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.param2.keyword","customLabel":"Application Version","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.param7.keyword","customLabel":"Exception Code","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.param8.keyword","customLabel":"Error Process ID\t","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.param13.keyword","customLabel":"Error Report ID","subBucket":{"id":"1012","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.param11.keyword","customLabel":"Application Path\t","subBucket":{"id":"1013","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.param12.keyword","customLabel":"Module Path\t","subBucket":{"id":"1014","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.name.keyword","customLabel":"Operating System","subBucket":{"id":"1015","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.message.keyword","customLabel":"Error Description","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (791, 'Windows Protected Files Decryption', '', '2025-02-20 01:23:46.330438', '2025-02-20 01:24:48.213404', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@4c09beac', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"5061"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Evento ID","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.provider.keyword","customLabel":"Provider","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"IP","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"User","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":"Domain","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserSid.keyword","customLabel":"SID","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectLogonId.keyword","customLabel":"Logon ID","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ProviderName.keyword","customLabel":"Crypto Provider","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.AlgorithmName.keyword","customLabel":"Algorithm","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.KeyName.keyword","customLabel":"Key Name","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.KeyType.keyword","customLabel":"Key Type","subBucket":{"id":"1012","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.Operation.keyword","customLabel":"Operation","subBucket":{"id":"1013","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ReturnCode.keyword","customLabel":"Returrn Code","subBucket":{"id":"1014","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.level.keyword","customLabel":"Level","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (723, 'Windows Unexpected Service Failures', '', '2025-01-16 20:14:06.353850', '2025-01-16 20:16:58.441281', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@6e2974ce', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_id","value":["7031"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1012","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Event ID","subBucket":{"id":"1013","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.source_name.keyword","customLabel":"Source","subBucket":{"id":"1014","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.param1.keyword","customLabel":"Service","subBucket":{"id":"1015","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.param2.keyword","customLabel":"Number of Failures","subBucket":{"id":"1016","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.param5.keyword","customLabel":"Corrective Action","subBucket":{"id":"1017","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.param3.keyword","customLabel":"Waiting time (ms)","subBucket":{"id":"1018","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.Message.keyword","customLabel":"Message","subBucket":{"id":"1019","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.created","customLabel":"Date","subBucket":{"id":"1020","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host","subBucket":{"id":"1021","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"IP","subBucket":{"id":"1022","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.name.keyword","customLabel":"OS","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (598, 'Windows Failed logon attempt by Domain and User', '', '2024-12-30 23:58:08.029253', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@232d9cfe', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4690"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"logx.wineventlog.process_id","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":"","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (584, 'Windows User Accounts Deleted Over Time', '', '2024-12-26 22:11:12.150204', '2025-01-03 04:23:17.122245', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@27b865b1', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":"1","name":"","type":"line","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]},"itemStyle":{"normal":{"areaStyle":{"type":"mint","normal":{"opacity":0.25}}}}}],"series":[]}', 'AREA_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4726"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Account deletion"}],"bucket":{"id":"1000","aggregation":"DATE_HISTOGRAM","type":"AXIS","field":"@timestamp","customLabel":"Deleted accounts","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Target User name","terms":{"sortBy":"_count","asc":false,"size":100}},"dateHistogram":{"interval":"Day"}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (658, 'Windows Application Errors by Exception Code', '', '2025-01-04 00:20:50.167432', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@4157363e', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"name":"Exception Codes","type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"1000"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.param7.keyword","customLabel":"Exception Code","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (789, 'Windows TLS protocol Errors', '', '2025-02-20 01:23:46.329263', '2025-02-20 01:24:09.001216', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@3300171c', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"36874"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Evento ID","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.source_name.keyword","customLabel":"Source","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.level.keyword","customLabel":"Level","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.Protocol.keyword","customLabel":"Protocol","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"IP","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.name.keyword","customLabel":"OS","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.user.name.keyword","customLabel":"User","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.process_id","customLabel":"Process ID","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (790, 'Windows TLS protocol Errors by IP', '', '2025-02-20 01:23:46.329905', '2025-02-20 01:24:29.355424', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@3e900df3', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"grid":{"top":null,"right":null,"left":null,"bottom":null}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"36874"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.host.ip.keyword","customLabel":"IP","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (724, 'Windows Unexpected Service Failures by Service', '', '2025-01-16 20:20:09.675801', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@26d3907c', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"7031"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.param1.keyword","customLabel":"Service","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (585, 'Windows User Accounts Deleted', '', '2024-12-27 16:48:38.868349', '2024-12-27 17:30:29.062048', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@39e2bfa6', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS","field":"logx.wineventlog.event_id","value":"4726"},{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"NOT_ENDS_WITH","field":"logx.wineventlog.event_data.SubjectUserName","value":"$"},{"operator":"NOT_ENDS_WITH","field":"logx.wineventlog.event_data.TargetUserName","value":"$"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"The user who performed the action","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Deleted user account ","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.source_name.keyword","customLabel":" Source","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (799, 'Firewall Activity', '', '2025-02-21 02:27:41.158069', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@6bec3c3d', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]}]', 14, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"deviceTime","customLabel":"Devide Time","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"dataSource.keyword","customLabel":"Data Source","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"host.keyword","customLabel":"Host","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.fortigate.src_ip.keyword","customLabel":"Source IP","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.fortigate.dest_port","customLabel":" Destination port","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.fortigate.policyid.keyword","customLabel":"Policy ID","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.fortigate.subtype.keyword","customLabel":"Subtype","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.fortigate.eventtype.keyword","customLabel":"Event Type","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (792, 'Windows Protected Files Decryption by Key Type', '', '2025-02-20 01:23:46.330901', '2025-02-20 01:25:03.536722', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@7ba14dc5', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"grid":{"top":null,"right":null,"left":null,"bottom":null}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"5061"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.KeyType.keyword","customLabel":"Key Type","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (599, 'Windows Policy changes', '', '2024-12-31 01:16:58.290628', '2024-12-31 01:37:16.196235', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@135223b3', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4663"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.action.keyword","customLabel":"Action","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectLogonId.keyword","customLabel":"Logon ID","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Account Name","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.CategoryId.keyword","customLabel":"Category","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ClientProcessId.keyword","customLabel":"Client Process ID","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host Name","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"Host IP","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.version.keyword","customLabel":"OS Version","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.created","customLabel":"Time Created","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (659, 'Windows Kerberos pre-authentication failed', '', '2025-01-07 18:46:28.737151', '2025-01-07 18:47:29.458607', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@43947c92', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_id","value":["4771"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"User","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetDomainName.keyword","customLabel":"Domain","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.IpAddress.keyword","customLabel":"Client IP","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.PreAuthType.keyword","customLabel":" Pre-Authentication","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TicketEncryptionType.keyword","customLabel":"Ticket Encryption","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ServiceName.keyword","customLabel":"Service Name","subBucket":{"id":"1012","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ServiceSid.keyword","customLabel":"Service SID","subBucket":{"id":"1013","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetSid.keyword","customLabel":"Target SID","subBucket":{"id":"1014","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event","subBucket":{"id":"1015","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.beat.hostname.keyword","customLabel":"Host","subBucket":{"id":"1016","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (586, 'Windows Attempt to access a protected object', 'Attempt to access a protected object.', '2024-12-27 20:16:01.045435', '2024-12-27 20:16:44.787917', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@6a00abec', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_id","value":["4663","4656"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"User","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":"Domain","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ObjectName.keyword","customLabel":"Object Name","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.access_type.keyword","customLabel":"Access Type","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Status","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ProcessName.keyword","customLabel":"Process Name","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (600, 'Windows Policy changes by outcome', '', '2024-12-31 02:13:05.887259', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@34731679', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4719"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event.outcome.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":100}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (660, 'Windows Kerberos pre-authentication failed by User', '', '2025-01-07 18:55:25.237271', '2025-01-07 19:03:37.742553', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@57a9e707', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"yAxis":{"name":null,"type":"value","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"name":null,"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{"top":null,"right":null,"left":null,"bottom":null},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","padding":null,"textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"width":null,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"},"left":null,"top":null,"right":null,"bottom":null},"seriesOption":[{"metricId":"1","name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]},"markLine":null,"itemStyle":null}]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_id","value":["4771"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Target User","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (725, 'Windows Services Changes', '', '2025-01-16 20:38:24.570800', '2025-01-27 01:17:02.986968', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@647c37cc', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"7038"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Event ID","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.param1.keyword","customLabel":"Event Name","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.param2.keyword","customLabel":" Affected User","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.param3.keyword","customLabel":"Error Code","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.source_name.keyword","customLabel":"Source","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.level.keyword","customLabel":"Level","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.created","customLabel":"Date","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Affected Server","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"Host IP","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.name.keyword","customLabel":"OS Version","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.thread_id","customLabel":"Thread ID","subBucket":{"id":"1012","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.record_number","customLabel":"Record Number","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (793, 'Windows Activity', '', '2025-02-20 02:04:15.426212', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@38bf3db9', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Event ID","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":"Domain","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (726, 'Windows Services Changes by Host', '', '2025-01-16 20:43:29.720834', '2025-01-27 01:15:59.775947', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@1bcccef', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"yAxis":{"name":null,"type":"value","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"name":null,"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{"top":null,"right":null,"left":null,"bottom":null},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","padding":null,"textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"width":null,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"},"left":null,"top":null,"right":null,"bottom":null},"seriesOption":[{"metricId":"1","name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]},"markLine":null,"itemStyle":null}]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"7038"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.host.name.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (601, 'Windows Logins with explicit credentials', '', '2024-12-31 02:59:57.626587', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@501f9ef4', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4648"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event type","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ProcessName.keyword","customLabel":"Process Name","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Logon Initiating User","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":"User Domain","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":" Target User","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetDomainName.keyword","customLabel":"Target User Domain","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetServerName.keyword","customLabel":"Target Server","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ProcessId.keyword","customLabel":"Process ID","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetLogonGuid.keyword","customLabel":"Logon GUID","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (794, 'Windows Activity by Event', '', '2025-02-20 02:05:13.143198', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@1ca158ca', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_id","customLabel":"Event ID","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (661, 'Windows Account Logoff', '', '2025-01-07 19:35:05.955161', '2025-01-07 19:43:20.460389', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@5080df9f', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4634"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.LogonType.keyword","customLabel":"Logon Type","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"User","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetDomainName.keyword","customLabel":"Domain","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetUserSid.keyword","customLabel":"User SID","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetLogonId.keyword","customLabel":"Logon ID","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host Name","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"Host IP","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.name.keyword","customLabel":"OS","subBucket":{"id":"1013","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.message.keyword","customLabel":"Message","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (587, 'Windows File Access Events', '', '2024-12-27 22:56:39.503609', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@6b034f42', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS_NOT_ONE_OF","field":"logx.wineventlog.event_id","value":["4663","4656"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Count"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Status","terms":{"sortBy":"_count","asc":false,"size":10}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (602, 'Windows Logins with explicit credentials by User', '', '2024-12-31 03:13:12.524838', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@6a208c0', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4648"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (727, 'Windows Kerberos Service Ticket', '', '2025-01-16 21:06:06.503789', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@541137e', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4769"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Event ID","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.created","customLabel":"Date","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.IpAddress.keyword","customLabel":"Client IP","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.IpPort.keyword","customLabel":"Client Port","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ServiceName.keyword","customLabel":"Service","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ServiceSid.keyword","customLabel":"Service SID","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Account","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.Status.keyword","customLabel":"Fault Code","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TicketOptions.keyword","customLabel":" Ticket Options","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TicketEncryptionType.keyword","customLabel":"Ticket Encryption","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.LogonGuid.keyword","customLabel":"Login GUID","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (795, 'Bitdefender Activity', '', '2025-02-21 00:32:23.280782', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@1fbec61c', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]}]', 53, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.bitdefender_gz.action.keyword","customLabel":" Event Type","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.bitdefender_gz.event_source.keyword","customLabel":"Event Source","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.bitdefender_gz.src_host.keyword","customLabel":"Hostname Source","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.bitdefender_gz.src_ip.keyword","customLabel":"Affected IP","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.bitdefender_gz.product.keyword","customLabel":"Product","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.bitdefender_gz.priority.keyword","customLabel":"Priority","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.bitdefender_gz.severity.keyword","customLabel":"Severity","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (796, 'Bitdefender Activity by Event Source', '', '2025-02-21 00:33:41.717857', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@883d398', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]}]', 53, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.bitdefender_gz.event_source.keyword","customLabel":"Event Source","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (588, 'Windows Protected Object Permission Change', '', '2024-12-28 00:23:37.169438', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@2f4201c0', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4670"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Subject User Name","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ObjectType.keyword","customLabel":"Object Type","subBucket":{"id":"1012","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ProcessName.keyword","customLabel":"Process Name","subBucket":{"id":"1016","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.OldSd.keyword","customLabel":"Original Security Descriptor","subBucket":{"id":"1017","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.NewSd.keyword","customLabel":"New Security Descriptor","subBucket":{"id":"1018","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1019","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectLogonId.keyword","customLabel":"Logon ID\t","subBucket":{"id":"1020","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.HandleId.keyword","customLabel":"Handle ID","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (603, 'Windows Changes in account status', '', '2025-01-02 01:49:10.825297', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@2d836dce', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_id","value":["4722","4723","4725","4726"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Event ID","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Subject User","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":"User Name","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Target User Name","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetDomainName.keyword","customLabel":"Target Domain Name","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"Host IP","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host Name","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.name.keyword","customLabel":"OS","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.created","customLabel":"Date","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (663, 'Windows Event Log Service', '', '2025-01-07 19:57:08.197830', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@76f643ab', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_id","value":["6005","6006"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Event ID","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.name.keyword","customLabel":"OS","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.version.keyword","customLabel":"OS Version","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.created","customLabel":"Date","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.message.keyword","customLabel":"Message","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.level.keyword","customLabel":"Severity Level","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.log_name.keyword","customLabel":"Log Name","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"IP","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.mac.keyword","customLabel":"MAC","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (664, 'Event Log Service Count by Event', '', '2025-01-07 20:00:30.631430', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@6e65f60b', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-1y","now"]},{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_id","value":["6005","6006"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_id","customLabel":"Event ID","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (728, 'Windows Kerberos Service Ticket by Encryption Type', '', '2025-01-16 21:12:59.045329', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@1138e12a', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4769"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.TicketEncryptionType.keyword","customLabel":"Ticket Encryption Type","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (797, 'Linux Activity', '', '2025-02-21 01:09:00.521753', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@24f6b75c', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]}]', 39, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.linux.host.name.keyword","customLabel":"Host Name","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.linux.host.ip.keyword","customLabel":"IP","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.linux.host.os.name.keyword","customLabel":"OS","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.linux.host.os.version.keyword","customLabel":"OS Version","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.linux.event.module.keyword","customLabel":"Event Module","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.linux.agent.name.keyword","customLabel":"Agent Name","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.linux.agent.version.keyword","customLabel":"Agent Version","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"dataType.keyword","customLabel":"Data Type","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"deviceTime","customLabel":"Device Time","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"id.keyword","customLabel":"Event ID","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (798, 'Linux Activity by OS', '', '2025-02-21 01:13:02.455863', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@579fdcba', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]}]', 39, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.linux.host.os.name.keyword","customLabel":"OS Name","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (589, 'Windows Process Distribution of Protected Object Permission Change', '', '2024-12-28 01:15:22.714858', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@14d0c690', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":10,"label":{"fontSize":10},"data":[]},"itemStyle":{"normal":{"areaStyle":{"type":"mint","normal":{"opacity":0.25}}}}}],"series":[]}', 'AREA_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4670"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Process Distribution"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.ProcessName.keyword","customLabel":"Process Name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ProcessName.keyword","customLabel":"","terms":{"sortBy":"_count","asc":true,"size":20}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (590, 'Windows Access to shared resource', '', '2024-12-28 01:58:09.637436', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@1c414e3d', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"5145"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.action.keyword","customLabel":"Action","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Server","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"User","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.IpAddress.keyword","customLabel":"Source IP","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ShareName.keyword","customLabel":"Shared resource","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.RelativeTargetName.keyword","customLabel":"Target Name","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (730, 'Windows Application of Group Policies Errors by Domain Controller', '', '2025-01-16 21:37:28.206618', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@5ac7813e', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"1058"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.DCName.keyword","customLabel":"Domain Controller","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (591, 'Windows Accesses by share type', '', '2024-12-28 02:08:06.898816', '2024-12-28 02:08:39.334600', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@604f47b7', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"yAxis":{"name":null,"type":"value","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"name":null,"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{"top":null,"right":null,"left":null,"bottom":null},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","padding":null,"textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"width":null,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"},"left":null,"top":null,"right":null,"bottom":null},"seriesOption":[{"metricId":"1","name":"","type":"line","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]},"markLine":null,"itemStyle":{"normal":{"areaStyle":{"type":"mint","normal":{"opacity":0.25}}}}}]}', 'AREA_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"5145"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":"Access to shared resource"}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.ShareName.keyword","customLabel":"Share","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (800, 'Firewall Activity by Data Source', '', '2025-02-21 02:35:52.974569', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@375b7f38', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]}]', 14, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"dataSource.keyword","customLabel":"Data Source","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (605, 'Windows Kerberos ticket requests', '', '2025-01-02 02:52:34.047468', '2025-01-02 03:07:52.126071', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@35c28a6b', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_id","value":["4768","4769","4771"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Event ID","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"User","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetDomainName.keyword","customLabel":"Domain","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.IpAddress.keyword","customLabel":"Client IP","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.PreAuthType.keyword","customLabel":" Pre-Authentication","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TicketEncryptionType.keyword","customLabel":"Ticket Encryption","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ServiceName.keyword","customLabel":"Service Name","subBucket":{"id":"1012","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ServiceSid.keyword","customLabel":"Service SID","subBucket":{"id":"1013","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetSid.keyword","customLabel":"Target SID","subBucket":{"id":"1014","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event","subBucket":{"id":"1015","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.beat.hostname.keyword","customLabel":"Host","subBucket":{"id":"1016","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (592, 'Windows Account locks', '', '2024-12-30 17:49:17.581407', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@5ab7f71f', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4740"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Blocked user","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetSid.keyword","customLabel":"User Security ID","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":"Domain","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserSid.keyword","customLabel":"Executor user","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"Host IP Address","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.name.keyword","customLabel":"Host Operating System","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (731, 'Windows Created and Terminated Processes', '', '2025-01-16 22:31:05.560934', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@5f16f8d8', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_id","value":["4689","4688"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Event Code","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"User","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.beat.hostname.keyword","customLabel":"Host Name","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"IP","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (606, 'Windows Kerberos ticket requests by Outcome', '', '2025-01-02 03:02:03.112637', '2025-01-02 03:08:26.925703', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@5918accf', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"yAxis":{"name":null,"type":"value","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"name":null,"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{"top":null,"right":null,"left":null,"bottom":null},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","padding":null,"textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"width":null,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"},"left":null,"top":null,"right":null,"bottom":null},"seriesOption":[{"metricId":"1","name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]},"markLine":null,"itemStyle":null}]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_id","value":["4768","4769","4771"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event.outcome.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (666, 'Windows Password Reset Attempts by Target User', '', '2025-01-07 21:53:53.922409', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@a19004e', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4724"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Target User","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (801, 'O365 Activity', '', '2025-02-21 03:14:24.963208', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@45401cd6', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.UserKey.keyword","customLabel":"User Key","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.Operation.keyword","customLabel":"Operation","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.ClientIPAddress.keyword","customLabel":"Client IP","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.MailboxOwnerUPN.keyword","customLabel":"Mail Box","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.ResultStatus.keyword","customLabel":"Result Status","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.ExternalAccess","customLabel":"External Access","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.tenant.keyword","customLabel":"Tenant","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (732, 'Windows Created and Terminated Processes by Process', '', '2025-01-16 22:33:06.240422', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@39503eee', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_id","value":["4688","4689"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_id","customLabel":"Event","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (593, 'Windows Successful Account Locks Over Time', '', '2024-12-30 18:40:13.223703', '2024-12-30 18:52:44.260842', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@3fc10b69', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"yAxis":{"name":null,"type":"value","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"name":null,"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{"top":null,"right":null,"left":null,"bottom":null},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","padding":null,"textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"width":null,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"},"left":null,"top":null,"right":null,"bottom":null},"seriesOption":[{"metricId":"1","name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]},"markLine":null,"itemStyle":null}]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4740"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event.outcome.keyword","customLabel":"","subBucket":{"id":"1001","aggregation":"DATE_HISTOGRAM","type":"BUCKET","field":"@timestamp","customLabel":"","dateHistogram":{"interval":"Week"}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (607, 'Windows Process Creation', '', '2025-01-02 03:18:14.285696', '2025-01-02 03:18:36.665062', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@6f55c5d0', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4688"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.NewProcessName.keyword","customLabel":" Created Process","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ParentProcessName.keyword","customLabel":"Parent Process","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"User","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TokenElevationType.keyword","customLabel":"Elevation of Privileges","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Event ID","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (667, 'Windows Connection blocked by Windows Firewall', '', '2025-01-08 01:10:26.802197', '2025-01-08 03:30:48.591241', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@503a26a9', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"5158"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.Application.keyword","customLabel":"Application Name","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SourceAddress.keyword","customLabel":"Source Address","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SourcePort.keyword","customLabel":"Source Port","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.Protocol.keyword","customLabel":"Protocol","subBucket":{"id":"1012","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ProcessId.keyword","customLabel":"Process ID","subBucket":{"id":"1013","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.LayerName.keyword","customLabel":"Layer Name","subBucket":{"id":"1014","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host Name","subBucket":{"id":"1015","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.level.keyword","customLabel":"Severity","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (689, 'O365 SharePoint Group Membership Additions', '', '2025-01-09 21:30:02.998059', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@5d52cfb3', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-1y","now"]},{"operator":"IS","field":"logx.o365.Operation.keyword","value":"AddedToGroup"},{"operator":"IS","field":"logx.o365.Workload.keyword","value":"OneDrive"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.TargetUserOrGroupName.keyword","customLabel":"Target User/Group Name","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.TargetUserOrGroupType.keyword","customLabel":"Target User/Group Type","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.ObjectId.keyword","customLabel":"Object ID","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.SiteUrl.keyword","customLabel":"Site URL","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.UserId.keyword","customLabel":"User ID","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.CorrelationId.keyword","customLabel":"Correlation ID","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (594, 'Windows Access to critical files or specific directories', '', '2024-12-30 19:15:27.440788', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@2a9bf02a', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4663"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.action.keyword","customLabel":"Action","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ObjectName.keyword","customLabel":"Object Name","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ProcessName.keyword","customLabel":"Process Name","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Subject User Name","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (608, 'Windows Process Creation By Parent Process', '', '2025-01-02 03:23:54.576180', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@76d0e939', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4688"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.ParentProcessName.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (668, 'Windows Connection blocked by Application', '', '2025-01-08 01:22:30.911722', '2025-01-08 03:29:19.649181', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@2a0b9ce4', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"yAxis":{"name":null,"type":"value","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"name":null,"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{"top":null,"right":null,"left":null,"bottom":null},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","padding":null,"textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"width":null,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"},"left":null,"top":null,"right":null,"bottom":null},"seriesOption":[{"metricId":"1","name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]},"markLine":null,"itemStyle":null}]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"5158"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.Application.keyword","customLabel":"Application","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (690, 'O365 SharePoint Group Membership Additions by Group', '', '2025-01-09 21:45:58.325200', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@1e995a3c', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-1y","now"]},{"operator":"IS","field":"logx.o365.Operation.keyword","value":"AddedToGroup"},{"operator":"IS","field":"logx.o365.Workload.keyword","value":"OneDrive"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.o365.TargetUserOrGroupType.keyword","customLabel":"Group","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (733, 'Windows Firewall Exception List Changed', '', '2025-01-17 00:52:42.980267', '2025-01-17 02:29:23.371472', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@7ce256a2', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4946"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.code.keyword","customLabel":"Event ID","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"IP","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.mac.keyword","customLabel":"MAC Address","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.name.keyword","customLabel":"OS","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ProfileChanged.keyword","customLabel":"Profile Changed","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.RuleId.keyword","customLabel":"Rule ID","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.RuleName.keyword","customLabel":"Rule Name","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (595, 'Windows Distribution of access results to critical files or specific directories', '', '2024-12-30 19:21:19.585556', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@2ad9f5b3', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4663"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (609, 'Windows Access to Shared Resources', '', '2025-01-02 04:35:24.287117', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@43b1a128', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_id","value":["5140","5145"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"User Name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":"Domain","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserSid.keyword","customLabel":"User SID","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectLogonId.keyword","customLabel":"Login ID","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.IpAddress.keyword","customLabel":"Source IP","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ShareName.keyword","customLabel":" Accessed resource","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.AccessMask.keyword","customLabel":"Access Mask","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.code.keyword","customLabel":"Event ID","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (610, 'Windows Access to Shared Resources by Resource', '', '2025-01-02 04:41:15.769728', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@6fe823dd', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"name":" Accessed resource","type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_id","value":["5140","5145"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.ShareName.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (669, 'Windows Event Logging Service Shut Down', '', '2025-01-08 03:28:53.628830', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@53c6a88f', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"1100"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host Name","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.name.keyword","customLabel":"Host OS","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.message.keyword","customLabel":"Message","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.level.keyword","customLabel":"Severity Level","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.log_name.keyword","customLabel":"Log Name","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (734, 'Windows Firewall Exception List Changed by Day', '', '2025-01-17 01:00:19.681311', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@23367eee', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4946"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"@timestamp","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":20}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (802, 'O365 Activity by Operation', '', '2025-02-21 03:17:28.166356', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@a692aa2', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.o365.Operation.keyword","customLabel":"Operation","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (735, 'Windows Privilege Escalation Alerts', '', '2025-01-20 23:45:05.766571', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@482d8645', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS_ONE_OF","field":"tactic","value":["Account Manipulation","Domain Policy Modification","Impair Defenses","Account Access Removal"]}]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"name.keyword","customLabel":"Name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"severityLabel.keyword","customLabel":"Severity","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"category.keyword","customLabel":"Category","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"tactic.keyword","customLabel":"Tactic","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"statusObservation.keyword","customLabel":"Status","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (596, 'Windows Special privileges assigned to new logon', 'Windows Special privileges assigned to new logon', '2024-12-30 20:12:54.530663', '2024-12-30 20:21:06.567218', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@37b9b255', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4672"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.activity_id.keyword","customLabel":"Activity ID","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.code.keyword","customLabel":" Event Result","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"User name","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":" User Domain","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectLogonId.keyword","customLabel":" Logon ID","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.PrivilegeList.keyword","customLabel":" Assigned Privileges","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host name","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"Host IP","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.name.keyword","customLabel":" Operating System","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.process_id","customLabel":"Process ID","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.source_name.keyword","customLabel":"Source Name","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (611, 'Windows Use of Elevated Privileges', '', '2025-01-02 05:00:51.960516', '2025-01-02 05:04:30.701493', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@6a5aae48', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_id","value":["4673","4674"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"User","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":"Domain","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserSid.keyword","customLabel":"User SID","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectLogonId.keyword","customLabel":"Logon ID","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.PrivilegeList.keyword","customLabel":"Privilege","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ProcessName.keyword","customLabel":"Process","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ProcessID.keyword","customLabel":"Process ID","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ObjectServer.keyword","customLabel":"Object Server","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.code.keyword","customLabel":"Event Code","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (670, 'Windows Event Logging Service Shutdowns - Count by Host', '', '2025-01-08 03:40:08.611287', '2025-01-08 03:50:30.906274', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@3c57e27a', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"grid":{"top":null,"right":null,"left":null,"bottom":null}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"1100"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.host.name.keyword","customLabel":"Host","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (692, 'O365 File Accessed by Object', '', '2025-01-09 22:49:51.051769', '2025-01-10 00:10:19.239998', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@1798e29d', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS_ONE_OF","field":"logx.o365.Operation.keyword","value":["FileAccessed","FileAccessedExtended"]}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.o365.ObjectId.keyword","customLabel":"Object","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (612, 'Windows Use of Elevated Privileges by Outcome', '', '2025-01-02 05:03:52.791789', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@53b9fbc9', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_id","value":["4673","4674"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event.outcome.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (671, 'Windows Credential Access', '', '2025-01-08 04:21:38.056838', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@727219e4', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"5379"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.created","customLabel":"Date","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"User Account","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":"Domain","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetName.keyword","customLabel":"Target Credential","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ReadOperation.keyword","customLabel":"Read Operation","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ClientProcessId.keyword","customLabel":"Process ID","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Machine Name","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.version.keyword","customLabel":"OS Version","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserSid.keyword","customLabel":"Security ID","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (691, 'O365 File Accessed', '', '2025-01-09 22:46:49.162334', '2025-01-10 00:09:13.781094', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@3084f9b8', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS_ONE_OF","field":"logx.o365.Operation.keyword","value":["FileAccessed","FileAccessedExtended"]}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.UserId.keyword","customLabel":"User ID","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.ObjectId.keyword","customLabel":"Object ID","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.SourceFileName.keyword","customLabel":"Source File Name","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.ClientIP.keyword","customLabel":"Client IP","subBucket":{"id":"1012","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.SiteUrl.keyword","customLabel":"Site Url","subBucket":{"id":"1013","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.UserAgent.keyword","customLabel":"User Agent","subBucket":{"id":"1014","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.Operation.keyword","customLabel":"Operation","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (736, 'Windows Privilege Escalation Alerts by Tactic', '', '2025-01-20 23:47:31.921690', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@35ef78ec', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS_ONE_OF","field":"tactic","value":["Account Manipulation","Domain Policy Modification","Impair Defenses","Account Access Removal"]}]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"tactic.keyword","customLabel":"Tactic","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (672, 'Windows Credential Access by Domain', '', '2025-01-08 04:35:38.171004', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@4eff4e67', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"5379"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":"Subject Domain","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (693, 'O365 Security Role Update', '', '2025-01-10 01:54:01.216498', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@3962708c', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-1y","now"]},{"operator":"IS","field":"logx.o365.Operation","value":"SecurityRoleUpdated"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"id.keyword","customLabel":"ID","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.OrganizationId.keyword","customLabel":"Organization ID","subBucket":{"id":"1013","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.ResultStatus.keyword","customLabel":"Result Status","subBucket":{"id":"1014","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.UserId.keyword","customLabel":"User ID","subBucket":{"id":"1015","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.Workload.keyword","customLabel":"Workload","subBucket":{"id":"1016","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (737, 'Windows Defender Action Against Detected Threat', '', '2025-01-21 01:56:16.098245', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@ded9111', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_id","value":["2001","2003","3002"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"computer_name.keyword","customLabel":"Computer Name","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.code.keyword","customLabel":"Event ID","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.action.keyword","customLabel":"Action","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.provider.keyword","customLabel":"Provider","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"IP","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.level.keyword","customLabel":"Level","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.message.keyword","customLabel":"Message","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (804, 'AWS Activity by User IAM', '', '2025-02-24 23:55:41.117798', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@6fba8adc', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-7y","now"]}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.aws.userIdentity.userName.keyword","customLabel":"User IAM","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (614, 'Windows Changes to Defender settings by Host', '', '2025-01-02 05:46:09.830496', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@3323a70', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"5007"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"logx.wineventlog.process_id","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.host.ip.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (615, 'Windows PowerShell Script Block Registration', '', '2025-01-02 06:11:54.784374', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@35778dd9', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4103"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.message.keyword","customLabel":"Event Message","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ContextInfo.keyword","customLabel":" Application/Process executed","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"Host IP","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.mac.keyword","customLabel":"Host MAC","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host Name","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.level.keyword","customLabel":"Level","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.user.name.keyword","customLabel":"Connected User","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.process_id","customLabel":"Process ID","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (738, 'Windows Defender Action Against Detected Threat by Event', '', '2025-01-21 01:58:26.931524', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@68e90d3a', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_id","value":["2001","2003","3002"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_id","customLabel":"Event","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (673, 'Windows Additions to Security Groups', '', '2025-01-08 16:50:11.751832', '2025-01-08 19:39:07.389307', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@409dd3d0', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4728"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.action.keyword","customLabel":"Action","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.created","customLabel":"Date","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Affected Group","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetDomainName.keyword","customLabel":"Group Domain","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetSid.keyword","customLabel":"Group SID","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.MemberName.keyword","customLabel":"Member SID","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Subject User","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserSid.keyword","customLabel":"Subject User SID","subBucket":{"id":"1012","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":"Subject Domain","subBucket":{"id":"1013","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectLogonId.keyword","customLabel":"Subject Logon ID","subBucket":{"id":"1014","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host","subBucket":{"id":"1015","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.name.keyword","customLabel":"OS","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (674, 'Windows Additions to Security Groups by Group', '', '2025-01-08 17:02:35.293130', '2025-01-08 19:39:23.707570', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@9d00a03', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"yAxis":{"name":null,"type":"value","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"name":null,"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{"top":null,"right":null,"left":null,"bottom":null},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","padding":null,"textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"width":null,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"},"left":null,"top":null,"right":null,"bottom":null},"seriesOption":[{"metricId":"1","name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]},"markLine":null,"itemStyle":null}]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4728"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Affected Group","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (694, 'O365 Security Role Update By Workload', '', '2025-01-10 01:55:33.328987', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@5862486f', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-1y","now"]},{"operator":"IS","field":"logx.o365.Operation","value":"SecurityRoleUpdated"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.o365.Workload.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (616, 'Windows PowerShell Script Block Registration by Host', '', '2025-01-02 06:15:31.025940', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@d06b88d', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4103"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.host.name.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (803, 'AWS Activity', '', '2025-02-24 23:52:56.218218', '2025-02-24 23:56:10.792019', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@15b2cd34', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"dataSource.keyword","customLabel":"Data Source","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"host.keyword","customLabel":"Host","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventID.keyword","customLabel":"Event ID","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.awsRegion.keyword","customLabel":"AWS Region","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventName.keyword","customLabel":"Event Name","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventSource.keyword","customLabel":"Event Source","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.sourceIPAddress.keyword","customLabel":"Source IP","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.userIdentity.userName.keyword","customLabel":"User IAM","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.requestParameters.logGroupName.keyword","customLabel":"Log Group Name","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (675, 'Windows Security Group Member Removal', '', '2025-01-08 17:35:46.606435', '2025-01-08 19:37:27.014645', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@4b83d489', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-1y","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4729"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Subject Account","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Group Name","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.MemberSid.keyword","customLabel":"Removed Member Security ID","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.MemberName.keyword","customLabel":"Removed Member Name","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host Name","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"Host IP","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (676, 'Windows Security Group Member Removal by Group', '', '2025-01-08 17:35:46.606947', '2025-01-08 19:38:02.311509', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@3e3ee78f', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"grid":{"top":null,"right":null,"left":null,"bottom":null}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-1y","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4729"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Group","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (695, 'O365 Sharing Link Operation', '', '2025-01-10 03:38:36.817137', '2025-01-10 03:39:07.456072', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@4b1c780f', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-1y","now"]},{"operator":"IS","field":"logx.o365.Operation","value":"AddedToSharingLink"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"id.keyword","customLabel":"ID","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.Operation.keyword","customLabel":"Operation","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.ApplicationDisplayName.keyword","customLabel":"App Name","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.ClientIP.keyword","customLabel":"Client IP","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.ItemType.keyword","customLabel":"Item Type","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.Permission.keyword","customLabel":"Permission","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.TargetUserOrGroupName.keyword","customLabel":"Target User","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.SharingLinkScope.keyword","customLabel":"Sharing Link Scope","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.UniqueSharingId.keyword","customLabel":"Unique Sharing Id","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.UserId.keyword","customLabel":"User Id","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.Workload.keyword","customLabel":"Workload","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (617, 'Windows PowerShell Remote Session Creation', '', '2025-01-02 06:44:38.021624', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@16c9947e', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4105"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.action.keyword","customLabel":"Event Action","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.user.name.keyword","customLabel":"User","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.user.domain.keyword","customLabel":"User Domain","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host Name","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"Host IP","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ScriptBlockId.keyword","customLabel":" ScriptBlock ID","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.RunspaceId.keyword","customLabel":"Runspace ID","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.created","customLabel":"Date","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (678, 'Windows Creation of Security-Enabled Local Group by Group', '', '2025-01-08 19:35:36.523230', null, 'elopez', null, null, '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-1y","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4731"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Group","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (696, 'O365 Sharing Link Operation by Client', '', '2025-01-10 03:41:28.754355', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@409ee2fa', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-1y","now"]},{"operator":"IS","field":"logx.o365.Operation","value":"AddedToSharingLink"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.o365.ClientIP.keyword","customLabel":"IP","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (677, 'Windows Creation of Security-Enabled Local Group', '', '2025-01-08 19:35:36.522781', '2025-01-25 03:00:55.877778', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@16c25496', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-1y","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4731"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Subject User","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":"Subject Domain","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserSid.keyword","customLabel":"Subject User SID","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Target Group","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetDomainName.keyword","customLabel":"Target Domain","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetSid.keyword","customLabel":"Target SID","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SamAccountName.keyword","customLabel":"SAM Account Name","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.PrivilegeList.keyword","customLabel":"Privileges","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"IP Address","subBucket":{"id":"1012","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.mac.keyword","customLabel":"MAC Address","subBucket":{"id":"1013","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.version.keyword","customLabel":"OS Version","subBucket":{"id":"1014","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.process_id","customLabel":"Process ID","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (618, 'Windows PowerShell Remote Session Creation by Host', '', '2025-01-02 06:51:25.437561', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@45ef1a53', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"name":"Remote Sessions","type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"name":"Host","type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4105"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.host.name.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (679, 'Windows Security enabled local group change', '', '2025-01-08 20:01:13.393416', null, 'elopez', null, null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-1y","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4735"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"User","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserSid.keyword","customLabel":"User SID","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":"Domain","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Group Name","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetSid.keyword","customLabel":"Group SID","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetDomainName.keyword","customLabel":"Target Domain","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectLogonId.keyword","customLabel":"Subject Logon ID","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"IP Address","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host Name","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.name.keyword","customLabel":"OS","subBucket":{"id":"1012","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1013","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.action.keyword","customLabel":"Action","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (680, 'Windows Security enabled local group change by User', '', '2025-01-08 20:01:13.393939', null, 'elopez', null, null, '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-1y","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4735"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"User","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (739, 'Windows Connections and Port Assignments', '', '2025-01-24 00:39:53.805236', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@27411673', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_id","value":["5156","5158"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host Name","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Event ID","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ProcessId.keyword","customLabel":"Process ID","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.Application.keyword","customLabel":"Application","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SourcePort.keyword","customLabel":"Source Port","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.Protocol.keyword","customLabel":"Protocol","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.FilterRTID.keyword","customLabel":"Filter Run-Time ID","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.LayerName.keyword","customLabel":"Layer Name","subBucket":{"id":"1012","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.level.keyword","customLabel":"Log Level","subBucket":{"id":"1013","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.record_number","customLabel":"Record Number","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (697, 'O365 Secure Link Operation', '', '2025-01-10 04:04:41.547300', '2025-01-10 04:05:29.857236', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@774aa2bd', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-1y","now"]},{"operator":"IS","field":"logx.o365.Operation","value":"AddedToSecureLink"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.Operation.keyword","customLabel":"Operation","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.SourceFileName.keyword","customLabel":"SourceFileName","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.ObjectId.keyword","customLabel":"Object ID","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.TargetUserOrGroupName.keyword","customLabel":"Target User/Group Name","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.TargetUserOrGroupType.keyword","customLabel":"Target User/Group Type","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.ClientIP.keyword","customLabel":"Client IP","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.UserAgent.keyword","customLabel":"User Agent","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.SiteUrl.keyword","customLabel":"Site Url","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.GeoLocation.keyword","customLabel":"Geo Location","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.ApplicationDisplayName.keyword","customLabel":"Application Name","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.UniqueSharingId.keyword","customLabel":"Unique Sharing ID","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (805, 'Azure Activity', '', '2025-02-25 00:27:04.985236', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@6ec1ee75', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]}]', 11, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.azure.submissionTimestamp","customLabel":"Date","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.azure.eventDataId.keyword","customLabel":"Event ID","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.azure.eventName.localizedValue.keyword","customLabel":"Event Name","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.azure.operationName.localizedValue.keyword","customLabel":"Operation","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.azure.caller.keyword","customLabel":"User","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.azure.claims.ipaddr.keyword","customLabel":"IP","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.azure.resourceId.keyword","customLabel":"Affected Resource","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.azure.resourceGroupName.keyword","customLabel":" Resource Group","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.azure.resourceProviderName.localizedValue.keyword","customLabel":"Resource Provider","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.azure.status.localizedValue.keyword","customLabel":"Status","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.azure.category.localizedValue.keyword","customLabel":"Cateogory","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.azure.subscriptionId.keyword","customLabel":"Subscription ID","subBucket":{"id":"1012","aggregation":"TERMS","type":"BUCKET","field":"logx.azure.correlationId.keyword","customLabel":" Correlation ID","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (806, 'Azure Activity by Category', '', '2025-02-25 00:28:27.433805', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@1b31f190', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]}]', 11, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.azure.category.localizedValue.keyword","customLabel":"Category","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (619, 'Windows Installation of Services', '', '2025-01-02 07:13:27.819817', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@44107a51', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"7045"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Event Code","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ServiceName.keyword","customLabel":"Service Name","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ImagePath.keyword","customLabel":"Service File Path","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ServiceType.keyword","customLabel":"Service Type","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.StartType.keyword","customLabel":"Service Start Type","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host Name","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.name.keyword","customLabel":"Host OS Name","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.version.keyword","customLabel":"Host OS Version","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"Host IP Address","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.user.name.keyword","customLabel":"User Account Name","subBucket":{"id":"1012","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.level.keyword","customLabel":"Event Level","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (620, 'Windows Installation of Services by Services', '', '2025-01-02 07:16:58.828894', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@7ab1e172', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"yAxis":{"name":null,"type":"value","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"name":"Service Name","type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{"top":null,"right":null,"left":null,"bottom":null},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","padding":null,"textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"width":null,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"},"left":null,"top":null,"right":null,"bottom":null},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]},"markLine":null,"itemStyle":null}]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"7045"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.ServiceName.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (682, 'Windows Member Addition to a Security Local Group by Group', '', '2025-01-08 20:22:51.868874', null, 'elopez', null, null, '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4732"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Group","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (698, 'O365 Secure Link Operation by Client', '', '2025-01-10 04:06:56.769137', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@6676669c', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-1y","now"]},{"operator":"IS","field":"logx.o365.Operation","value":"AddedToSecureLink"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.o365.ClientIP.keyword","customLabel":"IP","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (740, 'Windows Connections and Port Assignments by Process', '', '2025-01-24 00:43:07.898738', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@2b28fae3', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_id","value":["5156","5158"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_id","customLabel":"Event","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (807, 'Windows Unexpected System Reboot', '', '2025-02-25 02:20:39.822233', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@29b74d66', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"41"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Event ID","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Hostname","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.version.keyword","customLabel":"OS Version","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.provider.keyword","customLabel":"Provider","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.action.keyword","customLabel":"Action","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.BootAppStatus.keyword","customLabel":"Boot App Status","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.user.name.keyword","customLabel":"User","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (621, 'Windows Restoration of default security policies', '', '2025-01-02 08:17:50.783826', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@8a0c135', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4907"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.action.keyword","customLabel":"Action","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.code.keyword","customLabel":"Event Code","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.provider.keyword","customLabel":"Provider","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ObjectName.keyword","customLabel":"Object","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.NewSd.keyword","customLabel":"New Descriptor","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ProcessName.keyword","customLabel":"Process","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ProcessId.keyword","customLabel":"Process ID","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"User Name","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.created","customLabel":"Date","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (683, 'Windows Local Security Group Member Removal', '', '2025-01-08 20:54:57.237367', '2025-01-08 20:46:35.218766', 'elopez', 'fsclient', null, '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4733"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Subject User","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserSid.keyword","customLabel":"Subject User SID","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Target Group","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetSid.keyword","customLabel":"Target Group SID","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.created","customLabel":"Date","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (684, 'Windows Local Security Group Member Removal by Group', '', '2025-01-08 20:54:57.237775', null, 'elopez', null, null, '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4733"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Target Group","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (699, 'O365 Delegated Permission Grant', '', '2025-01-10 04:45:08.082924', '2025-01-10 04:45:45.423811', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@2553b726', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-1y","now"]},{"operator":"IS","field":"logx.o365.Operation","value":"Add delegated permission grant"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.Operation.keyword","customLabel":"Operation","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.ResultStatus.keyword","customLabel":"Result Status","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.ActorContextId.keyword","customLabel":"Actor Context ID","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.UserId.keyword","customLabel":"User ID","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.Workload.keyword","customLabel":"Workload","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (700, 'O365 Delegated Permission Grant Distribution', '', '2025-01-10 04:47:55.625228', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@5c151c95', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-1y","now"]},{"operator":"IS","field":"logx.o365.Operation","value":"Add delegated permission grant"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"@timestamp","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (741, 'Windows User Account Logoff', '', '2025-01-24 03:38:11.584595', '2025-01-24 03:51:50.702366', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@7cca4089', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4647"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Event ID","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"User","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetDomainName.keyword","customLabel":"Domain","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetLogonId.keyword","customLabel":"Logon ID","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.Outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"IP","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.created","customLabel":"Date","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (622, 'Windows Restoration of default security policies by outcome', '', '2025-01-02 08:21:27.761660', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@fdf2ca9', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4907"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event.outcome.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (685, 'Windows Registry Value Modification by Process', '', '2025-01-08 21:24:00.387390', '2025-01-08 21:20:38.963264', 'elopez', 'fsclient', null, '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"name":"Process","type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":"1","name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4657"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.ProcessName.keyword","customLabel":"Process","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (742, 'Windows Account Logoff by User', '', '2025-01-24 03:41:09.852198', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@ce79d52', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-90d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4647"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"User","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (701, 'O365 File Access and Activity', '', '2025-01-10 05:16:40.914599', '2025-01-10 05:34:43.125239', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@ff4f354', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-1y","now"]},{"operator":"IS","field":"logx.o365.Operation","value":"FileTranscriptContentAccessed"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.Operation.keyword","customLabel":"Operation","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.ApplicationDisplayName.keyword","customLabel":"Application Display Name","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.AuthenticationType.keyword","customLabel":"Authentication Type","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.BrowserName.keyword","customLabel":"Browser Name","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.ClientIP.keyword","customLabel":"Client IP","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.DeviceDisplayName.keyword","customLabel":"Device Display Name","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.ItemType.keyword","customLabel":"Item Type","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.SourceFileName.keyword","customLabel":"Source File Name","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.SourceFileExtension.keyword","customLabel":"Source File Extension","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.UserId.keyword","customLabel":"User ID","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.SiteUrl.keyword","customLabel":"Site Url","subBucket":{"id":"1012","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.Platform.keyword","customLabel":"Platform","subBucket":{"id":"1013","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.CorrelationId.keyword","customLabel":"Correlation ID","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (686, 'Windows Registry Value Modification', '', '2025-01-08 21:24:00.388046', '2025-01-25 03:55:56.341789', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@71374308', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4657"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Subject Account","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":"Subject Domain","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ObjectName.keyword","customLabel":"Object Name","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ObjectValueName.keyword","customLabel":"Object Value Name","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.OperationType.keyword","customLabel":"Operation Type","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ProcessName.keyword","customLabel":"Process Name","subBucket":{"id":"1012","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.OldValueType.keyword","customLabel":"Old Value Type","subBucket":{"id":"1013","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.NewValueType.keyword","customLabel":"New Value Type","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (623, 'Windows Audit Policy Change', '', '2025-01-02 16:31:20.473172', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@1a5b3c7e', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4902"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.agent.id.keyword","customLabel":"Agent ID","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.agent.type.keyword","customLabel":"Agent Type","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.beat.hostname.keyword","customLabel":"Host Name","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.beat.version.keyword","customLabel":"Agent version","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.action.keyword","customLabel":"Event Action","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.provider.keyword","customLabel":"Event Provider","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"Host IP","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.name.keyword","customLabel":"Host SO","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.log_name.keyword","customLabel":"Log Name","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (743, 'Windows Unexpected Logon Process Termination', '', '2025-01-24 05:07:45.913235', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@54986839', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4005"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Event ID","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.action.keyword","customLabel":"Event Action","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.provider.keyword","customLabel":"Event Provider","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host Name","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"Host IP","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.mac.keyword","customLabel":"Host MAC","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.name.keyword","customLabel":"OS Name","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.version.keyword","customLabel":"OS Version","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.level.keyword","customLabel":"Level","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.created","customLabel":"Event Created","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.log_name.keyword","customLabel":"Log Name","subBucket":{"id":"1012","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.code.keyword","customLabel":"Event Code","subBucket":{"id":"1013","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.keywords.keyword","customLabel":"Keywords","subBucket":{"id":"1015","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.opcode.keyword","customLabel":"Opcode","subBucket":{"id":"1016","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.provider_guid.keyword","customLabel":"Provider GUID","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (808, 'Windows Unexpected System Reboot by Host', '', '2025-02-25 02:54:09.750884', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@16b8d1c0', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"41"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.host.name.keyword","customLabel":"Host","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (687, 'Windows Service Control Manager Log Information', '', '2025-01-08 23:13:41.064086', '2025-01-08 23:14:00.412114', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@3ad69160', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"7030"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.activity_id.keyword","customLabel":"Activity ID","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.code.keyword","customLabel":"Event Code","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.level.keyword","customLabel":"Level","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.user.name.keyword","customLabel":"User","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"IP","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.name.keyword","customLabel":"OS","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.provider.keyword","customLabel":"Provider","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.created","customLabel":"Date","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.process_id","customLabel":"Process ID","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.thread_id","customLabel":"Thread ID","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (688, 'Windows Service Control Manager Log Information Distribution by Host ', '', '2025-01-08 23:13:41.064758', '2025-01-08 23:15:10.720029', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@21011a4f', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"grid":{"top":null,"right":null,"left":null,"bottom":null}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-1y","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"7030"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.host.name.keyword","customLabel":"Host","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (624, 'Windows Audit Policy Change by Outcome', '', '2025-01-02 16:33:42.018247', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@3c6d14e4', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4902"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event.outcome.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (744, 'Windows Unexpected Logon Process Termination by Host', '', '2025-01-24 05:10:55.979325', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@1a253d6f', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-3y","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4005"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.host.name.keyword","customLabel":"Host","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (704, 'O365 OneDrive File Download by Extension', '', '2025-01-10 06:01:55.816671', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@7de70f2a', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-1y","now"]},{"operator":"IS","field":"logx.o365.Operation","value":"FileDownloaded"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.o365.SourceFileExtension.keyword","customLabel":"Extension","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (703, 'O365 OneDrive File Download', '', '2025-01-10 05:47:33.955666', '2025-01-10 06:02:17.960179', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@1a52438f', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-1y","now"]},{"operator":"IS","field":"logx.o365.Operation","value":"FileDownloaded"}]', 12, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.AppAccessContext.ClientAppName.keyword","customLabel":"Client App Name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.CorrelationId.keyword","customLabel":"Correlation ID","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.AuthenticationType.keyword","customLabel":"Authentication Type","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.BrowserName.keyword","customLabel":"Browser Name","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.ClientIP.keyword","customLabel":"Client IP","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.DeviceDisplayName.keyword","customLabel":"Device Display Name","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.FileSizeBytes","customLabel":"File Size Bytes","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.Operation.keyword","customLabel":"Operation","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.SourceFileName.keyword","customLabel":"Source File Name","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.SourceFileExtension.keyword","customLabel":"Source File Extension","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.UserAgent.keyword","customLabel":"User Agent","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.UserId.keyword","customLabel":"User ID","subBucket":{"id":"1012","aggregation":"TERMS","type":"BUCKET","field":"logx.o365.Workload.keyword","customLabel":"Workload","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (809, 'Windows Scheduled System Shutdowns and Restarts', '', '2025-02-25 03:12:51.095376', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@79131d1e', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"1074"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Event ID","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"IP","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.mac.keyword","customLabel":"MAC","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.code.keyword","customLabel":"Event Code","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.provider.keyword","customLabel":"Provider","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.param4.keyword","customLabel":"Reason","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.param5.keyword","customLabel":"Power Action","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.level.keyword","customLabel":"Level","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (625, 'Windows User Accounts Enabled', '', '2025-01-02 17:11:25.750765', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@2aea59f5', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4722"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.action.keyword","customLabel":"Event Action","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host Name","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.name.keyword","customLabel":"Host OS","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Subject User","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":"Subject Domain","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Target User","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetDomainName.keyword","customLabel":"Target Domain","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.message.keyword","customLabel":"Message","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.created","customLabel":"Date","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (681, 'Windows Member Addition to a Security Local Group', '', '2025-01-08 20:22:51.868444', '2025-01-25 03:25:37.281529', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@65a19480', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4732"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.activity_id.keyword","customLabel":"Activity ID","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Event ID","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Subject User","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Target Group","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.MemberSid.keyword","customLabel":"Member Added","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"Host IP","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (626, 'Windows User Accounts Enabled by Target User', '', '2025-01-02 17:15:22.937355', '2025-01-03 04:19:58.562458', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@5900864', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"grid":{"top":null,"right":null,"left":null,"bottom":null}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4722"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Target User","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (810, 'Windows Scheduled System Shutdowns and Restarts by Type', '', '2025-02-25 03:14:44.917897', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@2855ffe2', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"1074"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.param5.keyword","customLabel":"Type","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (627, 'Windows User Password Reset Attempt', '', '2025-01-02 17:29:31.147659', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@4fb0a22a', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4723"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.created","customLabel":"Date","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host Name","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Subject User","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Target User","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (705, 'AWS DescribeLogStreams Logs', '', '2025-01-11 02:12:46.635830', '2025-01-11 04:19:45.995301', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@3ddcfe79', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.aws.eventName.keyword","value":"DescribeLogStreams"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventName.keyword","customLabel":"Event","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.awsRegion.keyword","customLabel":"AWS Region","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventSource.keyword","customLabel":"Event Source","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventID.keyword","customLabel":" Event ID","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventType.keyword","customLabel":"Event Type","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.userAgent.keyword","customLabel":"User Agent","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.requestID.keyword","customLabel":"Request ID","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (746, 'AWS Console Login by IP', '', '2025-01-25 22:41:24.050189', '2025-01-25 22:41:50.195018', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@5c788165', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"grid":{"top":null,"right":null,"left":null,"bottom":null}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.aws.eventName.keyword","value":"ConsoleLogin"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.aws.sourceIPAddress.keyword","customLabel":"IP Address","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (628, 'Windows User Password Reset Attempt by Outcome', '', '2025-01-02 17:34:53.086694', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@600e9f75', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4723"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event.outcome.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (706, 'AWS DescribeLogStreams Logs by Source', '', '2025-01-11 04:19:17.227810', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@4e7edaca', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.aws.eventName.keyword","value":"DescribeLogStreams"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.aws.eventSource.keyword","customLabel":"Event Source","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (748, 'AWS Role creation', '', '2025-01-25 22:41:24.050925', '2025-01-25 22:42:14.757316', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@187262ea', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.aws.eventName","value":"CreateRole"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.awsRegion.keyword","customLabel":"AWS Region","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventID.keyword","customLabel":"Event ID","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventName.keyword","customLabel":"Event Name","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.requestParameters.roleName.keyword","customLabel":"Role Name","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.userIdentity.principalId.keyword","customLabel":"Principal","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.sourceIPAddress.keyword","customLabel":"Source IP Address","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventTime","customLabel":"Date","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (629, 'Windows Cleaned Event Log', '', '2025-01-02 17:57:32.339097', '2025-01-02 18:12:58.665377', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@374a8000', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"1102"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.created","customLabel":"Date","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host Name","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.name.keyword","customLabel":"Host OS","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.param1.keyword","customLabel":"Additional Information","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.source_name.keyword","customLabel":"Source Name","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.log_name.keyword","customLabel":"Log Name","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.message.keyword","customLabel":"Message","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.level.keyword","customLabel":"Severity Level","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.provider.keyword","customLabel":"Provider","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (708, 'AWS PutObject Logs by Source IP', '', '2025-01-11 04:53:40.886816', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@7d9228f3', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.aws.eventName.keyword","value":"PutObject"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.aws.sourceIPAddress.keyword","customLabel":"Source IP","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (707, 'AWS PutObject Logs', '', '2025-01-11 04:50:08.070302', '2025-01-11 04:53:45.809421', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@8d602ba', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.aws.eventName.keyword","value":"PutObject"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventID.keyword","customLabel":"Event ID","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventTime","customLabel":"Event Time","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventName.keyword","customLabel":"Event Name","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.awsRegion.keyword","customLabel":"AWS Region","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.requestID.keyword","customLabel":"Request ID","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.requestParameters.bucketName.keyword","customLabel":"Bucket Name","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.requestParameters.key.keyword","customLabel":"Object Key","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.additionalEventData.bytesTransferredIn","customLabel":"Bytes Transferred In","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.responseElements.x-amz-server-side-encryption.keyword","customLabel":"Encryption","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.sourceIPAddress.keyword","customLabel":"Source IP","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (750, 'AWS Role creation by Role', '', '2025-01-25 22:41:24.051521', '2025-01-25 22:42:37.873478', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@4035941d', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"grid":{"top":null,"right":null,"left":null,"bottom":null}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.aws.eventName","value":"CreateRole"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.aws.requestParameters.roleName.keyword","customLabel":"Role Name","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (630, 'Windows Cleaned Event Log by Source', '', '2025-01-02 18:12:27.365936', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@2a378365', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"1102"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.source_name.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (751, 'AWS Attach Role Policy', '', '2025-01-25 22:41:24.051766', '2025-01-25 22:42:51.397741', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@5881bc50', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.aws.eventName","value":"AttachRolePolicy"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.awsRegion.keyword","customLabel":"AWS Region","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventID.keyword","customLabel":"Event ID","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventName.keyword","customLabel":"Event Name","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.requestParameters.roleName.keyword","customLabel":"Role Name","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.requestParameters.policyArn.keyword","customLabel":"Policy ARN","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.sourceIPAddress.keyword","customLabel":"Source IP Address","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventTime","customLabel":"Date","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.userIdentity.arn.keyword","customLabel":"User Identity ARN","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.userIdentity.sessionContext.sessionIssuer.userName.keyword","customLabel":"User Name","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.userIdentity.accessKeyId.keyword","customLabel":"Access Key ID","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.userIdentity.sessionContext.attributes.mfaAuthenticated.keyword","customLabel":"Session Context MFA","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (631, 'Windows Filtering Platform', '', '2025-01-02 18:45:23.912121', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@5d042aca', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"5158"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.action.keyword","customLabel":"Action","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.Application.keyword","customLabel":"Application","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ProcessId.keyword","customLabel":"Process ID","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.Protocol.keyword","customLabel":"Protocol","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SourceAddress.keyword","customLabel":"Source Address","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SourcePort.keyword","customLabel":"Source Port","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.LayerName.keyword","customLabel":"Layer Name","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (710, 'AWS GetBucketAcl Logs by Region', '', '2025-01-11 05:20:17.890655', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@27917d89', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.aws.eventName.keyword","value":"GetBucketAcl"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.aws.awsRegion.keyword","customLabel":"Region","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (745, 'AWS Console Login', '', '2025-01-25 22:41:24.049500', '2025-01-25 22:41:37.529337', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@7940c295', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.aws.eventName","value":"ConsoleLogin"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventName.keyword","customLabel":"Event Name","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.responseElements.ConsoleLogin.keyword","customLabel":"Outcome","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.sourceIPAddress.keyword","customLabel":"IP","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.userIdentity.arn.keyword","customLabel":"User ARN","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.awsRegion.keyword","customLabel":"Region","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.userIdentity.sessionContext.attributes.mfaAuthenticated.keyword","customLabel":"Multi-factor authentication","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (752, 'AWS Attach Role Policy - MFA Distribution', '', '2025-01-25 22:41:24.051993', '2025-01-25 22:43:04.628079', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@12993eda', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"grid":{"top":null,"right":null,"left":null,"bottom":null}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.aws.eventName","value":"AttachRolePolicy"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.aws.userIdentity.sessionContext.attributes.mfaAuthenticated.keyword","customLabel":"Session Context MFA","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (632, 'Windows Filtering Platform by Protocol', '', '2025-01-02 18:49:43.814013', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@627ed53e', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"5158"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.Protocol.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (711, 'AWS DescribeLogGroups Logs', '', '2025-01-11 05:39:32.285940', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@29f930a3', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.aws.eventName.keyword","value":"DescribeLogGroups"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventName.keyword","customLabel":"Event Name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventTime","customLabel":"Event Time","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.awsRegion.keyword","customLabel":"AWS Region","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventID.keyword","customLabel":"Event ID","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.requestID.keyword","customLabel":"Request ID","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.userIdentity.userName.keyword","customLabel":"User Identity","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.sourceIPAddress.keyword","customLabel":"Source IP Address","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.userAgent.keyword","customLabel":"User Agent","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.managementEvent","customLabel":"Management Event","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.readOnly","customLabel":"Read Only","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (747, 'AWS Access Roles Assumption', '', '2025-01-25 22:41:24.050582', '2025-01-25 22:42:02.604013', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@1efa5edd', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.aws.eventName","value":"AssumeRole"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventName.keyword","customLabel":"Event Name","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.requestParameters.roleArn.keyword","customLabel":"Role ARN","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.requestParameters.roleSessionName.keyword","customLabel":"Role Session Name","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.sourceIPAddress.keyword","customLabel":"Source IP Address","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.responseElements.credentials.accessKeyId.keyword","customLabel":"Access Key ID","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.responseElements.credentials.expiration.keyword","customLabel":"Session Token Expiry","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (633, 'Windows Protected Object Access Operation', '', '2025-01-02 19:00:52.536428', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@55931024', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4662"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Subject User","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":"Subject Domain","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.OperationType.keyword","customLabel":"Operation Type","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ObjectName.keyword","customLabel":"Object Name","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.AccessMask.keyword","customLabel":"Access Mask","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.name.keyword","customLabel":"Host OS","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"Host IP","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (712, 'AWS DescribeLogGroups Logs by Region', '', '2025-01-11 05:43:47.967544', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@7b2019de', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.aws.eventName.keyword","value":"DescribeLogGroups"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.aws.awsRegion.keyword","customLabel":"AWS Region","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (749, 'AWS Access Roles Assumption by Source IP', '', '2025-01-25 22:41:24.051261', '2025-01-25 22:42:26.993819', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@2191fc3b', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"grid":{"top":null,"right":null,"left":null,"bottom":null}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.aws.eventName","value":"AssumeRole"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.aws.sourceIPAddress.keyword","customLabel":"Source IP","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (634, 'Windows Protected Object Access Operation by Object', '', '2025-01-02 19:06:07.870357', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@5afd85cb', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4662"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.ObjectName.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (755, 'AWS Bucket Access Policies', '', '2025-01-26 01:16:34.716423', '2025-01-26 01:17:27.756732', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@7b2f61e4', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.aws.eventName","value":"PutBucketPolicy"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventName.keyword","customLabel":"Event Name","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventTime","customLabel":"Date","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.requestParameters.bucketName.keyword","customLabel":"Bucket Name","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.requestParameters.Host.keyword","customLabel":"Bucket Host","subBucket":{"id":"1012","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.userIdentity.arn.keyword","customLabel":"Assumed Role ARN","subBucket":{"id":"1013","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.userIdentity.invokedBy.keyword","customLabel":"Invoked By","subBucket":{"id":"1014","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.userIdentity.sessionContext.attributes.mfaAuthenticated.keyword","customLabel":"MFA Authenticated","subBucket":{"id":"1015","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.sourceIPAddress.keyword","customLabel":"Source IP Address","subBucket":{"id":"1016","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventCategory.keyword","customLabel":"Event Category","subBucket":{"id":"1017","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventSource.keyword","customLabel":"Event Source","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (756, 'AWS Bucket Access Policies by Assumed Role ARN', '', '2025-01-26 01:16:34.716732', '2025-01-26 01:17:39.698388', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@20a4a538', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"grid":{"top":null,"right":null,"left":null,"bottom":null}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.aws.eventName","value":"PutBucketPolicy"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.aws.userIdentity.arn.keyword","customLabel":"Assumed Role ARN","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (635, 'Windows Object Deletion', '', '2025-01-02 19:23:30.883964', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@4ed1681', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4660"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.action.keyword","customLabel":"Event Action","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.beat.hostname.keyword","customLabel":"Host Name","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ProcessName.keyword","customLabel":"Process Name","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Subject User","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":"Subject Domain","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.HandleId.keyword","customLabel":"Handle ID","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (713, 'Windows Unlocked Account by Subject User', '', '2025-01-15 18:11:58.160044', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@5beb60a1', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4767"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Subject User","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (753, 'AWS Roles Assumption', '', '2025-01-26 01:16:34.715602', '2025-01-26 01:17:00.189947', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@374ef3d9', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":false}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.aws.eventName","value":"AssumeRole"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventID.keyword","customLabel":"Event ID","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventName.keyword","customLabel":"Event Name","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventTime","customLabel":"Date","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.requestParameters.roleSessionName.keyword","customLabel":"Role Session Name","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.responseElements.assumedRoleUser.arn.keyword","customLabel":"Assumed Role ARN","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.responseElements.credentials.accessKeyId.keyword","customLabel":"Access Key ID","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.responseElements.credentials.expiration.keyword","customLabel":"Session Token Expiration","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.sourceIPAddress.keyword","customLabel":"Source IP Address","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.userAgent.keyword","customLabel":"User Identity (invokedBy)","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.recipientAccountId.keyword","customLabel":"Recipient Account ID","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (636, 'Windows Object Deletion by Subject User', '', '2025-01-02 19:30:41.416441', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@672ad91c', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4660"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (714, 'Windows Unlocked Account', '', '2025-01-15 18:12:33.835995', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@5243a01c', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4767"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Event ID","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.created","customLabel":"Date","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Subject User","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":"Subject Domain","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectLogonId.keyword","customLabel":"Subject Logon ID","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserSid.keyword","customLabel":"Subject Security ID","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Target User","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetDomainName.keyword","customLabel":"Target Domain","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetSid.keyword","customLabel":"Target Security ID","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host Name","subBucket":{"id":"1012","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"Host IP","subBucket":{"id":"1013","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.name.keyword","customLabel":"Host OS","subBucket":{"id":"1014","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.provider.keyword","customLabel":"Provider","subBucket":{"id":"1015","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.process_id","customLabel":"Process ID","subBucket":{"id":"1016","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.thread_id","customLabel":"Thread ID","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (754, 'AWS Roles Assumption by ARN', '', '2025-01-26 01:16:34.716054', '2025-01-26 01:17:12.946657', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@3217492a', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"grid":{"top":null,"right":null,"left":null,"bottom":null}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.aws.eventName","value":"AssumeRole"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.aws.responseElements.assumedRoleUser.arn.keyword","customLabel":"ARN","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (637, 'Windows Critical Hardware Failure', '', '2025-01-02 20:05:30.394210', '2025-01-02 20:10:59.820353', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@1aa229f6', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"13"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.provider.keyword","customLabel":"Provider","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.beat.hostname.keyword","customLabel":"Host","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.mac.keyword","customLabel":"MAC Addresses","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ErrorCode.keyword","customLabel":"Error Code","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.RequestId.keyword","customLabel":"Request ID","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TemplateName.keyword","customLabel":"Template Name","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.CA.keyword","customLabel":"Certification Authority","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.level.keyword","customLabel":"Level","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.message.keyword","customLabel":"Message","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (638, 'Windows Critical Hardware Failure by Certification Authority', '', '2025-01-02 20:14:00.099512', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@6272dcf8', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"13"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.CA.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (715, 'Windows Audit File Integrity Validation Failed', '', '2025-01-15 22:47:50.577026', '2025-01-15 23:02:53.187663', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@6188d073', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"5038"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Event ID","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.action.keyword","customLabel":"Event Action","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.created","customLabel":"Date","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.param1.keyword","customLabel":"File Name","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host Name","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"Host IP","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.mac.keyword","customLabel":"Host MAC","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.process_id","customLabel":"Process ID","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.source_name.keyword","customLabel":"Provider Name","subBucket":{"id":"1012","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.record_number","customLabel":"Record Number","subBucket":{"id":"1013","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.agent.id.keyword","customLabel":"Agent ID","subBucket":{"id":"1014","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.tags.keyword","customLabel":"Tags","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (757, 'AWS IAM User Deletion', '', '2025-01-30 23:57:29.296794', '2025-01-30 23:58:03.345466', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@37535252', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.aws.eventName","value":"DeleteUser"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventName.keyword","customLabel":"Event Name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.userIdentity.principalId.keyword","customLabel":"User Principal ID","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.userIdentity.arn.keyword","customLabel":"User ARN","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.userIdentity.sessionContext.sessionIssuer.userName.keyword","customLabel":"Assumed Role Name","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.recipientAccountId.keyword","customLabel":"AWS Account ID","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.awsRegion.keyword","customLabel":"AWS Region","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.sourceIPAddress.keyword","customLabel":"Source IP Address","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventTime","customLabel":"Event Timestamp","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.requestParameters.userName.keyword","customLabel":"Target Username","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.readOnly","customLabel":"Read-Only Event\t","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventSource.keyword","customLabel":"AWS Service","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventID.keyword","customLabel":"Event ID","subBucket":{"id":"1012","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.requestID.keyword","customLabel":"Request ID","subBucket":{"id":"1013","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.userIdentity.sessionContext.attributes.mfaAuthenticated.keyword","customLabel":"MFA Authenticated","subBucket":{"id":"1014","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.userAgent.keyword","customLabel":"User Agent","subBucket":{"id":"1015","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.tlsDetails.tlsVersion.keyword","customLabel":"TLS Version","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (639, 'Windows Monitoring of Critical System Services Status', '', '2025-01-02 20:44:34.370860', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@767ca087', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_id","value":["7035","7036"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Event ID","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.beat.hostname.keyword","customLabel":"Host Name","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"Host IP","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.name.keyword","customLabel":"Host OS","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.log_name.keyword","customLabel":"Log Name","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.level.keyword","customLabel":"Level","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (758, 'AWS IAM User Deletion by IP', '', '2025-01-30 23:57:29.297333', '2025-01-30 23:58:17.287678', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@b0f8d6e', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"grid":{"top":null,"right":null,"left":null,"bottom":null}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.aws.eventName","value":"DeleteUser"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.aws.sourceIPAddress.keyword","customLabel":"IP","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (640, 'Windows Monitoring of Critical System Services Status by Event', '', '2025-01-02 20:46:48.977971', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@123aacb0', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS_ONE_OF","field":"logx.wineventlog.event_id","value":["7035","7036"]}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_id","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (717, 'Windows Log automatic backup', '', '2025-01-15 23:30:19.599013', '2025-01-15 23:54:30.891575', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@3f575da1', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"1105"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Event ID","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.action.keyword","customLabel":"Action","subBucket":{"id":"1012","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1013","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1014","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.created","customLabel":"Date","subBucket":{"id":"1016","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host Name","subBucket":{"id":"1017","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"Host IP","subBucket":{"id":"1018","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.mac.keyword","customLabel":"Host MAC","subBucket":{"id":"1019","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.log_name.keyword","customLabel":"Log Name","subBucket":{"id":"1020","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.process_id","customLabel":"Process ID","subBucket":{"id":"1021","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.provider.keyword","customLabel":"Provider","subBucket":{"id":"1022","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.provider_guid.keyword","customLabel":"Channel","subBucket":{"id":"1023","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.user_data.BackupPath.keyword","customLabel":"Backup Path","subBucket":{"id":"1024","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.tags.keyword","customLabel":"Tags","subBucket":{"id":"1025","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.task.keyword","customLabel":"Task","subBucket":{"id":"1026","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.level.keyword","customLabel":"Level","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (760, 'AWS ListAccessKeys Logs', '', '2025-01-31 01:33:07.896123', '2025-01-31 01:35:28.124972', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@4993ce6a', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.aws.eventName","value":"ListAccessKeys"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventID.keyword","customLabel":"Event ID","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventName.keyword","customLabel":"Event Name","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventTime","customLabel":"Date","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventSource.keyword","customLabel":"Source","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.awsRegion.keyword","customLabel":"AWS Region","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.sourceIPAddress.keyword","customLabel":"IP Address","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.userIdentity.sessionContext.attributes.mfaAuthenticated.keyword","customLabel":"MFA Authenticated","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (641, 'Windows Account authentication using NTLM', '', '2025-01-02 23:45:11.653930', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@47a7f6bd', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4776"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.code.keyword","customLabel":"Event ID","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Target User","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.Workstation.keyword","customLabel":"Source Host","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.name.keyword","customLabel":"OS","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"IP","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.agent.id.keyword","customLabel":"Agent","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (642, 'Windows Account authentication using NTLM by Outcome', '', '2025-01-02 23:47:01.023379', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@3fbd7701', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4776"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event.outcome.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (718, 'Windows Log Automatic Backup by Date', '', '2025-01-16 00:05:52.705458', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@6554f400', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"1105"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"@timestamp","customLabel":"","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (643, 'Windows Process Termination', '', '2025-01-03 00:03:11.801752', '2025-01-03 00:04:43.998957', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@3a9ced1a', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4689"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.code.keyword","customLabel":"Event ID","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ProcessName.keyword","customLabel":"Process","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"User","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.Status.keyword","customLabel":" Output Status","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host Name","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"Host IP","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (719, 'Windows Error Reporting', '', '2025-01-16 19:08:45.258373', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@581d9b04', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"1001"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Event ID","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.log_name.keyword","customLabel":"Log Name","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.level.keyword","customLabel":"Level","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host Name","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"Host IPs","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.source_name.keyword","customLabel":"Provider","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.param20.keyword","customLabel":"Report ID","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.param17.keyword","customLabel":"Report Path","subBucket":{"id":"1012","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.created","customLabel":"Date","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (759, 'AWS ListAccessKeys Logs by MFA Authenticated', '', '2025-01-31 01:33:07.895574', '2025-01-31 01:35:04.065000', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@1cf42e53', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"grid":{"top":null,"right":null,"left":null,"bottom":null}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.aws.eventName","value":"ListAccessKeys"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.aws.userIdentity.sessionContext.attributes.mfaAuthenticated.keyword","customLabel":"MFA Authenticated","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (645, 'Windows System Time Settings Changes', '', '2025-01-03 00:28:38.839152', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@25298b53', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4616"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.action.keyword","customLabel":"Action","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.created","customLabel":"Date","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.PreviousTime","customLabel":"Previous Time","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.NewTime","customLabel":"New Time","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ProcessId.keyword","customLabel":"Process ID","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ProcessName.keyword","customLabel":"Process Name","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Subject User","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":"Subject Domain","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectLogonId.keyword","customLabel":"Subject Logon ID","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.beat.hostname.keyword","customLabel":"Host Name","subBucket":{"id":"1012","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.log_name.keyword","customLabel":"Log Name","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (720, 'Windows Error Reporting by Host', '', '2025-01-16 19:37:40.780499', '2025-01-16 19:39:08.732039', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@4e49227c', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"grid":{"top":null,"right":null,"left":null,"bottom":null}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"1001"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.host.name.keyword","customLabel":"Host","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (761, 'AWS User Policies Removal', '', '2025-02-04 01:30:51.774461', '2025-02-04 01:31:15.947375', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@1aeeed8f', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.aws.eventName","value":"DetachUserPolicy"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventName.keyword","customLabel":"Event Name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventTime","customLabel":"Date","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.requestParameters.userName.keyword","customLabel":"User Name","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.requestParameters.policyArn.keyword","customLabel":"Policy Detached","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.sourceIPAddress.keyword","customLabel":"Source IP","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.userIdentity.arn.keyword","customLabel":"User ARN","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.userIdentity.sessionContext.attributes.mfaAuthenticated.keyword","customLabel":"MFA Authenticated","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (646, 'Windows System Time Settings Changes by Subject User', '', '2025-01-03 00:30:39.616836', '2025-01-03 00:31:54.757595', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@295859f3', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4616"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Subject User","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (763, 'AWS User Listing Activity', '', '2025-02-04 02:23:27.888459', '2025-02-04 02:23:45.161620', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@67758d4b', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.aws.eventName","value":"ListUsers"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventName.keyword","customLabel":"Event Name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventTime","customLabel":"Date","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.recipientAccountId.keyword","customLabel":"Account ID","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.userIdentity.userName.keyword","customLabel":"User Name","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.userIdentity.arn.keyword","customLabel":"User ARN","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.sourceIPAddress.keyword","customLabel":"Source IP","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.userAgent.keyword","customLabel":"User Agent","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (647, 'Windows Certificate Configuration Changes', '', '2025-01-03 00:55:54.319439', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@3b029740', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"5058"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.action.keyword","customLabel":"Action","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.created","customLabel":"Date","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ClientProcessId.keyword","customLabel":"Client Process ID","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.KeyFilePath.keyword","customLabel":"Key File Path","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.KeyName.keyword","customLabel":"Key Name","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.Operation.keyword","customLabel":"Operation","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ReturnCode.keyword","customLabel":"Return Code","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Subject User","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.beat.hostname.keyword","customLabel":"Host Name","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (764, 'AWS User Listing Activity by User', '', '2025-02-04 02:23:27.889001', '2025-02-04 02:24:02.586775', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@4c6c8ef4', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"grid":{"top":null,"right":null,"left":null,"bottom":null}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.aws.eventName","value":"ListUsers"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.aws.userIdentity.userName.keyword","customLabel":"User","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (765, 'AWS Querying EC2 Instances', '', '2025-02-04 03:13:18.442049', '2025-02-04 03:13:48.249740', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@6adbecec', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.aws.eventName","value":"DescribeInstances"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventName.keyword","customLabel":"Event Name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.eventTime","customLabel":"Date","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.sourceIPAddress.keyword","customLabel":"Source IP","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.aws.userIdentity.arn.keyword","customLabel":"User","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (648, 'Windows Certificate Configuration Changes by Key Name', '', '2025-01-03 00:59:40.510776', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@86944ed', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"5058"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.KeyName.keyword","customLabel":"Key Name","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (766, 'AWS Querying EC2 Instances by User', '', '2025-02-04 03:13:18.442879', '2025-02-04 03:14:02.441103', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@19f2c89e', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"grid":{"top":null,"right":null,"left":null,"bottom":null}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.aws.eventName","value":"DescribeInstances"}]', 10, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.aws.userIdentity.arn.keyword","customLabel":"User","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (649, 'Windows Service Installed', '', '2025-01-03 02:09:45.073516', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@381a865b', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4697"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.code.keyword","customLabel":"Event ID","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ServiceName.keyword","customLabel":"Service Name","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ServiceFileName.keyword","customLabel":"Service File Name","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ServiceAccount.keyword","customLabel":"Service Account","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Subject User","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":"Subject Domain","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ClientProcessId.keyword","customLabel":"Client Process ID","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host Name","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"IP Address","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.log_name.keyword","customLabel":"Log Name","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (767, 'Windows Incidents Generated from Alerts', '', '2025-02-10 23:57:19.526184', '2025-02-14 01:01:54.702953', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@44983cf9', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"isIncident","value":"true"},{"operator":"IS","field":"dataType","value":"wineventlog"}]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"id.keyword","customLabel":"Alert ID","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"name.keyword","customLabel":"Alert Name","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"severityLabel.keyword","customLabel":"Severity","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"description.keyword","customLabel":"Description","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"tactic.keyword","customLabel":"Tactic","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"dataSource.keyword","customLabel":"Source","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"destination.ip.keyword","customLabel":"Destination IP","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"destination.country.keyword","customLabel":"Destination Country","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"incidentDetail.incidentName.keyword","customLabel":"Related Incident","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"incidentDetail.incidentId.keyword","customLabel":"Incident ID","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"statusLabel.keyword","customLabel":"Alert Status","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (768, 'Windows Incidents Generated from Alerts by Status', '', '2025-02-11 00:02:23.038792', '2025-02-14 01:02:23.529189', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@510b026a', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"isIncident","value":"true"},{"operator":"IS","field":"dataType","value":"wineventlog"}]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"statusLabel.keyword","customLabel":"Status","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (651, 'Windows User Accounts Enumeration', '', '2025-01-03 03:25:56.506510', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@6d298e', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4799"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Group Name","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetDomainName.keyword","customLabel":"Group Domain","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetSid.keyword","customLabel":"Group Security ID","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Subject User Name","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":"Subject Domain Name","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserSid.keyword","customLabel":"Subject Security ID","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectLogonId.keyword","customLabel":"Subject Logon ID","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.CallerProcessName.keyword","customLabel":"Caller Process Name","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.CallerProcessId.keyword","customLabel":"Caller Process ID","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host Name","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (769, 'Windows Threat Detection and Response using SOC AI', '', '2025-02-12 01:43:22.525425', '2025-02-14 00:53:53.846891', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@61e81105', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]}]', 56, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"activityId.keyword","customLabel":"Activity ID","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"alertName.keyword","customLabel":"Alert Name","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"severity.keyword","customLabel":"Severity","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"category.keyword","customLabel":"Category","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"classification.keyword","customLabel":"Classification","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"status.keyword","customLabel":"Status","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"reasoning.keyword","customLabel":"Reason","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"nextSteps.details.keyword","customLabel":"Next Steps","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (770, 'Windows Threat Detection and Response using SOC AI by Classification', '', '2025-02-12 01:46:53.310818', '2025-02-14 00:54:07.709678', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@a57d51d', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"grid":{"top":null,"right":null,"left":null,"bottom":null}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]}]', 56, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"classification.keyword","customLabel":"Classification","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (652, 'Windows User Accounts Enumeration by Target User', '', '2025-01-03 03:28:18.998800', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@4170c889', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4799"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Target User Name","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (771, 'Windows BitLocker Settings Modification Attempts', '', '2025-02-13 00:43:26.997259', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@df7aba0', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4826"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Event ID","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.action.keyword","customLabel":"Action","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.Message.keyword","customLabel":"Message","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.name.keyword","customLabel":"OS","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.mac.keyword","customLabel":"MAC Address","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (653, 'Windows Group Membership Enumerated', '', '2025-01-03 04:07:59.396847', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@7339acc0', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4798"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Subject User Name","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":"Subject Domain Name","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserSid.keyword","customLabel":"Subject User SID","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Target User Name","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetDomainName.keyword","customLabel":"Target Domain Name","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetSid.keyword","customLabel":"Target SID","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.CallerProcessName.keyword","customLabel":"Caller Process Name","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.CallerProcessId.keyword","customLabel":"Caller Process ID","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host Name","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"Host IP","subBucket":{"id":"1012","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.created","customLabel":"Date","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (772, 'Windows BitLocker Settings Modification Attempts by Outcome', '', '2025-02-13 00:49:28.955158', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@4e0a2e07', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"yAxis":{"type":"value","axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"}},"seriesOption":[{"metricId":1,"name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]}}],"series":[]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4826"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event.outcome.keyword","customLabel":"","terms":{"sortBy":"_count","asc":false,"size":10}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (654, 'Windows Group Membership Enumerated by Target User', '', '2025-01-03 04:10:35.592164', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@65b52c2a', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4798"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Target User","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (656, 'Distribution of Account Attribute Changes by Operating System', '', '2025-01-03 21:30:35.692061', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@3ad93ec7', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100","data":[]},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"left":"right","top":"top"},"grid":{}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4738"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.host.os.name.keyword","customLabel":"Operation System","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (655, 'Windows User Account Attributes Changes', '', '2025-01-03 21:23:33.181411', '2025-01-03 21:33:43.173666', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@5ed48375', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4738"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host Name","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.action.keyword","customLabel":"Action","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":"Subject Domain","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Subject User","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectLogonId.keyword","customLabel":"Subject Logon ID","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetUserName.keyword","customLabel":"Target User","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.PasswordLastSet.keyword","customLabel":" Changed Attribute","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetSid.keyword","customLabel":"Target User SID","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TargetSid.keyword","customLabel":"Process ID","subBucket":{"id":"1012","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.mac.keyword","customLabel":"Host MAC","subBucket":{"id":"1013","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.name.keyword","customLabel":"Host OS","subBucket":{"id":"1014","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.level.keyword","customLabel":"Level","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (773, 'Windows Threat Intelligence by IP', '', '2025-02-14 01:12:47.218518', '2025-02-14 01:16:10.037694', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@7fa95cb0', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"yAxis":{"name":null,"type":"value","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"name":null,"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{"top":null,"right":null,"left":null,"bottom":null},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","padding":null,"textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"width":null,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"},"left":null,"top":null,"right":null,"bottom":null},"seriesOption":[{"metricId":"1","name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]},"markLine":null,"itemStyle":null}]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"EXIST","field":"source.ip.keyword"},{"operator":"IS_NOT","field":"source.ip.keyword","value":""},{"operator":"IS","field":"dataType","value":"wineventlog"},{"operator":"IS","field":"isIncident","value":"true"}]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"source.ip.keyword","customLabel":"Source IP","terms":{"sortBy":"_count","asc":false,"size":100}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (774, 'Windows Threat Intelligence Alert', '', '2025-02-14 01:13:33.219629', '2025-02-14 01:17:44.443597', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@495b9674', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'TABLE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"name.keyword","value":"Connection attempt from a blacklisted IP address"},{"operator":"IS","field":"dataType","value":"wineventlog"},{"operator":"IS","field":"isIncident","value":"true"}]', 2, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"name.keyword","customLabel":"Threat Event","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"source.ip.keyword","customLabel":"Source IP","terms":{"sortBy":"_count","asc":false,"size":1000}},"terms":{"sortBy":"_count","asc":false,"size":1000}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (775, 'Windows Shared Network Object Creation', '', '2025-02-18 01:21:55.041071', null, 'elopez', null, 'org.opensearch.client.opensearch.core.SearchRequest$Builder@20366981', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"5142"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"computer_name.keyword","customLabel":"Computer Name","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"dataSource.keyword","customLabel":"Data Source","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Event ID","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ShareLocalPath.keyword","customLabel":"Share Local Path","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ShareName.keyword","customLabel":"Share Name","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":"Subject Domain","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Subject User","subBucket":{"id":"1010","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectLogonId.keyword","customLabel":"Subject Logon ID","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserSid.keyword","customLabel":"Subject User SID","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (778, 'Windows Shared Resource Modification by User', '', '2025-02-19 00:04:02.257676', '2025-02-19 00:05:41.322549', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@1032ff5', '{"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":true,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":true,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":true}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"yAxis":{"name":null,"type":"value","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"xAxis":{"name":null,"type":"category","data":[],"axisLabel":{"color":"#333","formatter":"{value}"},"axisLine":{"lineStyle":{"color":"#999"}},"splitLine":{"show":true,"lineStyle":{"color":"#eee","type":"dashed"}}},"grid":{"top":null,"right":null,"left":null,"bottom":null},"tooltip":{"trigger":"item","backgroundColor":"rgba(0,75,139,0.86)","padding":null,"textStyle":{"fontSize":13,"fontFamily":"Roboto, sans-serif"}},"dataZoom":{"show":false,"orient":"horizontal","type":"slider","start":0,"end":100,"height":40,"width":null,"borderColor":"#ccc","fillerColor":"rgba(40,54,139,0.21)","handleStyle":{"color":"#004b8b"},"left":null,"top":null,"right":null,"bottom":null},"seriesOption":[{"metricId":"1","name":"","type":"bar","data":[],"smooth":true,"markPoint":{"symbol":"pin","symbolSize":35,"label":{"fontSize":10},"data":[]},"markLine":null,"itemStyle":null}]}', 'VERTICAL_BAR_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"5143"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Subject User","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (779, 'Windows File System Transaction Status Changes', '', '2025-02-19 00:04:02.258202', '2025-02-19 00:05:59.182192', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@1cde5fc5', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4985"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Event ID","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ProcessName.keyword","customLabel":"Process Name","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.TransactionId.keyword","customLabel":"Transaction ID","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.NewState.keyword","customLabel":"New State","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Subject User Name","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":"Subject Domain","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (780, 'Windows File System Transaction Status Changes by New State', '', '2025-02-19 00:04:02.258633', '2025-02-19 00:06:16.573161', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@625fce01', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"grid":{"top":null,"right":null,"left":null,"bottom":null}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4985"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.NewState.keyword","customLabel":"State","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (782, 'Windows Handle Closure in Security System by User', '', '2025-02-19 00:04:02.259488', '2025-02-19 00:06:44.966564', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@1c99f5a9', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"grid":{"top":null,"right":null,"left":null,"bottom":null}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4658"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Subject User","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (783, 'Windows External Device Connection', '', '2025-02-19 00:04:02.259916', '2025-02-19 00:06:57.483330', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@24a2ee2f', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"6416"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"User","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectDomainName.keyword","customLabel":"Domain","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectLogonId.keyword","customLabel":"Logon ID","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.DeviceId.keyword","customLabel":"Device ID","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.DeviceDescription.keyword","customLabel":"Device Description","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ClassName.keyword","customLabel":"Device Class","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ClassId.keyword","customLabel":"Class ID","subBucket":{"id":"1009","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.VendorIds.keyword","customLabel":"Vendor ID","subBucket":{"id":"1011","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host","subBucket":{"id":"1012","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"IP","subBucket":{"id":"1013","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.os.name.keyword","customLabel":"OS","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (784, 'Windows External Device Connection by User', '', '2025-02-19 00:04:02.260374', '2025-02-19 00:07:10.844265', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@7f328646', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"grid":{"top":null,"right":null,"left":null,"bottom":null}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"6416"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"User","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (777, 'Windows Shared Resource Modification', '', '2025-02-19 00:04:02.257070', '2025-02-19 00:05:22.951607', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@1214bb14', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"5143"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Event ID","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Subject User Name","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ShareName.keyword","customLabel":"Share Name\t","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.beat.hostname.keyword","customLabel":"Host Name","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (781, 'Windows Handle Closure in Security System', '', '2025-02-19 00:04:02.259084', '2025-02-19 00:06:30.221148', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@279bd2a5', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4658"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"@timestamp","customLabel":"Date","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Event ID","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event.outcome.keyword","customLabel":"Outcome","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.beat.hostname.keyword","customLabel":"Host","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.ip.keyword","customLabel":"IP","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.HandleId.keyword","customLabel":"Handle ID","subBucket":{"id":"1008","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Subject User Name","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (785, 'Windows Scheduled Task Creation by User', '', '2025-02-19 02:47:22.635441', '2025-02-19 02:49:11.181290', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@514e791e', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"grid":{"top":null,"right":null,"left":null,"bottom":null}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4698"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"User Name","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (787, 'Windows Delete Object Attempt', '', '2025-02-19 03:22:41.269199', '2025-02-19 03:24:27.193024', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@4865143b', '{"itemsPerPage":10,"showTotal":false,"totalFunction":"sum","exportCsv":true,"dynamicPageSize":true}', 'LIST_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4659"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_id","customLabel":"Event ID","subBucket":{"id":"1001","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_name.keyword","customLabel":"Event Name","subBucket":{"id":"1002","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.host.name.keyword","customLabel":"Host","subBucket":{"id":"1003","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"Subject User","subBucket":{"id":"1004","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ObjectName.keyword","customLabel":"Object Name","subBucket":{"id":"1005","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.ProcessId.keyword","customLabel":"Process ID","subBucket":{"id":"1006","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.AccessList.keyword","customLabel":"Accesses","subBucket":{"id":"1007","aggregation":"TERMS","type":"BUCKET","field":"logx.wineventlog.event_data.SubjectLogonId.keyword","customLabel":"Logon ID","terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}},"terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+                    INSERT INTO utm_visualization (id, name, description, created_date, modified_date, user_created, user_modified, query, chart_config, chart_type, filters, id_pattern, aggregation, event_type, chart_action, system_owner) VALUES (788, 'Windows Delete Object Attempt by User', '', '2025-02-19 03:22:41.269690', '2025-02-19 03:24:40.011826', 'elopez', 'elopez', 'org.opensearch.client.opensearch.core.SearchRequest$Builder@e2a9dfe', '{"pieType":"donut","legend":{"show":true,"type":"scroll","top":"bottom","left":"center","orient":"horizontal","itemHeight":8,"itemWidth":8,"icon":"roundRect","extraCssText":"z-index:100"},"color":["#03A9F4","#FF7043","#EC407A","#8BC34A","#FF9800","#795548","#777777","#607D8B","#42A5F5","#EF5350","#66BB6A","#009688","#26C6DA","#AB47BC","#7E57C2","#2196F3","#F44336","#4CAF50","#F4511E","#00BCD4","#E91E63","#9C27B0","#673AB7","#3F51B5","#5C6BC0","#29B6F6","#26A69A","#9CCC65","#FFA726","#8D6E63","#888888","#78909C","#2196F3","#F44336","#3F51B5","#ffebee","#ffcdd2","#ef9a9a","#e57373","#ef5350","#f44336","#e53935","#d32f2f","#c62828","#b71c1c","#ff8a80","#ff5252","#ff1744","#d50000","#2ec7c9","#b6a2de","#d87a80","#8d98b3","#59678c","#e5cf0d","#97b552","#95706d","#dc69aa","#07a2a4","#9a7fd1","#588dd5","#f5994e","#c05050","#c9ab00","#7eb00a","#6f5553","#c14089","#ffb980","#5ab1ef","#F06292"],"toolbox":{"show":true,"feature":{"saveAsImage":{"show":true,"type":"png","name":"utm-chart","title":"Save as image"},"restore":{"show":true,"title":"Restore"},"dataView":{"show":true,"title":"Data view","readOnly":true,"lang":["Data view","Close","Refresh"],"backgroundColor":null,"textareaColor":null,"textareaBorderColor":null,"textColor":null,"buttonColor":"#0277bd","buttonTextColor":"#fff"},"dataZoom":{"show":false,"title":{"zoom":["Zoom"],"back":["Step back"]}},"magicType":{"show":false,"type":null,"title":{"line":"Line","bar":"Bar","stack":"Stack","tiled":"Tiled"}},"brush":{"type":"rect"},"mark":{"show":false}},"orient":"horizontal","itemSize":14,"showTitle":null,"left":"right","top":"top","width":null,"height":null,"iconStyle":null},"grid":{"top":null,"right":null,"left":null,"bottom":null}}', 'PIE_CHART', '[{"operator":"IS_BETWEEN","field":"@timestamp","value":["now-30d","now"]},{"operator":"IS","field":"logx.wineventlog.event_id","value":"4659"}]', 8, '{"metrics":[{"id":"1","aggregation":"COUNT","field":"","customLabel":""}],"bucket":{"id":"1000","aggregation":"TERMS","type":"AXIS","field":"logx.wineventlog.event_data.SubjectUserName.keyword","customLabel":"User","terms":{"sortBy":"_count","asc":false,"size":5}}}', null, '{"active":true,"customUrl":false,"navigate":null,"customNavigate":null}', true);
+
+
+            ]]>
+
+
+            </sql>
+
+        <sql dbms="postgresql" splitStatements="true" stripComments="true">
+            <![CDATA[
+            -- ##################################################################
+            -- # Delete old records into the utm_dashboard table
+            -- ##################################################################
+                DELETE from utm_dashboard where id < 1000000;
+
+            -- ##################################################################
+            -- # Insert new records into the utm_dashboard table
+            -- ##################################################################
+
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (13, 'O365 Overview', '', '2023-03-13 20:21:54.927000', null, 'system', null, '[{"id":"f256f724-3a16-1085-62c3-3eef427b3191","filterLabel":"Tenant","indexPattern":"log-o365-*","field":"logx.tenant.keyword","multiple":false,"searchable":true,"clearable":true,"loadingText":"Loading","placeholder":"","maxSelectedItems":100}]', 60000, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (221, 'O365 SharePoint', '', '2023-03-13 20:21:55.297000', null, 'system', null, '[{"id":"72fb7f9c-566b-91bd-6807-cb33512c11a8","filterLabel":"Tenant","indexPattern":"log-o365-*","field":"logx.tenant.keyword","multiple":false,"searchable":true,"clearable":true,"loadingText":"Loading","placeholder":"","maxSelectedItems":100}]', 60000, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (11, 'O365 Threat Intelligence', '', '2023-03-13 20:21:55.302000', null, 'system', null, '[{"id":"9f712444-7ad7-154a-f49f-58e2671bbc61","filterLabel":"Tenant","indexPattern":"log-o365-*","field":"logx.tenant.keyword","multiple":false,"searchable":true,"clearable":true,"loadingText":"Loading","placeholder":"","maxSelectedItems":100}]', 60000, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (223, 'VMware System', '', '2023-03-13 20:21:55.307000', null, 'system', null, null, null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (7, 'Threat Activity', '', '2023-03-13 20:21:55.320000', null, 'system', null, null, 60000, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (226, 'Windows Systems', '', '2023-03-13 20:21:55.372000', null, 'system', null, null, null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (227, 'AWS Cloud', 'AWS Cloud Overview', '2023-03-13 20:21:55.383000', null, 'system', null, '[{"id":"2aad04c7-dbbb-e41c-4f63-9457f49b505d","filterLabel":"Tenant","indexPattern":"log-aws-*","field":"logx.tenant.keyword","multiple":false,"searchable":true,"clearable":true,"loadingText":"Loading","placeholder":"Select Tenant","maxSelectedItems":100}]', 60000, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (233, 'Network Intrusion Detection', '', '2023-03-13 20:21:55.440000', null, 'system', null, null, 60000, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (234, 'O365 Exchange', '', '2023-03-13 20:21:55.445000', null, 'system', null, '[{"id":"031e95f5-2c0f-ea35-bd14-8e6ad12f1aef","filterLabel":"Tenant","indexPattern":"log-o365-*","field":"logx.tenant.keyword","multiple":false,"searchable":true,"clearable":true,"loadingText":"Loading","placeholder":"","maxSelectedItems":100}]', 60000, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (236, 'Meraki System', '', '2023-03-13 20:28:05.819000', null, 'system', null, '[{"id":"0fc7d0ff-d37f-3857-ad2b-13ccb3d01983","filterLabel":"Device Name","indexPattern":"log-firewall-meraki-*","field":"dataSource.keyword","multiple":false,"searchable":true,"clearable":true,"loadingText":"Loading","placeholder":"","maxSelectedItems":100}]', 30000, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (238, 'Bitdefender System', '', '2023-03-20 11:09:52.531000', null, 'system', null, null, null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (239, 'AWS Activity By User and Event', '', '2023-07-29 19:38:00.252000', '2023-08-12 17:15:40.139000', 'system', 'system', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (240, 'Windows AD Policy Change', 'The Windows AD Policy Change report refers to a log of all changes made to policies on a Windows Active Directory (AD).', '2023-08-12 17:14:37.654000', '2023-08-02 08:49:32.973000', 'system', 'system', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (241, 'File Operations by User', '', '2023-08-12 17:14:37.670000', '2023-08-10 17:01:33.691000', 'system', 'system', '[{"id":"6c155ed0-5230-34c2-e784-f441cb0eadd1","filterLabel":"User Name","indexPattern":"log-wineventlog-*","field":"logx.wineventlog.event_data.SubjectUserName.keyword","multiple":false,"searchable":true,"clearable":true,"loadingText":"Loading","placeholder":"","maxSelectedItems":100}]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (242, 'Threat Activity Alerts', '', '2023-08-12 17:14:37.680000', '2023-08-10 16:33:44.412000', 'system', 'system', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (243, 'Network Intrusion Detection Alerts', '', '2023-08-12 17:14:37.715000', '2023-08-10 16:30:48.561000', 'system', 'system', '[]', 60000, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (244, 'AWS Alerts', 'The AWS Alerts report presents a collection of alerts generated by correlating Amazon Web Services (AWS) logs.', '2023-08-12 17:14:37.727000', '2023-07-31 08:27:31.793000', 'system', 'system', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (245, 'Linux Alerts Report', 'The Linux Alerts report contains alerts generated by correlating logs received from Linux systems to identify security threats.', '2023-08-12 17:14:54.489000', '2023-08-10 16:20:06.690000', 'system', 'system', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (246, 'Process Ran with Administrator Privileges', 'Process run with administrator privileges', '2023-08-12 17:14:54.499000', '2023-08-10 16:17:35.476000', 'system', 'system', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (247, 'Office 365 Alerts', 'Office 365 Alerts report provides information about suspicious or irregular activities logged in your Office 365 environment.', '2023-08-12 17:14:54.507000', '2023-08-02 09:26:19.747000', 'system', 'system', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (248, 'Windows Alerts', '', '2023-08-12 17:14:54.514000', '2023-08-10 16:26:49.526000', 'system', 'system', '[{"id":"9588058f-33de-3fb4-3891-08835a9cf55b","filterLabel":"Server Name","indexPattern":"alert-*","field":"dataSource.keyword","multiple":false,"searchable":true,"clearable":true,"loadingText":"Loading","placeholder":"","maxSelectedItems":100}]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (249, 'Azure Alerts', 'The Azure Alerts report provides crucial insight into operations and security concerns within cloud resources, such as anomalous activities, unauthorized access attempts, and other potential vulnerabilities.', '2023-08-12 17:14:54.523000', '2023-08-02 09:18:51.053000', 'system', 'system', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (251, 'O365 Sharepoint report', 'This security report provides details of usage, security actions, and modifications detected in an organization''s Office 365 SharePoint environment.', '2023-08-12 17:15:08.121000', '2023-08-02 07:30:44.884000', 'system', 'system', '[{"id":"3c5be84a-f3a2-5f1e-7086-216efb572042","filterLabel":"User ID","indexPattern":"log-o365-*","field":"logx.o365.UserId.keyword","multiple":false,"searchable":true,"clearable":true,"loadingText":"Loading","placeholder":"","maxSelectedItems":100}]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (253, 'O365 Exchange report', 'The O365 Exchange report is a security report generated from Security Information and Event Management (SIEM) logs and correlated events.', '2023-08-12 17:15:08.137000', null, 'system', null, '[{"id":"031e95f5-2c0f-ea35-bd14-8e6ad12f1aef","filterLabel":"Tenant","indexPattern":"log-o365-*","field":"logx.tenant.keyword","multiple":false,"searchable":true,"clearable":true,"loadingText":"Loading","placeholder":"","maxSelectedItems":100},{"id":"b54ef565-56c1-0fce-1917-73c44835a3ec","filterLabel":"User ID","indexPattern":"log-o365-*","field":"logx.o365.UserId.keyword","multiple":false,"searchable":true,"clearable":true,"loadingText":"Loading","placeholder":"","maxSelectedItems":100}]', 60000, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (252, 'Windows Threat Intelligence Activity', '', '2023-08-12 17:15:08.129000', '2025-02-14 01:15:06.012068', 'system', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (254, 'Linux System Activity', '', '2023-08-12 17:15:23.144000', '2023-07-31 20:51:21.395000', 'system', 'system', '[{"id":"eabf03ed-040d-dd39-b469-eebf28037976","filterLabel":"Host Name","indexPattern":"log-linux-*","field":"logx.linux.host.name.keyword","multiple":false,"searchable":true,"clearable":true,"loadingText":"Loading","placeholder":"","maxSelectedItems":100}]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (255, 'Windows Systems Activity', '', '2023-08-12 17:15:23.154000', null, 'system', null, '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (256, 'CISCO Switch Activity', '', '2023-08-12 17:15:23.178000', '2023-08-01 11:19:17.783000', 'system', 'system', '[{"id":"6cea1699-3e61-f60a-1840-9ade8ecf6e50","filterLabel":"Host name","indexPattern":"log-cisco-switch-*","field":"host.keyword","multiple":false,"searchable":true,"clearable":true,"loadingText":"Loading","placeholder":"","maxSelectedItems":100}]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (257, 'CISCO ASA Firewall Activity', '', '2023-08-12 17:15:23.185000', '2023-08-01 11:24:16.838000', 'system', 'system', '[{"id":"5f450920-ac95-7579-7030-ec8f13fd8c10","filterLabel":"Host name","indexPattern":"log-firewall-cisco-asa-*","field":"host.keyword","multiple":false,"searchable":true,"clearable":true,"loadingText":"Loading","placeholder":"","maxSelectedItems":100}]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (258, 'Azure Login Activity', '', '2023-08-12 17:15:23.194000', '2023-07-31 20:31:26.577000', 'system', 'system', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (259, 'Meraki Firewall Activity', '', '2023-08-12 17:15:40.107000', '2023-02-04 22:33:40.441000', 'system', 'system', '[{"id":"0fc7d0ff-d37f-3857-ad2b-13ccb3d01983","filterLabel":"Device Name","indexPattern":"log-firewall-meraki-*","field":"dataSource.keyword","multiple":false,"searchable":true,"clearable":true,"loadingText":"Loading","placeholder":"","maxSelectedItems":100}]', 30000, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (260, 'Azure Subscription Activity', '', '2023-08-12 17:15:40.116000', '2023-07-30 15:43:22.635000', 'system', 'system', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (261, 'Office 365 AD Successful Logon by User', '', '2023-08-12 17:15:40.124000', '2023-07-29 19:02:23.767000', 'system', 'system', '[{"id":"8c026747-2f91-ab58-7974-3cbfae8ad5d5","filterLabel":"User","indexPattern":"log-o365-*","field":"logx.o365.UserId.keyword","multiple":false,"searchable":true,"clearable":true,"loadingText":"Loading","placeholder":"","maxSelectedItems":100}]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (262, 'Office 365 Unsuccessful Logon Attempts', '', '2023-08-12 17:15:40.131000', '2023-07-29 18:26:44.337000', 'system', 'system', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (268, 'Windows Systems Activity Report', '', '2023-08-14 21:06:38.574000', null, 'system', null, '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (269, 'Azure WAF', '', '2023-08-14 21:12:52.444000', null, 'system', null, '[]', 30000, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (271, 'O365 Active Directory', '', '2023-08-14 21:19:53.671000', null, 'system', null, '[{"id":"a3848e55-ffaa-23ae-e5cf-dd3ef659100e","filterLabel":"Tenant","indexPattern":"log-o365-*","field":"logx.tenant.keyword","multiple":false,"searchable":true,"clearable":true,"loadingText":"Loading","placeholder":"","maxSelectedItems":100}]', 60000, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (264, 'Windows Privilege Escalation', '', '2023-08-12 17:17:18.574000', '2025-01-24 04:03:25.100674', 'system', 'elopez', '[{"id":"2dd20fe4-0084-bb48-703f-15cce618673b","filterLabel":"User","indexPattern":"log-wineventlog-*","field":"logx.wineventlog.event_data.TargetUserName.keyword","multiple":false,"searchable":true,"clearable":true,"loadingText":"Loading","placeholder":"","maxSelectedItems":100}]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (266, 'Windows Account Logon Failure', 'List of failed logon attempts per user and target hosts. Description of failure reason with count.', '2023-08-12 17:17:18.589000', '2025-01-09 04:25:09.998391', 'system', 'elopez', '[{"id":"70528c45-6093-7cd8-4aa0-ca6bf7afc9bb","filterLabel":"User Name","indexPattern":"log-wineventlog-*","field":"logx.wineventlog.event_data.TargetUserName.keyword","multiple":false,"searchable":true,"clearable":true,"loadingText":"Loading","placeholder":"","maxSelectedItems":100},{"id":"33f39ffa-3a6c-99e7-0580-c02f4858c41a","filterLabel":"Server","indexPattern":"log-wineventlog-*","field":"logx.wineventlog.beat.hostname.keyword","multiple":false,"searchable":true,"clearable":true,"loadingText":"Loading","placeholder":"","maxSelectedItems":100}]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (265, 'Windows Account Logon Success', '', '2023-08-12 17:17:18.581000', '2025-01-09 04:27:10.053589', 'system', 'elopez', '[{"id":"5584eada-f797-8c87-4486-8d09a28538ea","filterLabel":"User Name","indexPattern":"log-wineventlog-*","field":"logx.wineventlog.event_data.TargetUserName.keyword","multiple":false,"searchable":true,"clearable":true,"loadingText":"Loading","placeholder":"","maxSelectedItems":100},{"id":"6c2a101b-5e70-6cab-870d-d1176ec2ec39","filterLabel":"Server","indexPattern":"log-wineventlog-*","field":"logx.wineventlog.beat.hostname.keyword","multiple":false,"searchable":true,"clearable":true,"loadingText":"Loading","placeholder":"","maxSelectedItems":100}]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (267, 'Windows User Accounts Created', '', '2023-08-12 17:17:44.226000', '2025-01-09 04:40:46.720676', 'system', 'elopez', '[{"id":"49bc18f6-95b1-d6a5-aaa8-8c6fe261cfb4","filterLabel":"User Creating Account","indexPattern":"log-wineventlog-*","field":"logx.wineventlog.event_data.SubjectUserName.keyword","multiple":false,"searchable":true,"clearable":true,"loadingText":"Loading","placeholder":"","maxSelectedItems":100}]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (272, 'Windows User Accounts Deleted', '', '2024-12-27 16:55:56.863828', '2025-01-09 04:44:06.082496', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (273, 'Windows Attempt to Access a Protected Object', '', '2024-12-27 23:08:32.136959', '2025-01-09 04:51:16.229950', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (274, 'Windows Protected Object Permission Change', '', '2024-12-28 01:17:46.770512', '2025-01-09 04:46:17.153815', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (275, 'Windows Access to shared resource', '', '2024-12-28 02:12:22.353459', '2025-01-09 04:54:54.435377', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (276, 'Windows Account Locks', 'Accounts locked out due to multiple failed login attempts. In this case, the system detects that a user has attempted to authenticate several times with incorrect credentials and, as a security measure, blocks the account.', '2024-12-30 18:58:02.664819', '2025-01-09 05:00:14.841734', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (277, 'Windows Access to critical files or specific directories', '', '2024-12-30 19:24:00.947767', '2025-01-09 04:58:51.801159', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (278, 'Windows Special privileges assigned to new logon', '', '2024-12-30 20:24:17.341855', '2025-01-09 04:48:00.955508', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (279, 'Windows Failed logon attempt', 'Provides valuable insights into system interactions and potential security risks to improve detection of unauthorized access attempts, strengthen compliance with security standards, and improve the overall integrity of your Windows environments.', '2024-12-31 00:03:01.565645', '2025-01-09 05:03:09.705036', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (280, 'Windows Policy changes', '', '2024-12-31 02:17:06.771256', '2025-01-09 06:20:03.551715', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (281, 'Windows Logins with explicit credentials', '', '2024-12-31 03:16:29.694291', '2025-01-09 06:13:40.662100', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (282, 'Windows Changes in account status', '', '2025-01-02 01:55:59.701090', '2025-01-11 07:05:58.476112', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (283, 'Windows Kerberos ticket requests', '', '2025-01-02 03:04:21.607339', '2025-01-11 07:07:23.752519', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (284, 'Windows Process Creation', '', '2025-01-02 03:26:50.222316', '2025-01-09 05:57:46.582121', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (285, 'Windows Access to Shared Resources', '', '2025-01-02 04:49:22.829763', '2025-01-09 05:54:15.618753', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (286, 'Use of Elevated Privileges', '', '2025-01-02 05:06:14.446061', '2025-01-11 07:10:58.620901', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (287, 'Windows Changes to Defender settings', '', '2025-01-02 05:48:41.942413', '2025-01-11 07:14:25.819701', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (288, 'Windows PowerShell Script Block Registration', '', '2025-01-02 06:19:12.582618', '2025-01-11 07:17:33.408892', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (289, 'Windows PowerShell Remote Session Creation', '', '2025-01-02 06:52:34.353200', '2025-01-11 07:19:11.403301', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (290, 'Windows Installation of Services', '', '2025-01-02 07:19:08.212941', '2025-01-11 07:21:40.783239', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (291, 'Windows Restoration of default security policies', '', '2025-01-02 08:23:14.345553', '2025-01-11 07:36:35.744379', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (292, 'Windows Audit Policy Change', '', '2025-01-02 16:35:30.319820', '2025-01-11 08:08:36.186710', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (293, 'Windows User Accounts Enabled', '', '2025-01-02 17:16:39.106678', '2025-01-09 04:42:55.067860', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (294, 'Windows User Password Reset Attempt', '', '2025-01-02 17:36:23.833534', '2025-01-11 08:14:36.088968', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (295, 'Windows Cleaned Event Log', '', '2025-01-02 18:15:26.993061', '2025-01-09 06:18:26.179320', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (296, 'Windows Filtering Platform', '', '2025-01-02 18:51:24.694259', '2025-01-11 08:22:37.123654', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (297, 'Windows Protected Object Access Operation', '', '2025-01-02 19:08:16.083060', '2025-01-11 08:23:39.831006', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (298, 'Windows Object Deletion', '', '2025-01-02 19:32:13.003995', '2025-01-11 08:26:54.382525', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (299, 'Windows Critical Hardware Failure', '', '2025-01-02 20:19:14.380588', '2025-01-11 08:33:26.883999', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (300, 'Windows Monitoring of Critical System Services Status', '', '2025-01-02 20:49:18.741263', '2025-01-11 08:34:55.042370', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (301, 'Windows Account authentication using NTLM', '', '2025-01-02 23:50:10.771975', '2025-01-25 01:59:18.277772', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (302, 'Windows Process Termination', '', '2025-01-03 00:08:52.631696', '2025-01-20 23:20:39.976553', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (303, 'Windows System Time Settings Changes', '', '2025-01-03 00:36:13.111206', '2025-01-11 09:03:39.688976', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (304, 'Windows Certificate Configuration Changes', '', '2025-01-03 01:01:15.490613', '2025-01-11 09:04:53.226360', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (305, 'Windows Service Installed', '', '2025-01-03 02:18:12.167395', '2025-01-09 05:32:31.067763', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (306, 'Windows User Accounts Enumeration', '', '2025-01-03 03:54:50.553497', '2025-01-11 09:25:06.144012', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (307, 'Windows Group Membership Enumerated', '', '2025-01-03 04:11:59.606744', '2025-01-11 09:26:10.902541', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (308, 'Windows User Account Attributes Changes', '', '2025-01-03 21:38:35.711218', '2025-01-11 09:46:06.092012', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (309, 'Windows Application Errors', '', '2025-01-04 00:22:08.289008', '2025-01-11 09:58:45.199204', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (310, 'Windows Kerberos pre-authentication failed', '', '2025-01-07 18:57:02.034419', '2025-01-09 05:38:38.114579', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (311, 'Windows Event Log Service', '', '2025-01-07 20:03:14.962913', '2025-01-07 20:03:05.668000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (312, 'Windows Password Reset Attempts', '', '2025-01-07 21:55:26.756473', '2025-01-07 21:55:10.189000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (313, 'Windows Connection blocked by Windows Firewall', '', '2025-01-08 01:25:26.176755', '2025-01-08 03:32:29.937480', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (314, 'Windows Event Logging Service Shut Down', '', '2025-01-08 03:43:32.510550', '2025-01-08 03:43:21.966000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (315, 'Windows Credential Access', '', '2025-01-08 04:40:14.886517', '2025-01-08 04:39:55.764000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (316, 'Windows Additions to Security Groups', '', '2025-01-08 17:06:24.412988', '2025-01-08 19:40:05.518559', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (317, 'Windows Security Group Member Removal', '', '2025-01-08 17:36:50.641807', '2025-01-08 19:36:54.223052', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (318, 'Windows Creation of Security-Enabled Local Group', '', '2025-01-08 19:36:19.585474', '2025-01-08 19:36:15.593000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (319, 'Windows Security enabled local group change', '', '2025-01-08 20:02:22.634988', '2025-01-08 20:02:06.967000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (320, 'Windows Member Addition to a Security Local Group', '', '2025-01-08 20:23:38.021486', '2025-01-08 20:23:33.690000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (321, 'Windows Local Security Group Member Removal', '', '2025-01-08 20:55:57.158984', '2025-01-08 20:55:53.937000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (322, 'Windows Registry Value Modification', '', '2025-01-08 21:24:39.757645', '2025-01-08 21:24:35.271000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (376, 'Windows Activity Monitoring', '', '2025-02-20 02:09:46.130148', '2025-02-20 02:09:40.200000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (323, 'Windows Service Control Manager Log Information', '', '2025-01-08 23:15:49.911408', '2025-01-08 23:15:39.835000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (324, 'Office 365 SharePoint Group Membership Additions', '', '2025-01-09 21:47:22.013655', '2025-01-09 22:22:34.428752', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (325, 'Office 365 File Accessed', '', '2025-01-09 22:54:02.589779', '2025-01-09 22:53:55.117000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (326, 'Office 365 Security Role Update', '', '2025-01-10 01:59:38.206591', '2025-01-10 01:58:39.950000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (327, 'Office 365 Sharing Link Operation', '', '2025-01-10 03:46:13.274845', '2025-01-10 03:46:09.049000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (328, 'Office 365 Secure Link Operation', '', '2025-01-10 04:07:48.909626', '2025-01-10 04:08:32.563418', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (329, 'Office 365 Delegated Permission Grant', '', '2025-01-10 04:49:09.867884', '2025-01-10 04:48:39.475000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (330, 'Office 365 File Access and Activity', '', '2025-01-10 05:36:09.862798', '2025-01-10 05:35:38.722000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (331, 'Office 365 OneDrive File Download', '', '2025-01-10 06:05:08.114240', '2025-01-10 06:04:01.637000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (332, 'AWS DescribeLogStreams Logs', '', '2025-01-11 04:22:50.539731', '2025-01-11 04:22:34.120000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (333, 'AWS PutObject Logs', '', '2025-01-11 04:55:21.361019', '2025-01-11 04:54:59.194000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (334, 'AWS GetBucketAcl Logs', '', '2025-01-11 05:21:31.958245', '2025-01-11 05:21:12.903000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (335, 'AWS DescribeLogGroups Logs', '', '2025-01-11 05:44:29.889408', '2025-01-11 05:44:17.272000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (336, 'Windows Unlocked Account', '', '2025-01-15 18:14:31.119115', '2025-01-15 18:16:55.776676', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (337, 'Windows Audit File Integrity Validation Failed', '', '2025-01-15 23:04:06.222699', '2025-01-15 23:04:02.097000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (338, 'Windows Log Automatic Backup', '', '2025-01-16 00:07:21.912914', '2025-01-16 00:06:42.383000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (339, 'Windows Error Reporting', '', '2025-01-16 19:38:33.377527', '2025-01-16 19:38:30.250000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (340, 'Windows Logging Unexpected System Shutdowns', '', '2025-01-16 19:56:14.209140', '2025-01-16 19:55:51.648000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (341, 'Windows Unexpected Service Failures', '', '2025-01-16 20:21:30.825861', '2025-01-16 20:21:16.226000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (342, 'Windows Services Changes', '', '2025-01-16 20:46:04.803921', '2025-01-27 01:14:42.677007', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (343, 'Windows Kerberos Service Ticket', '', '2025-01-16 21:14:03.474913', '2025-01-16 21:13:39.395000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (344, 'Windows Application of Group Policies Errors', '', '2025-01-16 21:38:58.770844', '2025-01-16 21:38:50.947000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (345, 'Windows Created and Terminated Processes', '', '2025-01-16 22:34:32.931501', '2025-01-16 22:34:29.296000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (346, 'Windows Firewall Exception List Changed', '', '2025-01-17 01:01:26.597376', '2025-01-17 01:01:15.140000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (347, 'Windows Privilege Escalation Alerts', '', '2025-01-20 23:48:52.436210', '2025-01-20 23:48:36.797000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (348, 'Windows Defender Action Against Detected Threat', '', '2025-01-21 01:59:39.325763', '2025-01-21 01:59:27.680000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (349, 'Windows Connections and Port Assignments', '', '2025-01-24 00:47:22.022152', '2025-01-24 00:47:06.246000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (350, 'Windows Account Logoff', '', '2025-01-24 03:48:25.036095', '2025-01-24 04:01:22.846288', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (351, 'Windows User Account Logoff', '', '2025-01-24 03:54:07.633874', '2025-01-24 04:02:51.696873', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (352, 'Windows Unexpected Logon Process Termination', '', '2025-01-24 05:11:38.881286', '2025-01-24 05:11:32.551000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (353, 'AWS Console Login', '', '2025-01-25 22:43:58.943491', '2025-01-25 22:43:42.799000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (354, 'AWS Access Roles Assumption', '', '2025-01-25 22:44:31.300558', '2025-01-25 22:44:27.959000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (355, 'AWS Role creation', '', '2025-01-25 22:45:25.660468', '2025-01-25 22:45:22.517000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (356, 'AWS Attach Role Policy', '', '2025-01-25 22:46:01.340658', '2025-01-25 22:45:58.610000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (357, 'AWS Roles Assumption', '', '2025-01-26 01:18:51.114757', '2025-01-26 01:18:46.295000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (358, 'AWS Bucket Access Policies', '', '2025-01-26 02:44:49.830260', '2025-01-26 02:44:36.186000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (359, 'AWS IAM User Deletion', '', '2025-01-30 23:59:41.229052', '2025-01-30 23:59:10.062000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (360, 'AWS ListAccessKeys Logs', '', '2025-01-31 01:38:49.951161', '2025-01-31 01:47:51.033923', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (361, 'AWS Level 2 (AU.2.044): User Policies Removal', '', '2025-02-04 01:35:18.862162', '2025-02-04 01:33:50.437000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (362, 'AWS User Listing Activity', '', '2025-02-04 02:25:30.822537', '2025-02-04 02:25:20.780000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (363, 'AWS Querying EC2 Instances', '', '2025-02-04 03:15:15.461624', '2025-02-04 03:14:44.274000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (364, 'Windows Incidents Generated from Alerts', '', '2025-02-11 00:03:43.164332', '2025-02-14 00:50:58.034438', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (365, 'Windows Threat Detection and Response using SOC AI', '', '2025-02-12 01:49:40.307088', '2025-02-14 00:51:49.908829', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (366, 'Windows BitLocker Settings Modification Attempts', '', '2025-02-13 00:50:36.559878', '2025-02-13 00:50:30.511000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (367, 'Windows Shared Network Object Creation', '', '2025-02-18 01:27:16.518762', '2025-02-18 01:27:12.881000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (368, 'Windows Shared Resource Modification', '', '2025-02-19 00:15:59.870229', '2025-02-19 00:15:48.619000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (369, 'Windows File System Transaction Status Changes', '', '2025-02-19 00:33:29.307893', '2025-02-19 00:33:25.014000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (370, 'Windows Handle Closure in Security System', '', '2025-02-19 00:46:41.720838', '2025-02-19 00:45:49.297000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (371, 'Windows External Device Connection', '', '2025-02-19 01:15:33.151664', '2025-02-19 01:15:21.930000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (372, 'Windows Scheduled Task Creation', '', '2025-02-19 02:50:23.603710', '2025-02-19 02:50:19.193000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (373, 'Windows Delete Object Attempt', '', '2025-02-19 03:27:14.246722', '2025-02-19 03:27:06.486000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (374, 'Windows TLS protocol Errors', '', '2025-02-20 01:35:12.189909', '2025-02-20 01:35:07.696000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (375, 'Windows Protected Files Decryption', '', '2025-02-20 01:36:58.603309', '2025-02-20 01:36:53.977000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (377, 'Bitdefender Activity Monitoring', '', '2025-02-21 00:34:29.868290', '2025-02-21 00:34:23.487000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (378, 'Linux Activity Monitoring', '', '2025-02-21 01:15:16.542428', '2025-02-21 01:15:08.237000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (379, 'Firewall Activity', '', '2025-02-21 02:36:36.897541', '2025-02-21 02:36:27.647000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (380, 'Firewall Activity Monitoring', '', '2025-02-21 02:44:53.289534', '2025-02-21 02:44:32.911000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (381, 'Office 365 Activity Monitoring', '', '2025-02-21 03:18:13.148735', '2025-02-21 03:20:08.107389', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (382, 'AWS Activity Monitoring', '', '2025-02-24 23:57:10.356990', '2025-02-24 23:56:52.933000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (383, 'Azure Activity Monitoring', '', '2025-02-25 00:31:32.322060', '2025-02-25 00:32:25.253524', 'elopez', 'elopez', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (384, 'Windows Unexpected System Reboot', '', '2025-02-25 02:55:09.232165', '2025-02-25 02:54:50.133000', 'elopez', '1', '[]', null, null, true);
+                INSERT INTO utm_dashboard (id, name, description, created_date, modified_date, user_created, user_modified, filters, refresh_time, dashboard_type, system_owner) VALUES (385, 'Windows Scheduled System Shutdowns and Restarts', '', '2025-02-25 03:16:10.773828', '2025-02-25 03:16:07.800000', 'elopez', '1', '[]', null, null, true);
+
+
+            ]]>
+        </sql>
+
+        <sql dbms="postgresql" splitStatements="true" stripComments="true">
+            <![CDATA[
+
+            -- ##################################################################
+            -- # Delete old records into the utm_dashboard_visualization table table
+            -- ##################################################################
+                DELETE from utm_dashboard_visualization where id_dashboard < 1000000 and id_visualization < 1000000;
+
+            -- ##################################################################
+            -- # Insert new records into the utm_dashboard_visualization table
+            -- ##################################################################
+
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 579, 265, 0, 1468, 236.3333282470703, 0, 0, true, null, '{"cols":30,"id":"5c64ed4c-52e5-f1ab-bd61-c9353e6f6834","rows":5,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 66, 13, 2, 461.79998779296875, 259.6000061035156, 0, 15, true, null, '{"cols":7,"id":"4b544912-182e-55dc-b171-b13f6df3e691","rows":4,"x":15,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 59, 13, 0, 529.2000122070312, 259.6000061035156, 0, 0, true, null, '{"cols":8,"id":"608032aa-b6c3-8dcb-7ca0-05e1c46e228f","rows":4,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 49, 13, 3, 529.2000122070312, 259.6000061035156, 0, 22, true, null, '{"cols":8,"id":"cb5129fa-81d9-70a2-d380-0a944e02cf46","rows":4,"x":22,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 58, 13, 1, 461.79998779296875, 259.6000061035156, 0, 8, true, null, '{"cols":7,"id":"10592d1d-e913-6c2b-1a22-db866bfdc723","rows":4,"x":8,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 468, 13, 6, 664, 327, 4, 20, true, null, '{"cols":10,"id":"21d95999-84f1-3477-973e-e8f0b6179a55","rows":5,"x":20,"y":4}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 60, 13, 4, 596.5999755859375, 327, 4, 0, true, null, '{"cols":9,"id":"b4279a31-608a-7463-eb15-d52818adb689","rows":5,"x":0,"y":4}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 470, 13, 7, 596.5999755859375, 596.5999755859375, 9, 0, true, null, '{"cols":9,"id":"c06413ff-52f8-59dc-2937-8655b12c6053","rows":9,"x":0,"y":9}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 55, 13, 5, 731.4000244140625, 327, 4, 9, true, null, '{"cols":11,"id":"0412622a-25f7-916a-4d3a-103505a762b4","rows":5,"x":9,"y":4}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 472, 13, 8, 731.4000244140625, 596.5999755859375, 9, 9, true, null, '{"cols":11,"id":"e145f90c-9b55-deaf-fc72-1ce8a92541fe","rows":9,"x":9,"y":9}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 473, 13, 9, 664, 596.5999755859375, 9, 20, true, null, '{"cols":10,"id":"5ee50469-51cb-aef2-ae68-c41e5fee51ef","rows":9,"x":20,"y":9}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 49, 221, 0, 548, 436.3999938964844, 0, 0, true, null, '{"cols":10,"id":"b51c09d4-a8b6-fcf0-f332-e7c0878f7be3","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 474, 221, 2, 1664, 436.3999938964844, 8, 0, true, null, '{"cols":30,"id":"54680b51-8ecc-e1d5-c69b-5183dbc90483","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 475, 221, 1, 1106, 436.3999938964844, 0, 10, true, null, '{"cols":20,"id":"a55bcef8-acd5-e5f1-0920-7ea1b143af8e","rows":8,"x":10,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 468, 11, 3, 550.6666870117188, 494.6000061035156, 4, 20, true, null, '{"cols":10,"id":"289d900c-f898-07c0-7b27-911b52524321","rows":9,"x":20,"y":4}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 476, 11, 1, 550.6666870117188, 494.6000061035156, 4, 0, true, null, '{"cols":10,"id":"000bb2bc-2f1a-d558-757e-f8476cd8d1af","rows":9,"x":0,"y":4}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 52, 11, 0, 1672, 214.26666259765625, 0, 0, true, null, '{"cols":30,"id":"070f21ea-e793-3922-c285-b1a1941e0251","rows":4,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 65, 11, 2, 550.6666870117188, 494.6000061035156, 4, 10, true, null, '{"cols":10,"id":"441cf83a-9589-5881-48fd-8a55d1bc93c3","rows":9,"x":10,"y":4}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 479, 223, 0, 596.5999755859375, 461.79998779296875, 0, 0, true, null, '{"cols":9,"id":"7e3a3a2a-8218-2fa2-3295-32d082267313","rows":7,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 480, 223, 2, 664, 529.2000122070312, 7, 0, true, null, '{"cols":10,"id":"a498c392-a08c-0938-3e9c-3abea36c3aca","rows":8,"x":0,"y":7}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 481, 223, 1, 1405.4000244140625, 461.79998779296875, 0, 9, true, null, '{"cols":21,"id":"3a3cbc7b-7214-e533-c924-fc01c5606786","rows":7,"x":9,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 482, 223, 5, 2012, 866.2000122070312, 15, 0, true, null, '{"cols":30,"id":"f316914b-790a-8906-93fa-8e21d9bae367","rows":13,"x":0,"y":15}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 483, 223, 3, 664, 529.2000122070312, 7, 10, true, null, '{"cols":10,"id":"c9660d1c-196a-11b3-4637-d92e5bf7d4b3","rows":8,"x":10,"y":7}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 484, 223, 4, 664, 529.2000122070312, 7, 20, true, null, '{"cols":10,"id":"0e3c5794-fd8a-9983-9b8d-50d11b0a1e6f","rows":8,"x":20,"y":7}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 485, 7, 2, 448.73333740234375, 252.13333129882812, 0, 16, true, null, '{"cols":7,"id":"f9ee280e-b8f7-9efd-e25a-c975e8c6e7e9","rows":4,"x":16,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 486, 7, 0, 514.2666625976562, 252.13333129882812, 0, 0, true, null, '{"cols":8,"id":"d5afe85c-ded4-4452-70e2-fb40a6f601bd","rows":4,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 487, 7, 1, 514.2666625976562, 252.13333129882812, 0, 8, true, null, '{"cols":8,"id":"a39f5a92-1da0-9df0-2587-4113a035771c","rows":4,"x":8,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 575, 278, 0, 1411, 382, 0, 0, true, null, '{"cols":29,"id":"d3f31668-e83a-8bfb-e2e1-05ca70830dbb","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 488, 7, 4, 579.7999877929688, 448.73333740234375, 4, 0, true, null, '{"cols":9,"id":"3a2c7344-de10-7cd2-0a60-35c41512cb9f","rows":7,"x":0,"y":4}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 489, 7, 5, 1366.199951171875, 448.73333740234375, 4, 9, true, null, '{"cols":21,"id":"2a5afdb8-0f4c-7c1d-0683-e5f2b15cc1fd","rows":7,"x":9,"y":4}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 490, 7, 7, 710.8666381835938, 645.3333129882812, 11, 10, true, null, '{"cols":11,"id":"cd88922d-0817-6aec-723e-ee6cc9462b63","rows":10,"x":10,"y":11}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 491, 7, 6, 645.3333129882812, 645.3333129882812, 11, 0, true, null, '{"cols":10,"id":"8355560c-c1d6-7854-ac91-4e45bb611be7","rows":10,"x":0,"y":11}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 492, 7, 8, 579.7999877929688, 645.3333129882812, 11, 21, true, null, '{"cols":9,"id":"0f4c3293-10f1-31fc-47db-025abcdd5e86","rows":10,"x":21,"y":11}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 493, 7, 3, 448.73333740234375, 252.13333129882812, 0, 23, true, null, '{"cols":7,"id":"77ae5349-8ca8-282f-ea6d-98170f7ea458","rows":4,"x":23,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 497, 226, 1, 461.79998779296875, 259.6000061035156, 0, 8, true, null, '{"cols":7,"id":"587b6f97-7339-93d9-c263-dce292440851","rows":4,"x":8,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 498, 226, 2, 461.79998779296875, 259.6000061035156, 0, 15, true, null, '{"cols":7,"id":"0ffc7b00-b72b-ba05-f6f8-cd626d9dc82e","rows":4,"x":15,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 499, 226, 0, 529.2000122070312, 259.6000061035156, 0, 0, true, null, '{"cols":8,"id":"04bd9589-54ab-6336-e246-9da934f22ab2","rows":4,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 500, 226, 3, 529.2000122070312, 259.6000061035156, 0, 22, true, null, '{"cols":8,"id":"835459a2-5956-a056-4d0a-b6ae98a7cbe0","rows":4,"x":22,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 501, 226, 5, 933.5999755859375, 529.2000122070312, 4, 8, true, null, '{"cols":14,"id":"822ab5b4-776e-85d0-ed15-e9e479c11627","rows":8,"x":8,"y":4}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 502, 226, 4, 529.2000122070312, 529.2000122070312, 4, 0, true, null, '{"cols":8,"id":"2178066a-0ad8-cd3b-011e-47d0b41fd7aa","rows":8,"x":0,"y":4}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 503, 226, 7, 2012, 529.2000122070312, 12, 0, true, null, '{"cols":30,"id":"7e2019b9-ca91-01d1-b0fd-118d4d1ef986","rows":8,"x":0,"y":12}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 504, 226, 6, 529.2000122070312, 529.2000122070312, 4, 22, true, null, '{"cols":8,"id":"edaabf78-4173-f379-5c8d-9fc0612df8e3","rows":8,"x":22,"y":4}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 505, 227, 2, 710.8666381835938, 448.73333740234375, 6, 0, true, null, '{"cols":11,"id":"2501531c-dbea-8f24-8786-de2bdeeacbc0","rows":7,"x":0,"y":6}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 506, 227, 4, 1956, 448.73333740234375, 13, 0, true, null, '{"cols":30,"id":"ee79fab8-51c5-240f-e8e9-5cdd2c8265de","rows":7,"x":0,"y":13}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 127, 227, 1, 776.4000244140625, 383.20001220703125, 0, 18, true, null, '{"cols":12,"id":"bbb6a219-8cba-34d9-3ab5-0ff637edddf7","rows":6,"x":18,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 508, 227, 0, 1169.5999755859375, 383.20001220703125, 0, 0, true, null, '{"cols":18,"id":"7ab3acb6-7c8f-dae8-36a8-9bf42741c4c9","rows":6,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 509, 227, 3, 1235.13330078125, 448.73333740234375, 6, 11, true, null, '{"cols":19,"id":"9b864081-6b08-15c7-6d85-06fa02b7bd50","rows":7,"x":11,"y":6}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 515, 227, 0, 2020, 869.6666870117188, 0, 0, true, null, '{"cols":30,"id":"3cb3aa29-eceb-ce39-e213-fc45204409d5","rows":13,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 527, 233, 1, 1008.8386840820312, 435.741943359375, 6, 0, true, null, '{"cols":16,"id":"63493875-3769-e9b7-0f0c-588fe9e2466c","rows":7,"x":0,"y":6}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 528, 233, 0, 1964, 372.06451416015625, 0, 0, true, null, '{"cols":31,"id":"c1b3151a-d2a3-9c00-e7ae-78488c6bea2f","rows":6,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 529, 233, 2, 945.1613159179688, 435.741943359375, 6, 16, true, null, '{"cols":15,"id":"d3d3a6b6-90b0-177c-00e3-60cec6946652","rows":7,"x":16,"y":6}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 66, 234, 3, 1001, 596.5999755859375, 7, 0, true, null, '{"cols":15,"id":"655f9306-e330-16eb-bba2-d3c14fd9f94c","rows":9,"x":0,"y":7}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 473, 234, 4, 1001, 596.5999755859375, 7, 15, true, null, '{"cols":15,"id":"4019a7b2-f334-1fc7-e444-9b30acc17677","rows":9,"x":15,"y":7}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 530, 234, 0, 529.2000122070312, 461.79998779296875, 0, 0, true, null, '{"cols":8,"id":"40fef4a8-e90b-eeb8-f892-4aabf1d4c571","rows":7,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 531, 234, 1, 529.2000122070312, 461.79998779296875, 0, 8, true, null, '{"cols":8,"id":"71edde78-3002-1daf-7430-d0f7b73f62fb","rows":7,"x":8,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 532, 234, 2, 933.5999755859375, 461.79998779296875, 0, 16, true, null, '{"cols":14,"id":"cfecac15-2bf0-c1c3-2933-bf87418f1854","rows":7,"x":16,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 522, 236, 0, 1956, 448.73333740234375, 0, 0, true, null, '{"cols":30,"id":"2a92d53d-57a9-a897-4c15-29d1280bdb07","rows":7,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 523, 236, 1, 1956, 514.2666625976562, 7, 0, true, null, '{"cols":30,"id":"2674afaf-74d1-c167-4f05-8a9aa32f876a","rows":8,"x":0,"y":7}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 537, 238, 0, 645.3333129882812, 514.2666625976562, 0, 0, true, null, '{"cols":10,"id":"f00bbe6a-cf21-c111-47df-b9057e8b2bf6","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 538, 238, 2, 645.3333129882812, 514.2666625976562, 0, 20, true, null, '{"cols":10,"id":"62b9c9e2-dc27-fe6f-3843-606b40600482","rows":8,"x":20,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 539, 238, 3, 1956, 514.2666625976562, 8, 0, true, null, '{"cols":30,"id":"1a83c1e1-02b6-6d4b-83b3-28545d9eb239","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 540, 238, 1, 645.3333129882812, 514.2666625976562, 0, 10, true, null, '{"cols":10,"id":"6c8c30d2-506c-b446-43dc-da8a68183275","rows":8,"x":10,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 127, 239, 0, 973, 514.2666625976562, 0, 0, true, null, '{"cols":15,"id":"05f92235-d615-0252-e6c6-6341d8b33f69","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 541, 239, 2, 1956, 514.2666625976562, 8, 0, true, null, '{"cols":30,"id":"785dde97-6c1b-72eb-394c-a0c6f5264394","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 542, 239, 1, 973, 514.2666625976562, 0, 15, true, null, '{"cols":15,"id":"026f8fd9-53e0-22ae-d973-b69e82489e07","rows":8,"x":15,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 543, 240, 0, 1404, 367.0666809082031, 0, 0, true, null, '{"cols":30,"id":"26df1fd0-6580-c215-ba6d-4a399d877f28","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 544, 240, 1, 1404, 602.7333374023438, 8, 0, true, null, '{"cols":30,"id":"0289d80b-a79a-869e-0af3-aaa7c763c4f7","rows":13,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 545, 241, 1, 2012, 529.2000122070312, 7, 0, true, null, '{"cols":30,"id":"d887dd4a-aa78-edd4-4381-8ff8c16c97c9","rows":8,"x":0,"y":7}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 546, 241, 0, 2012, 461.79998779296875, 0, 0, true, null, '{"cols":30,"id":"f722a630-b945-e048-f2a7-d699306d9149","rows":7,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 489, 242, 6, 1405.4000244140625, 461.79998779296875, 4, 9, true, null, '{"cols":21,"id":"2a5afdb8-0f4c-7c1d-0683-e5f2b15cc1fd","rows":7,"x":9,"y":4}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 493, 242, 3, 394.3999938964844, 259.6000061035156, 0, 18, true, null, '{"cols":6,"id":"77ae5349-8ca8-282f-ea6d-98170f7ea458","rows":4,"x":18,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 488, 242, 5, 596.5999755859375, 461.79998779296875, 4, 0, true, null, '{"cols":9,"id":"3a2c7344-de10-7cd2-0a60-35c41512cb9f","rows":7,"x":0,"y":4}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 547, 242, 4, 394.3999938964844, 259.6000061035156, 0, 24, true, null, '{"cols":6,"id":"0eae040e-2044-93d2-cb95-dc5f4f587351","rows":4,"x":24,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 487, 242, 1, 394.3999938964844, 259.6000061035156, 0, 6, true, null, '{"cols":6,"id":"a39f5a92-1da0-9df0-2587-4113a035771c","rows":4,"x":6,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 490, 242, 8, 731.4000244140625, 664, 11, 10, true, null, '{"cols":11,"id":"cd88922d-0817-6aec-723e-ee6cc9462b63","rows":10,"x":10,"y":11}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 486, 242, 0, 394.3999938964844, 259.6000061035156, 0, 0, true, null, '{"cols":6,"id":"d5afe85c-ded4-4452-70e2-fb40a6f601bd","rows":4,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 492, 242, 9, 596.5999755859375, 664, 11, 21, true, null, '{"cols":9,"id":"0f4c3293-10f1-31fc-47db-025abcdd5e86","rows":10,"x":21,"y":11}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 485, 242, 2, 394.3999938964844, 259.6000061035156, 0, 12, true, null, '{"cols":6,"id":"f9ee280e-b8f7-9efd-e25a-c975e8c6e7e9","rows":4,"x":12,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 491, 242, 7, 664, 664, 11, 0, true, null, '{"cols":10,"id":"8355560c-c1d6-7854-ac91-4e45bb611be7","rows":10,"x":0,"y":11}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 528, 243, 0, 2020, 382.9032287597656, 0, 0, true, null, '{"cols":31,"id":"c1b3151a-d2a3-9c00-e7ae-78488c6bea2f","rows":6,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 527, 243, 1, 1037.741943359375, 448.3870849609375, 6, 0, true, null, '{"cols":16,"id":"63493875-3769-e9b7-0f0c-588fe9e2466c","rows":7,"x":0,"y":6}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 529, 243, 2, 972.258056640625, 448.3870849609375, 6, 16, true, null, '{"cols":15,"id":"d3d3a6b6-90b0-177c-00e3-60cec6946652","rows":7,"x":16,"y":6}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 548, 244, 0, 1573, 675.9666748046875, 0, 0, true, null, '{"cols":30,"id":"e9b26d35-c80b-3f2d-0ec0-a70391c07628","rows":13,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 549, 245, 0, 2012, 529.2000122070312, 0, 0, true, null, '{"cols":30,"id":"77e493ad-171c-9a18-a03b-b97cb2470703","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 550, 245, 1, 2012, 866.2000122070312, 8, 0, true, null, '{"cols":30,"id":"d715c869-5670-2ed1-7a6a-fe01123fcb52","rows":13,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 551, 246, 0, 2012, 529.2000122070312, 0, 0, true, null, '{"cols":30,"id":"9c4faf88-053e-962a-e1e3-e0f7eb93172e","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 552, 246, 1, 2012, 866.2000122070312, 8, 0, true, null, '{"cols":30,"id":"2644596c-04ba-0759-f02d-f0fcea0c1b25","rows":13,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 553, 247, 1, 1404, 602.7333374023438, 8, 0, true, null, '{"cols":30,"id":"b6cc67f7-8fac-07c7-6703-8a909d0f1db2","rows":13,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 554, 247, 0, 1404, 367.0666809082031, 0, 0, true, null, '{"cols":30,"id":"258654d5-bc69-2359-b4d7-9b345793e0eb","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 555, 248, 0, 2012, 461.79998779296875, 0, 0, true, null, '{"cols":30,"id":"c44502ec-b7ef-8442-24bc-60e2dd463da3","rows":7,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 503, 248, 1, 2012, 529.2000122070312, 7, 0, true, null, '{"cols":30,"id":"73485e7d-58db-39ae-e9fe-14b0701a64c3","rows":8,"x":0,"y":7}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 557, 249, 0, 1404, 367.0666809082031, 0, 0, true, null, '{"cols":30,"id":"e17086a0-7b12-f41a-6861-b152c6401f48","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 556, 249, 1, 1404, 602.7333374023438, 8, 0, true, null, '{"cols":30,"id":"6bf07340-4d44-6920-64d9-969be659f5ea","rows":13,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 558, 251, 0, 1404, 367.0666809082031, 0, 0, true, null, '{"cols":30,"id":"d564ae03-498e-2b8d-005a-02193fc60077","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 559, 251, 1, 1404, 602.7333374023438, 8, 0, true, null, '{"cols":30,"id":"bd360210-f655-d697-0588-128a31e73a24","rows":13,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 66, 253, 0, 1404, 308.1499938964844, 0, 0, true, null, '{"cols":40,"id":"655f9306-e330-16eb-bba2-d3c14fd9f94c","rows":9,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 562, 253, 1, 1404, 555.5999755859375, 9, 0, true, null, '{"cols":40,"id":"857df28d-f7a4-52f8-ba47-2856533ee822","rows":16,"x":0,"y":9}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 563, 254, 0, 2012, 394.3999938964844, 0, 0, true, null, '{"cols":30,"id":"254b4bae-57f4-452d-f6cb-b9d62d1754d4","rows":6,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 564, 254, 1, 2012, 596.5999755859375, 6, 0, true, null, '{"cols":30,"id":"3c20d836-746e-8947-efc0-2a218b286e64","rows":9,"x":0,"y":6}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 498, 255, 2, 448.73333740234375, 252.13333129882812, 0, 15, true, null, '{"cols":7,"id":"0ffc7b00-b72b-ba05-f6f8-cd626d9dc82e","rows":4,"x":15,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 497, 255, 1, 448.73333740234375, 252.13333129882812, 0, 8, true, null, '{"cols":7,"id":"587b6f97-7339-93d9-c263-dce292440851","rows":4,"x":8,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 499, 255, 0, 514.2666625976562, 252.13333129882812, 0, 0, true, null, '{"cols":8,"id":"04bd9589-54ab-6336-e246-9da934f22ab2","rows":4,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 502, 255, 4, 514.2666625976562, 514.2666625976562, 4, 0, true, null, '{"cols":8,"id":"2178066a-0ad8-cd3b-011e-47d0b41fd7aa","rows":8,"x":0,"y":4}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 501, 255, 5, 907.4666748046875, 514.2666625976562, 4, 8, true, null, '{"cols":14,"id":"822ab5b4-776e-85d0-ed15-e9e479c11627","rows":8,"x":8,"y":4}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 500, 255, 3, 514.2666625976562, 252.13333129882812, 0, 22, true, null, '{"cols":8,"id":"835459a2-5956-a056-4d0a-b6ae98a7cbe0","rows":4,"x":22,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 503, 255, 7, 1956, 514.2666625976562, 12, 0, true, null, '{"cols":30,"id":"7e2019b9-ca91-01d1-b0fd-118d4d1ef986","rows":8,"x":0,"y":12}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 504, 255, 6, 514.2666625976562, 514.2666625976562, 4, 22, true, null, '{"cols":8,"id":"edaabf78-4173-f379-5c8d-9fc0612df8e3","rows":8,"x":22,"y":4}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 565, 256, 0, 1956, 448.73333740234375, 0, 0, true, null, '{"cols":30,"id":"c44a6124-2c4a-3d96-c109-fc770a635eca","rows":7,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 566, 256, 1, 1956, 579.7999877929688, 7, 0, true, null, '{"cols":30,"id":"eff85c35-2b02-b19e-e195-16b52a77f026","rows":9,"x":0,"y":7}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 567, 257, 0, 1964, 384.79998779296875, 0, 0, true, null, '{"cols":30,"id":"7d1d9faa-6649-4d9b-7ec5-3c1f6f909411","rows":6,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 568, 257, 1, 1964, 516.4000244140625, 6, 0, true, null, '{"cols":30,"id":"916c698f-70e0-1bfb-7168-1cd2760eba1b","rows":8,"x":0,"y":6}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 569, 258, 0, 2020, 869.6666870117188, 0, 0, true, null, '{"cols":30,"id":"0f045ac9-3c1b-ce37-069e-7b8bfa72b7e4","rows":13,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 522, 259, 0, 1956, 448.73333740234375, 0, 0, true, null, '{"cols":30,"id":"2a92d53d-57a9-a897-4c15-29d1280bdb07","rows":7,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 523, 259, 1, 1956, 514.2666625976562, 7, 0, true, null, '{"cols":30,"id":"2674afaf-74d1-c167-4f05-8a9aa32f876a","rows":8,"x":0,"y":7}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 570, 260, 1, 2012, 529.2000122070312, 7, 0, true, null, '{"cols":30,"id":"72a11c41-bdbd-bc65-a5fa-8035e8dade30","rows":8,"x":0,"y":7}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 571, 260, 0, 2012, 461.79998779296875, 0, 0, true, null, '{"cols":30,"id":"c7a9e289-06e9-7b21-2e2d-1e29eb92d0ec","rows":7,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 572, 261, 1, 1956, 514.2666625976562, 7, 0, true, null, '{"cols":30,"id":"5da6f533-9227-bc1e-2724-c4d1113d78f8","rows":8,"x":0,"y":7}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 55, 261, 0, 1956, 448.73333740234375, 0, 0, true, null, '{"cols":30,"id":"78559e4a-c503-308f-607d-21a39a718e61","rows":7,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 534, 262, 1, 1956, 514.2666625976562, 6, 0, true, null, '{"cols":30,"id":"e1cc75d0-564e-0da8-37c6-e65417cd943a","rows":8,"x":0,"y":6}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 573, 262, 0, 1956, 383.20001220703125, 0, 0, true, null, '{"cols":30,"id":"9adbebda-9b64-c76b-4991-ce4953fb0788","rows":6,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 498, 268, 2, 448.73333740234375, 252.13333129882812, 0, 15, true, null, '{"cols":7,"id":"0ffc7b00-b72b-ba05-f6f8-cd626d9dc82e","rows":4,"x":15,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 497, 268, 1, 448.73333740234375, 252.13333129882812, 0, 8, true, null, '{"cols":7,"id":"587b6f97-7339-93d9-c263-dce292440851","rows":4,"x":8,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 499, 268, 0, 514.2666625976562, 252.13333129882812, 0, 0, true, null, '{"cols":8,"id":"04bd9589-54ab-6336-e246-9da934f22ab2","rows":4,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 502, 268, 4, 514.2666625976562, 514.2666625976562, 4, 0, true, null, '{"cols":8,"id":"2178066a-0ad8-cd3b-011e-47d0b41fd7aa","rows":8,"x":0,"y":4}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 501, 268, 5, 907.4666748046875, 514.2666625976562, 4, 8, true, null, '{"cols":14,"id":"822ab5b4-776e-85d0-ed15-e9e479c11627","rows":8,"x":8,"y":4}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 500, 268, 3, 514.2666625976562, 252.13333129882812, 0, 22, true, null, '{"cols":8,"id":"835459a2-5956-a056-4d0a-b6ae98a7cbe0","rows":4,"x":22,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 503, 268, 7, 1956, 514.2666625976562, 12, 0, true, null, '{"cols":30,"id":"7e2019b9-ca91-01d1-b0fd-118d4d1ef986","rows":8,"x":0,"y":12}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 504, 268, 6, 514.2666625976562, 514.2666625976562, 4, 22, true, null, '{"cols":8,"id":"edaabf78-4173-f379-5c8d-9fc0612df8e3","rows":8,"x":22,"y":4}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 510, 269, 0, 1038.5333251953125, 514.2666625976562, 0, 0, true, null, '{"cols":16,"id":"3d38beba-60d2-36f4-e9c0-fb834dd20b37","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 514, 269, 1, 907.4666748046875, 514.2666625976562, 0, 16, true, null, '{"cols":14,"id":"e287720d-baf8-24dd-ad25-cc9352de12a3","rows":8,"x":16,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 582, 267, 1, 1460, 382, 7, 0, true, null, '{"cols":30,"id":"9b4bb2ef-4fa6-c5b9-c775-adcd41081b6f","rows":8,"x":0,"y":7}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 581, 266, 1, 1468, 384.1333312988281, 5, 0, true, null, '{"cols":30,"id":"af54f6bb-e821-626d-28e8-cd7679db7362","rows":8,"x":0,"y":5}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 578, 265, 1, 1468, 384.1333312988281, 5, 0, true, null, '{"cols":30,"id":"94c1aa28-2036-d854-16fc-7f53aeb17401","rows":8,"x":0,"y":5}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 576, 264, 0, 1468, 285.6000061035156, 0, 0, true, null, '{"cols":30,"id":"258d51eb-31f3-de51-2a40-4de2ec317086","rows":6,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 583, 267, 0, 1460, 333, 0, 0, true, null, '{"cols":30,"id":"4e083c32-977f-53cc-8cca-cf8335fdd90f","rows":7,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 577, 264, 1, 1468, 334.8666687011719, 6, 0, true, null, '{"cols":30,"id":"9892099a-2d34-84a5-b2ac-396c105e7bc0","rows":7,"x":0,"y":6}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 580, 266, 0, 1468, 236.3333282470703, 0, 0, true, null, '{"cols":30,"id":"76f9e90f-d737-cfb2-9a0f-f1e8f247334d","rows":5,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 511, 269, 3, 645.3333129882812, 514.2666625976562, 8, 10, true, null, '{"cols":10,"id":"7003ae5b-b7b6-fb58-2523-d16e017c7105","rows":8,"x":10,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 513, 269, 2, 645.3333129882812, 514.2666625976562, 8, 0, true, null, '{"cols":10,"id":"449ca04e-3def-57e8-9cca-ae99df62b552","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 512, 269, 4, 645.3333129882812, 514.2666625976562, 8, 20, true, null, '{"cols":10,"id":"d1ffe2ed-859a-5f43-f7f4-0c6f046d422e","rows":8,"x":20,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 533, 271, 4, 548, 436.3999938964844, 7, 20, true, null, '{"cols":10,"id":"0aaf1142-430e-2c22-c500-e5b02137dc0e","rows":8,"x":20,"y":7}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 534, 271, 2, 548, 436.3999938964844, 7, 0, true, null, '{"cols":10,"id":"477b4e0f-b01a-5d19-ca9f-449f9c60d16f","rows":8,"x":0,"y":7}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 535, 271, 3, 548, 436.3999938964844, 7, 10, true, null, '{"cols":10,"id":"7240983e-a4a5-4e1c-9fc5-baf37a2482f4","rows":8,"x":10,"y":7}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 536, 271, 1, 882.7999877929688, 380.6000061035156, 0, 14, true, null, '{"cols":16,"id":"736f1fc4-267f-f393-1547-34109846b1b2","rows":7,"x":14,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 55, 271, 0, 771.2000122070312, 380.6000061035156, 0, 0, true, null, '{"cols":14,"id":"904a65aa-0214-0f1f-61b3-3482a8cd2a18","rows":7,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 584, 272, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"396369fc-4d0d-c8a6-cc1f-0fbae08136b1","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 585, 272, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"e8e8991a-814c-98d7-5fc1-f9c86e20bf72","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 586, 273, 1, 1411, 529, 8, 0, true, null, '{"cols":29,"id":"3a4c81a2-824d-2cec-39ea-aaaa1237a62b","rows":11,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 587, 273, 0, 1411, 382, 0, 0, true, null, '{"cols":29,"id":"20e9c38a-2c5e-1ac4-10d6-c246ed637498","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 597, 279, 1, 1411, 382, 8, 0, true, null, '{"cols":29,"id":"17c868d8-dac0-4993-c81b-e4eab33570fc","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 598, 279, 0, 1411, 382, 0, 0, true, null, '{"cols":29,"id":"0f55cc88-a4d2-7167-8a29-97651cc1353d","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 599, 280, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"f4e9e3d5-b9c8-ffe9-775d-c557765b8146","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 600, 280, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"62e1cd78-f7f5-157a-e793-191ea100b7ad","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 601, 281, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"5716a0b4-49d4-50b8-de78-9d66242735f2","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 602, 281, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"3e82130a-7f0a-5623-3fb7-732248dcdc95","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 657, 309, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"a2e94aa5-2455-5888-c34f-336968027869","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 658, 309, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"c2d56072-d733-4460-4e1c-985cc64184dd","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 659, 310, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"1f3e5895-7a3b-5b0e-cc64-2c4704142504","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 660, 310, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"663e2e3f-6005-1298-cbe8-d89d74815a6e","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 773, 252, 0, 2209, 562.6451416015625, 0, 0, true, null, '{"cols":31,"id":"746fc322-178a-1f2b-9edf-783b6bb2aa33","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 774, 252, 1, 2209, 562.6451416015625, 8, 0, true, null, '{"cols":31,"id":"f7627fcc-e3b1-a95f-a350-43374533fe17","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 588, 274, 1, 1460, 382, 9, 0, true, null, '{"cols":30,"id":"53cc4c04-14a5-742f-2a65-640acc929e02","rows":8,"x":0,"y":9}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 589, 274, 0, 1460, 431, 0, 0, true, null, '{"cols":30,"id":"8e489a15-e80b-d96e-4efb-869e0005e5dc","rows":9,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 590, 275, 1, 1411, 382, 8, 0, true, null, '{"cols":29,"id":"4c85a24d-b41b-881a-7a05-82fcfc44a8fe","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 591, 275, 0, 725, 382, 0, 0, true, null, '{"cols":15,"id":"11309335-a62d-02d4-1d55-2d555688610b","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 592, 276, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"05d4b341-b0d5-37e7-60c6-09679ab4211c","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 593, 276, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"7332adc4-b8a4-ea6c-7de7-d7b3657214f4","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 594, 277, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"dafde6bc-b678-9f54-75c6-3d2ae2d9606e","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 595, 277, 0, 823, 382, 0, 0, true, null, '{"cols":17,"id":"0c55f648-643d-6ec6-08f7-2297d6404119","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 596, 278, 1, 1411, 382, 8, 0, true, null, '{"cols":29,"id":"46158e51-e30d-21b4-bdc4-ad1302e60a22","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 603, 282, 1, 1460, 431, 8, 0, true, null, '{"cols":30,"id":"b848e153-31de-92f2-e7dd-862e70853a13","rows":9,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 604, 282, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"bb38f3ef-58f3-8bf5-2619-e9af4bc6b580","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 605, 283, 1, 1460, 480, 8, 0, true, null, '{"cols":30,"id":"6264344a-7366-4152-e82a-6700f955c3a4","rows":10,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 606, 283, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"b60f729c-5366-5815-f79d-3fe6fc0dad84","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 607, 284, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"9a4e7beb-dbee-2be3-aeb5-5282bb77d636","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 608, 284, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"0b44d425-64b2-d415-ec3b-a0f9a74bb1b4","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 609, 285, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"86e3c8e7-d98a-5ae7-1f25-f5cd758bddba","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 610, 285, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"8bbb615e-d3af-7d3d-063d-952790c5f2ae","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 611, 286, 1, 1460, 431, 8, 0, true, null, '{"cols":30,"id":"ba5e01d4-4d63-fc16-805f-5e08d094f8d2","rows":9,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 612, 286, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"b359d8c3-fd5a-8897-fabe-0b0552b7efd1","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 613, 287, 1, 1411, 382, 8, 0, true, null, '{"cols":29,"id":"5a688836-8385-7667-7cc1-4d8df9b37830","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 614, 287, 0, 1411, 382, 0, 0, true, null, '{"cols":29,"id":"73108a84-d3bd-4bda-d741-ddfeffdf26f8","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 615, 288, 1, 1411, 382, 8, 0, true, null, '{"cols":29,"id":"6dd5fdb5-79aa-e5ec-4428-892e7e640d72","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 616, 288, 0, 1411, 382, 0, 0, true, null, '{"cols":29,"id":"06ea7cd7-52c0-8aa5-0905-d5c259ae9533","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 617, 289, 1, 1460, 578, 8, 0, true, null, '{"cols":30,"id":"39674804-57b5-2525-bc5d-48f8a399d517","rows":12,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 618, 289, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"d752c163-0f1a-e5d5-7202-ecb2267b30b7","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 619, 290, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"dbe3334c-3da3-2331-dd6b-a34dfcd2cf21","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 620, 290, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"b4d94486-53a9-0345-a15e-5cf3a853b180","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 621, 291, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"f754682c-5f47-8628-a16b-693571b835cb","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 622, 291, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"ddabaab8-c3d1-4d2f-1330-042bc7f55640","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 623, 292, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"e312c70b-4cdc-df91-6525-aaf7ccfa2c7d","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 624, 292, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"70f7f55d-7203-b444-8ad1-15d1c10f2560","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 625, 293, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"d89cae84-bbe4-353c-dc6f-2b4bca6b59b9","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 626, 293, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"9dae80e3-ec0e-9409-b802-2978b863d5fb","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 627, 294, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"52247cf2-8c2c-d9bc-1c72-5439b42f3f4d","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 628, 294, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"c452227e-03e5-d6a1-0863-ff7d2d26ffe5","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 629, 295, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"767044ae-eadb-0705-6bb2-d43510e102da","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 630, 295, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"da52d914-22b3-d19b-0a08-0fa3c15523b7","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 631, 296, 1, 1460, 431, 8, 0, true, null, '{"cols":30,"id":"98f64caa-7b92-dec9-1d3e-e71a18e2bb5b","rows":9,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 632, 296, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"8fb3fd91-07e8-2bf0-eeb1-9196e5096a8e","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 633, 297, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"a2f0a7cb-b192-96dd-c5f1-82c6278ff091","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 634, 297, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"0df7c2ba-a46f-6494-eb73-5e5c169f0904","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 635, 298, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"61990552-1849-ff9d-7b8c-d9a60d3b7379","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 636, 298, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"3ea00424-9282-309b-b1f4-c11b5ee76d08","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 637, 299, 1, 1411, 382, 8, 0, true, null, '{"cols":29,"id":"2ee19549-c038-6bc4-1e5a-978f758cc13c","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 638, 299, 0, 1411, 382, 0, 0, true, null, '{"cols":29,"id":"d36e35a1-0ac9-218d-156d-399ca1e0c014","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 639, 300, 1, 1460, 369.3548278808594, 8, 0, true, null, '{"cols":31,"id":"1adc3a4d-0c1f-9407-7489-bf963034ecb8","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 640, 300, 0, 1460, 369.3548278808594, 0, 0, true, null, '{"cols":31,"id":"a8e2660b-a787-8e3d-10b9-6fdb6b1bfcb5","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 641, 301, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"71a1d0f5-e898-616c-7e03-2c5ce6a137b2","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 642, 301, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"29512d23-ff98-4da1-8d1a-b884fb582a33","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 644, 302, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"d80c0f1b-6f37-8f4d-9d44-dffe2320fa31","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 643, 302, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"b6808cb3-02b9-53eb-e9cb-1ed9493e0f14","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 645, 303, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"3b9089b5-6dc5-f570-b7c3-ca5b2f6efadd","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 646, 303, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"5a3e1108-5cb0-6686-2ac3-e9b707d5d99b","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 647, 304, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"2de1d047-fd83-932f-8f74-b6fbe0ccdf8c","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 648, 304, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"21f99b30-5fb1-5731-61cb-fa097c03e868","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 649, 305, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"5de35f4b-f670-9bf0-e499-2427380a9169","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 650, 305, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"335176a4-5d45-7c84-84f0-9d6b5838c38f","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 651, 306, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"78f531bc-b91e-b7ea-4c67-9a3a5ea9703b","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 652, 306, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"13dfcdd8-9790-8080-7ca3-5773edb022f4","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 653, 307, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"05069480-a822-9d6b-faf5-fd3eacd48db0","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 654, 307, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"08f08c67-8391-2931-de18-76c36cc673b5","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 656, 308, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"ed424840-c256-d16c-f56c-4d93a14e856e","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 655, 308, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"cf3b4409-d15c-cb42-2987-ed7df9c33fa5","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 663, 311, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"84efb5c0-1b31-7510-81cb-691e349fa5b3","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 664, 311, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"884b2aae-1590-9c3c-db11-0ed446c6695b","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 665, 312, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"aaf78615-4970-f160-949c-b1acbfa50e5d","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 666, 312, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"00fe3a4f-92d4-dc04-a0eb-3e639dde4166","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 667, 313, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"fc6142b8-8e06-37ea-d671-183a91db4206","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 668, 313, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"2e29f8eb-7b1a-fe6a-bc74-e780f502d6a8","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 669, 314, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"ab79681d-4fe6-40f9-33c5-7247d863772e","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 670, 314, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"4578217b-10b9-d611-acce-ef79ddd1d3eb","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 671, 315, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"72df4705-ffcd-6867-6577-b80dd3685d9e","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 672, 315, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"0bc53f20-2a51-a662-ecc7-2397862acdaf","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 673, 316, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"5eaa7b5d-2950-c4d7-491a-4c15733d5d14","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 674, 316, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"7d6e0113-6367-59e2-1a00-84a343396956","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 675, 317, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"7aff3260-45c9-45c8-7320-b7cef30eb0e3","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 676, 317, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"191bef2b-d83b-c06d-1e78-782410ec2e80","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 678, 318, 0, 1411, 382, 0, 0, true, null, '{"cols":29,"id":"96933ccc-9497-5c54-b15f-43f50b4d2231","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 677, 318, 1, 1411, 382, 8, 0, true, null, '{"cols":29,"id":"5b1f907f-7577-dae8-1660-1fe534e11d99","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 679, 319, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"6b6ad6f7-73d1-55b0-a222-97f58b92b19b","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 680, 319, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"f083582c-1eaf-f2af-cef4-032d3842c68e","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 682, 320, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"449e4c11-f4e4-2f57-3c06-925da83c8dd3","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 681, 320, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"e984cfed-764e-3072-a0af-8b8c18eeb641","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 683, 321, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"017e01ac-2bb9-0917-e114-1cecd4792e41","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 684, 321, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"2e0accc0-fc9c-cacf-891a-f9d06db0a663","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 685, 322, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"e774b2c3-0b46-c036-0941-52dabd88f8a8","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 686, 322, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"d837bc7b-b33e-77fc-5417-0d3e403a9c8f","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 687, 323, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"6d936011-6532-49e6-ee15-8a14dea85baf","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 688, 323, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"ded36ea0-d3de-71ff-b8a1-c046d4b51959","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 689, 324, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"455c2c65-2be1-80e9-a0e3-04ba353c2fbb","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 690, 324, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"4c73b829-6e56-570a-0fbc-7d82fb8da6c2","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 692, 325, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"db595e6b-888b-b104-89a9-e2dacf133575","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 691, 325, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"c2f623aa-4f13-ab88-bf99-5414567f5051","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 693, 326, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"311d5a6e-c579-2b65-f4f5-16c2bc9c0ff6","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 694, 326, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"8d30429a-c5c8-b0d8-99ad-ca937f7aae9a","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 695, 327, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"2d8e4942-6bad-027d-6b04-92333860493e","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 696, 327, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"ffb34c9e-cb2f-f17e-02b1-b2d27a7048df","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 697, 328, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"22b381b2-55ab-8b51-cf06-f0c78879b6a3","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 698, 328, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"62b7efce-62e1-d4af-07ce-f78f3d42d3c9","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 699, 329, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"6c944fee-4d8b-b43f-2768-9871f2af09a9","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 700, 329, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"17fa2b6c-e8d0-17dd-b7d9-1ced4b492ef5","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 701, 330, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"5bff1177-3f8d-77f3-31a9-b7eb1b9bfc07","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 702, 330, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"5d13cfff-c00b-810a-6b21-cbe9ef158b39","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 704, 331, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"21132c95-0d52-ebbf-013a-3d30e5d3871e","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 703, 331, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"f748e546-1217-fb89-312f-518aa47adc1e","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 705, 332, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"ab795222-a6c0-2e2c-8481-e04c6c5d3888","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 706, 332, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"a062ba58-b651-9957-56f7-121521a3b15d","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 708, 333, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"1902a653-9bc2-82fe-2196-fd99fe2c56a8","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 707, 333, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"ce942997-5463-ae7b-515d-297e07226abb","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 709, 334, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"fa46fd78-77aa-e3d4-16c2-0a18949a9c26","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 710, 334, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"b5bee87c-e381-7bb1-1b3c-90111a963b0e","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 711, 335, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"b8b1f0dd-3e6e-925e-2aa0-daabf00f23e5","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 712, 335, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"bc602008-62a5-7229-6d01-c5d0eb5f86d4","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 713, 336, 0, 1460, 369.3548278808594, 0, 0, true, null, '{"cols":31,"id":"424121ce-0df0-4036-8c74-99152e87f9c8","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 714, 336, 1, 1460, 369.3548278808594, 8, 0, true, null, '{"cols":31,"id":"f96fbe61-d6ad-af57-e1fe-6896b187b706","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 715, 337, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"b55ecd91-d95e-09a9-d0d5-1fd866aa064d","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 716, 337, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"10653e33-986d-b265-81e4-62c2eae24a5f","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 717, 338, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"ff543143-601c-6f07-6f19-b17dfcaa3846","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 718, 338, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"ba5e3515-6a07-a80e-1e83-416abacb5ef3","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 719, 339, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"1dbf046e-fb66-6a1d-ac3a-69442c7efe00","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 720, 339, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"9b5d1970-c541-dcbc-c140-5c9c60cea3cb","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 721, 340, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"34835548-2297-7f7d-a2a6-b443f90e9623","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 722, 340, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"a1b56b93-ffd9-9e1a-94f2-af56c3c0f460","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 723, 341, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"84b5f022-db72-8557-af81-7cf7dc04edf8","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 724, 341, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"5202314c-c47a-8b47-28dd-91421f267cb4","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 725, 342, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"6f28117c-b079-6401-ae29-ceff43bb1696","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 726, 342, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"7a385f1e-4b7e-1f19-cb59-79a6a3472d0f","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 727, 343, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"cc6a2f57-fb0f-50be-f338-c172dc70161e","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 728, 343, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"3d13b437-1d29-59aa-ba80-8912c44aa185","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 729, 344, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"d641bd52-5f90-4838-c605-bd70a5ec5c11","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 730, 344, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"468bdee2-ff4c-80dd-8546-5b6f07b90279","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 731, 345, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"fdd09863-e581-55c6-a099-7d4492b564fb","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 732, 345, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"bc1036fc-02ae-d6b9-1301-55acccca2a0a","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 733, 346, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"31970ae1-69ee-d58d-9ffc-eb83b0848777","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 734, 346, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"539ed5d1-f0da-c776-e284-d3cd859c632a","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 735, 347, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"f2bae95c-cf78-d52a-5f8f-8aef86174f92","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 736, 347, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"3aadec4f-2ad8-d061-f4e8-917f5ed222de","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 737, 348, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"399db8f9-8e73-bcd7-4c9d-7d8004c31407","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 738, 348, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"79242d51-77f6-682c-ceca-ad3efb58a196","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 739, 349, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"6bcdb726-f692-9d57-1ac1-1375b78d8568","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 740, 349, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"b94a48fb-4384-c74f-14df-9f1155758dd2","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 661, 350, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"eea6d3ef-0297-d517-3907-fc5b36b14610","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 752, 356, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"c141983a-2c94-9556-093f-5f92235f5a6c","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 753, 357, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"22843e88-c67b-2086-92b3-a7287bc29a68","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 742, 350, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"eab801a4-6445-0d63-5ac7-160b830cbfae","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 741, 351, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"1a4de910-399d-b0bd-bc8f-89f02bf7fb05","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 742, 351, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"4b11b8ba-b4aa-6b3a-061b-5886db39a2d8","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 743, 352, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"c8c74d9d-6ccb-fc8b-11fc-e940a091477e","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 744, 352, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"a216a1cc-53a3-6bfe-d8d3-fca45acadbb6","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 746, 353, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"4bb88be0-09e9-b3ce-80d8-f7b18c7ca7c5","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 745, 353, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"b4fe360f-704d-59b8-6f17-e4f74f7bd487","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 747, 354, 1, 1460, 357.5, 8, 0, true, null, '{"cols":32,"id":"ef41f86c-ca14-4568-ac85-c0a2266b736f","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 749, 354, 0, 1460, 357.5, 0, 0, true, null, '{"cols":32,"id":"2165f7c0-811a-4363-b70a-9de62dd97d93","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 748, 355, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"f717bd76-2ab1-c9a5-965c-715c3edf55cd","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 750, 355, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"e580961e-2a4e-361c-f921-af37a92f3788","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 751, 356, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"bc13000f-5d02-09b3-3481-74981365bbc5","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 754, 357, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"997f6f25-69a8-9cc1-f94c-77b959c85708","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 755, 358, 1, 1460, 382, 8, 0, true, null, '{"cols":30,"id":"33e5bb32-ab96-11cb-56bc-5c0c59a23493","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 756, 358, 0, 1460, 382, 0, 0, true, null, '{"cols":30,"id":"1ac10cbc-8b97-7a7a-516c-e15e76b02e2d","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 757, 359, 1, 2209, 581.7333374023438, 8, 0, true, null, '{"cols":30,"id":"46885b09-3763-1241-fc06-3507ef8c6afa","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 758, 359, 0, 2209, 581.7333374023438, 0, 0, true, null, '{"cols":30,"id":"37d48684-23ad-1555-8f41-a9805c673dfc","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 760, 360, 1, 2209, 581.7333374023438, 8, 0, true, null, '{"cols":30,"id":"2bd472f8-83db-1ff6-9037-862f7e101bb1","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 759, 360, 0, 2209, 581.7333374023438, 0, 0, true, null, '{"cols":30,"id":"35ac284d-c153-328b-ae8a-6b8414e1083a","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 761, 361, 1, 2209, 581.7333374023438, 8, 0, true, null, '{"cols":30,"id":"58f651bd-a638-9d1a-2485-4bb7ec7a7b4d","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 762, 361, 0, 2209, 581.7333374023438, 0, 0, true, null, '{"cols":30,"id":"9456e413-1305-3c64-a91c-302edf53e049","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 763, 362, 1, 2209, 581.7333374023438, 8, 0, true, null, '{"cols":30,"id":"3256cb75-1c66-5765-71cb-de1c610551b6","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 764, 362, 0, 2209, 581.7333374023438, 0, 0, true, null, '{"cols":30,"id":"55c2649f-1a55-0631-8134-9f23142b88b6","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 765, 363, 1, 2209, 507.76666259765625, 8, 0, true, null, '{"cols":30,"id":"0d45579b-ec4a-1d00-9bf7-5bf778de7939","rows":7,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 766, 363, 0, 2209, 581.7333374023438, 0, 0, true, null, '{"cols":30,"id":"48f08e25-a9fe-adf8-0080-ce3d32e8520c","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 767, 364, 1, 2209, 581.7333374023438, 8, 0, true, null, '{"cols":30,"id":"eea77669-827b-6c73-1267-afd735c5c24f","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 768, 364, 0, 2209, 581.7333374023438, 0, 0, true, null, '{"cols":30,"id":"6cb884e6-2fac-9280-f096-5d95cb890373","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 769, 365, 1, 2209, 581.7333374023438, 8, 0, true, null, '{"cols":30,"id":"bc3ebb2c-0f2e-40fd-13f0-5d7b4ec0a9c2","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 770, 365, 0, 2209, 581.7333374023438, 0, 0, true, null, '{"cols":30,"id":"4bf2c9a6-9d5f-0ccb-43a7-a00373d75584","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 771, 366, 1, 2209, 581.7333374023438, 8, 0, true, null, '{"cols":30,"id":"102be3bf-a34a-5342-f4a1-3f8b25e21171","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 772, 366, 0, 2209, 581.7333374023438, 0, 0, true, null, '{"cols":30,"id":"0791b403-a8bb-7152-a650-80104a017695","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 775, 367, 1, 2209, 581.7333374023438, 8, 0, true, null, '{"cols":30,"id":"9a5d8fd5-c718-2b6b-d67a-c0b625acb9f5","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 776, 367, 0, 2209, 581.7333374023438, 0, 0, true, null, '{"cols":30,"id":"5b9463a9-b99c-665d-0a3e-efbfeadd627d","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 778, 368, 0, 2209, 562.6451416015625, 0, 0, true, null, '{"cols":31,"id":"5f1372ab-76dc-2b59-96a2-fcfe6e7109b5","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 777, 368, 1, 2209, 562.6451416015625, 8, 0, true, null, '{"cols":31,"id":"991b7a57-fe97-762e-4409-9b41ddb4055c","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 779, 369, 1, 2209, 581.7333374023438, 8, 0, true, null, '{"cols":30,"id":"2bb9e8de-b8a8-6209-96e7-30bac5a4480f","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 780, 369, 0, 2209, 581.7333374023438, 0, 0, true, null, '{"cols":30,"id":"f060db1d-f099-cd15-7cd3-89acc344fab9","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 782, 370, 0, 2209, 581.7333374023438, 0, 0, true, null, '{"cols":30,"id":"1fbd6a26-f9b9-b6b9-0d2f-13b82c994838","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 781, 370, 1, 2209, 581.7333374023438, 8, 0, true, null, '{"cols":30,"id":"b314842d-0cf3-a37f-3b99-98b74c781e84","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 783, 371, 1, 2209, 581.7333374023438, 8, 0, true, null, '{"cols":30,"id":"04fafde7-9311-cdd2-5a94-350dd8301e30","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 784, 371, 0, 2209, 581.7333374023438, 0, 0, true, null, '{"cols":30,"id":"57f2bbf2-4bab-7645-cf9b-8df5a2e1e905","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 785, 372, 0, 2209, 581.7333374023438, 0, 0, true, null, '{"cols":30,"id":"c66c0555-2ece-5b3c-a5d6-6496d324f8be","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 786, 372, 1, 2209, 581.7333374023438, 8, 0, true, null, '{"cols":30,"id":"35af2bab-3ddf-af3b-4bae-d251596a3c88","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 787, 373, 1, 2209, 581.7333374023438, 8, 0, true, null, '{"cols":30,"id":"49b4c506-8983-9d61-3512-d829726c08a6","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 788, 373, 0, 2209, 581.7333374023438, 0, 0, true, null, '{"cols":30,"id":"e1cceb61-9685-a3a7-96aa-5a274b5db34f","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 789, 374, 1, 2209, 581.7333374023438, 8, 0, true, null, '{"cols":30,"id":"b5ad0976-af06-6fee-bbec-c95779612167","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 790, 374, 0, 2209, 581.7333374023438, 0, 0, true, null, '{"cols":30,"id":"b0220a93-575c-ab65-0e09-73d5ba18ec52","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 791, 375, 1, 2209, 581.7333374023438, 8, 0, true, null, '{"cols":30,"id":"14baae64-a487-2dee-2031-916391745a7c","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 792, 375, 0, 2209, 581.7333374023438, 0, 0, true, null, '{"cols":30,"id":"b0f3d3cf-aca2-861b-cc89-514cd236d986","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 793, 376, 1, 2209, 581.7333374023438, 8, 0, true, null, '{"cols":30,"id":"75d71c5e-065e-351e-edb0-bcdbba354eb0","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 794, 376, 0, 2209, 581.7333374023438, 0, 0, true, null, '{"cols":30,"id":"524e4edd-7f71-3947-72ee-f507dcf2d86a","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 795, 377, 1, 2209, 581.7333374023438, 8, 0, true, null, '{"cols":30,"id":"4d4d0e10-2f48-5370-f4c2-5dc031662762","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 796, 377, 0, 2209, 581.7333374023438, 0, 0, true, null, '{"cols":30,"id":"d47368d2-f7e3-7ad9-7ba4-b64abb2c405f","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 797, 378, 1, 2209, 581.7333374023438, 8, 0, true, null, '{"cols":30,"id":"da9ebbb3-54a4-38df-4128-b646bc6ddd74","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 798, 378, 0, 2209, 581.7333374023438, 0, 0, true, null, '{"cols":30,"id":"5613c57f-97e7-fe67-b392-db68ee5b7438","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 799, 380, 1, 2209, 581.7333374023438, 8, 0, true, null, '{"cols":30,"id":"64a33b0f-7dc0-aab0-fff3-7adb72edb7d9","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 800, 380, 0, 2209, 581.7333374023438, 0, 0, true, null, '{"cols":30,"id":"78d7a183-ced8-3894-9eb3-cb4340e999a2","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 802, 381, 0, 2209, 581.7333374023438, 0, 0, true, null, '{"cols":30,"id":"8c0b5bf2-10e4-fefe-7502-92000e5594a4","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 804, 382, 0, 2209, 581.7333374023438, 0, 0, true, null, '{"cols":30,"id":"1b853a9d-3c03-3f78-cd28-6e562244fb33","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 803, 382, 1, 2209, 581.7333374023438, 8, 0, true, null, '{"cols":30,"id":"519a5226-01a6-ce17-8a8b-22fecb14f5e4","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 801, 381, 1, 2209, 581.7333374023438, 8, 0, true, null, '{"cols":30,"id":"b132af95-1333-49c3-c259-db20deb3e997","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 805, 383, 0, 2209, 581.7333374023438, 0, 0, true, null, '{"cols":30,"id":"f81678c0-bf6b-f5ee-49bd-a09b6baba796","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 799, 379, 1, 2209, 581.7333374023438, 8, 0, true, null, '{"cols":30,"id":"a386dff3-c072-44d3-46fe-db8f3ad9909c","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 800, 379, 0, 2209, 581.7333374023438, 0, 0, true, null, '{"cols":30,"id":"e0fa23c2-16d6-4968-eb4e-53347a788881","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 806, 383, 1, 2209, 581.7333374023438, 8, 0, true, null, '{"cols":30,"id":"44e8fc7f-f70c-340c-a92e-ad144372cdd0","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 807, 384, 1, 2209, 581.7333374023438, 8, 0, true, null, '{"cols":30,"id":"c073b9ef-299c-7e9b-6e16-0866d71ee4ef","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 808, 384, 0, 2209, 581.7333374023438, 0, 0, true, null, '{"cols":30,"id":"ebfac402-fe9c-0dfb-1e7c-9aa03f2ff7f1","rows":8,"x":0,"y":0}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 809, 385, 1, 2209, 581.7333374023438, 8, 0, true, null, '{"cols":30,"id":"abf94672-a559-d93e-3df5-f45596820464","rows":8,"x":0,"y":8}');
+                INSERT INTO utm_dashboard_visualization (id, id_visualization, id_dashboard, dv_order, dv_width, dv_height, dv_top, dv_left, dv_show_time_filter, dv_default_time_range, dv_grid_info) VALUES (default, 810, 385, 0, 2209, 581.7333374023438, 0, 0, true, null, '{"cols":30,"id":"10908e60-2789-49d7-0b56-9a35cb160baa","rows":8,"x":0,"y":0}');
+
+
+            ]]>
+        </sql>
+
+        <sql dbms="postgresql" splitStatements="true" stripComments="true">
+            <![CDATA[
+
+            -- ##################################################################
+            -- # Insert new records into the utm_compliance_standard_section table
+            -- ##################################################################
+
+            INSERT INTO utm_compliance_standard_section (id, standard_id, standard_section_name, standard_section_description) VALUES
+                                                                                                                                          (512, 500, 'Incident Response and Escalation', 'Integrating the SIEM with an incident response platform is crucial for managing and escalating critical alerts, especially in systems that handle CUI. As the level of maturity increases in CMMC, capabilities evolve from manual response to advanced automation through machine learning. This ensures faster detection, effective mitigation and continuous improvement in threat protection, ensuring compliance with security requirements and operational resilience.'),
+                                                                                                                                          (513, 500, 'Compliance Reporting', 'Compliance Reporting at CMMC is essential to demonstrate compliance with security requirements and facilitate regulatory audits. Ensures transparency and accountability by providing detailed logs of security events, accesses, and configuration changes. Its integration with the SIEM allows for better event correlation and incident response, strengthening the organization''s security posture. At more advanced levels, this process incorporates advanced auditing and real-time analysis to detect threats and improve the protection of sensitive information.'),
+                                                                                                                                          (514, 500, 'Data Loss Prevention (DLP) Monitoring', 'Data Loss Prevention (DLP) Monitoring is crucial for CMMC compliance as it helps protect Controlled Unclassified Information (CUI) and prevent leaks of sensitive data. Within CMMC, DLP Monitoring ensures that critical data is protected from unauthorized access, exfiltration, and accidental loss. This is especially important to meet security requirements in the transmission, storage and handling of CUI. As maturity levels advance, DLP monitoring must be more advanced, integrating tools that detect and block data leak attempts, alerting in real time about possible incidents.'),
+                                                                                                                                          (515, 500, 'Encryption Monitoring', 'The Encryption Monitoring section focuses on the monitoring and validation of encryption mechanisms used to protect Controlled Unclassified Information (CUI) in transit and at rest, in compliance with CMMC requirements. This monitoring makes it possible to detect insecure configurations, unauthorized encryption or decryption events, and the use of algorithms that do not meet required security standards. Additionally, it helps ensure that sensitive data is adequately protected from unauthorized access, contributing to the integrity and confidentiality of information within the organization.'),
+                                                                                                                                          (516, 500, 'Third-Party Risk Monitoring', 'Third-Party Risk Monitoring is a critical component of CMMC compliance, as many organizations rely on third-party providers for essential services, introducing additional risks into Controlled Unclassified Information (CUI) protection. Uncontrolled access or lack of monitoring of these entities can lead to vulnerabilities that can be exploited by malicious actors. Implementing a SIEM for third-party monitoring allows for centralized visibility, ensuring that any suspicious activity is identified and managed in a timely manner. This not only protects the CUI, but also reinforces the organization''s security posture and ensures compliance with CMMC requirements.'),
+                                                                                                                                          (517, 500, 'Disaster Recovery and Business Continuity Monitoring', 'Disaster recovery and business continuity monitoring is critical to ensuring operational resilience and information security in organizations. Within the CMMC framework, it is crucial to establish mechanisms that allow detecting, analyzing and responding to interruptions in critical systems, ensuring data protection and continuity of operations. To achieve this, the implementation of continuous monitoring, incident audits, alert automation and regular recovery testing is required. This allows infrastructure failures to be identified, evaluate the effectiveness of response plans and minimize the impact of adverse events, such as cyberattacks or natural disasters. The focus on recovery and continuity guarantees that the organization can operate safely, reducing risks and strengthening its ability to respond to any contingency.');
+
+
+            ]]>
+        </sql>
+
+        <sql dbms="postgresql" splitStatements="true" stripComments="true">
+            <![CDATA[
+
+                -- ##################################################################
+                -- # Insert new records into the utm_compliance_report_config table
+                -- ##################################################################
+
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (822, 'This report collects relevant information from the Windows logs generated by event 4670, which is triggered when the permission settings of an object, including files, folders, or registry keys, are modified. This event is crucial to comply with CMMC Level 1 control AU.1.001, which requires the capture and review of audit logs to ensure the security of the computing environment.<br/><br/>Event 4670 provides details about changes made to access permissions to system objects. This information is essential to monitor and audit access to sensitive resources within the system.<br/><br/>Monitoring modifications to object permissions is essential to detect unauthorized changes that may indicate attempted privilege escalation, malicious moves, or manipulations of critical configurations. In addition, the collection of these logs allows a detailed review of the actions taken, which is key to ensuring that access controls are being applied appropriately and in accordance with security policies.<br/><br/>This report facilitates compliance with CMMC Level 1 control AU.1.001, ensuring that audit logs related to permit modifications are adequately captured and reviewed, contributing to the detection and mitigation of possible security incidents within the company''s infrastructure. organization.', null, null, null, null, null, null, null, null, null, 509, true, 274, 'TEMPLATE', null, null, 'Windows Level 1 (AC.1.001): Protected Object Permission Change', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (824, 'This report collects relevant information from the Windows logs generated by event 4663, which is triggered when a user performs an access operation on system objects, such as reading, writing or deleting files and folders. This event is crucial to comply with CMMC Level 3 control AU.3.045, which requires ensuring that logs are available for investigation in the event of security incidents.<br/><br/>Event 4663 provides details about operations performed on system objects. This allows detailed tracking of interactions with critical files and resources within the system. Maintaining a proper record of these events is essential to ensure that any unauthorized access or modification to the organization''s resources can be tracked and audited effectively.<br/><br/>Ensuring that logs of these types of events are available for review and analysis is essential for the early identification of security incidents, such as unauthorized access, malicious modifications or security policy violations. This report contributes to the organization''s ability to investigate and respond to incidents efficiently, ensuring that the information necessary for a complete investigation can be accessed.<br/><br/>In this way, the report supports compliance with CMMC Level 3 control AU.3.045, ensuring that the relevant logs are properly managed, stored and available for review at any time, facilitating a rapid and effective response to security incidents and contributing to the protection of organizational infrastructure.', null, null, null, null, null, null, null, null, null, 509, true, 277, 'TEMPLATE', null, null, 'Windows Level 3 (AU.3.045): Access to critical files or specific directories', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (815, 'This report collects relevant information from the Windows logs generated by event 4648, which is triggered when a user attempts to log on to a system with explicit credentials, such as a username and password. This event is key to compliance with CMMC Level 1 control AU.1.001, which requires the capture of audit logs for review.<br/><br/>Event 4648 provides details about login attempts. This information is vital for tracking system access activities, allowing security teams to detect potential unauthorized attempts or suspicious access.<br/><br/>Collecting these logs also helps identify unusual or malicious access patterns, such as access attempts through compromised accounts, which helps improve incident response capabilities. Additionally, detailed information about login attempts is essential for conducting security audits, especially when investigating the integrity of user accounts and access to critical systems.<br/><br/>This report supports security teams in capturing and reviewing audit logs related to access to systems, ensuring that adequate control is maintained over login attempts, and contributes to compliance with security policies and access control, as established in control AU.1.001 of CMMC Level 1.', null, null, null, null, null, null, null, null, null, 509, true, 281, 'TEMPLATE', null, null, 'Windows Level 1 (AC.1.001): Logins with explicit credentials', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (832, 'This report compiles relevant information from the Windows logs generated by event 4688, which is activated every time a new process is created in the system. This event is essential to comply with CMMC Level 4 control AU.4.053, which requires enhancing audit logs with advanced forensic analysis capabilities to more effectively detect, investigate, and respond to security incidents.<br/><br/>Event 4688 provides details about creating processes on the system. This information is key to identifying the execution of suspicious or unauthorized processes, which can be indicative of malicious activities such as the execution of malware or the use of tools to carry out attacks.<br/><br/>Monitoring event 4688 with an advanced forensic approach allows security teams to trace the origin and behavior of executed processes, identify anomalous patterns that may indicate a security breach or evasion attempt, and perform detailed analysis of executed processes. in the system. Correlating this event with other security logs can provide a complete picture of attacker activities, helping to proactively detect suspicious behavior.<br/><br/>This report contributes to compliance with CMMC Level 4 control AU.4.053, by providing a detailed analysis of the processes executed in the system. By improving audit logs and applying advanced forensic analysis capabilities, the organization can strengthen its ability to identify, investigate and respond to security incidents, improving protection against persistent threats and unauthorized activities.', null, null, null, null, null, null, null, null, null, 509, true, 284, 'TEMPLATE', null, null, 'Windows Level 4 (AU.4.053): Process Creation', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (787, 'This report collects relevant information from the Windows logs generated by event 4672, which is triggered when a user obtains elevated privileges when logging into the system. This event is crucial to comply with CMMC Level 3 control AC.3.027, which requires the implementation of measures to monitor and restrict the use of privileged access.<br/><br/>Event 4672 provides details about logins for users who have been granted elevated privileges, such as administrators or members of other groups with access to critical system functions. Monitoring this event is essential to ensure that privileged access is used appropriately and only by users authorized to perform specific tasks that require such privileges.<br/><br/>This report allows security teams to detect unauthorized access or inappropriate use of elevated privileges, whether by mistake or due to malicious behavior. It also helps identify potential risks related to abuse of administrative privileges, ensuring these are closely monitored to prevent uncontrolled access to sensitive systems.<br/><br/>Analysis of this event reinforces CMMC Level 3 compliance, as it helps ensure that the use of privileged access is strictly controlled and that any anomalies are detected in time, mitigating the risk of compromising system security. This type of monitoring contributes to implementing a more robust and efficient security strategy.', null, null, null, null, null, null, null, null, null, 508, true, 278, 'TEMPLATE', null, null, 'Windows Level 3 (AC.3.027): Special privileges assigned to new logon', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (825, 'This report compiles relevant information from the Windows logs generated by events 5140 and 5145, which are activated when a user accesses or makes modifications to shared resources on the network, such as files or directories, through SMB protocols. These events are essential to comply with CMMC Level 3 control AU.3.045, which requires ensuring that logs are available for investigation in the event of security incidents.<br/><br/>Event 5140 is triggered when a network connection is established to a share, while event 5145 is triggered when a file or directory is accessed through a network share. The details of these logs are essential for tracking activities related to access to data and shared files, which can be indicative of suspicious or unauthorized activity.<br/><br/>Ensuring that logs of these events are available for review is key to investigating and auditing access to critical resources within the organization''s network. These events allow us to identify unauthorized access, malicious movements or inappropriate changes in the permissions of shared resources. Having a complete and accessible record of these activities is essential for incident response, allowing an accurate assessment of what happened and contributing to the identification of security gaps.<br/><br/>This report, therefore, supports compliance with CMMC Level 3 control AU.3.045, ensuring that relevant logs regarding access and modification of shared resources are available and appropriately managed, facilitating investigations and improving the ability to the organization to respond quickly to security threats or incidents.', null, null, null, null, null, null, null, null, null, 509, true, 285, 'TEMPLATE', null, null, 'Windows Level 3 (AU.3.045): Access to Shared Resources', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (818, 'This report collects relevant information from the Windows logs generated by event 4723, which is triggered when a user tries to change their password. This event is critical to comply with CMMC Level 1 control AU.1.001, which requires capturing audit logs for review.<br/><br/>Event 4723 provides details about password change attempts. This type of information is essential for tracking and auditing credential modification attempts, allowing unusual or unauthorized activity to be detected.<br/><br/>Monitoring password change events is key to ensuring that authentication processes follow proper procedures and preventing malicious actors from gaining access to user accounts through unauthorized password changes. It also helps identify potential attack attempts, such as password guessing or privilege abuse.<br/><br/>This report contributes to compliance with AU.1.001 by ensuring that all events related to password change attempts are effectively recorded, monitored, and reviewed. In this way, it facilitates the detection of inappropriate actions and reinforces the security of the system, protecting access credentials and sensitive data.', null, null, null, null, null, null, null, null, null, 509, true, 294, 'TEMPLATE', null, null, 'Windows Level 1 (AC.1.001): User Password Reset Attempt', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (823, 'This report compiles relevant information from the Windows logs generated by event 4907, which is activated when changes occur in the system audit policies. This event is essential to comply with CMMC Level 1 control AU.1.001, which requires the capture and review of audit logs to guarantee the integrity and security of information systems.<br/><br/>Event 4907 provides details about the modification of audit policies. This type of information is key to identifying unauthorized alterations to audit policies, which could indicate an attempt to hide malicious activity or avoid detection of anomalous behavior in the system.<br/><br/>Monitoring these changes is crucial to ensure that audit policies are configured correctly and consistently, allowing for proper collection of security events. Reviewing these logs makes it easier to identify inappropriate settings that could weaken the organization''s ability to detect suspicious activity.<br/><br/>This report supports compliance with CMMC Level 1 control AU.1.001, ensuring that appropriate audit configurations are maintained and that changes to audit policies are recorded and reviewed, contributing to the early detection of potential security incidents within the organization. organization infrastructure.', null, null, null, null, null, null, null, null, null, 509, true, 291, 'TEMPLATE', null, null, 'Windows Level 1 (AC.1.001): Restoration of default security policies', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (817, 'This report compiles relevant information from the Windows logs generated by event 4722, which is triggered when a user account is enabled on the system. This event is key to complying with CMMC Level 1 control AU.1.001, which requires capturing audit logs for review.<br/><br/>Event 4722 provides details about enabling user accounts. This information is crucial to properly monitor and manage user accounts within the infrastructure, ensuring that enabled accounts are legitimate and authorized.<br/><br/>Monitoring user account enablement helps identify any unauthorized changes, such as the reactivation of accounts that should have been disabled for security or compliance reasons. Additionally, it allows you to detect if a malicious actor tries to restore access to a previously disabled account.<br/><br/>This report contributes to the creation of a more robust security environment by ensuring that all events related to the enablement of user accounts are recorded and monitored. In this way, it helps comply with CMMC Level 1 control AU.1.001, ensuring the correct capture and review of audit logs for unusual or potentially malicious activities.', null, null, null, null, null, null, null, null, null, 509, true, 293, 'TEMPLATE', null, null, 'Windows Level 1 (AC.1.001): User Accounts Enabled', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (542, 'It allows you to verify that the system is recording access to network resources appropriately, which helps comply with level 4 (AU.4.053) of the CMMC. Additionally, you can see that the events are being correctly classified with important details about the user, type of access, and source of access (IP and port), which is essential to comply with access monitoring and auditing policies on a network.', null, null, null, null, null, null, null, null, null, 503, true, 285, 'TEMPLATE', null, null, 'Windows Level 3 (SI.3.217): Access to Shared Resources', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (662, '', null, null, null, null, null, null, null, null, null, 601, true, 280, 'TEMPLATE', null, null, 'Windows Policy changes', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (663, '', null, null, null, null, null, null, null, null, null, 601, true, 284, 'TEMPLATE', null, null, 'Windows Process Creation', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (668, '', null, null, null, null, null, null, null, null, null, 601, true, 267, 'TEMPLATE', null, null, 'Windows User Accounts Created', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (659, '', null, null, null, null, null, null, null, null, null, 601, true, 278, 'TEMPLATE', null, null, 'Windows Special privileges assigned to new logon', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (694, '', null, null, null, null, null, null, null, null, null, 601, true, 302, 'TEMPLATE', null, null, 'Windows Process Termination', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (680, '', null, null, null, null, null, null, null, null, null, 602, true, 284, 'TEMPLATE', null, null, 'Windows Process Creation', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (654, '', null, null, null, null, null, null, null, null, null, 602, true, 277, 'TEMPLATE', null, null, 'Windows Access to critical files or specific directories', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (691, '', null, null, null, null, null, null, null, null, null, 602, true, 294, 'TEMPLATE', null, null, 'Windows User Password Reset Attempt', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (525, 'This report gathers relevant information on events related to the creation of new user accounts on the system, specifically event 4720, which is generated when a user account is created in a Windows domain. The event provides details about the account created, including the username, creation time, and origin of the request.<br/><br/>The analysis of these events is crucial for compliance with Level 2 (SI.2.212) of the CMMC (Cybersecurity Maturity Model Certification), which establishes the need to implement mechanisms for real-time monitoring of security events. Creating new user accounts can be a critical security action as it could indicate an unauthorized access attempt or modification of system credentials.<br/><br/>Monitoring these events allows you to quickly detect unauthorized account creation, facilitating a proactive response to potential security threats. This report helps ensure that all actions related to user creation are audited and available for review in real time, improving the organization''s ability to detect and respond to potential security incidents in a timely manner.<br/><br/>By constantly tracking account creation events, you ensure that the organization is aligned with security policies and best practices for identity and access management, strengthening the overall security posture.', null, null, null, null, null, null, null, null, null, 503, true, 267, 'TEMPLATE', null, null, 'Windows Level 2 (SI.2.212): User Accounts Created', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (829, 'This report compiles relevant information from the Windows logs generated by event 1102, which is activated when a shutdown or restart of the security logs is performed on the system. This event is crucial to comply with CMMC Level 3 control AU.3.045, which requires ensuring audit logs are available for review during security investigations.<br/><br/>Event 1102 provides details about when and why security logs were closed or reset, which is essential for monitoring the integrity of audit logs. In the context of security management, it is essential to ensure that logs are not lost or tampered with, as they could contain critical information about past security events, such as unauthorized access attempts or malicious activities within the network.<br/><br/>Monitoring this event allows security teams to detect if logs were closed or restarted by unauthorized users, which could indicate an attempt to hide illicit activities or tamper with evidence in the event of an attack or security incident. The correct management and storage of these logs are essential for the investigation after any security incident, ensuring that all necessary information is available for analysis and possible recovery.<br/><br/>This report contributes to compliance with CMMC Level 3 control AU.3.045 by ensuring that security logs remain accessible and are securely stored for review, allowing security teams to conduct detailed investigations into any suspicious activity or incident. that has taken place in the system.', null, null, null, null, null, null, null, null, null, 509, true, 295, 'TEMPLATE', null, null, 'Windows Level 3 (AU.3.045): Cleaned Event Log', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (821, 'This report compiles relevant information from the Windows logs generated by event 4662, which is triggered when an object in the system is accessed, modified or deleted. This event is key to complying with CMMC Level 1 control AU.1.001, which requires the capture of audit logs for review in order to maintain the integrity of the systems.<br/><br/>Event 4662 provides details about access to objects within the system. These logs allow you to monitor changes and access made to critical files or configurations, which is essential to detect suspicious or unauthorized activities.<br/><br/>Monitoring these events contributes to the early identification of unauthorized access or malicious actions, helping to ensure that system configurations and data are protected from tampering or improper access. Additionally, collecting this information ensures that a detailed analysis can be performed on any security incidents that may arise.<br/><br/>This report is essential to support the implementation of an effective audit monitoring strategy, ensuring that CMMC Level 1 control AU.1.001 is met by capturing and reviewing audit logs, which reinforces security and operational integrity within of the organization''s technological infrastructure.', null, null, null, null, null, null, null, null, null, 509, true, 297, 'TEMPLATE', null, null, 'Windows Level 1 (AC.1.001): Protected Object Access Operation', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (826, 'This report compiles relevant information from the Windows logs generated by event 4660, which is triggered when an object, such as a file or directory, is opened or modified. This event is especially important to comply with CMMC Level 3 control AU.3.045, which requires ensuring that logs are available for investigation in the event of security incidents.<br/><br/>Event 4660 provides details about actions performed on system objects. Additionally, it includes information about the user who performed the action, the exact date and time, and the identifier of the affected object. This information is crucial for detailed tracking of activities performed on critical data and resources within the organization''s technological infrastructure.<br/><br/>Monitoring 4660 events is essential to identify suspicious changes to file systems, such as unauthorized deletion or alteration of important files, which may be indicative of a security breach or malicious activity. By keeping these logs available for review, incident investigation and forensic analysis are facilitated, allowing the origins and scope of potential security compromises to be traced.<br/><br/>This report supports compliance with CMMC Level 3 control AU.3.045, by ensuring that the logs of critical events related to the manipulation of objects and system resources are accessible, well managed and prepared to be analyzed during security investigations, improving the organization''s ability to detect and respond to threats.', null, null, null, null, null, null, null, null, null, 509, true, 298, 'TEMPLATE', null, null, 'Windows Level 3 (AU.3.045): Object Deletion', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (830, 'This report collects relevant information from the Windows logs generated by event 4776, which is triggered when there is an attempt to authenticate a user using a username and password in a network environment. This event is key to meeting CMMC Level 4 control AU.4.053, which requires enhancing audit logs with advanced forensic analysis capabilities to detect and respond to security incidents.<br/><br/>Event 4776 provides details about authentication attempts that were not successful. This information is crucial for identifying attack patterns, such as unauthorized access attempts, brute force attacks, or phishing attempts.<br/><br/>Monitoring this event with an advanced forensic approach allows security teams to perform deeper analysis on failed authentication attempts. For example, they can correlate multiple failed attempts from different locations, which could indicate a distributed attack or privilege escalation effort. Additionally, this event can provide valuable information to trace an attacker''s path through the network and improve incident response capabilities.<br/><br/>This report contributes to compliance with CMMC Level 4 control AU.4.053 by providing detailed analysis of failed authentication attempts and improving auditing capabilities through an advanced forensic approach. By doing so, it helps strengthen security by more effectively detecting and analyzing threats that could put the organization''s infrastructure at risk.', null, null, null, null, null, null, null, null, null, 509, true, 301, 'TEMPLATE', null, null, 'Windows Level 4 (AU.4.053): Account Authentication Using NTLM', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (723, '', null, null, null, null, null, null, null, null, null, 601, true, 325, 'TEMPLATE', null, null, 'Office 365 File Accessed', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (695, '', null, null, null, null, null, null, null, null, null, 601, true, 291, 'TEMPLATE', null, null, 'Windows Restoration of default security policies', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (820, 'This report collects relevant information from the Windows logs generated by event 4738, which is triggered when a change is made to the user account information, such as modifying account attributes. This event is critical to comply with CMMC Level 1 control AU.1.001, which requires capturing and reviewing audit logs of changes to user accounts.<br/><br/>Event 4738 provides details about modifications made to an account. This information allows you to audit account changes and detect suspicious or unauthorized activity, such as unauthorized access to privileged accounts or alteration of critical accounts.<br/><br/>Monitoring changes to user accounts is essential to ensure the integrity of credentials and access permissions within the organization. This event helps identify whether changes were made in accordance with security policies and whether there were attempts to modify accounts without proper authorization.<br/><br/>This report supports compliance with AU.1.001 by ensuring that all changes to user accounts are appropriately recorded and monitored. By doing so, you help protect the organization''s infrastructure against unauthorized account manipulation, ensuring that logs are reviewed to identify potential security incidents and maintaining traceability of actions taken on user accounts.', null, null, null, null, null, null, null, null, null, 509, true, 308, 'TEMPLATE', null, null, 'Windows Level 1 (AC.1.001): User Account Attributes Changes', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (831, 'This report collects relevant information from the Windows logs generated by event 4771, which is triggered when a Kerberos authentication attempt fails due to a problem with the user''s credentials. This event is critical to meeting CMMC Level 4 control AU.4.053, which requires enhancing audit logs with advanced forensics capabilities to detect and respond to security incidents.<br/><br/>Event 4771 provides details about failed Kerberos authentication attempts. This information is valuable in identifying attack patterns, such as unauthorized access attempts, brute force attacks, or issues related to system configuration.<br/><br/>Monitoring this event with an advanced forensic approach allows security teams to perform a thorough analysis of failed authentication attempts, helping to identify potential spoofing or privilege escalation attempts. Additionally, event 4771 allows failed attempts to be correlated with other security events on the network, providing broader context to detect persistent threats and suspicious activity.<br/><br/>This report contributes to compliance with CMMC Level 4 control AU.4.053 by providing a detailed analysis of failed Kerberos authentication attempts. By improving audit logs and using advanced forensics, the organization can improve its ability to detect and respond to security incidents more effectively, strengthening protection against unauthorized access and attacks.', null, null, null, null, null, null, null, null, null, 509, true, 310, 'TEMPLATE', null, null, 'Windows Level 4 (AU.4.053): Kerberos pre-authentication failed', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (819, 'This report collects relevant information from the Windows logs generated by event 4724, which is triggered when a system administrator attempts to reset the password for a user account. This event is crucial to comply with CMMC Level 1 control AU.1.001, which requires capturing audit logs for review.<br/><br/>Event 4724 provides details about password reset attempts. This information allows you to track and audit changes to user account credentials, which is essential for identifying unauthorized access or malicious behavior.<br/><br/>Monitoring password reset attempts is vital to detect suspicious activity, such as attempts to bypass security controls, abuse of administrative privileges, or unauthorized access to critical accounts. This event also helps ensure that password change policies are followed appropriately.<br/><br/>This report contributes to compliance with AU.1.001 by ensuring that all password reset attempts are recorded, monitored, and reviewed. By doing so, it helps protect the integrity of access credentials, ensuring that control over access to critical systems and resources is maintained, strengthening the security of the organization''s infrastructure.', null, null, null, null, null, null, null, null, null, 509, true, 312, 'TEMPLATE', null, null, 'Windows Level 1 (AC.1.001): Password Reset Attempts', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (828, 'This report compiles relevant information from the Windows logs generated by event 5158, which is triggered when a new network connection is allowed through a specific port on a system. This event is essential to comply with CMMC Level 3 control AU.3.045, which requires ensuring that logs are available for security investigations.<br/><br/>Event 5158 provides details about established network connections. Additionally, event 5158 shows whether the connection was allowed or blocked by system security policies, which is key to detecting unauthorized access or anomalous behavior in the network infrastructure.<br/><br/>Monitoring 5158 events is crucial to track the flow of information and accesses through the network, allowing you to identify suspicious connection attempts, possible vulnerabilities or malicious activities, such as a privilege escalation attack or lateral movement within the network. By keeping these logs available, organizations can conduct effective investigations in the event of a security incident, analyzing the source, connection type, and impact of any unauthorized access.<br/><br/>This report supports compliance with CMMC Level 3 control AU.3.045, ensuring that detailed logs on network connections are adequately stored, accessible and are part of the investigation process for potential incidents, strengthening threat response capacity and improving security. security on the corporate network.', null, null, null, null, null, null, null, null, null, 509, true, 313, 'TEMPLATE', null, null, 'Windows Level 3 (AU.3.045): Windows Connection blocked by Windows Firewall', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (836, 'This report collects relevant information from the Windows logs generated by event 4647, which is triggered when a user actively logs out of the system. This event is key to compliance with CMMC Level 1 control AU.1.001, which requires the capture of audit logs for review.<br/><br/>Event 4647 provides details about a user''s logout action. The collection of these logs is essential to monitor user activities within systems and ensure that sessions are closed correctly, which is a preventative measure against unauthorized or unmonitored access.<br/><br/>Analyzing these logs allows security teams to detect anomalous activities, such as logouts at unexpected times or by unauthorized users, which could indicate potential security breaches. Furthermore, having a clear record of logout events is crucial for conducting complete audits, especially in forensic investigation situations related to security incidents.<br/><br/>This report supports the audit policies established at CMMC Level 1, ensuring that logs related to user login and logout are appropriately collected and reviewed. In this way, it contributes to greater visibility and control over user actions within the system, helping to detect possible threats and ensure compliance with security regulations.', null, null, null, null, null, null, null, null, null, 509, true, 351, 'TEMPLATE', null, null, 'Windows Level 1 (AC.1.001): User Account Logoff', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (698, '', null, null, null, null, null, null, null, null, null, 601, true, 283, 'TEMPLATE', null, null, 'Windows Kerberos ticket requests', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (674, '', null, null, null, null, null, null, null, null, null, 601, true, 285, 'TEMPLATE', null, null, 'Windows Access to Shared Resources', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (676, '', null, null, null, null, null, null, null, null, null, 601, true, 322, 'TEMPLATE', null, null, 'Windows Registry Value Modification', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (837, 'This report compiles relevant information from the Windows logs generated by event 4005, which is activated when the system registers a failure in a user''s login to the system. This event is essential to comply with CMMC Level 3 control AU.3.045, which requires that logs be available for security investigations in the event of incidents.<br/><br/>Event 4005 provides details about failed login attempts. Monitoring these events allows security teams to identify possible threats and take preventive measures in situations that may put the integrity of the infrastructure at risk.<br/><br/>The availability of these logs is essential to enable detailed investigations in the event of a security incident, such as an unauthorized access attempt or a targeted attack on the IT infrastructure. The information from event 4005 allows you to trace failed login attempts, helping to identify vulnerabilities or security gaps that can be exploited.<br/><br/>This report contributes to compliance with CMMC Level 3 control AU.3.045 by ensuring that logs of failed login attempts are stored and accessible for review in the context of security incident investigations. This improves threat detection capabilities and facilitates rapid response to potential security breaches.', null, null, null, null, null, null, null, null, null, 509, true, 352, 'TEMPLATE', null, null, 'Windows Level 3 (AU.3.045): Unexpected Logon Process Termination', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (481, 'This report compiles the records of events 4663 and 4656 from the Windows logs, which focus on auditing access to security objects, such as files or folders that contain Controlled Unclassified Information (CUI), and the actions performed about these objects. Event 4663 is generated when a user or process performs an access operation (such as read, write, or modify) on an object, while event 4656 documents access attempts to those security objects, including the action requested and whether it was allowed or denied. These events are essential to verify compliance with the CMMC''s Level 3 Access Control and Authentication policy (AC.3.014), which requires controlling the flow of CUI and protecting the access points that allow its access or modification.<br/><br/>The report includes key details such as the name of the accessed object (file, folder, etc.), the type of access performed (read, write, delete, etc.), the identity of the user or process that performed the action, the date and time of the operation, and whether access was allowed or denied. Analysis of these events ensures that controls over resources containing CUI are effective, that the flow of information is appropriately restricted, and that established security policies for the protection of sensitive data are complied with.', null, null, null, null, null, null, null, null, null, 510, true, 273, 'TEMPLATE', null, null, 'Windows Level 3 (AC.3.014): Attempt to Access a Protected Object', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (482, 'This report collects event 4670 logs from the Windows logs, which document changes to the permissions of objects on the system (such as files, folders, or registry keys). The information obtained from these events is crucial to verify compliance with CMMC''s Level 2 Authentication and Access Control policy (AC.2.007), which requires the implementation of role-based access controls (RBAC) to ensure that users have access only to the resources necessary for their functions. <br/><br/>The report includes details such as the name of the object whose permission was modified, the permissions assigned, the identity of the user or process that made the change, and the date and time the modification was made. The analysis of these events ensures that changes in object permissions are managed in a controlled manner, in accordance with security policies and the roles assigned to each user, which helps prevent unauthorized access and maintain the principle of least protection. privilege.', null, null, null, null, null, null, null, null, null, 510, true, 274, 'TEMPLATE', null, null, 'Windows Level 2 (AC.2.007): Protected Object Permission Change', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (483, 'This report collects event 5145 logs from the Windows logs, which document attempts to access shared resources on the network, such as files or folders that contain Controlled Unclassified Information (CUI). Event 5145 is generated when an access attempt to a shared resource is made and logged, providing detailed information about whether access was allowed or denied. This information is crucial to verify compliance with CMMC''s Level 3 (AC.3.014) Access Control and Authentication policy, which requires controlling the flow of CUI and adequately protecting access points to this sensitive data.<br/><br/>The report includes key details such as the name of the share that was attempted to be accessed, the identity of the user or process that made the access attempt, the action taken (allow or deny), the source of the access (IP address or source computer). ), and the date and time of the attempt. Analysis of these events allows you to verify that access to resources containing CUI is appropriately restricted, protecting access points from unauthorized access and ensuring that security controls are aligned with CMMC policies.', null, null, null, null, null, null, null, null, null, 510, true, 275, 'TEMPLATE', null, null, 'Windows Level 3 (AC.3.014): Access to shared resource', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (484, 'This report collects the Windows log event 4740 logs, which document the locking out of user accounts after multiple failed authentication attempts. Event 4740 is generated when an account is locked due to repeated unsuccessful access attempts, providing key information about possible unauthorized access attempts or brute force attacks. This information is crucial to verify compliance with CMMC''s Level 5 (AC.5.025) Access Control and Authentication policy, which requires continuous monitoring of access through advanced behavioral analysis.<br/><br/>The report includes key details such as the name of the blocked account, the identity of the user or process that generated the event, the IP address or computer of origin of the access attempt and the date and time of the block, among others. The analysis of these events allows us to identify behavioral patterns in system access, detect intrusion attempts in real time and strengthen security strategies based on advanced analysis of user behavior. This proactive approach helps prevent unauthorized access and ensure security controls are aligned with CMMC Level 5 policies.', null, null, null, null, null, null, null, null, null, 510, true, 276, 'TEMPLATE', null, null, 'Windows Level 5 (AC.5.025): Account Locks', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (485, 'This report collects event 4663 logs from the Windows logs, which document access attempts to system objects, such as files and folders that may contain Controlled Unclassified Information (CUI). Event 4663 is generated when a user or process attempts to access a protected object and logs whether the action was allowed or denied. This information is crucial to verify compliance with CMMC''s Level 3 (AC.3.014) Access Control and Authentication policy, which requires controlling the flow of CUI and adequately protecting access points to this sensitive data.<br/><br/>The report includes key details such as the name of the file or folder that was attempted to be accessed, the identity of the user or process that made the attempt, and the date and time of the attempt. Analysis of these events allows verification that access to resources containing CUI is appropriately restricted, detecting possible unauthorized access attempts and ensuring that security controls are aligned with CMMC policies.', null, null, null, null, null, null, null, null, null, 510, true, 277, 'TEMPLATE', null, null, 'Windows Level 3 (AC.3.014): Access to critical files or specific directories', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (692, '', null, null, null, null, null, null, null, null, null, 602, true, 300, 'TEMPLATE', null, null, 'Windows Monitoring of Critical System Services Status', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (649, '', null, null, null, null, null, null, null, null, null, 602, true, 322, 'TEMPLATE', null, null, 'Windows Registry Value Modification', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (679, '', null, null, null, null, null, null, null, null, null, 602, true, 281, 'TEMPLATE', null, null, 'Windows Logins with explicit credentials', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (487, 'This report collects event 4672 logs from the Windows logs, which document logins by users with elevated privileges, such as those belonging to the Administrators group or with other special permissions. This event is essential to verify compliance with CMMC''s Authentication and Access Control Level 2 policy (AC.2.007), which requires the implementation of role-based access controls (RBAC), ensuring that only authorized users have access. to sensitive resources and special privileges. <br/><br/>The report includes details such as the identity of the user logged in with elevated privileges, the source of access (IP address or source machine), and more. The analysis of these events allows us to verify that privileged access is restricted to users with specific and authorized roles, maintaining the principle of least privilege and minimizing the risk of unauthorized access.', null, null, null, null, null, null, null, null, null, 510, true, 278, 'TEMPLATE', null, null, 'Windows Level 2 (AC.2.007): Special privileges assigned to new logon', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (527, 'This report gathers and analyzes the information from events 4663 and 4656 in the Windows logs, with the objective of complying with control SI.2.212 of CMMC Level 2, which requires the implementation of mechanisms for real-time supervision of the security events.<br/><br/>Event 4663: This event is raised when an object, such as a file or folder, is accessed or modified in some way. Records important details about the action performed, such as the type of access (read, write, delete, etc.), the object identifier, and the identity of the user or process that performed the action. It is a key indicator of file access and modifications, which can help detect anomalous or unauthorized behavior.<br/><br/>Event 4656: Similar to event 4663, event 4656 is triggered when a process attempts to access an object on the system. Records details about the type of access requested and the identifier of the object being accessed, providing additional information about access attempts to specific resources on the system.<br/><br/>Both events 4663 and 4656 are critical for monitoring actions related to access and modification of files and resources on the system. The ability to detect unauthorized access or suspicious modifications in real time is essential for the implementation of effective security controls, allowing rapid identification of potential incidents and immediate intervention to mitigate risks.<br/><br/>The joint analysis of these events helps to reinforce real-time monitoring measures, detecting access to sensitive data, file manipulations or any activity that could compromise the integrity of the systems. Meeting the SI.2.212 requirements of CMMC Level 2 by collecting and analyzing these events is crucial to maintaining a secure environment and protecting the most critical resources within the technology infrastructure.', null, null, null, null, null, null, null, null, null, 503, true, 273, 'TEMPLATE', null, null, 'Windows Level 2 (SI.2.212): Attempt to Access a Protected Object', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (590, 'This report collects the records of event 4688 from the Windows logs, which document the creation of new processes in the system. Event 4688 is generated every time a process is started, providing key information about the execution of applications and commands, which allows detecting suspicious activities such as the execution of malware, the use of unauthorized tools or attempts to escalate privileges. This information is crucial to verify compliance with CMMC''s Level 5 (AC.5.025) Access Control and Authentication policy, which requires continuous monitoring of access through advanced behavioral analysis.<br/><br/>The report includes key details such as the name of the started process, the identity of the user or service account that ran the process, the path of the executable, the execution parameters, the identity of the parent process, among others. The analysis of these events allows us to detect anomalous behavior patterns, identify the use of unauthorized tools and strengthen security strategies through proactive detection of threats in real time. This report contributes to the early identification of attacks and the protection of systems that handle Controlled Unclassified Information (CUI), ensuring that security controls are aligned with CMMC Level 5 policies.<br/>', null, null, null, null, null, null, null, null, null, 510, true, 284, 'TEMPLATE', null, null, 'Windows Level 5 (AC.5.025): Process Creation', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (589, 'This report collects and analyzes the records of events 5140 and 5145 of the Windows logs, which monitor access to shared resources on the network, such as files and folders that may contain Controlled Unclassified Information (CUI).<br/>Event 5140 is generated when a shared resource on the network is accessed by a user or process, providing key information about the established session and the users involved.<br/>Event 5145 documents specific attempts to access files or folders within a share, indicating whether the action was allowed or denied and detailing the permissions used.<br/>These events are critical to verify compliance with CMMC Level 3 policy AC.3.014, which requires controlling the flow of CUI and protecting access points to this sensitive data within the network infrastructure.<br/><br/>The report includes key details such as:<br/>-Name of the accessed share.<br/>-Identity of the user or process that performed the action.<br/>-IP address or source computer from where the resource was accessed.<br/>-Date and time of the access attempt', null, null, null, null, null, null, null, null, null, 510, true, 285, 'TEMPLATE', null, null, 'Windows Level 3 (AC.3.014): Network Access to shared resource', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (677, '', null, null, null, null, null, null, null, null, null, 601, true, 274, 'TEMPLATE', null, null, 'Windows Protected Object Permission Change', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (702, '', null, null, null, null, null, null, null, null, null, 604, true, 266, 'TEMPLATE', null, null, 'Windows Account Logon Failure', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (442, 'The Windows Account Logon Failure Report provides comprehensive visualization of failed logon attempts in a Windows-based environment, segregated by reason status and user-host information. This report plays an important role in demonstrating security controls that relate to access and identity management, which is significant in compliance with various regulations.<br/><br/>For HIPAA, this report contributes evidence of enforcing access controls (164.312(a)(1)) and log-in monitoring (164.308(a)(5)(ii)(C)). For CMMC, it supports control AC.2.013 by limiting unsuccessful logon attempts and satisfying SI.4.230, which requires a system that alerts and limits anomalous activities.<br/><br/>In GLBA, this report supports the safeguard rule by showing active monitoring of access attempts, critical for detecting unauthorized access. It also helps in validating user identification and authentication procedures, making it useful for demonstrating SOC2 Type 2 controls related to user access.<br/><br/>For FISMA, the report aids in demonstrating compliance with the AC-7 control on unsuccessful logon attempts. It assists in meeting GDPR requirements on data privacy and access control by identifying potential unauthorized access attempts.<br/><br/>For PCI-DSS, this report supports Requirement 10 to track and monitor all access to network resources and cardholder data. By monitoring and investigating failed login attempts, enterprises can identify, respond to and mitigate potential risks in a timely fashion.', null, null, null, null, null, null, null, null, null, 101, true, 266, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (443, 'The Windows Account Logon Success Report provides a consolidated view of successful logon events. This report supports security controls such as managing and controlling user access and monitoring system activity, hence proving compliance with key elements across numerous regulations. <br/><br/>For HIPAA, this aligns with the Technical Safeguard for Access Control which requires covered entities to implement procedures for the control of, and access to, electronic protected health information (45 CFR § 164.312(b)).<br/><br/>Under CMMC, it aligns with Access Control (AC.1.001 & AC.1.002), relating to limiting information access to authorized users.<br/><br/>With GLBA, it supports the Safeguards Rule, reinforcing the need for a security program that ensures the safeguarding of customer information.<br/><br/>In compliance with SOC2 Type 2, the report provides evidence for satisfying the criteria for Security, demonstrating that only authorized individuals have access.<br/><br/>For FISMA, the report ties with control AC-2 - Account management, reflecting on the effective management of system access by tracking successful logon events.<br/><br/>Under GDPR, it helps in establishing the control “Access” in Article 32, demonstrating the ability to ensure system access only to authorized persons to prevent unauthorized processing of personal data.<br/><br/>PCI-DSS mapping is to Requirement 8, authenticating access to system components. A successful logon validates the effectiveness of user identification and authentication mechanisms. ', null, null, null, null, null, null, null, null, null, 101, true, 265, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (444, 'This security report logs the assignment of special privilege escalations, aiding in identifying potentially rogue accounts or insider threats. It supports user access management and compliance by monitoring for elevated permissions activity – a crucial aspect in maintaining robust cybersecurity practices.<br/><br/>1. HIPAA: Helps meet Security Rule''s provisions especially §164.308(a)(4) (Information Access Management), as it aids in controlling permissions.<br/>   <br/>2. CMMC: Contributes to control AC.1.001 (limiting system access to authorized users), AC.1.002 (process for managing accounts), and AC.2.011 (session termination at the end of a user session).<br/><br/>3. GLBA & SOC2 Type 2: This report supports the Information Security Program''s objectives as specified in GLBA and Common Criteria (CC4.1/CC5.7) of SOC2 Type 2, ensuring access control & activity monitoring.<br/><br/>4. FISMA: Helps meet control CP-9 (Protection of Information at Rest) as it tracks special privilege assignments to prevent unauthorised access.<br/><br/>5. GDPR: Assists in meeting Article 32 requiring the implementation of appropriate security of data, particularly people who have access to personal data.<br/><br/>6. PCI-DSS: Contributes to the requirement 8 - Identify and authenticate access to system components. <br/><br/>The report''s core value lies in its capabilities to promptly detect privilege escalations, anomalous behavior, and potential insider threats, thereby reinforcing overall data protection mechanisms.', null, null, null, null, null, null, null, null, null, 101, true, 264, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (445, 'This report presents aggregated and correlated logs for successful Office 365 (O365) active directory (AD) logins, categorized by the user, and the location from where the login originated. The visualization helps to quickly identify unusual patterns, like logins from unexpected locations or at odd times.<br/><br/>In terms of compliance:<br/>1. HIPAA: This report supports the "Information Access Management" control as it helps ensure that users are only accessing the network/resources from authorized locations.<br/>2. CMMC: It aligns with "Access Control" by monitoring who is accessing the network.<br/>3. GLBA: It assists with the "Safeguards Rule," ensuring that customers'' personal information is adequately protected.<br/>4. SOC2 Type 2: The adherence to the "Security" and “Access Controls” principles can be validated by this report as it tracks successful logins.<br/>5. FISMA: This report supports "Access Control" (AC-2: Account Management) by providing an account of successful logins.<br/>6. GDPR: Article 32 - security of processing, data breaches can be identified or prevented by monitoring login activities.<br/>7. PCI-DSS: Helps with Requirement 10 to regularly monitor and test networks, and Requirement 8 for identifying and authenticating access to system components.<br/>', null, null, null, null, null, null, null, null, null, 102, true, 261, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (446, 'The CISCO ASA Firewall Activity report outlines incoming and outgoing traffic through the firewall, flagging suspicious activity like multiple failed login attempts, traffic from blacklisted IPs, unusual resource allocations, or data transfers. This showcases the organization''s active vigilance against cyber threats, demonstrating preventive security control. <br/><br/>1. HIPAA: This report supports the "Transmission Security Standard", helping prove that transmission of ePHI is secure and actively monitored for potential threats.<br/>2. CMMC: It maps to Level 3 Control (SC.3.173), validating that malicious code within transmissions are detected.<br/>3. GLBA: Aligns with Safeguards Rule, demonstrating administrative and technical measures taken for data protection. <br/>4. SOC2 Type 2: Contributes to the control - "System Monitoring", showing ongoing monitoring of security controls system activities.<br/>5. FISMA: Supports the control (AU-12), providing audit records for suspicious activities.<br/>6. GDPR: Demonstrates Article 32 obligation, outlining the implementation of appropriate security measures.<br/>7. PCI-DSS: It maps to control (1.2, 1.3, 1.4) showing that firewall and router configurations are secure, scrutinizing inbound and outbound traffic.<br/><br/>This detailed firewall analysis is critical for many compliance regulations, fulfilling requirements for demonstrable, monitored, and defensible security controls.', null, null, null, null, null, null, null, null, null, 201, true, 257, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (448, 'This security report from the SIEM logs, titled "Windows Account Created," provides a detailed analysis of all new Windows user accounts created and the trend of account creation over time within the organization''s systems. Two visualizations graphically represent this information for ease of understanding and monitoring.<br/><br/>The report enables compliance with multiple compliance regulations. Under GDPR''s ''right to personal data'', organizations must keep a record of all accounts with personal data being created. It is also critical for HIPAA as inappropriate account creation can lead to unauthorized access to Protected Health Information (PHI). <br/><br/>As per CMMC, organizations must have controls to monitor user activity (AC.2.016), which includes new account creation. FISMA also mandates secure user account management (AC-2; Identification and Authentication).<br/><br/>SOC2 Type 2 emphasizes monitoring system activities and identifying unauthorized access which includes new account creation, and PCI-DSS Requirement 10 mandates tracking and monitoring of all access to network resources and cardholder data.<br/><br/>In terms of GLBA, this enhances safeguards for data by limiting unauthorized access through creation of illegitimate accounts.<br/><br/>Overall, this report plays a crucial role in investigating any suspicious behavior or security events, strengthening cybersecurity posture, and maintaining compliance with various standards by providing evidence of effective user account management monitoring.', null, null, null, null, null, null, null, null, null, 101, true, 267, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (449, 'The "File Operations by User" report is a valuable data asset that utilizes SIEM (Security Information and Event Management) logs to provide insights into user behaviors related to file actions. This includes file access events, such as read, write, delete, and modify actions, along with other file-related events, like file creation, copying, or movement. <br/><br/>1. HIPAA: safeguards including access controls (§164.312(a)(1)) and audit controls (§164.312(b)), are supported by such a report as it provides visibility to file operations in systems handling PHI (Personal Health Information).<br/><br/>2. CMMC: practices like ''Audit and Review Activities'' (AU.2.041) and ''Limit Data Access'' (AC.2.016) align with the insights received from this report.<br/><br/>3. GLBA: its Safeguard rule requires that organizations monitor file access to protect customers'' personal financial information. <br/><br/>4. FISMA: auditing for inappropriate or unusual activities (RA-5, AU-2), or unauthorized access (AC-4). <br/><br/>5. SOC2 Type 2: Common Criteria 7.2 requires organizations to monitor system activity regularly.<br/><br/>6. GDPR: it assists with rights like ''Access'' (Article 15) by monitoring operations on files ladened with personal data, and ''Integrity and Confidentiality'' (Article 5) by detecting unauthorized or inappropriate data processing activities. <br/><br/>7. PCI-DSS: requirement 10 which entails tracking and monitoring of all access to network resources and cardholder data can validate these using this report.<br/>', null, null, null, null, null, null, null, null, null, 101, true, 241, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (450, 'The Azure Login Activity report provides comprehensive insights into the login activities within the Azure environment. It displays critical details such as user IDs, IP addresses, timestamps, logins'' success or failure status, location, and more. <br/><br/>1. HIPAA: The report contributes to the Audit Controls (§164.312(b)) requirement by providing a detailed log of access activities that may contain PHI. <br/>2. CMMC: Under the Access Control (AC.4.096), a thorough record of login activities is required for the workforce to monitor and control access.<br/>3. GLBA: Safeguards Rule requires organizations to monitor systems for unauthorized access. Failures in login attempts highlighted in the report can give early warnings of such activities.<br/>4. SOC2 Type 2: One part of the Common Criteria (CC6.1) of SOC2 states that organizations must implement logical access security measures to protect data. Monitoring and documenting all attempted logins can prove adherence.<br/>5. FISMA: This report helps meet the AC-2 and AU-2 controls, requiring a method to authenticate and audit user activities.<br/>6. GDPR: Article 32 emphasizes security techniques like pseudonymization and encryption. The report helps demonstrate the access control and supports the conditions under Article 30 (Records of processing activities).<br/>7. PCI-DSS: Requirement 10 mandates tracking and monitoring all access to network resources and cardholder data. The report provides detailed logging of such activities to maintain compliance.', null, null, null, null, null, null, null, null, null, 103, true, 258, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (451, 'The Azure Login Activity report provides comprehensive insights into the login activities within the Azure environment. It displays critical details such as user IDs, IP addresses, timestamps, logins'' success or failure status, location, and more. <br/><br/>1. HIPAA: The report contributes to the Audit Controls (§164.312(b)) requirement by providing a detailed log of access activities that may contain PHI. <br/>2. CMMC: Under the Access Control (AC.4.096), a thorough record of login activities is required for the workforce to monitor and control access.<br/>3. GLBA: Safeguards Rule requires organizations to monitor systems for unauthorized access. Failures in login attempts highlighted in the report can give early warnings of such activities.<br/>4. SOC2 Type 2: One part of the Common Criteria (CC6.1) of SOC2 states that organizations must implement logical access security measures to protect data. Monitoring and documenting all attempted logins can prove adherence.<br/>5. FISMA: This report helps meet the AC-2 and AU-2 controls, requiring a method to authenticate and audit user activities.<br/>6. GDPR: Article 32 emphasizes security techniques like pseudonymization and encryption. The report helps demonstrate the access control and supports the conditions under Article 30 (Records of processing activities).<br/>7. PCI-DSS: Requirement 10 mandates tracking and monitoring all access to network resources and cardholder data. The report provides detailed logging of such activities to maintain compliance.', null, null, null, null, null, null, null, null, null, 103, true, 239, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (607, 'This report compiles and presents relevant information about the Add delegated permission granted event in Office 365 logs, with the objective of verifying compliance with CMMC practice AC.3.014. It focuses on controlling the flow of sensitive information (CUI) and protecting resource access points, ensuring that permission delegations are appropriately and securely assigned.<br/><br/>The report includes key details about the delegated permissions granted. This information is essential to ensure that CUI-sensitive access points are strictly controlled, allowing only authorized access through delegated permissions that are aligned with established security policies. In this way, access to sensitive data is protected and misuse of permissions is prevented, complying with CMMC access control and information flow requirements.', null, null, null, null, null, null, null, null, null, 510, true, 329, 'TEMPLATE', null, null, 'Office 365 Level 3 (AC.3.014): Delegated Permission Grant', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (685, '', null, null, null, null, null, null, null, null, null, 602, true, 279, 'TEMPLATE', null, null, 'Windows Failed logon attempt', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (452, 'The "Office 365 Unsuccessful Logon Attempts" report provides a detailed view into failed logon attempts to an organization''s Office 365 environment, featuring visualizations for failed login instances per user and their geographical locations. <br/><br/>This report integrates critical security controls like ''Account Monitoring and Control'', ''Data Protection and Privacy'', and ''Incident Response and Management''. Unsuccessful logon attempts could signal a possible unauthorized access attempt, thereby satisfying the monitoring requirements of various laid down compliance standards.<br/><br/>For HIPAA, this report supports the technical safeguard of ''Access Control & Audit Controls'' by ensuring only authorized users have access and tracking login attempts. Similarly, for GDPR, it supports ''Article 32 - Security of processing'' by protecting against unauthorized data processing. <br/><br/>Under FISMA, it correlates to control ''AC-7: Unsuccessful Logon Attempts'' ensuring safeguards against repeated logon attempts. It backs PCI-DSS''s requirement ''10: Track and monitor all access to network resources'' by providing a way to audit access to system resources.<br/><br/>Under SOC2 Type 2, this report aids in addressing the security principle by identifying and documenting unsuccessful attempts. GLBA and CMMC also demand similar controls over access and incident management which are directly served by this report. ', null, null, null, null, null, null, null, null, null, 102, true, 262, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (701, '', null, null, null, null, null, null, null, null, null, 604, true, 265, 'TEMPLATE', null, null, 'Windows Account Logon Success', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (713, '', null, null, null, null, null, null, null, null, null, 604, true, 277, 'TEMPLATE', null, null, 'Windows Access to critical files or specific directories', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (453, 'The "Meraki Firewall Activity" report, containing visualizations of the top 100 events sorted by IP source and Meraki events by source IP and port, is crucial for security management and compliance with numerous regulations.<br/><br/>1. HIPAA: By controlling and monitoring network access, it aids in maintaining the confidentiality of Protected Health Information (PHI), which is mandated under HIPAA.<br/>2. CMMC: The report aids in maintaining situational awareness (SA) and system and information integrity (SI), both required under CMMC level 3 regulations.<br/>3. GLBA: The report can help confirm the Safeguards Rule of GLBA by monitoring system activities and thereby protecting customers'' personal financial information.<br/>4. SOC 2 Type 2: This report demonstrates the effectiveness of the organization''s system controls which are required for SOC 2 Type 2 compliance.<br/>5. FISMA: The report assists in maintaining the system and information integrity (SI) control, crucial for FISMA compliance.<br/>6. GDPR: The report proves the implementation of appropriate security measures critical to protecting personal data of EU citizens, thereby aiding in GDPR compliance.<br/>7. PCI-DSS: For PCI-DSS, this report helps in fulfilling requirements for maintaining a secure network and regularly monitoring and testing', null, null, null, null, null, null, null, null, null, 201, true, 259, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (454, 'The "Cisco Switch Activity" report provides comprehensive visibility on the network layer activities across the environment. It records and represents activities associated with Cisco switch, categorized by host, along with overall switch activity. This involves data like traffic, irregular behaviors, unauthorized access attempts, intrusion attempts, and network performance issues.<br/><br/>This report directly supports several compliance regulations:<br/><br/>1. HIPAA: It satisfies the ''Information Access Management'' (164.308(a)(4)) by monitoring unauthorized network access attempts, and ''Security Incident Procedures'' (164.308(a)(6)) by logging intrusion attempts.<br/>2. GLBA: Helps in fulfilling ''Safeguards Rule'', ensuring secure customer data transmission within the network, keeping track of unusual activity patterns, strengthening access controls.<br/>3. SOC 2 Type 2: The report adheres to the ''Communication and Information'' principle by displaying network activity thereby aiding in change management.<br/>4. FISMA: Supports AU (Audit & Accountability) controls by maintaining a detailed account of network activities.<br/>5. CMMC: Level 3 controls involving ''Detection and Monitoring'' can be met since SIEM helps identify malicious activity by maintaining comprehensive centralized logs.<br/>6. PCI-DSS: It contributes to Requirement 1, "Install and maintain firewall configuration to protect', null, null, null, null, null, null, null, null, null, 201, true, 256, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (455, 'The Windows Systems Activity report is a valuable component for maintaining compliance with several standards. It includes visualizations for total Windows alert counts and a review of these alerts. These figures provide a snapshot of security-related activities within your Windows-based systems. <br/><br/>1. HIPAA: Ensures PHI is protected against threats to its security and integrity. Anomalies or high alert counts on Windows Systems could represent threats.<br/> 2. CMMC: Windows alerts fall under the "SIEM system" (AM.2.044), showcasing that malicious activity is being identified and mitigated.<br/>3. GLBA: Ensures customers'' personal financial information is adequately protected. Alerts triggered due to unusual activity help in safeguarding the information.<br/>4. SOC2 Type 2: Shows continuous monitoring of security controls. Alerts indicate that abnormal activity is detected and acted upon.<br/>5. FISMA: Windows alerts provide evidence for risk assessment (RA-3), audit and accountability controls (AU-2, AU-6) by assessing, detecting, and reporting unusual activities.<br/>6. GDPR: Alert count goes towards ensuring ongoing confidentiality, integrity, and availability of processing systems and services (Article 32).<br/>7. PCI-DSS: Helps meet Requirement 10.6 (Review logs and security events for all system components to identify anomalies or suspicious activity). Windows alert counts allow to spot such activities, adding an extra layer to the PCI-DSS compliance process.<br/>', null, null, null, null, null, null, null, null, null, 203, true, 255, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (456, 'The Linux System Activity report provides a detailed overview of user account activities on Linux systems within the network. It gives insight into user actions, identification of unusual behavior, and assists in maintaining system accountability - an essential aspect of the system''s security posture.<br/><br/>Here''s how this report supports each of the compliance regulations:<br/><br/>1. HIPAA: Contributes to the control for Information Access Management, enforcing roles based user access control and monitoring.<br/> 2. CMMC: Assists with Access Control (AC) and Audit and Accountability (AU) Domains by providing an audit of account activities on the Linux systems.<br/>3. GLBA: Supports the Safeguards Rule by providing visibility on how customer data is accessed in the network.<br/>4. SOC2 Type 2: Demonstrates controls around user access and activity, enabling effective access control management and system activities monitoring.<br/>5. FISMA: The report helps to enact access and user control policies under Access Control Family (AC) and feeds into the Audit and Accountability Family (AU) control.<br/>6. GDPR: Facilitates accountability and integrity components under Article 32, by demonstrating the control over data access and manipulation within the Linux systems.<br/>7. PCI-DSS: This addresses the requirements around tracking and monitoring of all access to network resources and cardholder data, listed under Requirement 10.<br/>', null, null, null, null, null, null, null, null, null, 204, true, 254, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (457, 'The Network Intrusion Detection (NID) report is a critical security document that unveils the detection and count of network intrusions or breaches per device on the network. It also includes a list of the top 10 most recurring Network Intrusion Detection System (NIDS) alerts, offering insight into the most common threats faced by the enterprise.<br/><br/>1. HIPAA: It supports the clarification of ''Technical Safeguards'' as it identifies, prevents, and counteracts security threats to Protected Health Information.<br/>2. CMMC: Its mapping meets several objectives under Domain SI (System & Information Integrity), like detecting, reporting, and quickly acting on system flaw info. <br/>3. GLBA: It helps to maintain an adequate intrusion detection system under the Safeguards rule, thereby protecting customers'' private details.<br/>4. SOC2 Type 2: It feeds into the "security" principle, notably the system''s ability to resist unauthorized invasion and information modification. <br/>5. FISMA: Pertinently maps to numerous NIST SP 800-53 controls about the detection of unauthorized system access.<br/>6. GDPR: In terms of personal data protection, it assists the "Integrity and Confidentiality" principle by providing proof of intrusion attempts and reactions.<br/><br/>7. PCI-DSS: Helps meet Requirement 11.4, which mandates the use of IDS/IPS systems to monitor all traffic and alert potential intrusion.', null, null, null, null, null, null, null, null, null, 202, true, 233, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (634, '', null, null, null, null, null, null, null, null, null, 602, true, 265, 'TEMPLATE', null, null, 'Windows Account Logon Success', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (635, '', null, null, null, null, null, null, null, null, null, 602, true, 266, 'TEMPLATE', null, null, 'Windows Account Logon Failure', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (459, 'The "Dangerous Network traffic" report identifies potentially malicious network activity by correlating IP addresses and generating alerts based on Threat Intelligence data. This report plays a crucial role in meeting several compliance regulations:<br/><br/>1. HIPAA: It aids in the protection of ePHI (electronic Protected Health Information) by enabling early detection of threats that may compromise ePHI data integrity.<br/>2. CMMC: Aligns with Domain 3 (Access Control) by helping control the flow of data & identify malicious IPs seeking unauthorized access to Controlled Unclassified Information (CUI).<br/>3. GLBA: It supports the Safeguards Rule which requires financial institutions to protect customer information by identifying and handling network traffic from threat sources. <br/>4. SOC2 Type 2:  Supports ''Security'' principle by identifying and alerting on possible security threats.<br/>5. FISMA: Adequate security controls for network traffic aligns with FISMA''s requirements, namely, NIST SP 800-53''s AC-4 and SI-4.<br/>6. GDPR: Addresses Article 32’s requirement to implement suitable technical measures to guarantee data processing security, by identifying and managing potentially malicious network traffic.<br/>7. PCI-DSS: Supports Requirement 1 for maintaining a secure network, by identifying and managing dangerous network traffic.<br/><br/>This report, therefore, forms an integral part of an organization''s security stance, helping maintain compliance and protect sensitive data.', null, null, null, null, null, null, null, null, null, 202, true, 252, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (460, 'The Azure Subscription Activity is a security report that summarizes activities and operations in an Azure environment. It shows the number of events by resource and lists all Azure operations.<br/><br/>- HIPAA: This report aids in meeting the Audit Controls (164.312 b) requirement by monitoring the system activity and providing an audit trail of attempted access to electronic protected health information (ePHI).<br/>- CMMC: It contributes towards the Situational Awareness (SA.2.179) control, providing information about cyber operations to identify and respond to security incidents.<br/>- GLBA: The report addresses Detection, Prevention, and Response Mechanisms control by indicating abnormal activities that may suggest a security threat.<br/>- SOC2 Type 2: Aids in the monitoring and evaluating of alteration of system configurations, critical to meeting the System Activity Review Common Criteria (CC6.1).<br/>- FISMA: Supports the audit and accountability control (AU-2) which requires an organization to review/analyze information system activity to detect inappropriate or unusual activity.<br/>- GDPR: In line with Article 32''s requirement for a process to regularly test, assess, and evaluate the effectiveness of security measures, the report provides auditable evidence of this.<br/>- PCI-DSS: Contributes to Requirement 10: Track and monitor all access to network resources and cardholder data by providing an audit trail of system activity for each providing in-scope entity. ', null, null, null, null, null, null, null, null, null, 301, true, 260, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (461, 'The Azure WAF report provides a clear overview of web application firewall (WAF) events across certain categories. It is crucial in identifying potential threats and maintaining cybersecurity.<br/><br/>1. HIPAA: It supports HIPAA’s “Access Control” and “Audit Control” requirements. Identifying and recording access attempts helps ensure only authorized users can view and handle PHI.<br/><br/>2. CMMC: It maps to three CMMC domains - "Access Control", "Audit and Accountability" and "Risk Management" by controlling access, chronicling events and detecting potentially malicious activities.<br/><br/>3. GLBA: The report aids compliance with GLBA by logging all events, a requirement under "Financial Privacy Rule" and "Safeguards Rule" to protect customer data.<br/><br/>4. SOC2 Type2: The report supports achieving "Security" and "Availability" service principles by monitoring security events and maintaining system availability.<br/><br/>5. FISMA: It satisfies a number of FISMA controls including AC-4 (Information flow enforcement) and AU-2 (Audit events).<br/><br/>6. GDPR: It helps meet the GDPR''s "Integrity and Confidentiality" principle by enabling prompt detection and rectification of security incidents to prevent breach of personal data.<br/><br/>7. PCI-DSS: The report supports PCI-DSS requirement 10 (Track and monitor all access to network resources and cardholder data) and requirement 1 (Install and maintain a firewall configuration to protect cardholder data) by tracking events and reporting potential breaches.', null, null, null, null, null, null, null, null, null, 301, true, 269, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (479, 'This report groups the records of event 4722 from the Windows logs, which document the activation of user accounts previously disabled on the system. The information collected is essential to verify compliance with CMMC''s Authentication and Access Control policy Level 2 (AC.2.007), which requires the implementation of role-based access controls (RBAC). This ensures that users only have access to the resources they need based on their role. <br/><br/>The report includes key details such as the identity of the activated accounts, the role assigned, the date and time of activation, as well as the user or system account that performed the action. The analysis of these events allows us to guarantee that accounts are activated and managed in a controlled manner and in compliance with access policies, preventing improper access and maintaining the principle of least privilege in the assignment of roles and permissions.', null, null, null, null, null, null, null, null, null, 510, true, 293, 'TEMPLATE', null, null, 'Windows Level 2 (AC.2.007): User Accounts Enabled', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (683, '', null, null, null, null, null, null, null, null, null, 602, true, 280, 'TEMPLATE', null, null, 'Windows Policy changes', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (462, 'The AWS Subscription Activity report delivered by the SIEM system delivers critical visibility into user activity within the AWS infrastructure, including logons to the AWS Console and generated AWS Events. <br/><br/>Firstly, AWS Console logon activities can help towards maintaining the necessary access control as mandated by HIPAA (164.312(a)(1) - Access Control, 164.312(b) - Audit Controls) and CMMC (AC.2.009 - Login Monitoring), ensuring that only authorized individuals can access protected data. Besides, monitoring such activities can provide valuable logs for SOC2 Type 2 as part of Common Criteria 7 (System Monitoring).<br/><br/>Secondly, AWS Events indicate actions taken within the AWS ecosystem (e.g., starting/stopping instances, modifying security groups, or bucket policies). Such data helps assured configuration management (CM) and security incident event management (SIEM), thus fulfilling parts of the FISMA and NIST standards (CM.2.061, IR.3.093 to name a few) and PCI-DSS requirement 10 (track and monitor all access to network resources and cardholder data).<br/><br/>Further, these event logs contribute to GDPR''s requirement for both integrity and confidentiality (Article 32) and GLBA’s Safeguard Rule, where firms are required to design and implement a safeguards program.<br/><br/>This report helps ensure the organization meets key aspects of these compliance standards, providing necessary evidence during audits and enabling proactive measures to minimize security risk.', null, null, null, null, null, null, null, null, null, 301, true, 239, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (463, 'The O365 Active Directory report provides crucial insight into user activity details and potential suspicious behavior in the network. This report''s data can greatly assist in compliance with various regulations and standards by mapping to specific security controls.<br/><br/>HIPAA: The report helps safeguard sensitive health information by monitoring unauthorized access attempts, which is crucial for the Administrative Safeguards requirement.<br/><br/>GLBA: The report supports the Safeguards Rule by monitoring, detecting, and documenting security incidents involving customer data.<br/><br/>CMMC: The activity log supports Level 3 controls by providing audit records, risk management, and identification of malicious content.<br/><br/>FISMA: The report helps implement control RA-5 (Vulnerability Scanning), SI-4 (Information System Monitoring), AU-2 (Audit Events), and AU-12 (Audit Generation).<br/><br/>SOC2 Type 2: Logs align with monitoring access control and changes to systems processing data, providing real-time alerts for unauthorized access.<br/><br/>GDPR: The report supports the accountability and data security principles by enabling control and understanding over data processing activities.<br/><br/>PCI-DSS: The report is essential in meeting Requirement 10 (Track and monitor all access to network resources and cardholder data) by logging all components of the cardholder data environment.', null, null, null, null, null, null, null, null, null, 302, true, 271, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (464, 'The O365 Exchange Report is a comprehensive summary of the top 5 most executed exchange operations and other exchange activities occurring within the Office 365 environment. This report provides insights into user activities, permission changes, mailbox operations, and policy modifications. <br/><br/>From a compliance perspective, such information is crucial as it ensures strict adherence to HIPAA, GLBA and GDPR regulations concerning data privacy and integrity. By closely monitoring exchange operations, businesses can identify and prevent unauthorized access or data sharing, something that is vital in the healthcare industry (HIPAA), financial institutions (GLBA), and organizations managing data of EU citizens (GDPR). <br/><br/>For the CMMC, domains like Access Control (AC) and Audit and Accountability (AU) relate directly to such reports because it ensures controlled access and provides auditable evidence of data actions. <br/><br/>For FISMA, it maps to the AU family, allowing federal agencies to maintain audit logs and track information system activities.<br/><br/>In SOC2 Type 2, this report contributes to the "Security" and "Confidentiality" principles as it tracks sensitive data handling & access. <br/><br/>For PCI-DSS, requirement 10, "Track and monitor all access to network resources and cardholder data", this report provides documented proof that access to such resources is closely monitored. ', null, null, null, null, null, null, null, null, null, 302, true, 253, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (465, 'The O365 SharePoint Report presents detailed information on user activities within SharePoint including identity of the users, time of access, and actions taken in SharePoint. <br/><br/>1. HIPAA: Sharing and storing patient data could occur in SharePoint. With this report, the organization can verify that only authorized users have accessed such information, meeting the Privacy Rule that requires the safeguarding of Protected Health Information (PHI).<br/>   <br/>2. CMMC: The report helps monitor and control communications at the system and information level as required by the CMMC practice AC.4.014. It also aids in audit and accountability, mapping to control AU.2.042.<br/><br/>3. SOC2 Type 2: By monitoring user accesses and activities, it helps organizations ensure the design and effectiveness of controls over the security, availability, processing integrity, and privacy of customer data, adhering to the principle of Communication and Information.<br/><br/>4. FISMA: This report maps to control AU-3 (Audit and Accountability) which requires organizations to create, analyze and retain system audit logs, and to IR-5 (Incident Response), as anomalies and suspicious activities can be identified and responses initiated.<br/><br/>5. GDPR: This report supports the monitoring of data processing activities (Article 30) by showing who accessed what data and when, fostering transparency and accountability.<br/><br/>6. PCI-DSS: It supports Requirement 10 by tracking, monitoring all access to network resources and cardholder data.', null, null, null, null, null, null, null, null, null, 302, true, 251, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (466, 'The Windows Alerts report generated by the SIEM provides an overview of security alerts classified by category and status, collected from Windows-based systems in the network. These alerts may include unauthorized login attempts, suspicious network activity or malicious behavior, which can indicate potential security breaches or vulnerabilities.<br/><br/>This report contributes to several compliance regulations:<br/><br/>1. HIPAA: The report aids in fulfilling the Administrative Safeguards requirement, specifically under the Security Management Process standard which requires efforts to prevent, detect, contain, and correct security violations.<br/><br/>2. CMMC: Under the Domain Access Control (AC), it helps meet AC.2.016 - Control information flows between owners of the system and limit unauthorized data flow accordingly.<br/><br/>3. FISMA: The alerts contribute to the NIST SP 800-53 Rev. 4 control families AC (Access Control) and SI (System and Information Integrity).<br/><br/>4. PCI-DSS: This report contributes primarily towards Requirement 10: Track and monitor all access to network resources and cardholder data. <br/><br/>5. SOC 2 Type 2: Under the security principle, this report assists in identifying and responding to security incidents effectively.<br/><br/>6. GLBA: Helps meet safeguard rules with system risks identification and management.<br/><br/>7. GDPR: This report contributes to GDPR by enhancing the organization''s ability to detect and investigate data breaches which must be reported under GDPR''s timely report obligations.', null, null, null, null, null, null, null, null, null, 401, true, 248, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (467, 'The "Linux Alerts" security report generated by a SIEM consists of visualizations for Traffic by Linux Logs and Linux Alerts Reports. These indicate the analyzed network traffic going through the Linux servers, alongside the specific security alerts generated in response to detected unusual activities. <br/><br/>The report supports HIPAA by evidencing the monitoring of information systems that store, process, or transmit PHI (Protected Health Information). It also helps in meeting the CMMC''s requirement of network monitoring and inspection, necessary for safeguarding Controlled Unclassified Information (CUI). <br/><br/>For GLBA, whose safeguards rule requires financial institutions to ensure the security and confidentiality of customer information, the report can evidence continuous oversight of system activity. <br/><br/>Under SOC2 Type 2 and FISMA, this kind of report assists in demonstrating system monitoring, which is fundamental for validating system integrity and data protection measures.<br/><br/>In terms of GDPR, the report supports the compliance by helping the organization detect and promptly respond to potential data breaches, minimizing risks to data subject''s rights and freedoms.<br/><br/>Finally, for PCI-DSS, the report contributes to requirements for tracking all access to network resources and cardholder data, along with the need for a system to timely alert to possible compromises. ', null, null, null, null, null, null, null, null, null, 402, true, 245, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (637, '', null, null, null, null, null, null, null, null, null, 602, true, 267, 'TEMPLATE', null, null, 'Windows User Accounts Created', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (468, 'Azure Alerts report provides insight on security events and potential vulnerabilities identified within the Azure environment. It visualizes alerts and operations, and is instrumental for an enterprise''s proactive security posture, security monitoring and incident response.<br/><br/>1. HIPAA: This report helps in maintaining log monitoring standard (164.308(a)(5)(ii)(B)).<br/>2. CMMC: Contributes to SI.3.218, to monitor system security controls on an ongoing basis.<br/>3. GLBA: Helps in complying with security measures to protect against unauthorized access to customer records.<br/>4. SOC2 Type 2: Assists in monitoring system activities, part of the audit requirement of SOC2 Type 2.<br/>5. FISMA: Maps to AU-6 Audit Review, Analysis, and Reporting control by identifying and categorizing alerts.<br/>6. GDPR: Assists in Article 32''s requirement for ability to ensure ongoing confidentiality, integrity, availability and resilience of processing systems.<br/>7. PCI-DSS: Contributes to Requirement 10: Track and monitor all access to network resources and cardholder data.<br/><br/>The Azure Alerts report is vital for timely detection, prompt action as well as evidence of due diligence and due care for both internal audits and external regulators.', null, null, null, null, null, null, null, null, null, 403, true, 249, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (469, 'The Office 365 Alerts report provides insights into the O365 system''s security alerts, categorized by severity. The first visualization presents a comprehensive list of alerts, breaking them down by type, source, time, and related resources for a quick security overview. This assists in addressing security issues promptly and fosters an enhanced security posture. <br/><br/>The second visualization displays the "Top Severity in O365"  highlighting the most severe threats, which helps prioritize actions based on risk severity.<br/><br/>This report directly supports security controls like Access Control (AC), Audit and Accountability (AU), and System and Information Integrity (SI) under FISMA. For GDPR, it helps satisfy Article 32 requirements of ensuring ongoing confidentiality, integrity, and resilience of systems by quickly identifying and rectifying any breaches.<br/><br/>For HIPAA, the report aids in adhering to the Technical Safeguards section by providing necessary information to prevent inappropriate access to ePHI data stored or processed through O365. CMMC''s Domain RE (Risk Management) and SI (System & Information Integrity) controls can be demonstrated by identifying, assessing, and mitigating risks.<br/><br/>For GLBA, SOC2 Type 2 and PCI-DSS, this report helps in identifying and appropriately responding to security events, proving that the company has suitable incident response mechanisms. Also, it helps meet PCI DSS 10.6.1 requirements on reviewing logs for suspicious activities.', null, null, null, null, null, null, null, null, null, 404, true, 247, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (470, 'The Threat Activity Alert report is crucial for safeguarding the organization''s resources by identifying incidents that could potentially harm the system. It focuses on the top 5 alert categories by count and illustrates the total log count to identify trends and specific threat patterns, which assist in potential threat prediction and immediate response.<br/><br/>This report mainly supports the following compliances:<br/><br/>1. HIPAA: In terms of enforcing technical safeguards, it directly adheres with Access Control (164.312(a)(1)) which talks about real-time alert notifications in case of attempted or successful unauthorized access.<br/>   <br/>2. CMMC: Matches with Security Assessment (CA.2.157) requiring organizations to develop and implement system monitoring plans.<br/><br/>3. FISMA: Ensures accurate Risk Assessment (RA-5) through identifying and preparing the system against identified threat sources.<br/><br/>4. GDPR: Helps meet the ''Security of processing'' requirement under Article 32, which emphasizes the need for processes that ensure ongoing confidentiality, integrity, availability and resilience.<br/>   <br/>5. PCI-DSS: Aligns with Requirement 10: Track and monitor all access to network resources and cardholder data.<br/><br/>As the report aids in identifying possible vulnerabilities and unauthorized access attempts, it helps meet SOC2 Type2''s security and availability principles also and corresponds to GLBA’s Safeguards Rule to keep Customer Information secure. <br/>', null, null, null, null, null, null, null, null, null, 405, true, 242, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (471, 'The "Windows AD Policy Change" report tracks alterations made to the organization''s Active Directory (AD) policies. It provides insight into who (top users) has initiated these changes and what specific modifications have been made. This report supports the organization in tracking the internal updates not only for accountability but indicating potential insider threats.<br/><br/>For HIPAA, which requires access control (§ 164.312(a)(1)), it helps ensure that ePHI is only accessed by authorized personnel, and any changes are accordingly recorded.<br/><br/>FISMA emphasizes the importance of monitoring changes to system components (AU-3). This report provides such information to ensure the integrity of the system and information.<br/><br/>It aids in meeting GLBA requirements for safeguarding customer data by maintaining a risk management program and related controls such as ''Monitoring Systems and Procedures'' to identify unauthorized access.<br/><br/>CMMC''s control (AC.2.016) requires that "The role and access privileges of system users should be reviewed periodically" and device access should be controlled. This report can provide information for such reviews.<br/><br/>For SOC2, the report supports the "Change Management" category of the "Common Criteria" by ensuring only authorized changes are made and traced back.<br/><br/>In terms of GDPR, this report aids in maintaining integrity and confidentiality (Article 32) as it ensures only authorized personnel are changing policies.', null, null, null, null, null, null, null, null, null, 101, true, 240, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (472, 'Your "AWS Alerts" report, generated from the Security Information and Event Management (SIEM) tool, presents important insights into security events within your Amazon Web Services (AWS) environment. It features two visualizations that display cover AWS alerts in detail.<br/><br/>This report is instrumental in demonstrating compliance with several regulatory frameworks:<br/><br/>1. HIPAA: It helps maintain the "Audit Controls" and "Protection from Malicious Software" requirements. The alerts may identify unusual data access patterns or potential malware, crucial for protecting healthcare information.<br/>   <br/>2. GDPR: Under ''Integrity and Confidentiality'' principle, the report can show any unauthorized or unusual data access patterns, thus enhancing data protection measures.<br/>   <br/>3. SOC2 – Type 2: The report supports the "Security, Availability, Processing Integrity, Confidentiality and Privacy" principles by revealing potential system vulnerabilities, unauthorized access attempts, etc.<br/>   <br/>4. FISMA: The report supports the risk assessment policy and procedures (RA-1) by identifying potential risks and supporting the process of risk mitigation.<br/>   <br/>5. PCI-DSS: The AWS Alerts report supports the requirement of "Track and monitor all access to network resources and cardholder data" by presenting access and usage patterns in the AWS environment. ', null, null, null, null, null, null, null, null, null, 403, true, 244, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (639, '', null, null, null, null, null, null, null, null, null, 602, true, 272, 'TEMPLATE', null, null, 'Windows User Accounts Deleted', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (473, 'This Network Activity Alerts report uses data from a network intrusion detection system (NIDS) to give insights about the state of the organization''s network security. <br/><br/>1. HIPAA: Helps to comply with the Technical Safeguards section - requiring the organization to implement hardware, software, and/or procedural mechanisms to record and examine activity in information systems.<br/><br/>2. CMMC: Contributes to the Domain Access Control (AC) practices where the report helps monitor and manage all the network access activities.<br/><br/>3. SOC 2 Type 2: Supports the Security principle by providing evidence of active network monitoring and intrusion detection.<br/><br/>4. FISMA: Fulfills the Risk Assessment (RA) and System Services & Acquisition (SA) security control families by helping to identify potential threats/vulnerabilities to information systems connected to the network.<br/><br/>5. GDPR: Support control measures for preventing accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, stored, or processed.<br/><br/>6. PCI-DSS: It addresses Requirement 10: Track and monitor all access to network resources and cardholder data. The report provides evidence of monitoring activity on network devices that may potentially handle cardholder data.<br/><br/>7. GLBA: Helps in fulfilling the Safeguards Rule, which mandates organizations to identify and assess the risks to customer information, and implement controls to manage these risks.<br/>', null, null, null, null, null, null, null, null, null, 406, true, 243, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (474, 'The Threat Intelligence Alerts report generated from the SIEM provides a visual representation of the detected threats based on the IP and the alerts generated. This report illustrates the threat landscape the firm is facing, helping in timely responses. <br/><br/>1. HIPAA: It contributes to Administrative Safeguard requirements under HIPAA by ensuring a security incident procedure is in place for identifying and responding to various security incidents. <br/><br/>2. CMMC: Under SI (System and Information Integrity) domain, the report helps the organization to identify, analyze, and respond to incidents.<br/><br/>3. GLBA: It assists in meeting GLBA''s requirement controlling risks to customer information by identifying potential threats.<br/><br/>4. SOC2 Type 2: Contributes to Security, Availability and Processing integrity principles, by identifying threats and ensuring system''s availability and security.<br/><br/>5. FISMA: The report aids in adhering FISMA''s Risk Assessment (RA) control - RA.5 (Vulnerability Scanning), which requires scan for vulnerabilities in the system.<br/><br/>6. GDPR: Under Article 32’s requirement of implementing security measures to ensure a level of security appropriate to the risk, this report can help assess risk levels and respond accordingly.<br/><br/>7. PCI-DSS: Contributes to Requirement 10 by tracking and monitoring all access to network resources and cardholder data, identifying potential threats that could lead to unauthorized access.', null, null, null, null, null, null, null, null, null, 405, true, 252, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (873, 'This report compiles and presents relevant information about AttachRolePolicy events in AWS, with the objective of verifying compliance with CMMC practice AC.2.007. It focuses on ensuring that access policies are properly associated with roles, ensuring that role-based access controls (RBAC) are implemented correctly. The report includes key details about the policies assigned to the roles, the specific role affected, the accounts involved, and the source of the request. This information is crucial to verify that access to sensitive resources is strictly controlled by assigning appropriate permissions based on user roles, ensuring that the principle of least privilege is maintained and risks of unauthorized access are minimized.', null, null, null, null, null, null, null, null, null, 510, true, 356, 'TEMPLATE', null, null, 'AWS Level 2 (AC.2.007): Attach Role Policy', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (574, 'This report compiles and presents the relevant information extracted from the Windows event logs corresponding to event 4776, which is triggered during authentication attempts on systems using network authentication (NTLM). Analysis of these logs is essential to verify compliance with CMMC practice AC.1.001, which establishes the need to limit system access to authorized users only.<br/><br/>Event 4776 is used to audit access attempts, both successful and unsuccessful, and can provide key data on unauthorized access or inappropriate access attempts. This report includes details such as the username, the origin of the authentication request, and the authentication status.<br/><br/>Based on the information obtained, this report validates that access to the systems is restricted to previously authorized users and provides evidence to ensure compliance with access control and authentication policies.', null, null, null, null, null, null, null, null, null, 510, true, 301, 'TEMPLATE', null, null, 'Windows Level 1 (AC.1.001): Account Authentication Using NTLM', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (585, 'This report collects the records of event 4697 from the Windows logs, which document the installation of new services on the system. Event 4697 is generated when a service is installed, providing key information about the user who performed the installation, the associated executable, and the privileges with which the service is running. This information is crucial to verify compliance with CMMC''s Level 3 (AC.3.014) Access Control and Authentication policy, which requires controlling the flow of CUI and adequately protecting access points to this sensitive data.<br/><br/>The report includes key details such as the name of the installed service, the identity of the user or process that performed the installation, the date and time of the installation, among others. The analysis of these events allows us to verify that only authorized users can install services in the environment, avoiding unauthorized access, the execution of malicious software and possible leaks of Controlled Unclassified Information (CUI), ensuring that security controls are aligned with the CMMC policies.<br/>', null, null, null, null, null, null, null, null, null, 510, true, 305, 'TEMPLATE', null, null, 'Windows Level 3 (AC.3.014): Service Installed', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (645, '', null, null, null, null, null, null, null, null, null, 602, true, 278, 'TEMPLATE', null, null, 'Windows Special privileges assigned to new logon', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (652, '', null, null, null, null, null, null, null, null, null, 602, true, 285, 'TEMPLATE', null, null, 'Windows Network Access to shared resource', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (646, '', null, null, null, null, null, null, null, null, null, 602, true, 320, 'TEMPLATE', null, null, 'Windows Member Addition to a Security Local Group', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (720, '', null, null, null, null, null, null, null, null, null, 604, true, 248, 'TEMPLATE', null, null, 'Windows Alerts', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (814, 'This report collects relevant information from the Windows logs generated by event 4625, which is triggered when a login attempt fails on the system. This event is critical to compliance with CMMC Level 1 control AU.1.001, which requires capturing audit logs for review.<br/><br/>Event 4625 provides details about failed login attempts. This type of information is crucial for detecting unauthorized access or security breach attempts, such as brute force attacks or password guessing attempts.<br/><br/>Collecting and reviewing logs from this event is essential to comply with security audit policies, allowing security teams to quickly identify and respond to suspicious patterns or repeated failed system access attempts. Additionally, these logs are useful for performing forensic analysis in the event of security incidents, contributing to the improvement of preventive defenses.<br/><br/>This report supports the implementation of appropriate auditing practices, ensuring that user activity logs are captured and reviewed, in line with CMMC Level 1 requirements. Through this review, adequate control over access can be maintained. to systems and detect potential security threats before they compromise infrastructure.', null, null, null, null, null, null, null, null, null, 509, true, 266, 'TEMPLATE', null, null, 'Windows Level 1 (AC.1.001): Account Logon Failure', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (544, 'This report is generated from the Windows logs of events 4768, 4769 and 4771, which are directly related to the user authentication process using the Kerberos protocol. These events are triggered in situations where authentication ticket requests, authentication failures, or ticket validation errors occur.<br/><br/>Event 4768: Indicates a Kerberos service ticket request for a successfully authenticated user.<br/>Event 4769: Triggered when there is a request for a service ticket for a user who could not be authenticated due to a Kerberos error.<br/>Event 4771: Raised when the Kerberos authentication process fails due to incorrect or expired credentials.<br/>Analysis of these events is crucial for monitoring malicious behavior within the organization. Authentication failures or repeated attempts to obtain service tickets may be indicative of malicious activity, such as spoofing attacks, unauthorized access attempts, or advanced intrusion behavior.<br/><br/>In the context of CMMC''s Level 4 (SI.4.220): Monitor for malicious behavior across the organization, these events are a key source of information to identify suspicious behavior related to credential management and access to sensitive resources. Monitoring and analyzing these events makes it possible to quickly detect attempted security breaches, which facilitates an early response to possible threats and contributes to strengthening the organization''s security infrastructure.<br/><br/>This report supports the implementation of robust security controls by detecting anomalous behavior, providing a detailed view of events that may be associated with attacks or attempts to compromise user credentials within the network.', null, null, null, null, null, null, null, null, null, 503, true, 283, 'TEMPLATE', null, null, 'Windows Level 4 (SI.4.220): Kerberos ticket requests', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (863, e'The Windows Account Logon Failure Report provides detailed logs of unsuccessful login attempts, capturing key information such as the user account, timestamp, source IP address, and failure reason. This report is critical for compliance within the Banking Audit framework, ensuring visibility into unauthorized access attempts and supporting security and regulatory requirements.<br/>	•	Banking Regulations: Aligns with the GLBA Safeguards Rule, ensuring oversight of failed logon attempts to detect and mitigate potential threats to financial systems and sensitive customer data.<br/>	•	Access Control Compliance: Supports compliance with PCI DSS Requirement 10, which mandates logging and monitoring of access attempts to detect unauthorized activities.<br/>	•	Audit Readiness: Tracks failed logon events, providing traceability for frameworks like SOC2 Type 2 and ISO 27001, ensuring accountability in access control management.<br/>	•	Threat Detection: Identifies patterns of suspicious behavior, such as brute force attacks, password spraying, or repeated failed logins from specific locations.<br/>	•	Data Protection: Ensures compliance with GDPR Article 32, demonstrating controls that restrict and monitor unauthorized attempts to access systems containing sensitive financial data.', null, null, null, null, null, null, null, null, null, 701, true, 266, 'TEMPLATE', null, null, 'Windows Account Logon Failure', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (476, 'This report collects the records of event 4625 from the Windows logs, which document failed login attempts to the system. The information obtained from these events is essential to verify compliance with CMMC''s access control and authentication policy Level 1 (AC.1.001), which states that only authorized users should have access to the system. <br/><br/>The report includes details such as the names of users who attempted access, the host names, and the reasons for login failures. The analysis of these events allows us to identify unauthorized access attempts or possible threats, ensuring that access to the system is appropriately restricted and in line with established security policies.', null, null, null, null, null, null, null, null, null, 510, true, 266, 'TEMPLATE', null, null, 'Windows Level 1 (AC.1.001): Account Logon Failure', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (478, 'This report collects the logs of event 4720 from the Windows logs, which document the creation of new user accounts on the system. This information is key to verify compliance with CMMC''s Level 2 Authentication and Access Control policy (AC.2.007), which requires the implementation of role-based access controls (RBAC) to ensure that users have access only to the resources necessary for their functions. <br/><br/>The report includes details such as the identities of the created users, assigned roles, account creation dates and times, as well as the user or system that performed the action. This analysis ensures that the creation of accounts and the assignment of roles is carried out in a controlled manner and in accordance with security policies, which facilitates the proper management of permissions and access to system resources.', null, null, null, null, null, null, null, null, null, 510, true, 267, 'TEMPLATE', null, null, 'Windows Level 2 (AC.2.007): User Accounts Created', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (587, 'This report collects the Windows log event 4771 logs, which document failed Kerberos authentication attempts on the system. Event 4771 is generated when a Kerberos authentication attempt cannot complete, which may indicate unauthorized access or an attempted access to protected resources, such as those containing Controlled Unclassified Information (CUI). This information is crucial to verify compliance with CMMC''s Level 3 (AC.3.014) Access Control and Authentication policy, which requires controlling the flow of CUI and adequately protecting access points to this sensitive data. <br/><br/>The report includes key details such as the identity of the user or system that attempted the failed authentication, the date and time of the attempt, the source of the access attempt (IP address or source computer), and the resource or service that was attempted to be accessed. . The analysis of these events is essential to identify and mitigate possible unauthorized access threats, ensuring that CUI access points are properly protected against attacks and non-legitimate access, in accordance with the security policies required by CMMC.', null, null, null, null, null, null, null, null, null, 510, true, 310, 'TEMPLATE', null, null, 'Windows Level 3 (AC.3.014): Kerberos pre-authentication failed', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (721, '', null, null, null, null, null, null, null, null, null, 601, true, 261, 'TEMPLATE', null, null, 'Office 365 Account Logon Success', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (722, '', null, null, null, null, null, null, null, null, null, 601, true, 262, 'TEMPLATE', null, null, 'Office 365 Account Logon Failure', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (538, 'This report compiles relevant information from Windows logs about event 7045, which is generated when a new service is installed on the system. Installing a service is a critical action that can indicate the execution of processes or software persistently on the system. Since attackers can use services to maintain access or control in a compromised environment, monitoring this type of activity is essential to detect potential threats or malicious actions.<br/><br/>In the context of CMMC Level 3 (SI.3.217) compliance, monitoring 7045 events is essential to detect unauthorized service installation attempts. These services can be used by attackers to execute malicious code or control systems without detection by administrators. This event is especially useful for identifying suspicious or unrecognized software, which may be indicative of a persistent attack.<br/><br/>The report of this event provides detailed information about the name of the service, its location and the process that installed it, allowing security teams to identify unusual behavior and take preventive or corrective measures. This continuous monitoring approach is vital to strengthen system defense and improve early detection of potential incidents.<br/><br/>In summary, the analysis of 7045 events in Windows logs is a key tool in compliance with CMMC requirement SI.3.217, since it allows organizations to identify and mitigate possible risks related to the unauthorized installation of services, improving attack detection capabilities.', null, null, null, null, null, null, null, null, null, 503, true, 290, 'TEMPLATE', null, null, 'Windows Level 3 (SI.3.217): Installation of Services', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (575, 'This report collects the Windows log event 4728 logs, which document the addition of a user to a security group on the system. This information is essential to verify compliance with CMMC''s Level 2 (AC.2.007) Access Control and Authentication policy, which requires the implementation of role-based access controls (RBAC), ensuring that users only have access to the necessary resources according to their function and role. <br/><br/>The report includes key details such as the identities of users added to security groups, the name of the group to which they were assigned, the date and time of the modification, as well as the account that performed the action. The analysis of these events ensures that the assignment of roles and permissions is carried out in a controlled manner and in accordance with established security policies, helping to maintain the principle of least privilege and prevent unauthorized access.', null, null, null, null, null, null, null, null, null, 510, true, 316, 'TEMPLATE', null, null, 'Windows Level 2 (AC.2.007): Additions to Security Groups', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (576, 'This report groups the records of event 4729 from the Windows logs, which document the removal of a user from a security group on the system. This information is crucial to verify compliance with CMMC''s Authentication and Access Control Policy Level 2 (AC.2.007), which establishes the implementation of role-based access controls (RBAC), ensuring that users maintain access only to the resources necessary for their assigned functions and roles.<br/><br/>The report includes important details such as the identities of users removed from security groups, the name of the group to which they belonged, the date and time of the removal, and the account that made the modification. The analysis of these events allows us to verify that the management of roles and permissions is carried out in a controlled manner, ensuring that access is adequate and minimizing the risk of unauthorized access.', null, null, null, null, null, null, null, null, null, 510, true, 317, 'TEMPLATE', null, null, 'Windows Level 2 (AC.2.007): Security Group Member Removal', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (577, 'This report collects the records of event 4731 from the Windows logs, which document the creation of a security group on the system. This information is essential to verify compliance with CMMC''s Level 2 Authentication and Access Control policy (AC.2.007), which requires the implementation of role-based access controls (RBAC), ensuring that access to the system is assigned. appropriately and only to users with the roles necessary for their functions. <br/><br/>The report includes key details such as the name, the identities of the administrators responsible for the creation, the date and time of the action, and any other information related to the group configuration. The analysis of these events ensures that the creation of security groups is carried out in a controlled manner, in line with established security policies, to facilitate effective management of user roles and permissions.', null, null, null, null, null, null, null, null, null, 510, true, 318, 'TEMPLATE', null, null, 'Windows Level 2 (AC.2.007): Creation of Security-Enabled Local Group', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (578, 'This report compiles the Windows log event 4735 logs, which document the modification of the properties of a security group on the system. This information is key to verify compliance with CMMC''s Level 2 (AC.2.007) Access Control and Authentication policy, which requires the implementation of role-based access controls (RBAC). <br/><br/>The report includes details such as the name of the modified security group, the changes made to its properties, as well as the identity of the user or system that performed the action. The date and time of the modification is also included. The analysis of these events ensures that modifications to security groups are carried out in a controlled manner and in accordance with established security policies, ensuring that users maintain appropriate access and permissions according to their roles and minimizing the risk of unauthorized access.', null, null, null, null, null, null, null, null, null, 510, true, 319, 'TEMPLATE', null, null, 'Windows Level 2 (AC.2.007): Security enabled local group change', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (579, 'This report collects the Windows log event 4732 logs, which document the addition of a user to a security group on the system. This information is crucial to verify compliance with the CMMC''s Authentication and Access Control policy Level 2 (AC.2.007), which establishes the implementation of role-based access controls (RBAC). <br/><br/>The report includes key details such as the name of the security group to which the user was added, the identity of the added user, the account or system that performed the action, among others. The analysis of these events allows us to verify that users are assigned to security groups according to their role and need for access to specific resources. This ensures that access is adequate and that the risk of unauthorized access is minimized, complying with established security policies and facilitating the correct implementation of the RBAC model.', null, null, null, null, null, null, null, null, null, 510, true, 320, 'TEMPLATE', null, null, 'Windows Level 2 (AC.2.007): Member Addition to a Security Local Group', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (644, '', null, null, null, null, null, null, null, null, null, 602, true, 274, 'TEMPLATE', null, null, 'Windows Protected Object Permission Change', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (651, '', null, null, null, null, null, null, null, null, null, 602, true, 275, 'TEMPLATE', null, null, 'Windows Access to shared resource', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (867, e'The Windows User Accounts Created Report provides a comprehensive log of all user account creation events within the system. This report is crucial within the Banking Audit framework to monitor, control, and document account creation, ensuring compliance with regulatory requirements and secure access management.<br/>	•	Banking Regulations: Aligns with the GLBA Safeguards Rule, ensuring oversight of account creation to safeguard sensitive financial systems and customer data.<br/>	•	Access Control Compliance: Supports compliance with PCI DSS Requirement 7, mandating that only authorized personnel can create accounts and ensuring accounts are assigned appropriate access levels.<br/>	•	Audit Readiness: Tracks account creation events to provide traceability and accountability, meeting requirements for frameworks like SOC2 Type 2 and ISO 27001.<br/>	•	Incident Detection: Identifies unauthorized or suspicious account creation, which could indicate insider threats or compromised administrative credentials.<br/>	•	Data Protection: Ensures compliance with GDPR Article 32, demonstrating controls to monitor and restrict the creation of user accounts that could expose sensitive financial data.', null, null, null, null, null, null, null, null, null, 701, true, 267, 'TEMPLATE', null, null, 'Windows User Accounts Created', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (477, 'This report compiles the records of Windows log event 4624, which correspond to successful login attempts to the system. The information extracted from these events is used to verify compliance with the Level 1 policy (AC.1.001) of the CMMC Access Control and Authentication framework, which establishes that access to the system must be limited exclusively to authorized users. <br/><br/>The details provided in the report include user names and host names to ensure that only people with specific privileges have access to the system. The analysis of these events contributes to the detection of unauthorized access and facilitates the validation of the appropriate implementation of access controls.', null, null, null, null, null, null, null, null, null, 510, true, 265, 'TEMPLATE', null, null, 'Windows Level 2 (AU.2.043): Account Logon Success', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (617, 'This report collects the logs for Windows log event 4733, which document the removal of a user from a security group on the system. This information is essential to verify compliance with CMMC''s Authentication and Access Control Policy Level 2 (AC.2.007), which requires the implementation of role-based access controls (RBAC).<br/><br/>The report includes key details such as the name of the security group from which the user was removed, the identity of the removed user, the account or system that performed the action, and the date and time of the modification. The analysis of these events ensures that actions to remove users from security groups are carried out in a controlled manner, ensuring that access to resources is appropriate and adheres to the principle of least privilege. This minimizes the risk of unauthorized access and ensures that access controls are managed according to the roles defined for each user, complying with CMMC security policies.', null, null, null, null, null, null, null, null, null, 510, true, 321, 'TEMPLATE', null, null, 'Windows Level 2 (AC.2.007): Local Security Group Member Removal', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (605, 'This report collects and presents relevant information about the AddedToSharingLink event in Office 365 logs, with the objective of verifying compliance with CMMC practice AC.3.014. The focus of the report is on controlling the flow of sensitive information (CUI) and protecting access points to shared resources, ensuring that the use of file sharing links is restricted and appropriately monitored.<br/><br/>The report includes key details such as the shared file or folder, users added to the sharing links, time of the event, access settings (for example, read-only or edit access), and security policies associated with the shared link. . This information is essential to ensure that only authorized users can access sensitive information through sharing links, minimizing the risk of unauthorized exposure and maintaining control over the flow of CUI in the organization.', null, null, null, null, null, null, null, null, null, 510, true, 327, 'TEMPLATE', null, null, 'Office 365 Level 3 (AC.3.014): Sharing Link Operation', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (580, 'This report collects the records of Windows log event 4657, which documents changes to the security settings of file and folder objects, especially those that contain Controlled Unclassified Information (CUI). Event 4657 is generated when a modification is made to the properties of an object, such as changes to access control lists (ACLs), the security property of a file or folder, or audit settings. This information is essential to verify compliance with CMMC''s Level 3 policy (AC.3.014), which requires controlling the flow of CUI and adequately protecting access points to this data.<br/><br/>The report includes key details such as the name of the modified object, the type of change made (for example, modifications to ACLs, access permissions, or security attributes), the identity of the user or process that made the modification, and the date and time the change occurred. The analysis of these events allows us to verify that the security configurations of the objects that contain CUI are adequately managed and that access to this data is correctly controlled, aligning with the security policies that protect sensitive information.', null, null, null, null, null, null, null, null, null, 510, true, 322, 'TEMPLATE', null, null, 'Windows Level 3 (AC.3.014): Registry Value Modification', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (606, 'This report collects and presents relevant information about the AddedToSecureLink event in Office 365 logs, with the objective of verifying compliance with CMMC practice AC.3.014. The report focuses on controlling the flow of sensitive information (CUI) and securing access points to shared resources securely, ensuring that secure links are used appropriately for access to sensitive data.<br/><br/>The report includes key details such as the users who have been added to the secure links, the time of the event, the type of file or share, among others. This information is crucial to ensure that access to the CUI is properly controlled, protecting the integrity of the shared data and ensuring that only authorized persons can access it through secure channels, in accordance with security and access control standards. required by CMMC.', null, null, null, null, null, null, null, null, null, 510, true, 328, 'TEMPLATE', null, null, 'Office 365 Level 3 (AC.3.014): Secure Link Operation', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (517, 'This report collects event 4625 logs from the Windows logs, which document failed login attempts to the system. Event 4625 is generated when a login attempt is unsuccessful, providing detailed information about the source and nature of the failed attempt. This information is essential to verify compliance with CMMC''s Level 1 (AU.1.001) Audit and Monitoring policy, which requires audit records to ensure adequate monitoring of activities and access to the system, especially in cases of failed access. .<br/><br/>The report includes details such as the names of users who attempted access, the host names, and the reasons for login failures. Analyzing these events can detect suspicious access patterns and track failed attempts, which is key to preventing unauthorized access or malicious activity. This report is essential to meet the audit requirements established by CMMC Level 1, ensuring that all access activities are properly recorded and audited, and helping to maintain the security of the system against unauthorized access attempts.', null, null, null, null, null, null, null, null, null, 511, true, 266, 'TEMPLATE', null, null, 'Windows Level 1 (AU.1.001): Account Logon Failure', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (655, '', null, null, null, null, null, null, null, null, null, 601, true, 265, 'TEMPLATE', null, null, 'Windows Account Logon Success', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (693, '', null, null, null, null, null, null, null, null, null, 601, true, 300, 'TEMPLATE', null, null, 'Windows Monitoring of Critical System Services Status', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (602, 'This report compiles and presents relevant information about AddedToGroup events in Office 365 logs, with the objective of verifying compliance with CMMC practice AC.2.007. Its purpose is to ensure that role-based access controls (RBAC) are implemented correctly, ensuring that users are only added to groups according to their roles and responsibilities within the organization.<br/><br/>The report includes key details such as the user added to the group, the group that has been granted access, the account that performed the action, the time of the event, and any changes to access permissions. This information is crucial to ensuring that users have only the permissions necessary to perform their jobs and that the principle of least privilege is maintained, thereby minimizing the risks of unauthorized access to sensitive resources.', null, null, null, null, null, null, null, null, null, 510, true, 324, 'TEMPLATE', null, null, 'Office 365 Level 2 (AC.2.007): SharePoint Group Membership Additions', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (862, e'The Windows Account Logon Success Report provides a detailed record of successful logon events, capturing essential data such as the user account, timestamp, source IP address, and authentication method. This report is a critical compliance tool within the Banking Audit framework, ensuring traceability of access to sensitive financial systems and supporting regulatory requirements.<br/>	•	Banking Regulations: Aligns with the GLBA Safeguards Rule, ensuring visibility into authorized system access to protect customer information and financial data.<br/>	•	Access Control Compliance: Supports compliance with PCI DSS Requirement 8, validating that only authorized users gain access to critical systems through secure authentication processes.<br/>	•	Audit Readiness: Tracks successful logons, providing evidence for frameworks like SOC2 Type 2 and ISO 27001, ensuring accountability and secure access management.<br/>	•	Threat Detection: Identifies unusual access patterns, such as logons from unexpected geographic locations, which could indicate compromised credentials.<br/>	•	Data Protection: Ensures compliance with GDPR Article 32, demonstrating controls that prevent unauthorized access to systems containing sensitive financial data.', null, null, null, null, null, null, null, null, null, 701, true, 265, 'TEMPLATE', null, null, 'Windows Account Logon Success', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (603, 'This report collects and presents relevant information about FileAccessed and FileAccessedExtended events in Office 365 logs, with the objective of verifying compliance with CMMC practice AC.3.014. The focus of the report is on controlling the flow of sensitive information (CUI) and protecting access points to sensitive files, ensuring that only authorized users can access critical data.<br/><br/>The report includes key details such as the file accessed, the user who accessed it, the time of the event, among others. This information is crucial for monitoring and auditing access to confidential information, identifying potential risks or unauthorized access, and ensuring that access controls are being correctly applied to protect sensitive data entry points within the organization.', null, null, null, null, null, null, null, null, null, 510, true, 325, 'TEMPLATE', null, null, 'Office 365 Level 3 (AC.3.014): File Accessed', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (604, 'This report collects and presents relevant information about SecurityRoleUpdated events in Office 365 logs, with the objective of verifying compliance with CMMC practice AC.2.007. The focus of the report is on ensuring that security role updates are managed appropriately, ensuring that users have access only to the resources necessary according to their role and responsibility within the organization.<br/><br/>The report includes essential details such as the user whose security role was modified, the account that performed the action, the time of the event, among others. This information is key to ensuring that role-based access controls (RBAC) are being properly implemented and maintained, which contributes to the protection of sensitive data and helps prevent unauthorized access to critical systems and resources.', null, null, null, null, null, null, null, null, null, 510, true, 326, 'TEMPLATE', null, null, 'Office 365 Level 2 (AC.2.007): Security Role Update', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (608, 'This report gathers relevant information about the FileTranscriptContentAccessed event from Office 365 logs, with the goal of verifying compliance with CMMC practice AC.3.014. The focus is on controlling the flow of sensitive information, specifically as it relates to the transcribed contents of files, ensuring that access to CUI (Controlled Unclassified Information) is adequately monitored and protected.<br/><br/> The report includes details about the users who have accessed file transcripts, as well as the identifiers of the files involved. Additionally, the type of access performed (read, modify, etc.) and any relevant details about the security settings applied (for example, access policies, multi-factor authentication) are documented. This information is crucial to detect possible unauthorized or inappropriate access to CUI, ensuring that the flow of said information is controlled and protected, in accordance with the security standards established by CMMC.', null, null, null, null, null, null, null, null, null, 510, true, 330, 'TEMPLATE', null, null, 'Office 365 Level 3 (AC.3.014): File Access and Activity', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (609, 'This report compiles key information about the FileDownloaded event in Office 365 logs, with the goal of verifying compliance with CMMC practice AC.3.014. The main purpose is to monitor the flow of sensitive information and protect access points to CUI (Controlled Unclassified Information), ensuring that files with critical information are downloaded only by authorized users.<br/><br/>The report includes details about the users downloading files, the names and locations of the files involved, as well as the IP addresses from which the downloads were made. Additionally, security settings such as access controls and any suspicious or unauthorized activity related to file downloads are documented. This information is essential to detect and prevent improper access to CUI, ensuring compliance with the security standards established by CMMC to protect the integrity of critical information.', null, null, null, null, null, null, null, null, null, 510, true, 331, 'TEMPLATE', null, null, 'Office 365 Level 3 (AC.3.014): OneDrive File Download', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (870, 'This report presents detailed logs of access attempts to the AWS console, focused on verifying that only authorized users have access to the system. Login activity is analyzed using the ConsoleLogin event to ensure that access is limited to authenticated and authorized users, in accordance with CMMC practice AC.1.001, which establishes the need to restrict access to systems to only authorized users. The report includes key information such as authentication status (with/without MFA), source IP address, and login username, to monitor and prevent unauthorized access.', null, null, null, null, null, null, null, null, null, 510, true, 353, 'TEMPLATE', null, null, 'AWS Level 1 (AC.1.001): Console Login', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (874, 'This report compiles and presents relevant information about ConsoleLogin events in AWS, with the objective of verifying compliance with CMMC practice AU.1.001. It focuses on ensuring that AWS console logins are properly audited, ensuring that access to the system is effectively monitored. The report includes key details about login attempts, such as the user involved, the source IP address, and whether multi-factor authentication (MFA) was used. This information is crucial to verify that console accesses are recorded in a way that detects unauthorized activities, ensuring the integrity of the systems and compliance with audit requirements to protect sensitive data.', null, null, null, null, null, null, null, null, null, 510, true, 353, 'TEMPLATE', null, null, 'AWS Level 1 (AU.1.001): Console Login', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (871, 'This report presents a detailed analysis of AssumeRole events in AWS, with the objective of verifying that access to the systems is restricted to authorized users only. Through role assumption records, compliance with CMMC practice AC.1.001 is reviewed, which establishes the limitation of access to systems and data to duly authorized users and roles. The report includes key details such as the role assumed, among others, ensuring that only legitimate actors can obtain additional privileges on the systems.', null, null, null, null, null, null, null, null, null, 510, true, 354, 'TEMPLATE', null, null, 'AWS Level 1 (AC.1.001): Access Roles Assumption', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (872, 'This report presents a detailed analysis of CreateRole events in AWS, focused on verifying the implementation of role-based access controls (RBAC) to ensure compliance with CMMC practice AC.2.007. The goal is to ensure that the creation and assignment of roles in the AWS infrastructure is done in a controlled manner and aligned with the principles of minimum access and segregation of duties. The report includes critical information such as the name of the role created, the associated policy, the AWS account involved, and details about the source of the request, allowing you to verify that only the appropriate roles are defined for access to sensitive resources and that They are maintained in accordance with established safety requirements.', null, null, null, null, null, null, null, null, null, 510, true, 354, 'TEMPLATE', null, null, 'AWS Level 2 (AC.2.007): Access Roles Assumption', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (516, 'This report collects the Windows log event 4624 logs, which document successful login attempts to the system. Event 4624 is generated when a user or process logs in successfully, providing key information about system access. This information is crucial to verify compliance with the CMMC''s Level 1 (AU.1.001) Audit and Monitoring policy, which requires audit records to ensure adequate monitoring of activities and access to the system.<br/><br/>The details provided in the report include user IDs and host names to ensure that only people with specific privileges have access to the system. The analysis of these events ensures that access to the system is being correctly recorded and monitored, contributing to the detection of unauthorized access and ensuring that appropriate access controls are applied. This report is essential to meet the audit requirements established by CMMC Level 1, ensuring that activities within the system are properly recorded and audited to detect possible security threats.', null, null, null, null, null, null, null, null, null, 511, true, 265, 'TEMPLATE', null, null, 'Windows Level 1 (AU.1.001): Account Logon Success', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (598, 'This report collects the logs for Windows log event 4726, which document the removal of a user account from the system. Event 4726 is generated when an administrator or authorized process deletes a user account, providing detailed information about the action taken, the user who performed the deletion, and the details of the deleted account. This information is crucial to verify compliance with CMMC''s Level 2 Auditing and Monitoring policy (AU.2.042), which requires ensuring the collection of logs to detect and analyze security events, including the deletion of user accounts that could be indicative of an attempt to conceal malicious activity or unauthorized access.<br/><br/>The report includes important details such as the identities of the deleted accounts, the date and time of deletion, and the user or system that executed the action.<br/>Analysis of these events is important to monitor the deletion of user accounts, ensuring that accounts are not deleted without proper authorization and that all events are properly recorded. This report is essential to detect suspicious activities or attempts to delete user accounts that could be used for unauthorized access. Compliance with CMMC Level 2 auditing requirements is supported by ensuring that all actions related to account deletion are monitored and analyzed to maintain system security.', null, null, null, null, null, null, null, null, null, 511, true, 272, 'TEMPLATE', null, null, 'Windows Level 2 (AU.2.042): User Accounts Deleted', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (489, 'This report collects the Windows log event 4719 logs, which document changes to the system audit policy configuration. Event 4719 is generated when security auditing configurations are modified, such as parameters related to what activities will be logged and how event logs will be managed. This information is crucial to verify compliance with the CMMC Audit and Monitoring Policy Level 1 (AU.1.001), which requires audit logs to ensure security and adequate monitoring of system activities.<br/><br/>The report includes key details such as the identity of the user who made the change to the audit policy, the date and time of the change, and information about the context of the change (if available), among others.<br/><br/>Analysis of these events allows you to verify that audit policies are not modified without adequate justification, ensuring that audit configurations remain in line with security requirements. This report is essential to ensure that audit records are managed consistently and that any changes in audit policy are duly recorded, supporting compliance with CMMC Level 1 requirements and ensuring the integrity and continuity of monitoring activities. of the system.', null, null, null, null, null, null, null, null, null, 511, true, 280, 'TEMPLATE', null, null, 'Windows Level 1 (AU.1.001): Policy changes', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (490, 'This report collects the logs for event 4648 from the Windows logs, which document the login attempt using explicit credentials (that is, when a user or process logs in using a username and password directly, rather than (automatic login or through a network login service). Event 4648 is generated when a username and password are presented to authenticate a session, providing key information about system access. This information is crucial to verify compliance with CMMC''s Level 1 (AU.1.001) Audit and Monitoring policy, which requires audit logs to ensure security and monitoring of system activities.<br/><br/>The report includes key details such as the identity of the user who attempted to log in, the date and time of the attempt. Additionally, information is provided about the action taken (whether the login was successful or unsuccessful), and details about the credentials used in the attempt, allowing access to sensitive systems to be tracked.<br/>The analysis of these events ensures that system access attempts are adequately audited, allowing unauthorized access to be detected and suspicious behavior to be monitored. This report is essential to ensure that an adequate record of system access is maintained, supporting the identification of malicious or unauthorized activities and complying with CMMC Level 1 auditing and monitoring requirements.', null, null, null, null, null, null, null, null, null, 511, true, 281, 'TEMPLATE', null, null, 'Windows Level 1 (AU.1.001): Logins with explicit credentials', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (492, 'This report collects relevant information from events 4768 (Kerberos Authentication Ticket Granted), 4769 (Kerberos Service Ticket Granted) and 4771 (Kerberos Pre-Authentication Failed) in the Windows logs, for the purpose of verifying compliance with the AU practice. 4.053 of CMMC Level 4, which requires advanced logging capabilities for threat detection.<br/><br/>Analysis of these events is essential to detect and respond to unauthorized access attempts, credential misuse, and suspicious activity in protected environments. The report includes key details such as user name, source IP address, authentication result, Kerberos error codes, and authentication device, allowing you to improve visibility into authentication traffic and strengthen strategies. cybersecurity.<br/><br/>This report facilitates proactive identification of anomalous patterns, potential privilege escalation attempts, or lateral movement within the network, ensuring logging capabilities are robust enough to support advanced threat detection and incident response.', null, null, null, null, null, null, null, null, null, 511, true, 283, 'TEMPLATE', null, null, 'Windows Level 4 (AU.4.053): Windows Kerberos ticket requests', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (494, 'This report collects relevant information from events 5140 (A network share object was accessed) and 5145 (A network share object was checked to see whether client can be granted desired access) in the Windows logs, with the objective of verifying compliance with CMMC Level 4 practice AU.4.053, which requires advanced logging capabilities for threat detection.<br/><br/>Monitoring these events allows you to analyze access to shared resources on the network, identifying unauthorized access attempts, lateral movements and possible data exfiltration. The report includes key details such as the user''s name, source IP address, shared resource accessed, and the result of the operation, among others.<br/><br/>This analysis helps strengthen the security of the environment by monitoring access to sensitive files, detecting anomalous activity, and providing visibility into possible attack attempts or misuse of permissions. With this information, organizations can improve detection and response to advanced threats, ensuring effective management of security logs.', null, null, null, null, null, null, null, null, null, 511, true, 285, 'TEMPLATE', null, null, 'Windows Level 4 (AU.4.053): Access to Shared Resources', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (620, 'This report compiles relevant information from 5007 events (The auditing settings on object were changed) in Windows logs, with the objective of verifying compliance with CMMC Level 4 practice AU.4.053, which requires advanced logging capabilities for threat detection.<br/><br/>Event 5007 is generated when changes are made to system auditing settings, which may indicate attempts to disable or modify critical records in order to evade detection of malicious activity.<br/><br/>The analysis of the displayed data allows us to detect suspicious alterations in audit policies, identify possible attempts to conceal malicious activity and strengthen security controls.<br/><br/>Monitoring these events is essential to ensure the integrity of audit logs and improve the ability to detect and respond to advanced threats, ensuring the protection of critical systems within the organization.', null, null, null, null, null, null, null, null, null, 511, true, 287, 'TEMPLATE', null, null, 'Windows Level 4 (AU.4.053): Changes to Defender settings', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (497, 'Helps maintain tight control over activity in PowerShell, quickly identifying anomalous or suspicious activity that may compromise system or network security. This not only improves the organization''s security posture but also ensures compliance with security regulations and standards.', null, null, null, null, null, null, null, null, null, 511, true, 288, 'TEMPLATE', null, null, 'Windows Level 4 (AU.4.053): PowerShell Script Block Registration', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (841, 'The Windows Logins with Explicit Credentials Report provides a detailed record of login events where explicit credentials (e.g., usernames and passwords) were used. This report plays a vital role in ensuring compliance within the Banking Audit framework by monitoring authentication activities and safeguarding sensitive financial systems.', null, null, null, null, null, null, null, null, null, 703, true, 281, 'TEMPLATE', null, null, 'Windows Logins with explicit credentials', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (554, 'This report compiles relevant information from 4105 events (WMI Event Filter activity detected) in Windows logs, with the objective of verifying compliance with CMMC Level 4 practice AU.4.053, which requires advanced logging capabilities for the detection of threats.<br/><br/>Event 4105 is generated when activity is detected in Windows Management Instrumentation (WMI) event filters, a mechanism used for task automation and system data collection. Attackers can abuse WMI filters to establish persistence or execute malicious commands without detection.<br/><br/>This report includes key details such as the user who performed the action, the date and time of the event, and the affected computer. Analyzing these logs can identify potential attempts at malicious use of WMI, detect suspicious activity, and strengthen security controls against advanced threats.<br/><br/>Continuous monitoring of these events is critical to preventing stealth persistence attacks and ensuring critical systems maintain a robust security posture against potential adversaries.', null, null, null, null, null, null, null, null, null, 511, true, 289, 'TEMPLATE', null, null, 'Windows Level 4 (AU.4.053): PowerShell Remote Session Creation', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (555, 'The AU.4.053 control helps ensure that only authorized services are installed on Windows systems, preventing unauthorized or malicious services from compromising the system. By auditing service installations and ensuring strict controls, this measure reduces the risk of persistent threats or unauthorized access. Additionally, it contributes to compliance with organizational security policies and the requirements set forth in CMMC, reinforcing a secure and well-maintained system environment.', null, null, null, null, null, null, null, null, null, 511, true, 290, 'TEMPLATE', null, null, 'Windows Level 4 (AU.4.053): Installation of Services', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (499, 'This report focuses on the collection and analysis of event 4907 in the Windows logs, which is related to changes in system security audit policies. This event is generated when an audit policy is modified, which may indicate a possible alteration in security configurations or an attempt to disable auditing of important events.<br/><br/>Monitoring events like 4907 is critical for CMMC (Cybersecurity Maturity Model Certification) compliance, especially at Level 5 (AU.5.055), which requires improving auditing capabilities to detect advanced threats. Altering audit policies can be an indication of malicious activity, such as manipulating audit logs to conceal unauthorized access, a technique commonly used in advanced attacks.<br/><br/>Detecting changes to auditing configurations helps prevent log collection from being disabled or circumvented, which is essential for constant vigilance against advanced threats. This event is also part of best practices for intrusion detection and protecting the IT environment from potential malicious actors attempting to modify audit settings to hide their activity.<br/><br/>Collecting and analyzing 4907 events can strengthen incident response capabilities, ensure the integrity of audit logs, and improve the ability to detect sophisticated attacks.', null, null, null, null, null, null, null, null, null, 511, true, 291, 'TEMPLATE', null, null, 'Windows Level 5 (AU.5.055): Restoration of default security policies', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (593, 'This report collects the Windows log event 1102 logs, which document the clearing of system security event logs. Event 1102 is generated when security event logs are cleared, providing key information about actions taken on the system to ensure the integrity and retention of audit logs. This information is crucial to verify compliance with CMMC''s Level 1 (AU.1.001) Auditing and Monitoring policy, which requires audit logs to be made and ensure that they are properly managed to protect the integrity of the information.<br/><br/>The report includes key details such as the date and time the event occurred, and the name of the computer on which the action was executed, information about the reasons behind the deletion (if available), and any related actions or previous events that led to the deletion of the records. These types of events should be monitored closely, as deletion of security event logs could indicate attempts to conceal unauthorized or malicious activity.<br/><br/>Analysis of these events ensures that security audit logs are not deleted without adequate justification, protecting the integrity of the logs and ensuring that security controls are aligned with CMMC Level 1 audit requirements. This report contributes to the identification of possible attempts to manipulate records and facilitates proper management of security events within the organization''s environment.', null, null, null, null, null, null, null, null, null, 511, true, 295, 'TEMPLATE', null, null, 'Windows Level 1 (AU.1.001): Cleaned Event Log', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (623, 'This report compiles relevant information from the Windows logs related to event 4689, which is generated when a process is terminated on the system. This event provides details about processes that are started and terminated, which is essential for monitoring application behavior and detecting anomalous or potentially malicious behavior, such as unauthorized processes or processes that terminate abruptly.<br/><br/>The analysis of this event in the context of the CMMC and specifically for Level 5 compliance (AU.5.055) aims to improve audit capabilities, facilitating early detection of advanced threats. The information collected from event 4689 allows you to track the processes that are running on the system, which is a critical step in identifying possible suspicious activities or signs of an intrusion.<br/><br/>The collection of these logs ensures that the relevant processes are audited in depth, contributing to greater visibility on the actions carried out on the systems and improving the ability to respond to security incidents.', null, null, null, null, null, null, null, null, null, 511, true, 302, 'TEMPLATE', null, null, 'Windows Level 5 (AU.5.055): Process Termination', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (878, 'This report compiles and presents relevant information about PutBucketPolicy events in AWS, with the objective of verifying compliance with CMMC practice AU.2.042. It focuses on ensuring that S3 bucket policies are properly monitored and logged to detect and analyze security events.<br/><br/>The report includes key details such as the affected account, the bucket in question, the policy applied, the identity of the user who performed the action, and the source of the request. This information is critical to ensuring that changes to bucket access policies are tracked, allowing for effective response to potential misconfigurations or unauthorized access.', null, null, null, null, null, null, null, null, null, 511, true, 358, 'TEMPLATE', null, null, 'AWS Level 2 (AU.2.042): Bucket Access Policies', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (596, 'This report collects the logs of event 4720 from the Windows logs, which document the creation of a new user account on the system. Event 4720 is generated when an administrator or authorized process creates a new user account on the system, providing detailed information about the user who performed the action and the details of the created account. This information is key to verify compliance with CMMC''s Level 2 Audit and Monitoring policy (AU.2.042), which requires guaranteeing the collection of logs to detect and analyze security events, including the creation of user accounts that can influence in system security.<br/><br/>The report includes details such as the identities of the created users, assigned roles, account creation dates and times, as well as the user or system that performed the action.<br/>The analysis of these events makes it possible to monitor the creation of user accounts in the system, ensuring that only authorized people can add new accounts and that the process is properly recorded. This is essential to detect suspicious activities or the unauthorized creation of accounts that could be used to access sensitive information. This report is essential to meet CMMC Level 2 audit requirements, ensuring that all relevant events related to account creation are correctly monitored and analyzed.', null, null, null, null, null, null, null, null, null, 511, true, 267, 'TEMPLATE', null, null, 'Windows Level 2 (AU.2.042): User Accounts Created', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (501, 'This report gathers relevant information on events related to enabling user accounts on the system, specifically event 4722, which is generated when a user account in the Windows domain is enabled. This type of event is important as it can signal that a previously disabled account has been activated, which could have security implications if the account is associated with unauthorized access or users who should not have access to the system.<br/><br/>Monitoring this event is essential to comply with Level 2 (SI.2.212) of the CMMC (Cybersecurity Maturity Model Certification), which requires the implementation of mechanisms for real-time supervision of security events. Detecting the enablement of accounts, especially those that have been previously disabled for security reasons, is crucial to identifying possible vulnerabilities in the system.<br/><br/>This report helps ensure that all actions related to account enablement are audited and available for review in real time, improving the organization''s ability to quickly detect and respond to security incidents. It allows greater visibility into actions taken on user accounts and helps prevent unauthorized access to critical system resources.<br/><br/>By actively monitoring the enablement of user accounts, identity and access management practices are reinforced, contributing to a more robust security posture aligned with industry best practices.', null, null, null, null, null, null, null, null, null, 503, true, 293, 'TEMPLATE', null, null, 'Windows Level 2 (SI.2.212): User Accounts Enabled', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (595, 'This report collects the logs of event 4697 from the Windows logs, which document the installation of new services on the system. Event 4697 is generated when a service is installed, which may involve adding software or configuring processes that may have security implications. This information is crucial to verify compliance with CMMC''s Level 2 Audit and Monitoring policy (AU.2.042), which requires ensuring the collection of logs to detect and analyze security events, including the installation of services that may modify behavior. of the system or represent a security risk.<br/><br/>The report includes key details such as the name of the installed service, the identity of the user or process that performed the installation, the date and time of the installation, among others. The analysis of these events allows us to detect the unauthorized installation of services or software in the system, helping to identify possible attack vectors or changes that could compromise the security of the system. This report is essential to verify the correct collection of event logs related to the installation of services and ensure that all relevant events are properly audited, supporting compliance with the audit requirements established by CMMC Level 2.', null, null, null, null, null, null, null, null, null, 511, true, 305, 'TEMPLATE', null, null, 'Windows Level 2 (AU.2.042): Service Installed', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (622, 'This report collects relevant information from the Windows logs, specifically from event 1100 related to the Event Logging Service Shut Down. This event is generated when the Windows Event Logging service stops unexpectedly or on a scheduled basis. Stopping the event log service can have significant implications on the system''s ability to audit, as it interrupts the collection of security logs and other important events.<br/><br/>Analysis of this event is crucial to ensure the continuity of audit logs in the system. In the context of the CMMC and compliance with level 5 (AU.5.055), the aim is to improve audit capabilities to detect advanced threats. The interruption of the event log service may be indicative of a technical or security problem, and monitoring it allows you to identify possible gaps in the audit system and react quickly.<br/><br/>This report helps ensure that the event logging service remains operational at all times, ensuring that log collection is not compromised and enabling timely response to security incidents.', null, null, null, null, null, null, null, null, null, 511, true, 314, 'TEMPLATE', null, null, 'Windows Level 5 (AU.5.055): Event Logging Service Shut Down', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (588, 'This report compiles the records of security alerts generated in the AWS logs, used to monitor access patterns and detect possible anomalies in the use of system resources. These alerts are triggered in response to significant security events, such as unauthorized access, suspicious modifications to critical files, or privilege escalation attempts. The collection and analysis of these alerts is essential to verify compliance with CMMC''s Level 4 Access Control and Authentication policy (AC.4.021), which requires the use of automated tools to monitor access patterns and detect unusual activities that may compromise the security of Controlled Unclassified Information (CUI).<br/><br/>The report includes key details such as:<br/>-Events that caused the alert, providing context about the suspicious activity.<br/>-Severity of the alert, indicating the level of associated risk.<br/>-Status of the alert, specifying whether it is active, resolved or under investigation.<br/>-Alert category, classifying the type of threat detected (for example, unauthorized access, permission changes, failed authentication attempts).<br/>-Source of the event, identifying the system, user or process that generated the alert.<br/>-Date and time of the event, allowing the activity to be correlated with other security events.<br/><br/>The analysis of these alerts allows us to detect anomalous access patterns, improve incident response capacity, and strengthen security controls in environments that handle CUI. By using automated tools for continuous access monitoring, this report helps ensure that access points and the flow of sensitive information are proactively protected, in alignment with CMMC Level 4 requirements.', null, null, null, null, null, null, null, null, null, 510, true, 248, 'TEMPLATE', null, null, 'Windows Level 4 (AC.4.021): Alerts', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (502, 'This report gathers relevant information on events related to changing user account passwords in the system, specifically event 4723, which is generated when a user attempts to change their own password, whether successfully or not. This event is crucial to detect possible unauthorized access attempts or tampering with account credentials, especially when password change attempts are made by unauthorized users or under suspicious circumstances.<br/><br/>Monitoring this event is essential to comply with Level 2 (SI.2.212) of the CMMC (Cybersecurity Maturity Model Certification), which establishes the need to implement mechanisms for real-time monitoring of security events. Detecting password change attempts helps identify malicious user activity attempting to bypass access controls or perform compromising actions on specific accounts.<br/><br/>This report helps ensure that any password modification attempts are audited, providing real-time visibility into activities related to account credentials. This not only improves the organization''s ability to detect and respond to security incidents, but also contributes to the implementation of strong password management policies.<br/><br/>By monitoring these types of events, the organization can identify potential vulnerabilities related to password tampering and prevent unauthorized access to its systems. In this way, a more solid security posture is ensured, aligned with best practices in cybersecurity.', null, null, null, null, null, null, null, null, null, 503, true, 294, 'TEMPLATE', null, null, 'Windows Level 2 (SI.2.212): User Password Reset Attempt', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (625, 'This report analyzes event 5379 in the Windows logs, which refers to smart card authentication attempts. Monitoring this event is key in detecting Credential Access, a technique commonly used by attackers to gain unauthorized access to systems through theft or spoofing of credentials.<br/><br/>In this specific case, events 5379 indicate when a smart card authentication attempt has occurred, whether successful or failed. Attackers can use techniques such as stealing smart cards or misusing credentials associated with smart cards to gain access to protected systems and networks. Detecting these authentication attempts is essential to prevent the exploitation of stolen or compromised credentials.<br/><br/>This event is part of the advanced auditing capabilities required in compliance with the CMMC (Cybersecurity Maturity Model Certification), in particular for Level 5 (AU.5.055), which seeks to improve auditing capabilities to detect advanced threats. Proactively monitoring these events can identify suspicious access and block Credential Access attempts, protecting the integrity of credentials and critical systems.', null, null, null, null, null, null, null, null, null, 511, true, 315, 'TEMPLATE', null, null, 'Windows Level 5 (AU.5.055): Credential Access', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (626, 'This report collects Windows log event 4732 logs, which document attempts to add users to system security groups. Event 4732 is generated when a user or process is added to a security group, providing information about the group to which it was added, the identity of the user who made the modification, and the details of the security group to which the user was added. added. This information is crucial to verify compliance with CMMC''s Level 5 Auditing and Monitoring policy (AU.5.055), which requires improving auditing capabilities for advanced threat detection, allowing for the identification of possible changes in the privileges of users who may be related to privilege escalation or unauthorized activities.<br/>The report includes key details such as the name of the security group to which the user was added, the identity of the added user, the account or system that performed the action, among others. <br/>Analyzing these events can improve auditing capabilities to detect unusual patterns or anomalous behavior related to changes in user privileges and access to sensitive resources. This report contributes to advanced threat detection by identifying changes to security groups that could be indicative of a privilege escalation attempt or security breach. Ensures auditing of security configurations is aligned with CMMC Level 5 security controls, ensuring adequate visibility for early detection of advanced threats.', null, null, null, null, null, null, null, null, null, 511, true, 320, 'TEMPLATE', null, null, 'Windows Level 5 (AU.5.055): Member Addition to a Security Local Group', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (566, 'This report collects relevant information from the Windows logs generated by event 4648, which is triggered when explicit credentials are used to log on to a system. This event is critical to comply with CMMC control AU.3.045, which requires correlation of security events to identify suspicious behavior and detect malicious activity.<br/><br/>By correlating this event with other activity logs, such as failed access attempts, privilege changes, or unusual remote connections, patterns can be identified that suggest privilege escalation attempts, lateral movement, or unauthorized access within the system.<br/><br/>This report allows us to detect suspicious events related to the improper use of credentials, helping to strengthen monitoring and response capabilities against possible threats. Additionally, it contributes to compliance with CMMC regulations by ensuring effective review and correlation of key events for organizational security.', null, null, null, null, null, null, null, null, null, 504, true, 281, 'TEMPLATE', null, null, 'Windows Level 3 (AU.3.045): Logins with explicit credentials', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (619, 'This report collects event 4657 logs from the Windows logs, which document modifications to system security objects, such as files, folders, or registry keys. Event 4657 is generated when a significant change is made to the security attributes of an object, such as modifying access permissions or auditing settings for a resource. This information is crucial to verify compliance with CMMC''s Level 4 Audit and Monitoring policy (AU.4.053), which requires improving logging capabilities to support threat detection, allowing the identification and analysis of critical changes that may be related to malicious behavior or unauthorized activities.<br/>The report includes key details such as the name of the modified object, the type of change made (for example, modifications to ACLs, access permissions, or security attributes), the identity of the user or process that made the modification , and the date and time the change occurred.<br/>Analyzing these events can enhance logging capabilities to identify changes that could be indicative of an attempt to compromise system security or manipulate access to sensitive resources. This report facilitates early detection of threats related to unauthorized modification of security configuration and contributes to the visibility of security-relevant events, ensuring that access and audit controls are aligned with CMMC Level security requirements 4.', null, null, null, null, null, null, null, null, null, 511, true, 322, 'TEMPLATE', null, null, 'Windows Level 4 (AU.4.053): Registry Value Modification', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (615, 'This report collects and analyzes relevant information about GetBucketAcl events in AWS, for the purpose of verifying compliance with CMMC practice AU.2.042. Its objective is to ensure that queries to the access control lists (ACLs) of Amazon S3 buckets are recorded and monitored to detect and analyze possible security events.<br/><br/>The report includes key details such as the account involved, the bucket queried, the identity of the user who made the request, the originating IP address, and the source of the request. This information is essential to audit attempts to access bucket permissions, identify possible unauthorized activities, and ensure proper log collection and analysis in the AWS environment.', null, null, null, null, null, null, null, null, null, 511, true, 334, 'TEMPLATE', null, null, 'AWS Level 2 (AU.2.042): GetBucketAcl Logs', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (616, 'This report collects and analyzes relevant information about DescribeLogGroups events in AWS, with the objective of verifying compliance with CMMC practice AU.2.042. Its purpose is to ensure that queries to log groups in Amazon CloudWatch Logs are recorded and monitored for the detection and analysis of security events.<br/><br/>The report includes key details such as the account involved, the user or service that made the request, the source IP address, the time of the event, and the source of the request. This information is essential to audit the access and display of log groups, identifying possible unauthorized activities and ensuring proper collection and monitoring of logs in the AWS environment.', null, null, null, null, null, null, null, null, null, 511, true, 335, 'TEMPLATE', null, null, 'AWS Level 2 (AU.2.042): DescribeLogGroups Logs', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (509, 'This report collects information relevant to event 4776 in the Windows logs, which is generated when an authentication attempt, usually through Kerberos or NTLM, fails. This event is of great importance for continuous monitoring of systems and early detection of possible unauthorized access attempts or cyber attacks.<br/><br/>In the context of Level 3 (SI.3.217) of the CMMC, this type of event allows the identification of anomalous patterns of failed authentication attempts, which may be indicative of attacks such as brute force, phishing or privilege escalation attempts. The report focuses on capturing these events so that any unusual behavior can be quickly analyzed, ensuring that unauthorized access attempts are detected and managed efficiently.<br/><br/>Monitoring events like 4776 provides real-time visibility into failed authentication attempts, which is crucial for detecting suspicious behavior that may compromise infrastructure security. In addition, the report facilitates the generation of alerts about possible security incidents, allowing corrective measures to be taken before an attack materializes.<br/><br/>This active monitoring approach is essential to meeting CMMC requirements by ensuring that attack detection mechanisms are in place and operating effectively, which is key to protecting the organization from external and internal threats.', null, null, null, null, null, null, null, null, null, 503, true, 301, 'TEMPLATE', null, null, 'Windows Level 3 (SI.3.217): Account Authentication Using NTLM', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (515, 'This report collects relevant information from the Windows logs associated with event 4798, which is generated when the configuration of user accounts in the system is consulted. This event is crucial to detect possible anomalous behavior related to account enumeration or unauthorized access to sensitive account settings.<br/><br/>In the context of CMMC SI.5.223, which promotes the use of advanced monitoring with machine learning to identify anomalous behavior, event 4798 is monitored to detect unusual patterns of account inquiries. Repeated queries to user account settings or unauthorized access could be indicative of an attacker attempting to obtain information about system accounts, such as privileges, settings, and other associated characteristics.<br/><br/>The report provides a detailed view of events related to querying account settings and uses machine learning tools to identify anomalous behavior, such as unusual query patterns, that could signal exploitation attempts or attacks aimed at obtaining sensitive information. .<br/><br/>This type of advanced monitoring helps the organization detect attacks early, improving the ability to respond to potential threats before they can impact system security.', null, null, null, null, null, null, null, null, null, 503, true, 307, 'TEMPLATE', null, null, 'Windows Level 5 (SI.5.223): Group Membership Enumerated', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (630, 'This report is based on the Windows logs for event 4733, which is generated when a user is removed from a security group. This type of event is critical for monitoring access to sensitive systems, since changes in security group membership can be indicative of an attempted lateral movement or an internal attack that seeks to escalate privileges or modify access controls. unauthorized manner.<br/><br/>In the context of CMMC Level 4 (SI.4.220): Monitor for malicious behavior across the organization, event 4733 is relevant to identifying activities that may be associated with malicious modifications to user privileges or group settings that manage critical permissions. These changes may be indicative of suspicious activity, such as an attacker attempting to gain access to restricted resources or making an alteration to user permissions in order to facilitate unauthorized access.<br/><br/>Monitoring this event, especially when unauthorized deletions or modifications are detected in high-privilege groups (such as system administrators or sensitive data access groups), allows the organization to proactively respond to malicious behavior before it can compromise network security or critical systems.<br/><br/>This report provides visibility into changes in security groups, enabling early detection of anomalous behavior and improving the organization''s ability to prevent and mitigate potential internal attacks or external intrusions.', null, null, null, null, null, null, null, null, null, 503, true, 321, 'TEMPLATE', null, null, 'Windows Level 4 (SI.4.220): Local Security Group Member Removal', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (772, 'This report collects relevant information from the Windows logs generated by event 4719, which is triggered when changes are made to the system audit policy configuration. This event is critical to comply with CMMC control CM.3.068, which requires the implementation of controls to manage system configurations and ensure infrastructure security.<br/><br/>Monitoring this event can detect unauthorized or suspicious alterations to the audit logs, which could indicate monitoring evasion attempts or malicious activities within the system.<br/><br/>This report is essential so that security teams can identify and respond to changes in audit configuration, ensuring that critical records remain protected and that any modifications to system policies are properly evaluated and justified. Its implementation strengthens configuration management and contributes to CMMC compliance, ensuring rigorous control over the integrity of the organizational infrastructure.', null, null, null, null, null, null, null, null, null, 506, true, 280, 'TEMPLATE', null, null, 'Windows Level 3 (CM.3.068): Policy changes', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (781, 'This report compiles relevant information from the Windows logs generated by event 4946, which is triggered when a change is made to the audit policies related to the system''s security configuration. This event is essential to comply with CMMC Level 4 control CM.4.070, which requires automation in the detection of unauthorized changes to systems.<br/><br/>Event 4946 provides details about changes to security auditing configurations, which could be used by malicious actors to modify auditing parameters in order to hide their activities or interfere with incident detection mechanisms. Monitoring this event makes it easier to identify unauthorized alterations to auditing configurations, allowing administrators to detect attempts to tamper with the system and act quickly.<br/><br/>Automating the detection of these changes is crucial to ensure that the security infrastructure remains intact and that any alterations to audit policies are detected without delay. This report helps organizations prevent malicious or unauthorized changes from going undetected, ensuring that systems integrity and audit policies are not compromised.<br/><br/>Automated monitoring of these types of events also contributes to CMMC Level 4 compliance by improving the organization''s ability to quickly detect and respond to security incidents, increasing overall threat protection and strengthening network security posture. ', null, null, null, null, null, null, null, null, null, 506, true, 346, 'TEMPLATE', null, null, 'Windows Level 4 (CM.4.070): Firewall Exception List Changed', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (795, 'This report compiles relevant information from the Windows logs generated by event 4719, which is activated when a modification is made to the system audit policy. This event is important for identifying unauthorized changes that may be related to disabling security auditing or attempts to hide traces of malware infections. It is key to complying with CMMC Level 1 control SI.1.210, which requires identifying and correcting malware infections.<br/><br/>Event 4719 provides details about the modifications made to the auditing configuration. Auditing configurations are essential for recording system security-related events such as logins, file modifications, and system configuration changes.<br/><br/>Monitoring this event allows security teams to detect suspicious changes to audit policies that may have been made by an attacker to eliminate evidence of malicious activity. Additionally, identifying these changes early can help prevent the spread of malware and ensure that the system maintains its ability to detect and record malicious user actions or processes.<br/><br/>This report supports security teams in implementing controls to detect and correct malware infections, thus contributing to compliance with CMMC Level 1 control SI.1.210, and ensuring that system audit policies are correctly configured to detect behaviors anomalous and malware attacks.', null, null, null, null, null, null, null, null, null, 507, true, 280, 'TEMPLATE', null, null, 'Windows Level 1 (SI.1.210): Policy changes', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (808, 'This report compiles relevant information from the Windows logs generated by events 5061, 4673 and 4674, which are related to the access and manipulation of security objects and policies in the system. These events are crucial to compliance with CMMC Level 4 control SI.4.221, which requires automation of malware detection and response.<br/><br/>Event 5061: This event is triggered when a cryptography operation is performed, which may indicate malicious encryption attempts, such as ransomware attacks.<br/>Events 4673 and 4674: These events are generated when significant changes are made to security policies, such as the creation, modification, or deletion of critical objects, which could be an attempt to alter system configuration to facilitate attacks or circumvent security measures. security.<br/><br/>Automated collection and analysis of these events can detect patterns of anomalous behavior associated with the presence of malware, such as manipulation of security settings or execution of malicious encryption processes. Automation in the detection and response to these events is vital to mitigate the impact of any attempted infection or alteration of systems quickly and efficiently.<br/><br/>This report helps security teams implement automatic controls to monitor and respond to incidents related to security policy manipulation and cryptography, contributing to the prevention of attacks and strengthening the organization''s security posture. In addition, it reinforces compliance with CMMC Level 4 control SI.4.221, ensuring that the detection and response to possible threats is carried out in an effective and automated manner.', null, null, null, null, null, null, null, null, null, 507, true, 286, 'TEMPLATE', null, null, 'Windows Level 4 (AU.4.053): Use of Elevated Privileges', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (810, 'This report compiles relevant information from the Windows logs generated by event 4689, which is activated when a process finishes executing on the system. This event is crucial for the detection of suspicious activities, such as the termination of malware-related processes, and is essential to comply with CMMC Level 1 control SI.1.210, which requires identifying and correcting malware infections.<br/><br/>Event 4689 provides details about processes that have terminated. This information is valuable for correlating malicious processes with their initial creation and determining whether a malicious process was appropriately killed or stopped. Monitoring process termination is essential to identify if an attack has been contained or if a suspicious process has been stopped in time.<br/><br/>Tracking these events allows security teams to analyze process termination patterns, detect potential malware infections that could have been neutralized, and ensure that legitimate processes have not been stopped inappropriately. Additionally, early detection of terminating malicious processes may indicate an attempt by an attacker to conceal or remove evidence.<br/><br/>This report supports security teams in the identification and correction of malware infections, thus contributing to compliance with CMMC Level 1 control SI.1.210.', null, null, null, null, null, null, null, null, null, 507, true, 302, 'TEMPLATE', null, null, 'Windows Level 1 (SI.1.210): Process Termination', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (798, 'This report compiles relevant information from the Windows logs generated by event 4697, which is activated when the installation of a new service on the system is detected. This event is key to complying with CMMC Level 3 control SI.3.219, which requires the implementation of endpoint monitoring for malware detection.<br/><br/>Event 4697 provides details about the services installed on the system. Monitoring these types of events is essential to detect the installation of unauthorized services that could be used by malicious actors to execute malicious code or establish persistence on the system.<br/><br/>Analyzing these events allows security teams to identify suspicious activity, such as the installation of malware or exploitation tools attempting to covertly execute commands through a new service. Additionally, proactive monitoring of service installation ensures that any unauthorized changes are detected in time, helping to prevent attacks and maintain the integrity of systems.<br/><br/>This report is an essential tool for effective endpoint monitoring, as it allows you to identify and investigate new service installations that could be indicative of a malware infection. By doing so, it contributes to compliance with CMMC Level 3 control SI.3.219, helping to strengthen detection and response to threats on network endpoints.', null, null, null, null, null, null, null, null, null, 507, true, 305, 'TEMPLATE', null, null, 'Windows Level 3 (SI.3.219): Service Installed', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (793, 'This report collects relevant information from the Windows logs generated by event 7031, which is triggered when the Service Control Manager (SCM) detects that a service has ended unexpectedly. The event is especially important when such termination is unplanned or may be related to malicious activities, such as malware infections, and is key to complying with CMMC Level 1 control SI.1.210, which requires identifying and correcting malware infections.<br/><br/>Event 7031 provides details about services that have stopped unexpectedly. These events allow security teams to detect possible attempts by attackers to disable critical system services through malware or other forms of manipulation.<br/><br/>Monitoring these types of events is essential to identify anomalous or malicious activities that may compromise the stability and security of systems. Collecting 7031 event information allows security teams to act quickly on unexpected termination of services, which could indicate that malware is attempting to interfere with system processes.<br/><br/>This report is essential to ensure that malware infections are detected in time and that essential system services are restored and protected. In addition, it contributes to compliance with CMMC Level 1 control SI.1.210, ensuring that systems are continuously monitored and protected against threats that may affect their operation and security.', null, null, null, null, null, null, null, null, null, 507, true, 341, 'TEMPLATE', null, null, 'Windows Level 1 (SI.1.210): Windows Unexpected Service Failures', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (809, 'This report gathers relevant information from the Windows logs generated by Windows Defender events 2001, 2003 and 3002, which record the actions taken by the protection system against detected threats. These events are key to compliance with CMMC Level 1 control SI.1.210, which focuses on the identification and correction of system failures, including the detection and response to malware.<br/><br/>Event 2001: This event indicates that Windows Defender has detected a threat on the system and has taken protective action, such as removing or quarantining malicious files.<br/>Event 2003: Records additional actions that Windows Defender may have taken, such as scanning in the background or responding to threats on critical files or locations.<br/>Event 3002: Provides additional details on the execution of threat mitigation measures, including user or administrator intervention if necessary, and the status of affected files.<br/><br/>Collecting these events allows you to verify that Windows Defender is actively monitoring and responding to system threats, which is critical to mitigating the risk of malware infections and other vulnerabilities. These logs provide detailed information about the threats detected and the actions implemented to contain or eliminate those threats, allowing security teams to monitor the effectiveness of protection responses.<br/><br/>This report contributes to compliance with CMMC Level 1 control SI.1.210 by ensuring that system failures caused by malware or malicious activities are detected and appropriately acted upon. Correctly configuring and monitoring Windows Defender and collecting these logs provides a solid foundation for conducting regular audits, evaluating the effectiveness of mitigation actions, and ultimately protecting critical systems from potential cyber threats.', null, null, null, null, null, null, null, null, null, 507, true, 348, 'TEMPLATE', null, null, 'Windows Level 1 (SI.1.210): Windows Defender Action Against Detected Threat', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (812, 'This report collects relevant information from the Windows logs generated by events 5156, 5158 and 5159, which are related to monitoring system network activity and allowed network connections. These events are essential to comply with CMMC Level 3 control SI.3.219, which requires implementing endpoint monitoring for malware detection.<br/><br/>Event 5156: Provides details about the network connections that have been allowed between the system and other devices on the network, helping to identify suspicious communications that could be related to malicious activity.<br/>Event 5158: Logs blocked network connections, which may indicate unauthorized access attempts or the spread of malware attempting to establish connections to other machines.<br/>Event 5159: Provides details about network connections allowed or denied based on security policies, which is crucial for identifying traffic that could be associated with malware behavior on an endpoint.<br/><br/>These events identify unusual patterns of network traffic that could be indicative of a malware attack, such as connection attempts to unknown or blocked IP addresses, communication attempts by unauthorized processes, or unusual use of network ports. Monitoring these events is essential to quickly detect malicious behavior and prevent the spread of malware within the corporate network.<br/><br/>This report facilitates the implementation of security controls that allow you to identify, block and mitigate the impact of malware on the organization''s endpoints. Additionally, it supports security teams in the proactive detection of threats, contributing to compliance with CMMC Level 3 control SI.3.219, ensuring that endpoints are adequately monitored to detect malicious activities and prevent security incidents.', null, null, null, null, null, null, null, null, null, 507, true, 349, 'TEMPLATE', null, null, 'Windows Level 3 (SI.3.219): Connections and Port Assignments', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (740, 'This report compiles relevant information from the Windows logs generated by event 4625, which is triggered when a login attempt fails on the system. This event is essential to comply with CMMC control AU.1.001, which requires retaining logs for basic review and ensuring the availability of information to audit access and detect possible inappropriate activities.<br/><br/>Event 4625 provides details about failed login attempts. This information is key to monitoring unauthorized system access attempts, identifying patterns of repeated failures or brute force attacks, and maintaining appropriate records for later review.<br/><br/>This report is useful for ensuring that event logs related to failed login attempts are stored and available for review. This contributes to compliance with CMMC regulations, allowing for basic audits and strengthening security through early detection of suspicious activities.', null, null, null, null, null, null, null, null, null, 505, true, 266, 'TEMPLATE', null, null, 'Windows Level 1 (AU.1.001): Account Logon Failure', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (746, 'This report collects relevant information from the Windows logs generated by event 4767, which is triggered when a user account is unlocked after being locked out due to failed login attempts or security policy violations. This event is crucial to comply with CMMC control AU.3.044, which requires maintaining logs for advanced review and appropriate response to security incidents.<br/><br/>Event 4767 provides details about the unlocked account. Monitoring this event allows us to detect situations in which a previously blocked account is restored, which could be indicative of a change in user behavior, or in some cases, a possible attempt to evade security measures.<br/><br/>This report is essential to retain logs of events related to account unlocking, which facilitates investigation and response to security incidents. By storing this information, security teams can perform advanced screening to identify suspicious patterns, contributing to rapid detection of potential threats. Additionally, this process helps ensure CMMC compliance by ensuring that account unlock events are appropriately reviewed and can be used for effective incident response.', null, null, null, null, null, null, null, null, null, 505, true, 336, 'TEMPLATE', null, null, 'Windows Level 3 (AU.3.044): Unlocked Account', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (751, 'This report collects relevant information from the Windows logs generated by event 5038, which is triggered when modification or deletion of an audit log file is detected or when unauthorized access is made to a protected log file. This event is essential to comply with CMMC control AU.4.053, which requires the implementation of integrity controls on audit logs to prevent their manipulation or alteration.<br/><br/>Event 5038 provides details about access to the log files, indicating whether there has been an alteration or inappropriate access to them. This information is crucial to ensuring the integrity of audit logs, helping to detect possible attempts to hide malicious activity or modify critical records.<br/><br/>This report is key to ensuring that audit logs are adequately protected against alterations or manipulations, allowing security teams to take immediate action if suspicious behavior is detected. By implementing effective integrity controls on logs, the reliability of the information used for analysis and response to security incidents is guaranteed. Additionally, it contributes to compliance with CMMC standards by ensuring that audit logs are kept protected from unauthorized modifications.', null, null, null, null, null, null, null, null, null, 505, true, 337, 'TEMPLATE', null, null, 'Windows Level 4 (AU.4.053): Audit File integrity Validation Failed', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (752, 'This report collects relevant information from the Windows logs generated by event 1105, which is triggered when the Windows Event Logging Service backs up the event logs. This event is important to comply with CMMC control AU.5.055, which requires the use of advanced tools to guarantee the integrity and availability of the logs.<br/><br/>Event 1105 provides details on event log backup operations, allowing you to verify the integrity of the logs and their availability for future review or incident investigation. Collecting this event helps ensure that audit logs are adequately backed up, protecting their retention from unauthorized modifications or data loss.<br/><br/>This report is essential to ensure that event logs are backed up regularly and effectively, which contributes to the integrity of the logs and their availability for security analysis and investigations. Additionally, it helps meet CMMC requirements by providing an additional layer of protection and ensuring that log backup mechanisms are properly implemented and monitored across the organization''s IT infrastructure.', null, null, null, null, null, null, null, null, null, 505, true, 338, 'TEMPLATE', null, null, 'Windows Level 5 (AU.5.055): Log Automatic Backup', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (558, 'This report gathers relevant information from the Windows logs generated by event 4720, which is triggered when a user account is created on the system. Event 4720 is crucial to compliance with CMMC AU.2.043, which requires log review and event correlation to identify inappropriate, unauthorized, or suspicious activity.<br/><br/>Event 4720 captures essential details about creating a user account. This information is vital to detect unauthorized creation of user accounts or possible manipulations in account settings that could be used for improper access to the system.<br/><br/>Reviewing this event in conjunction with other security events can identify patterns of behavior that could indicate unusual activity, such as account creation outside of business hours or on unapproved systems, which may be a sign of a security breach. or an unauthorized access attempt.<br/><br/>Correlating 4720 events with other security logs provides complete visibility into the lifecycle of user accounts, ensuring that activities related to account creation are legitimate and appropriately managed.<br/><br/>This report facilitates the proactive analysis of system security and contributes to compliance with CMMC guidelines, allowing the early detection of possible vulnerabilities or risks in the management of user accounts.', null, null, null, null, null, null, null, null, null, 504, true, 267, 'TEMPLATE', null, null, 'Windows Level 2 (AU.2.043): User Accounts Created', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (633, 'This report compiles relevant information from the Windows logs generated by event 4663, which is triggered when an object or file is accessed or modified in the system. This event is essential to comply with CMMC control AU.2.043, which requires log review and correlation of events to detect inappropriate or malicious activities.<br/><br/>Event 4663 provides details about access to critical files and objects, allowing you to monitor changes or unauthorized access to sensitive data. By correlating this event with other system activity logs, patterns can be identified that suggest attempts at manipulation or misuse of information, contributing to the detection of unusual activities that may compromise the security of the organization.<br/><br/>This report helps detect suspicious events related to access to confidential files and the modification of important data, allowing preventive measures to be taken against possible internal or external attacks. Additionally, it facilitates compliance with CMMC regulations by ensuring that events that may indicate inappropriate activities are appropriately reviewed and correlated.', null, null, null, null, null, null, null, null, null, 504, true, 277, 'TEMPLATE', null, null, 'Windows Level 2 (AU.2.043): Access to critical files or specific directories', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (560, 'This report gathers relevant information from the Windows logs generated by event 4723, which refers to an attempt to change the password of a user account. This event is essential for compliance with CMMC control AU.2.043, which establishes the need to review logs and correlate events to detect inappropriate activities.<br/><br/>Analysis of this event helps identify unauthorized or failed password modification attempts, which may be an indicator of suspicious activity or account compromise attempts. Correlating this event with other relevant logs allows for more accurate detection of anomalous patterns or unusual behavior, thus improving the ability to prevent unauthorized access or malicious behavior.<br/><br/>This report supports compliance with CMMC regulations by ensuring that password modification actions are reviewed efficiently, contributing to the identification and mitigation of risks related to unauthorized access and the integrity of user accounts.', null, null, null, null, null, null, null, null, null, 504, true, 294, 'TEMPLATE', null, null, 'Windows Level 2 (AU.2.043): User Password Reset Attempt', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (562, 'This report gathers relevant information from the Windows logs generated by event 4660, which is triggered when an object, such as a file or directory, is deleted on a system. Event 4660 is crucial to comply with CMMC control AU.3.045, which states the need to correlate security events to identify suspicious behavior and potential security incidents.<br/><br/>Event 4660 captures details about the deletion of objects on the system, providing information about what files or directories were deleted, who performed the action, and when it was performed. These details can be critical in identifying potential malicious activity or suspicious behavior, such as unauthorized deletion of critical files or sensitive data. By correlating this event with other security logs, such as access logs, authentication logs, or security configuration changes, unusual patterns of behavior can be identified.<br/><br/>This report is essential to detect and mitigate possible threats related to the deletion of important or confidential information, helping to identify activities that may indicate an attempted cover-up of malicious actions or an attack. Additionally, it facilitates CMMC compliance by improving event monitoring and correlation capabilities, allowing for a timely response to suspicious activities.', null, null, null, null, null, null, null, null, null, 504, true, 298, 'TEMPLATE', null, null, 'Windows Level 3 (AU.3.045): Object Deletion', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (930, 'This report collects and analyzes relevant information from AWS logs about the DeleteUser event, used to verify compliance with CMMC Level 1 (SI.1.210): Identify and correct security flaws in a timely manner.<br/><br/>The DeleteUser event in AWS IAM records the deletion of user accounts, which can pose a security risk if not handled properly. This report allows you to identify and correct possible vulnerabilities by monitoring user deletions, detecting unauthorized access, suspicious changes and ensuring the integrity of access controls in the organization.<br/><br/>Analysis of these events helps to:<br/>-Identify unauthorized or accidental user deletions.<br/>-Verify which accounts have been deleted and who performed the action.<br/>-Review the origin of the request and the devices or IP addresses involved.<br/>-Evaluate compliance with security controls related to user management.<br/><br/>This report helps ensure that user removal actions are legitimate and that any suspicious activity is investigated and corrected in a timely manner, aligning with the security requirements established by CMMC.', null, null, null, null, null, null, null, null, null, 503, true, 359, 'TEMPLATE', null, null, 'AWS Level 1 (AU.1.001): IAM User Deletion', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (599, 'This report compiles and presents relevant information about UserLoggedIn events in Office 365 logs, with the objective of verifying compliance with CMMC practice AC.1.001. Its purpose is to ensure that access to systems is limited to authorized users only, allowing logins to be monitored and audited on the platform.<br/><br/>The report includes details such as the user''s identity, source IP address, geographic location, and the number of accesses they have had. This information is essential to detect unauthorized access, evaluate authentication patterns, and reinforce security controls to protect organizational data and resources.', null, null, null, null, null, null, null, null, null, 510, true, 261, 'TEMPLATE', null, null, 'Office 365 Level 1 (AC.1.001): Account Logon Success', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (600, 'This report collects and presents relevant information about UserLoginFailed events in Office 365 logs, with the objective of verifying compliance with CMMC practice AC.1.001. Its purpose is to ensure that access to the system is restricted to authorized users, and to detect failed login attempts, which could indicate unauthorized access attempts or brute force attacks.<br/><br/>The report includes details such as user identity, source IP address, geographic location. This information is crucial for identifying suspicious patterns, blocking unauthorized access, and enforcing authentication controls in the system, helping to protect sensitive data and corporate resources.', null, null, null, null, null, null, null, null, null, 510, true, 262, 'TEMPLATE', null, null, 'Office 365 Level 1 (AC.1.001): Account Logon Failure', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (571, 'This report compiles relevant information from the Windows logs generated by event 1000, which is recorded when an application or process on the system experiences an error and closes unexpectedly. This event is critical to comply with CMMC control AU.4.054, which requires the implementation of advanced event correlation to detect evolving threats.<br/><br/>Event 1000 can be an indicator of possible malicious activity, such as attempts to exploit vulnerabilities, crashes in critical applications, or the execution of unauthorized code. By correlating it with other security events, such as suspicious process execution attempts, unusual access, or system configuration changes, it is possible to identify patterns that suggest attack attempts or infrastructure compromises.<br/><br/>This report facilitates the detection of possible advanced threats by providing visibility into application failures and their possible relationship with malicious activities. Additionally, it contributes to CMMC compliance by strengthening the ability to correlate and analyze critical events in the IT environment.', null, null, null, null, null, null, null, null, null, 504, true, 309, 'TEMPLATE', null, null, 'Windows Level 4 (AU.4.054): Application Errors', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (568, 'This report collects relevant information from the Windows logs generated by event 4738, which is triggered when there is a change in the information of a user account, such as the modification of the password or other important attributes. This event is essential to comply with CMMC control AU.3.045, which establishes the need to correlate security events to identify suspicious behavior.<br/><br/>Event 4738 provides detailed information about any alterations to user accounts, which may indicate attempted credential manipulation or unauthorized modifications. By correlating this event with other security logs, such as system access logs and authentication event logs, you can identify unusual or malicious patterns of behavior, such as accessing critical accounts or modifying user privileges without justification.<br/><br/>This report allows you to identify potentially malicious activities that involve the modification of user accounts and is a key tool to detect suspicious changes that may compromise organizational security. Additionally, it facilitates CMMC compliance by implementing robust event correlation practices, crucial to identifying and mitigating risks related to unauthorized access.', null, null, null, null, null, null, null, null, null, 504, true, 308, 'TEMPLATE', null, null, 'Windows Level 3 (AU.3.045): User Account Attributes Changes', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (931, 'This report gathers relevant information from AWS logs related to the ListAccessKeys event, which is generated when a user''s access keys are listed in AWS IAM. The analysis of these events is essential to comply with CMMC Level 3 control SI.3.217, which requires the use of monitoring tools to detect possible attacks.<br/><br/>Unauthorized or suspicious access to the access key enumeration may indicate reconnaissance attempts by malicious actors within the cloud infrastructure. This report provides key details such as the user''s identity, source IP address, the source of the event, and the time it occurred, allowing for proactive security assessment and identification of potential threats.', null, null, null, null, null, null, null, null, null, 503, true, 360, 'TEMPLATE', null, null, 'AWS Level 3 (SI.3.217): ListAccessKeys Logs', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (733, 'This report collects relevant information from the Windows logs generated by event 4720, which is triggered when a new user account is created on the system. This event is crucial to comply with CMMC control AU.2.044, which requires review of audit logs to identify inappropriate behavior or suspicious activities.<br/><br/>Event 4720 provides details on creating user accounts. By reviewing and correlating this data with other activity logs, unusual patterns can be detected, such as account creation without justification or at unusual times, which could indicate malicious behavior or attempted privilege escalation.<br/><br/>This report makes it easy to identify potential inappropriate activities related to user account management, allowing security teams to quickly investigate and act on any unauthorized access attempts or account misuse. Additionally, contributes to compliance with CMMC regulations by ensuring that events that may flag suspicious behavior within the organization are appropriately reviewed.', null, null, null, null, null, null, null, null, null, 501, true, 267, 'TEMPLATE', null, null, 'Windows Level 2 (AU.2.044): User Accounts Created', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (632, 'This report collects relevant information from the Windows logs generated by event 4733, which is triggered when a user is removed from a security group. This event is crucial to comply with CMMC control AU.2.043, which requires log review and correlation of events to detect inappropriate activities.<br/><br/>Analysis of this event allows us to identify when a user is removed from a security group, which could indicate changes in access privileges, either for legitimate reasons or due to possible malicious activity. Correlating this event with other system logs helps detect unusual patterns that could signal attempted privilege escalation or lateral movements within the network, helping to identify activities that could compromise system security.<br/><br/>This report contributes to compliance with CMMC regulations by providing visibility into changes in access configurations and helping to identify anomalous behavior that may be indicative of inappropriate actions.', null, null, null, null, null, null, null, null, null, 504, true, 321, 'TEMPLATE', null, null, 'Windows Level 2 (AU.2.043): Local Security Group Member Removal', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (755, 'This report compiles relevant information from the Windows logs generated by event 4720, which is triggered when a user account is created on the system. This event is essential to comply with CMMC control SI.2.216, which requires the detection of malicious code and effective response to malware infections.<br/><br/>Event 4720 provides details about the creation of new user accounts, which may be an indication of suspicious activity, such as the creation of unauthorized accounts by an attacker or malware. Some malware infections involve the creation of user accounts to facilitate persistent access to the compromised system.<br/><br/>This report helps identify the creation of unexpected or unauthorized user accounts, which may be a sign that the system has been compromised. By detecting these types of events early, security teams can quickly investigate the cause and take steps to mitigate any potential threats. Additionally, it contributes to CMMC compliance by ensuring that actions related to the creation of user accounts are appropriately monitored and managed to prevent potential malware infections.', null, null, null, null, null, null, null, null, null, 502, true, 267, 'TEMPLATE', null, null, 'Windows Level 2 (SI.2.216): User Accounts Created', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (765, 'This report compiles relevant information from the Windows logs generated by event 7038, which is activated when a service in the system changes state, whether started, stopped, or with an error in its execution. This event is crucial to comply with CMMC control SI.2.216, which requires detection of malicious code and appropriate response to malware infections.<br/><br/>Event 7038 can provide clues about the execution of services associated with possible malware infections, since certain malware can install or modify services to maintain its persistence in the system. By reviewing these events, you can identify services that should not be active or those that are exhibiting anomalous behavior that could be related to an infection.<br/><br/>This report allows detecting anomalies in the execution of services, which is an essential part of the response process for malware incidents. By monitoring these events, security teams can quickly identify any suspicious services that have been compromised and take necessary corrective actions, ensuring compliance with CMMC practices regarding protection and detection of malware-related threats.', null, null, null, null, null, null, null, null, null, 502, true, 342, 'TEMPLATE', null, null, 'Windows Level 2 (SI.2.216): Services Changes', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (766, 'This report collects relevant information from the Windows logs generated by event 4769, which is triggered when a Kerberos authentication request is successfully processed in the network environment. This event is critical to comply with CMMC control SI.3.219, which requires the implementation of network monitoring to detect attacks.<br/><br/>Event 4769 provides details about Kerberos service ticket requests. Monitoring these types of events is essential to identify unusual activities, such as attempts to exploit vulnerabilities in the Kerberos protocol, replay attacks, or lateral movement of attackers within the network.<br/><br/>This report allows you to detect suspicious behavior that could indicate unauthorized access or attempts to abuse privileges through the Kerberos protocol. Additionally, it facilitates the ability of security teams to investigate potential authentication-related incidents and prevent potential attacks before they compromise the organization''s sensitive systems, contributing to CMMC compliance and strengthening infrastructure protection.', null, null, null, null, null, null, null, null, null, 502, true, 343, 'TEMPLATE', null, null, 'Windows Level 3 (SI.3.219): Kerberos Service Ticket', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (768, 'This report compiles key information from the Windows logs generated by events 4688 and 4689, which are related to the creation of new processes and the termination of processes in the system. These events are essential to comply with CMMC control SI.5.223, which requires the use of advanced tools to improve detection capabilities on endpoints and detect suspicious or malicious behavior.<br/><br/>Event 4688 is triggered when a process is created on the system, providing details about the executable, the user who started the process, and the command line used. Event 4689, for its part, records when a process ends, which allows monitoring the activity of the processes in real time.<br/><br/>By reviewing these events, suspicious process execution, rogue applications, or malware activity can be detected, enabling rapid response to security incidents. Additionally, correlating these events with other system logs makes it easier to identify behavioral patterns that could signal an imminent threat.<br/><br/>This report is crucial to strengthening threat detection at the endpoint level, allowing security teams to identify and respond to malicious activity more effectively. Likewise, it contributes to CMMC compliance by improving monitoring and incident response capabilities, especially with respect to the execution and termination of processes in the organization''s systems.', null, null, null, null, null, null, null, null, null, 502, true, 345, 'TEMPLATE', null, null, 'Windows Level 5 (SI.5.223): Created and Terminated Processes', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (729, 'This report compiles key information from the Windows logs generated by event 4624, which is triggered when a user successfully logs on to a system. This event is crucial to comply with CMMC control AU.2.044, which requires review of audit logs to detect inappropriate behavior and unauthorized activities.<br/><br/>Event 4624 provides details about system logins. By analyzing and correlating these logs with other security events, you can identify unusual behavior patterns, such as access attempts at unusual times, access from unauthorized locations, or repeated login attempts.<br/><br/>This report helps detect inappropriate behavior or suspicious activities, such as unauthorized access attempts or improper access, and allows early corrective action to mitigate security risks. Additionally, it contributes to CMMC compliance by ensuring that audit logs are appropriately reviewed to identify any attempted exploitation or system compromise.', null, null, null, null, null, null, null, null, null, 501, true, 265, 'TEMPLATE', null, null, 'Windows Level 2 (AU.2.044): Account Logon Success', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (730, 'This report compiles relevant information from the Windows logs generated by event 4625, which is triggered when a login attempt to the system is unsuccessful. This event is critical to comply with CMMC control AU.2.044, which requires review of audit logs to detect inappropriate behavior and unauthorized activities.<br/><br/>Event 4625 provides key details about failed login attempts. By analyzing these events, patterns of failed access attempts can be identified that could indicate a brute force attack, an unauthorized access attempt, or the exploitation of compromised credentials.<br/><br/>This report makes it easy to detect suspicious behavior related to unauthorized access attempts, and by correlating this information with other system logs, security teams can identify trends that require a proactive response. Additionally, it contributes to CMMC compliance by ensuring adequate review and monitoring of audit events that may flag inappropriate or malicious activities.', null, null, null, null, null, null, null, null, null, 501, true, 266, 'TEMPLATE', null, null, 'Windows Level 2 (AU.2.044): Account Logon Failure', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (732, 'This report collects relevant information from the Windows logs generated by event 4648, which is triggered when a user account is used to log on to a system with explicit credentials, such as using network credentials or a service account. This event is crucial to comply with CMMC control AU.2.044, which requires review of audit logs to detect inappropriate behavior.<br/><br/>Event 4648 provides details about login attempts with explicit credentials. By reviewing these types of logs, it is possible to identify unusual access or authentication attempts that may be related to unauthorized or malicious activity.<br/><br/>This report allows security teams to identify suspicious patterns of behavior, such as login attempts at unusual times or from unusual locations, which could indicate a possible attack. Furthermore, by correlating these events with other logs related to access or activities in the system, the detection of security incidents and inappropriate behavior is facilitated.<br/><br/>In summary, this report is an important tool to ensure compliance with CMMC regulations, helping to detect inappropriate behavior and ensuring that audit logs are appropriately reviewed to protect organizational infrastructure.', null, null, null, null, null, null, null, null, null, 501, true, 281, 'TEMPLATE', null, null, 'Windows Level 2 (AU.2.044): Logins with explicit credentials', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (938, 'This report collects and analyzes AWS log events related to ListAccessKeys, with the objective of evaluating compliance with CMMC Level 4 control (AU.4.053), which requires the detection of anomalous user behavior using automated tools.<br/><br/>The ListAccessKeys event is used to list the access keys associated with an AWS account, which can be an indicator of suspicious activity or credential scanning attempts. Continuous monitoring of this event allows us to detect unusual access, identify possible account compromises and mitigate risks associated with exposed or misused credentials.<br/><br/>Analysis of these logs includes key information such as the user or role that executed the action, the source IP address, the service from which the request was made, and the frequency of these events. Correlation with automated behavioral analysis tools allows irregular patterns to be identified and alerts generated for potential threats, contributing to a proactive approach to cloud infrastructure security.', null, null, null, null, null, null, null, null, null, 501, true, 360, 'TEMPLATE', null, null, 'AWS Level 4 (AU.4.053): ListAccessKeys Logs', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (934, 'This report collects and analyzes relevant information from AWS logs about the DetachUserPolicy event, with the objective of verifying compliance with the Cybersecurity Maturity Model Certification (CMMC) Level 2 control (AU.2.044).<br/><br/>The DetachUserPolicy event is raised when a policy attached to a user is deleted in AWS IAM, which may indicate changes to access permissions. The periodic review of these events allows us to detect possible inappropriate activities, unauthorized access or incorrect security configurations that could compromise the integrity and security of the infrastructure.<br/><br/>The review of these records contributes to the strengthening of auditing and monitoring practices for the protection of sensitive information.', null, null, null, null, null, null, null, null, null, 501, true, 361, 'TEMPLATE', null, null, 'AWS Level 2 (AU.2.044): User Policies Removal', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (935, 'This report collects and analyzes AWS log events related to the ListUsers action in Amazon Cognito. Its purpose is to provide visibility into user listing requests within the environment, allowing unusual or potentially inappropriate behavior to be detected.<br/><br/>The report contributes to compliance with CMMC Level 2 (AU.2.044), which requires periodic review of audit logs to identify suspicious or unauthorized activities. By monitoring ListUsers events, you can detect unusual accesses, user enumeration attempts, or anomalous activity from unknown IP addresses.<br/><br/>The data includes key information that makes it easy to identify access patterns and implement corrective measures in case of suspicious activity.', null, null, null, null, null, null, null, null, null, 501, true, 362, 'TEMPLATE', null, null, 'AWS Level 2 (AU.2.044): User Listing Activity', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (937, 'This report collects and analyzes AWS log events related to DescribeInstances, with the objective of evaluating compliance with CMMC Level 3 control (AC.3.032), which requires monitoring and controlling remote access to sensitive systems.<br/><br/>The DescribeInstances event allows you to obtain information about EC2 instances in AWS, which could indicate attempts to enumerate resources within the infrastructure. Analyzing these events helps detect unusual access, identify suspicious usage patterns, and strengthen the security of your cloud environment.<br/><br/>The data presented includes key details. This information is essential to identify possible internal threats or unauthorized access attempts, allowing a proactive response to security risks.', null, null, null, null, null, null, null, null, null, 501, true, 363, 'TEMPLATE', null, null, 'AWS Level 3 (AC.3.032): Querying EC2 Instances', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (955, 'This report compiles and presents key information from the Windows event 4826 logs, focused on the modification of system security settings. Event 4826 is related to the loading of the "Boot Configuration Data" (BCD) and is crucial to detect any attempted changes to security settings that may compromise the integrity of the operating system, such as enabling or disabling advanced protection options.<br/><br/>This type of information is essential to comply with CMMC Level 4 (AU.4.052), which requires strengthening audit logs to support advanced threat detection. The report provides details on changes to configurations such as advanced options, access policies, and kernel and virtualization debugging settings, among others, helping to identify anomalous behavior and potential threats.<br/><br/>The analyzed logs and their corresponding alerts allow a better correlation of events and improve the response capacity to incidents related to unauthorized modifications to the system''s security, which is essential to improve the security posture in highly sensitive environments, such as those that handle CUI (Controlled Unclassified Information).', null, null, null, null, null, null, null, null, null, 513, true, 366, 'TEMPLATE', null, null, 'Windows Level 4 (AU.4.052): BitLocker Settings Modification Attempts', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (770, 'This report compiles relevant information from the Windows logs generated by event 4688, which is triggered when a new process is created on the system. This event is critical to comply with CMMC control CM.2.063, which requires monitoring of system changes to detect unauthorized or suspicious modifications.<br/><br/>Analysis of these logs can identify anomalous activities, such as the execution of unauthorized software, the launch of malicious scripts, or attempts to escalate privileges.<br/><br/>This report helps security teams track the creation of processes in the system, evaluate potential threats, and quickly respond to suspicious events. Additionally, its implementation contributes to CMMC compliance, ensuring that changes to the system are monitored and that potential risks are detected before compromising the integrity of the infrastructure.', null, null, null, null, null, null, null, null, null, 506, true, 284, 'TEMPLATE', null, null, 'Windows Level 2 (CM.2.063): Process Creation', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (521, 'This report focuses on the collection and analysis of event 4624 in the Windows logs, which is generated when a user successfully logs into the system. This event is essential for system access monitoring, as it provides important details about who is logged in, the origin of the login, and the type of authentication used.<br/><br/>The correct collection of these events is crucial for compliance with the CMMC (Cybersecurity Maturity Model Certification), specifically at Level 1 (SI.1.210), which requires identifying and correcting security vulnerabilities in a timely manner. Analysis of event 4624 can detect unusual patterns in logins, such as unauthorized access or access attempts from unexpected geographic locations or devices. These behaviors may be indicative of security breaches or intrusion attempts.<br/><br/>Additionally, collecting these events helps maintain a complete record of user activities, allowing you to audit access to sensitive information and meet security requirements established to protect the organization''s systems and data. Detecting unauthorized or anomalous access early allows for quick corrective action, such as revoking compromised credentials or implementing new access policies.<br/><br/>In summary, monitoring event 4624 is an essential part of the security management process to identify possible threats or configuration errors in system access, allowing the correction of vulnerabilities in a timely manner and reducing the risk of compromising the security infrastructure. ', null, null, null, null, null, null, null, null, null, 503, true, 265, 'TEMPLATE', null, null, 'Windows Level 1 (SI.1.210): Account Logon Success', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (557, 'This report gathers key information from the Windows logs generated by event 4625, which is triggered when a login attempt fails. This event is essential for compliance with CMMC AU.2.043, which requires log review and event correlation to detect inappropriate and unauthorized activities.<br/><br/>Event 4625 captures details of failed login attempts. Collecting these events allows for deep analysis of failed access attempts, which may indicate unauthorized access attempts, brute force attacks, or vulnerabilities in the authentication system.<br/><br/>By reviewing and correlating 4625 events with other security events on the system, this report helps identify unusual or suspicious patterns of behavior, such as multiple failed attempts in a short period of time. These activities could be indicative of an attempted security breach that, if not detected in time, could compromise the integrity of the systems.<br/><br/>Constant monitoring of 4625 events and their correlation with other critical events allows the organization to proactively respond to potential threats and take necessary steps to protect systems and sensitive information.', null, null, null, null, null, null, null, null, null, 504, true, 266, 'TEMPLATE', null, null, 'Windows Level 2 (AU.2.043): Account Logon Failure', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (522, 'Proper monitoring of 4625 events is a key component of CMMC (Cybersecurity Maturity Model Certification) compliance, specifically Level 1 (SI.1.210), which requires the identification and correction of security flaws in a timely manner. Analyzing these events allows you to identify patterns of failed access attempts and detect potential security gaps, such as weak passwords or the use of compromised credentials.<br/><br/>By identifying and logging all failed login attempts, additional security measures can be implemented, such as activating locks after multiple failed attempts or scanning users making failed attempts to detect compromised accounts. These logs also help evaluate the effectiveness of password security policies and other access controls.<br/><br/>In summary, the collection and analysis of event 4625 allows us to detect unauthorized access attempts early and correct security weaknesses that could be exploited by attackers. This monitoring helps meet CMMC''s goal of quickly and efficiently identifying and fixing security vulnerabilities, thereby protecting critical infrastructure and sensitive data.', null, null, null, null, null, null, null, null, null, 503, true, 266, 'TEMPLATE', null, null, 'Windows Level 1 (SI.1.210): Account Logon Failure', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (962, 'This report collects relevant information about security events identified with ID 5143 on Windows, which are generated when access rules are added or modified on shared resources.<br/><br/>The analysis of these events is essential to audit changes in the configuration of shared resource permissions on the network, ensuring that access is controlled and aligned with the organization''s security policies.<br/><br/>This monitoring is especially critical in the context of compliance with CMMC Level 3 (MP.3.123), since it allows verifying the adequate protection of the CUI (Controlled Unclassified Information) during its transport and preventing data loss by detecting changes in the access configuration to shared resources.', null, null, null, null, null, null, null, null, null, 514, true, 368, 'TEMPLATE', null, null, 'Windows Level 3 (MP.3.123): Shared Resource Modification', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (963, 'This report gathers relevant information from security events recorded with ID 4985 in Windows, which indicate that the state of a transaction has changed within the system. These events allow monitoring modifications in transactional processes that may be related to the management and protection of sensitive information.<br/><br/>In the context of CMMC Level 3 (MP.3.123) compliance, tracking these events is essential to ensure the protection of the CUI (Controlled Unclassified Information) during its transport and prevent data loss. Auditing changes to system transactions helps detect suspicious activity, improper access, or potential vulnerabilities in the manipulation of protected data.<br/><br/>Analysis of these events allows organizations to improve their security controls, detect unauthorized modifications and strengthen data protection in environments where classified or critical information is handled.', null, null, null, null, null, null, null, null, null, 514, true, 369, 'TEMPLATE', null, null, 'Windows Level 3 (MP.3.123): File System Transaction Status Changes', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (964, 'This report gathers relevant information from security events logged with ID 4658 in Windows, which indicate that an object handler has been closed on the system. These events are essential for tracking access and manipulation of sensitive resources, such as files, registry keys, and other system objects.<br/><br/>In the context of CMMC Level 3 compliance (MP.3.123), monitoring these events is key to protecting controlled unclassified information (CUI) during its transport and preventing data loss. Auditing these closures allows us to verify whether the data has been handled securely, detect possible unauthorized access and ensure that critical information has not been compromised.<br/><br/>The analysis of these events allows organizations to strengthen their security controls, guarantee the integrity of protected data and detect possible vulnerabilities in the access and manipulation of critical information.', null, null, null, null, null, null, null, null, null, 514, true, 370, 'TEMPLATE', null, null, 'Windows Level 3 (MP.3.123): Handle Closure in Security System', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (965, 'This report consolidates information from Windows events 6416, which record the recognition of new external devices in the system. Its monitoring is essential to ensure compliance with CMMC Level 3 (MP.3.123): Protect CUI during transport and prevent data loss, since the connection of unauthorized devices can represent a risk to information security.<br/><br/>The analysis of these events allows us to identify possible vulnerabilities and strengthen control measures to prevent the loss or exposure of Controlled Unclassified Information (CUI).', null, null, null, null, null, null, null, null, null, 514, true, 371, 'TEMPLATE', null, null, 'Windows Level 3 (MP.3.123): External Device Connection', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (969, 'This report collects and analyzes Windows Security Auditing ID 4672 (Special Privileges Assigned to New Logon) events, used to verify compliance with CMMC Level 3 (SC.3.177), which requires the implementation of cryptographic protections for Controlled Unclassified Information (CUI). Event 4672 is crucial because it indicates when an account is granted special administrative privileges upon login, which could include access to security settings, cryptographic keys, and encryption mechanisms for data in transit and at rest. Its analysis allows you to identify accounts with access to critical encryption operations, detect possible improper access or changes in encryption policies and correlate this event with other security logs, such as 5061 – Cryptographic Operation and 1102 – Audit Log Cleared, to identify attempts to manipulate encryption or audit evasion. This ensures the correct assignment and monitoring of administrative privileges in environments that manage CUI, helps prevent unauthorized access to cryptographic configurations, and allows effective auditing of critical events related to data security. In this way, this report contributes to strengthening the security posture and compliance with the requirements of CMMC Level 3 (SC.3.177), ensuring the confidentiality and integrity of the CUI.', null, null, null, null, null, null, null, null, null, 515, true, 278, 'TEMPLATE', null, null, 'Windows Level 3 (SC.3.177): Special privileges assigned to new logon', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (971, 'This report compiles relevant information from the logs of Windows Security Auditing event 4826 (Cryptographic operation performed), used to verify compliance with CMMC Level 4 (SC.4.229), which requires improving cryptographic protections using advanced tools. Event 4826 is triggered when a cryptographic operation is performed on the system, such as encryption, decryption, or validation of cryptographic signatures. This logging is essential to monitor the use and integrity of cryptography tools deployed in the environment, especially those that protect sensitive information, such as CUI (Controlled Unclassified Information). By analyzing these events, it can be verified that cryptographic operations are being carried out in accordance with established policies, ensuring that the cryptographic technologies and algorithms used are appropriate and that advanced tools are working correctly to protect data both at rest and in transit. In addition, it can be identified whether cryptographic operations are carried out properly, without vulnerabilities or poor configurations that could compromise the protection of confidential information.', null, null, null, null, null, null, null, null, null, 515, true, 366, 'TEMPLATE', null, null, 'Windows Level 4 (SC.4.229): BitLocker Settings Modification Attempts', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (975, 'This report consolidates and analyzes Windows log event ID 36874, generated by Schannel when a TLS connection attempt fails due to a lack of compatibility between the ciphers supported by the client and the server. The information collected is key to verify compliance with CMMC Level 3 control SC.3.177, which requires the implementation of cryptographic protections for controlled unclassified information (CUI). The analysis of these events makes it possible to identify failed TLS connection attempts, evaluating whether the encryption algorithms in use meet the required security standards, detect insecure configurations, such as the absence of modern protocols or the use of obsolete cipher suites, and verify the integrity of the communication channel, ensuring that information in transit is protected against unauthorized access and man-in-the-middle (MITM) attacks. This report is essential for the audit and optimization of cryptographic mechanisms in the organization, ensuring that the transmission of CUI is carried out under adequate security standards.', null, null, null, null, null, null, null, null, null, 515, true, 374, 'TEMPLATE', null, null, 'Windows Level 3 (SC.3.177): TLS protocol Errors', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (976, 'This report consolidates and analyzes Windows registry ID 5061 events generated when cryptographic operations are performed on the system, such as accessing, using, or modifying keys stored in security providers. The information collected is key to verify compliance with CMMC Level 4 control SC.4.229, which requires the improvement of cryptographic protections through advanced tools. This analysis allows monitoring the use of cryptographic keys, identifying unauthorized or unusual access that may compromise the security of the information, verifying the integrity and correct implementation of encryption algorithms in the system, ensuring that the keys used comply with the required security standards, and detecting possible attempts at exploitation or misuse of protected keys within the security environment. This report provides visibility into critical cryptographic operations, allowing you to defense strengthens against advanced threats and ensuring effective protection of controlled unclassified information (CUI).', null, null, null, null, null, null, null, null, null, 515, true, 375, 'TEMPLATE', null, null, 'Windows Level 4 (SC.4.229): Protected Files Decryption', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (977, 'This report presents an analysis of Windows activity logs to demonstrate that the SIEM monitors third-party risks, in compliance with CMMC requirements. Through the collection and analysis of logs, access, changes in privileges, process execution and data manipulation are monitored in systems that manage CUI.<br/><br/>Monitoring allows you to identify unauthorized access, detect suspicious activities and verify that third parties comply with established security policies. In addition, event triggering mechanisms and automatic alerts are implemented to respond to possible threats in real time.<br/><br/>This approach reinforces CMMC compliance, ensuring effective oversight of third parties and reducing the risks associated with their access to critical systems. The information presented demonstrates that the SIEM contributes to the protection of sensitive data and the strengthening of security in Windows environments.', null, null, null, null, null, null, null, null, null, 516, true, 376, 'TEMPLATE', null, null, 'Windows Activity Monitoring', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (978, 'This report presents a detailed analysis of the security events recorded by Bitdefender GravityZone in Windows environments, with the objective of demonstrating effective monitoring of third-party risks, in accordance with the requirements of the Cybersecurity Maturity Model Certification (CMMC).<br/><br/>Analysis includes detecting and monitoring unauthorized access, port scans, exploitation attempts, changes to security configurations, and other suspicious activity generated by users, devices, or third-party services interacting with critical systems. Key events related to real-time protection, firewalls, and intrusion prevention mechanisms are examined, providing visibility into external threats that could compromise information integrity.<br/><br/>Through the correlation of logs in the SIEM, a rapid response to anomalies is ensured and an audit history is generated that allows evaluating the effectiveness of the implemented controls. This report supports CMMC compliance by ensuring that third-party activities are continually monitored and alerts are triggered for any deviation from established security policies.', null, null, null, null, null, null, null, null, null, 516, true, 377, 'TEMPLATE', null, null, 'Bitdefender Activity Monitoring', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (979, 'This report demonstrates how the SIEM monitors and analyzes activity logs on Linux servers with the objective of monitoring risks associated with third parties, in compliance with CMMC guidelines. The events captured in the systems are presented, allowing the identification of accesses, changes in critical configurations, unusual activities and possible security threats.<br/><br/>Analyzing these logs can detect anomalous behavior, such as unauthorized access attempts, modifications to key files, and suspicious system activity. Likewise, relevant details are included such as the affected host, IP addresses involved, type of logged events, log messages and occurrence times, providing visibility into third-party activity in the Linux environment.<br/><br/>This monitoring is essential to ensure information security and compliance with CMMC controls, ensuring that third parties interacting with the systems are effectively monitored and that any suspicious activity is identified and managed in a timely manner.', null, null, null, null, null, null, null, null, null, 516, true, 378, 'TEMPLATE', null, null, 'Linux Activity Monitoring', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (980, 'This report presents a detailed analysis of firewall logs with the goal of demonstrating that the SIEM monitors third-party risks in Windows environments, meeting CMMC requirements. Key events such as incoming and outgoing network traffic, unauthorized access, suspicious DNS queries, and other security activities that may indicate potential threats are examined.<br/><br/>Through the collection and correlation of these logs, continuous surveillance of third-party connections is ensured, allowing early detection of anomalous behavior and the application of mitigation measures. Monitoring includes information about source and destination IP addresses, ports, protocols used, policies applied, and security events detected.<br/><br/>This monitoring contributes to the identification and reduction of risks associated with external suppliers and access to critical systems, aligning with the best cybersecurity practices established by the CMMC.', null, null, null, null, null, null, null, null, null, 516, true, 380, 'TEMPLATE', null, null, 'Firewall Activity Monitoring', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (981, 'This report aims to demonstrate that the security information and event management (SIEM) system effectively monitors user activities in Office 365, with an emphasis on identifying and mitigating risks associated with third parties. Through the analysis of the logs generated by Office 365, detailed information is recorded about the operations carried out, such as access to mailboxes, user activity and communications with external sources. Critical data, such as access IP addresses, actions taken (such as access to mail items), and validation of the operation (whether it was successful or not), allow comprehensive monitoring of third-party risks and verification that these accesses comply with established security policies.<br/><br/>Event monitoring in Office 365 aligns with CMMC (Cybersecurity Maturity Model Certification) practices, especially regarding external user access monitoring, authentication, and protection of sensitive data. This ensures that third party activities are recorded, analyzed and evaluated to meet critical data protection requirements, especially those related to access to CUI (Controlled Unclassified Information).', null, null, null, null, null, null, null, null, null, 516, true, 381, 'TEMPLATE', null, null, 'Office 365 Activity Monitoring', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (893, e'The Windows User Accounts Deleted Report provides detailed logs of events where user accounts are removed from the system. This report is critical for ensuring compliance with Real-Time Alerting and Monitoring within the Banking Audit framework, as account deletions can indicate unauthorized actions, insider threats, or security policy violations.<br/>	•	Regulatory Compliance: Aligns with the GLBA Safeguards Rule, ensuring visibility and oversight of account deletions to safeguard sensitive financial systems and customer data.<br/>	•	Access Control Monitoring: Supports compliance with PCI DSS Requirement 7, ensuring that user account deletions are logged and reviewed to prevent unauthorized actions.<br/>	•	Real-Time Alerting: Captures and notifies administrators immediately when accounts are deleted, enabling prompt investigation and response to potential threats.<br/>	•	Incident Detection: Identifies unauthorized or suspicious account deletions, which could indicate malicious intent, such as erasing traces of compromised accounts.<br/>	•	Audit Readiness: Tracks account deletions to ensure compliance with frameworks like SOC2 Type 2 and ISO 27001, demonstrating secure and accountable user management practices.', null, null, null, null, null, null, null, null, null, 701, true, 272, 'TEMPLATE', null, null, 'Windows User Accounts Deleted', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (864, e'The Windows Policy Changes Report provides detailed logs of modifications to system policies, such as group policies, security settings, and access controls. This report is critical within the Banking Audit framework, as it ensures accountability and compliance with regulatory standards for system configuration and access management.<br/>	•	Banking Regulations: Aligns with the GLBA Safeguards Rule, demonstrating oversight of policy changes to protect sensitive financial systems and customer data.<br/>	•	Configuration Management Compliance: Supports compliance with PCI DSS Requirement 10, which mandates monitoring of system component changes to detect unauthorized modifications.<br/>	•	Audit Readiness: Tracks policy changes, providing traceability for frameworks like SOC2 Type 2 and ISO 27001, ensuring accountability in maintaining secure configurations.<br/>	•	Incident Detection: Identifies unauthorized or suspicious changes to critical policies, which could indicate potential insider threats or attempts to weaken system security.<br/>	•	Data Protection: Ensures compliance with GDPR Article 32, demonstrating controls that restrict and monitor changes to system policies to prevent unauthorized access or breaches.', null, null, null, null, null, null, null, null, null, 701, true, 280, 'TEMPLATE', null, null, 'Windows Policy changes', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (885, e'The Windows Cleaned Event Log Report provides detailed logs of events where system event logs have been cleared. This report is critical for ensuring compliance with Real-Time Alerting and Monitoring within the Banking Audit framework, as log clearing can indicate attempts to hide malicious activity or compromise system integrity.<br/>	•	Regulatory Compliance: Aligns with the GLBA Safeguards Rule, ensuring oversight of log management activities to protect financial systems and sensitive data.<br/>	•	Real-Time Alerting: Captures and notifies administrators in real-time when event logs are cleared, enabling immediate investigation and response to potential incidents.<br/>	•	Incident Detection: Identifies unauthorized or suspicious log clearing activities, which could indicate insider threats or attempts to conceal malicious actions.<br/>	•	Audit Readiness: Provides traceability for log clearing events, ensuring compliance with frameworks like SOC2 Type 2 and ISO 27001, demonstrating secure log management practices.<br/>	•	Data Integrity Protection: Supports compliance with PCI DSS Requirement 10, ensuring that all log management activities, including clearing logs, are monitored and documented.', null, null, null, null, null, null, null, null, null, 701, true, 295, 'TEMPLATE', null, null, 'Windows Cleaned Event Log', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (881, e'The Windows Filtering Platform Report provides detailed insights into network traffic filtering events, including allowed and blocked connections, policy updates, and rule modifications. This report is critical for ensuring compliance with Real-Time Alerting and Monitoring within the Banking Audit framework by detecting unauthorized network activity and ensuring security policies are enforced.<br/>	•	Regulatory Compliance: Aligns with the GLBA Safeguards Rule, ensuring visibility and oversight of network activity to protect sensitive financial systems and customer data.<br/>	•	Network Security Monitoring: Supports compliance with PCI DSS Requirement 1, which mandates robust firewall and traffic filtering mechanisms to safeguard network environments.<br/>	•	Real-Time Detection: Captures and reports policy violations or suspicious traffic patterns in real-time, enabling immediate response to potential threats.<br/>	•	Incident Response: Identifies unauthorized changes to filtering policies or attempts to bypass security rules, ensuring a proactive approach to threat mitigation.<br/>	•	Audit Readiness: Provides traceability of filtering events, meeting requirements for frameworks like SOC2 Type 2 and ISO 27001, demonstrating robust monitoring of network security.', null, null, null, null, null, null, null, null, null, 701, true, 296, 'TEMPLATE', null, null, 'Windows Filtering Platform', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (891, e'The Windows Account Authentication Using NTLM Report provides detailed logs of authentication events involving NTLM (NT LAN Manager), including successful and failed attempts. This report is critical for ensuring compliance with Real-Time Alerting and Monitoring within the Banking Audit framework, as NTLM-based authentication can be a target for credential theft and relay attacks.<br/>	•	Regulatory Compliance: Aligns with the GLBA Safeguards Rule, ensuring visibility and oversight of NTLM authentication attempts to protect sensitive financial systems and customer data.<br/>	•	Authentication Monitoring: Supports compliance with PCI DSS Requirement 8, which mandates secure authentication practices and tracking of all login attempts.<br/>	•	Real-Time Alerting: Captures and alerts administrators of NTLM authentication failures or unusual patterns in real-time, enabling rapid response to potential security threats.<br/>	•	Incident Detection: Identifies suspicious activities such as NTLM relay attacks, brute force attempts, or compromised account usage.<br/>	•	Audit Readiness: Provides traceability for NTLM authentication events, ensuring compliance with frameworks like SOC2 Type 2 and ISO 27001, demonstrating secure access management practices.', null, null, null, null, null, null, null, null, null, 701, true, 301, 'TEMPLATE', null, null, ' Windows Account Authentication Using NTLM', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (657, '', null, null, null, null, null, null, null, null, null, 601, true, 266, 'TEMPLATE', null, null, 'Windows Account Logon Failure', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (901, e'The Windows Certificate Configuration Changes Report provides detailed logs of modifications to certificate stores, such as the addition, deletion, or modification of certificates or trust settings. This report is critical for ensuring compliance with Real-Time Alerting and Monitoring within the Banking Audit framework, as certificate changes can directly impact secure communication and trust relationships.<br/>	•	Regulatory Compliance: Aligns with the GLBA Safeguards Rule, ensuring oversight of certificate configuration changes to safeguard sensitive financial systems and customer data.<br/>	•	Security Monitoring: Supports compliance with PCI DSS Requirement 10, which mandates monitoring and logging of system configuration changes, including certificates.<br/>	•	Real-Time Alerting: Captures and notifies administrators immediately when certificate changes occur, enabling rapid response to potential threats.<br/>	•	Incident Detection: Identifies suspicious changes to certificates, such as unauthorized trust additions or the removal of critical certificates, which could indicate malicious activity.<br/>	•	Audit Readiness: Tracks all certificate-related changes, ensuring compliance with frameworks like SOC2 Type 2 and ISO 27001, demonstrating robust configuration management practices.', null, null, null, null, null, null, null, null, null, 701, true, 304, 'TEMPLATE', null, null, 'Windows Certificate Configuration Changes', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (905, e'The Windows Service Installed Report provides detailed logs of events where new services are installed on a system, including information about the service name, installation path, initiating user, and timestamp. This report is crucial for ensuring compliance with Real-Time Alerting and Monitoring within the Banking Audit framework, as unauthorized service installations can pose significant security risks.<br/>	•	Regulatory Compliance: Aligns with the GLBA Safeguards Rule, ensuring oversight of service installations to protect financial systems and sensitive customer data.<br/>	•	System Configuration Monitoring: Supports compliance with PCI DSS Requirement 10, ensuring that all system changes, including service installations, are logged and monitored.<br/>	•	Real-Time Alerting: Captures and alerts administrators immediately when a new service is installed, enabling rapid investigation and response to unauthorized or malicious activities.<br/>	•	Incident Detection: Identifies suspicious service installations that could indicate malware deployment, privilege escalation, or attempts to maintain unauthorized access.<br/>	•	Audit Readiness: Tracks all service installation events to ensure compliance with frameworks like SOC2 Type 2 and ISO 27001, demonstrating secure system configuration management.', null, null, null, null, null, null, null, null, null, 701, true, 305, 'TEMPLATE', null, null, 'Windows Service Installed', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (888, e'The Windows Special Privileges Assigned to New Logon Report provides a detailed record of logon events where special privileges, such as administrative or elevated rights, are assigned to users. This report is critical for ensuring compliance with Real-Time Alerting and Monitoring within the Banking Audit framework, as the misuse of special privileges can pose significant security risks.<br/>	•	Regulatory Compliance: Aligns with the GLBA Safeguards Rule, ensuring oversight of privilege assignment to protect financial systems and sensitive customer data.<br/>	•	Access Control Monitoring: Supports compliance with PCI DSS Requirement 7, ensuring that privileged access is restricted to authorized users and monitored for unauthorized assignments.<br/>	•	Real-Time Alerting: Captures and alerts administrators of special privilege assignments in real-time, enabling immediate action to mitigate risks.<br/>	•	Incident Detection: Identifies suspicious or unauthorized privilege assignments, which could indicate insider threats, privilege escalation, or account compromise.<br/>	•	Audit Readiness: Provides traceability of privileged logon events, ensuring compliance with frameworks like SOC2 Type 2 and ISO 27001, demonstrating robust access management.', null, null, null, null, null, null, null, null, null, 701, true, 278, 'TEMPLATE', null, null, 'Windows Special privileges assigned to new logon', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (838, e'The Windows Account Logon Success Report provides a comprehensive view of successful logon events, serving as a crucial tool for compliance within the Banking Audit framework. This report ensures alignment with security controls that manage and monitor user access, safeguarding sensitive financial information and meeting regulatory requirements.<br/>	•	Banking Regulations: Supports compliance with financial regulations, such as the Safeguards Rule under GLBA, by demonstrating a security program that protects customer data.<br/>	•	Access Control: Reinforces principles of access management by tracking and validating that only authorized users can access banking systems, aligning with PCI DSS Requirement 8.<br/>	•	Audit Readiness: Provides evidence for maintaining security and access control, essential for audits and adherence to standards like ISO 27001 and SOC2 Type 2, ensuring secure access is granted only to legitimate users.<br/>	•	Incident Detection and Prevention: Helps detect unauthorized access attempts by analyzing patterns of successful logons, thereby reducing the risk of data breaches.<br/>	•	Data Protection: Aligns with global frameworks such as GDPR Article 32, ensuring access to sensitive financial data is restricted to authorized individuals to prevent unauthorized data processing.<br/><br/>By centralizing and monitoring logon events, this report strengthens an organization’s ability to maintain cybersecurity resilience, protect financial systems, and achieve compliance with stringent banking audit requirements.', null, null, null, null, null, null, null, null, null, 703, true, 265, 'TEMPLATE', null, null, 'Windows Account Logon Success', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (839, e'The Windows Account Logon Failure Report provides a consolidated overview of failed logon attempts, playing a vital role in compliance within the Banking Audit framework. This report enables organizations to monitor, detect, and address unauthorized access attempts, ensuring the protection of sensitive financial systems and data.<br/>	•	Banking Regulations: Supports compliance with financial regulations, such as the Safeguards Rule under GLBA, by demonstrating measures to prevent unauthorized access to customer data.<br/>	•	Access Control: Tracks failed logon attempts to identify potential unauthorized access or brute force attacks, aligning with PCI DSS Requirement 10 for monitoring access control events.<br/>	•	Audit Readiness: Provides evidence of failed access attempts, contributing to the transparency required by standards like SOC2 Type 2 and ISO 27001, ensuring security incidents are logged and reviewed.<br/>	•	Incident Response: Enhances threat detection by identifying patterns of failed logon attempts, enabling organizations to respond to suspicious activity promptly.<br/>	•	Data Protection: Aligns with global frameworks such as GDPR Article 32, showcasing controls that prevent unauthorized access to financial systems, protecting sensitive customer data.<br/><br/>By centralizing data on logon failures, this report empowers organizations to enhance their security posture, reduce the risk of data breaches, and comply with stringent banking audit requirements.', null, null, null, null, null, null, null, null, null, 703, true, 266, 'TEMPLATE', null, null, 'Windows  Account Logon Failure', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (843, 'The Windows Policy Changes Report provides a comprehensive record of system policy modifications, including changes to group policies, security configurations, and access controls. This report is critical within the Banking Audit framework, ensuring traceability and compliance with regulatory requirements by monitoring configuration changes that could impact the security of financial systems.', null, null, null, null, null, null, null, null, null, 703, true, 280, 'TEMPLATE', null, null, 'Windows Policy changes', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (848, 'The Windows Access to Critical Files or Specific Directories Report provides detailed insights into access attempts—both successful and failed—on critical files and directories within the system. This report is a cornerstone for compliance within the Banking Audit framework, ensuring the protection of sensitive financial data and monitoring access to critical resources.', null, null, null, null, null, null, null, null, null, 703, true, 277, 'TEMPLATE', null, null, 'Windows Access to critical files or specific directories', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (850, e'The Windows Changes in Account Status Report provides a detailed record of all modifications to user account status, such as activations, deactivations, or lockouts. This report is critical within the Banking Audit framework to ensure compliance with access control policies and to protect sensitive financial systems.<br/>	•	Banking Regulations: Aligns with the GLBA Safeguards Rule, ensuring proper monitoring and control over account status changes to safeguard customer information.<br/>	•	Access Control Compliance: Supports compliance with PCI DSS Requirement 8, ensuring that account status changes are tracked, authorized, and appropriately managed.<br/>	•	Audit Readiness: Provides traceability for account status modifications, meeting the requirements of frameworks like SOC2 Type 2 and ISO 27001, ensuring secure account management.<br/>	•	Incident Detection: Identifies unauthorized or suspicious account status changes, such as unexpected activations or lockouts, which could indicate compromised accounts or insider threats.<br/>	•	Data Protection: Ensures compliance with GDPR Article 32, demonstrating controls to monitor and restrict unauthorized changes to account status that could expose sensitive financial data.', null, null, null, null, null, null, null, null, null, 703, true, 282, 'TEMPLATE', null, null, 'Windows Changes in account status', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (851, e'The Windows Kerberos Ticket Requests Report provides detailed records of Kerberos ticket requests, including Ticket Granting Ticket (TGT) and service ticket activities. This report is essential for ensuring compliance within the Banking Audit framework, as it helps monitor authentication activities and detect potential security risks.<br/>	•	Banking Regulations: Aligns with the GLBA Safeguards Rule, ensuring oversight of authentication processes to protect customer information and secure financial systems.<br/>	•	Authentication Compliance: Supports compliance with PCI DSS Requirement 8, demonstrating that strong authentication mechanisms like Kerberos are effectively managed and monitored.<br/>	•	Audit Readiness: Provides traceability of authentication events, meeting requirements for frameworks like SOC2 Type 2 and ISO 27001, ensuring secure credential management.<br/>	•	Incident Detection: Identifies suspicious or unauthorized Kerberos ticket requests, such as anomalies in TGT or service ticket usage, which could indicate compromised accounts or privilege escalation attempts.<br/>	•	Data Protection: Ensures compliance with GDPR Article 32, showcasing controls that restrict unauthorized access and secure sensitive data through proper authentication tracking.', null, null, null, null, null, null, null, null, null, 703, true, 283, 'TEMPLATE', null, null, 'Windows Kerberos ticket requests', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (917, e'The Windows Access to Critical Files or Specific Directories report provides detailed logs of events where users or processes access sensitive files or directories. This report is crucial for monitoring unauthorized access, ensuring compliance with security policies, and detecting potential threats to system integrity and data confidentiality.<br/>	•	Regulatory Compliance: Supports standards such as PCI DSS, HIPAA, and ISO 27001, by logging access to critical files and directories, ensuring adherence to data protection and access control requirements.<br/>	•	Sensitive Data Monitoring: Tracks access attempts to protected files or directories to ensure that only authorized users or processes can read, modify, or delete sensitive information.<br/>	•	Event Correlation: Links file and directory access events with user accounts, processes, and originating systems to build a comprehensive security and audit trail.<br/>	•	Real-Time Alerts: Sends immediate notifications for access attempts to critical files or directories, particularly for unauthorized users, allowing administrators to respond promptly to potential security incidents.<br/>	•	Incident Detection: Identifies suspicious activities, such as repeated access attempts by unauthorized accounts, which may indicate insider threats, malware, or misconfigurations.<br/>	•	Audit Readiness: Records detailed information about each access event, including the file or directory accessed, the user or process involved, the type of access (read, write, delete), and the timestamp, ensuring robust documentation for compliance and investigations.', null, null, null, null, null, null, null, null, null, 702, true, 277, 'TEMPLATE', null, null, 'Windows Access to critical files or specific directories', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (556, 'This report compiles relevant information from the Windows logs generated by event 4624, which is triggered when a user successfully logs into the system. This event is key to compliance with CMMC AU.2.043, which requires the review of logs and the correlation of events to detect inappropriate or unauthorized activities.<br/><br/>In this case, event 4624 provides details about successful login attempts to the systems, including the identity of the user, the origin of the session, the type of authentication used, and other relevant data. These events are essential for reviewing user activity and detecting access patterns that could indicate anomalous or suspicious behavior.<br/><br/>The report uses analysis tools to correlate login logs with other system security events, identifying potential inappropriate activity, such as unauthorized access or privilege escalation attempts. Continuous monitoring and correlation of these events allows the organization to quickly detect and respond to any suspicious activity, helping to strengthen the overall security posture.<br/><br/>This log review process is a critical part of access control and security event management, ensuring that only authorized users can access the organization''s systems and resources, while quickly identifying potential threats.', null, null, null, null, null, null, null, null, null, 504, true, 265, 'TEMPLATE', null, null, 'Windows Level 2 (AU.2.043): Account Logon Success', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (894, e'The Windows Restoration of Default Security Policies Report provides detailed logs of events where system security policies are reset to their default configurations. This report is critical for ensuring compliance with Real-Time Alerting and Monitoring within the Banking Audit framework, as such actions can impact the security posture and may indicate unauthorized changes or recovery efforts.<br/>	•	Regulatory Compliance: Aligns with the GLBA Safeguards Rule, ensuring oversight of policy restoration activities to safeguard sensitive financial systems and customer data.<br/>	•	System Integrity Monitoring: Supports compliance with PCI DSS Requirement 10, ensuring that changes to security policies, including restorations, are logged and monitored.<br/>	•	Real-Time Alerting: Captures and notifies administrators immediately when default security policies are restored, enabling rapid investigation and response.<br/>	•	Incident Detection: Identifies unauthorized or suspicious policy restorations, which could indicate an attempt to bypass hardened security configurations or revert critical controls.<br/>	•	Audit Readiness: Tracks all events of policy restoration, ensuring compliance with frameworks like SOC2 Type 2 and ISO 27001, demonstrating secure configuration management practices.', null, null, null, null, null, null, null, null, null, 701, true, 291, 'TEMPLATE', null, null, 'Windows Restoration of default security policies', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (852, e'The Windows Use of Elevated Privileges Report provides a comprehensive log of actions performed using elevated or administrative privileges. This report is critical for ensuring compliance within the Banking Audit framework, helping organizations monitor privileged user activities and safeguard sensitive financial systems.<br/>	•	Banking Regulations: Aligns with the GLBA Safeguards Rule, demonstrating oversight and control over the use of administrative privileges to protect customer data.<br/>	•	Access Control Compliance: Supports compliance with PCI DSS Requirement 7, ensuring that elevated privileges are restricted and monitored to prevent unauthorized access to critical resources.<br/>	•	Audit Readiness: Documents all privileged operations, meeting the requirements of frameworks like SOC2 Type 2 and ISO 27001, ensuring traceability and accountability for administrative actions.<br/>	•	Incident Detection: Identifies suspicious or unauthorized use of elevated privileges, such as privilege escalation or misuse of administrative accounts.<br/>	•	Data Protection: Ensures compliance with GDPR Article 32, showcasing controls to restrict and monitor access to sensitive data through elevated privileges.', null, null, null, null, null, null, null, null, null, 703, true, 286, 'TEMPLATE', null, null, 'Windows Use of Elevated Privileges', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (855, e'The Windows PowerShell Script Block Registration Report provides a detailed record of PowerShell script block execution and registration events. This report is essential for compliance within the Banking Audit framework, enabling organizations to monitor and control the use of scripting, which can be a common vector for cyber threats.<br/>	•	Banking Regulations: Aligns with the GLBA Safeguards Rule, ensuring oversight of scripting activities to protect financial systems and sensitive customer data.<br/>	•	Script Execution Monitoring: Supports compliance with PCI DSS Requirement 10, ensuring logging and monitoring of script activities to detect unauthorized or suspicious behavior.<br/>	•	Audit Readiness: Provides traceability for all script block registrations, meeting the requirements of frameworks like SOC2 Type 2 and ISO 27001, ensuring visibility into scripting activities.<br/>	•	Threat Detection: Identifies unauthorized or suspicious script execution, such as attempts to execute malicious scripts or escalate privileges via PowerShell.<br/>	•	Data Protection: Ensures compliance with GDPR Article 32, showcasing controls that restrict and monitor the execution of scripts to prevent unauthorized data access or manipulation.', null, null, null, null, null, null, null, null, null, 703, true, 288, 'TEMPLATE', null, null, 'Windows PowerShell Script Block Registration', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (844, 'The Windows User Accounts Created Report provides a detailed record of all user account creation events in the system. This report plays a vital role in ensuring compliance within the Banking Audit framework by monitoring and controlling user account management processes to protect sensitive financial systems.', null, null, null, null, null, null, null, null, null, 703, true, 267, 'TEMPLATE', null, null, 'Windows User Accounts Created', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (856, e'The Windows PowerShell Remote Session Creation Report provides a detailed log of remote PowerShell session creation events, including details about the initiating user, target system, and session activity. This report is critical within the Banking Audit framework, as PowerShell remote sessions can be used to manage systems but also pose significant security risks if misused.<br/>	•	Banking Regulations: Aligns with the GLBA Safeguards Rule, ensuring the monitoring of remote session activities to protect sensitive financial systems and customer data.<br/>	•	Access Control Compliance: Supports compliance with PCI DSS Requirement 8, ensuring secure authentication and access control for remote sessions.<br/>	•	Audit Readiness: Tracks remote PowerShell session creation events, providing traceability for frameworks like SOC2 Type 2 and ISO 27001, ensuring accountability in remote system management.<br/>	•	Threat Detection: Identifies unauthorized or suspicious remote session activity, which could indicate compromised accounts, insider threats, or lateral movement by attackers.<br/>	•	Data Protection: Ensures compliance with GDPR Article 32, demonstrating controls to monitor and restrict unauthorized remote access to systems handling sensitive financial data.', null, null, null, null, null, null, null, null, null, 703, true, 289, 'TEMPLATE', null, null, 'Windows PowerShell Remote Session Creation', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (861, e'The Windows Member Addition to a Security Local Group Report provides a comprehensive log of events where users or accounts are added to local security groups. This report is vital within the Banking Audit framework to monitor and control group membership changes, ensuring compliance with access management policies and protecting sensitive financial systems.<br/>	•	Banking Regulations: Aligns with the GLBA Safeguards Rule, ensuring oversight of group membership changes to safeguard financial data and prevent unauthorized access.<br/>	•	Access Control Compliance: Supports compliance with PCI DSS Requirement 7, which mandates restricting access to critical systems to authorized personnel through proper group membership management.<br/>	•	Audit Readiness: Tracks all member additions to local security groups, providing traceability for frameworks like SOC2 Type 2 and ISO 27001, ensuring secure and accountable access management.<br/>	•	Incident Detection: Identifies unauthorized or suspicious additions to privileged groups, such as the Administrators group, which could indicate potential insider threats or compromised accounts.<br/>	•	Data Protection: Ensures compliance with GDPR Article 32, showcasing controls to monitor and restrict group membership changes that could expose sensitive financial data to unauthorized users.', null, null, null, null, null, null, null, null, null, 703, true, 320, 'TEMPLATE', null, null, 'Windows Member Addition to a Security Local Group', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (921, e'The Windows Service Installed report provides detailed logs of events where new services are installed on a Windows system. This report is essential for monitoring system integrity, detecting unauthorized installations, and ensuring compliance with security and audit frameworks.<br/>	•	Regulatory Compliance: Supports frameworks like PCI DSS, ISO 27001, and SOC2, by documenting service installations to maintain a clear audit trail of system modifications.<br/>	•	System Integrity Monitoring: Tracks the installation of services to ensure that only authorized services are added, preventing potential malware or unnecessary services from compromising system performance or security.<br/>	•	Event Correlation: Links service installation events with administrative actions, user accounts, and originating systems to build a comprehensive audit trail for analysis.<br/>	•	Real-Time Alerts: Notifies administrators of new service installations, particularly those installed by unauthorized users or from suspicious sources, enabling timely response to potential threats.<br/>	•	Incident Detection: Identifies unusual service installations, such as those with obscure names, running from unexpected directories, or configured with excessive privileges, which may indicate malicious activity.<br/>	•	Audit Readiness: Logs detailed information for each service installed, including the service name, executable path, user or account responsible for the installation, and the timestamp, ensuring robust records for audits and investigations.<br/><br/>By monitoring and correlating Windows Service Installed events, this report strengthens system security, supports compliance with audit requirements, and provides actionable insights for threat detection and response.', null, null, null, null, null, null, null, null, null, 702, true, 305, 'TEMPLATE', null, null, 'Windows Service Installed', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (842, 'The Windows Cleaned Event Log Report provides a detailed record of actions where system event logs have been cleared. This report is critical within the Banking Audit framework, as it helps detect potential tampering with log integrity and supports regulatory compliance by monitoring log management activities.', null, null, null, null, null, null, null, null, null, 703, true, 295, 'TEMPLATE', null, null, 'Windows Cleaned Event Log', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (707, '', null, null, null, null, null, null, null, null, null, 604, true, 267, 'TEMPLATE', null, null, 'Windows User Accounts Created', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (708, '', null, null, null, null, null, null, null, null, null, 604, true, 272, 'TEMPLATE', null, null, 'Windows User Accounts Deleted', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (704, '', null, null, null, null, null, null, null, null, null, 604, true, 281, 'TEMPLATE', null, null, 'Windows Logins with explicit credentials', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (739, 'This report compiles relevant information from the Windows logs generated by event 4624, which is triggered when a user successfully logs into the system. This event is essential to comply with CMMC control AU.1.001, which requires retaining logs for basic review and ensuring that a proper audit of system access can be performed.<br/><br/>Event 4624 provides details about successful user login. This data is essential for maintaining a record of system access activities, allowing basic reviews to be performed to detect unauthorized access or unusual behavior.<br/><br/>This report helps ensure that login-related event logs are suitable for ongoing auditing, contributing to CMMC compliance and the ability to perform security reviews and analysis to protect the organization''s infrastructure.', null, null, null, null, null, null, null, null, null, 505, true, 265, 'TEMPLATE', null, null, 'Windows Level 1 (AU.1.001): Account Logon Success', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (920, e'The Windows Process Creation report provides detailed logs of events where new processes are created on a Windows system. This report is essential for monitoring system activities, detecting malicious behavior, and ensuring compliance with security frameworks.<br/>	•	Regulatory Compliance: Supports frameworks such as PCI DSS, ISO 27001, and SOC2, by logging process creation events to provide an auditable trail of system activities.<br/>	•	System Activity Monitoring: Tracks the creation of processes, ensuring that only legitimate applications and scripts are executed within the environment.<br/>	•	Event Correlation: Links process creation events with user accounts, parent processes, command-line arguments, and originating systems to build a comprehensive security audit trail.<br/>	•	Real-Time Alerts: Generates notifications for the creation of suspicious or unauthorized processes, allowing for rapid investigation and mitigation of potential threats.<br/>	•	Incident Detection: Identifies anomalies, such as the execution of processes from unusual locations, processes spawned by suspicious parents, or unexpected command-line arguments, which may indicate malware or privilege abuse.<br/>	•	Audit Readiness: Logs detailed information for each process creation, including the process name, parent process, user or account responsible, command-line arguments, and timestamp, ensuring robust records for compliance and investigations.', null, null, null, null, null, null, null, null, null, 702, true, 284, 'TEMPLATE', null, null, 'Windows Process Creation', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (922, e'The Windows Access to Shared Resources report provides detailed logs of events where users or systems access shared resources, such as files, folders, printers, or other network-shared assets on a Windows system. This report is essential for monitoring resource usage, detecting unauthorized access, and ensuring compliance with access control policies.<br/>	•	Regulatory Compliance: Supports frameworks such as PCI DSS, HIPAA, and ISO 27001, by documenting access to shared resources, ensuring adherence to data protection and resource management standards.<br/>	•	Resource Usage Monitoring: Tracks who accessed shared resources, when the access occurred, and the type of operations performed (read, write, delete, etc.), ensuring accountability and transparency.<br/>	•	Event Correlation: Links shared resource access events with user accounts, originating systems, and subsequent activities, providing a comprehensive audit trail for analysis.<br/>	•	Real-Time Alerts: Generates notifications for access attempts to critical shared resources, especially by unauthorized users or from untrusted systems, enabling immediate investigation.<br/>	•	Incident Detection: Identifies suspicious activities, such as repeated unauthorized access attempts, access from unusual locations, or unexpected operations on shared resources, which may indicate insider threats or compromised accounts.<br/>	•	Audit Readiness: Logs detailed information for each access event, including the resource accessed, the user or system performing the operation, the access type, and the timestamp, ensuring robust documentation for compliance and investigations.', null, null, null, null, null, null, null, null, null, 702, true, 285, 'TEMPLATE', null, null, 'Windows Access to Shared Resources', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (925, e'The Windows PowerShell Script Block Registration report provides detailed logs of events where PowerShell script blocks are registered for execution. This report is critical for monitoring the use of PowerShell, detecting potential security threats, and ensuring compliance with security policies and audit frameworks.<br/>	•	Regulatory Compliance: Supports frameworks such as PCI DSS, ISO 27001, and SOC2, by logging PowerShell script block executions to ensure adherence to access control and script execution policies.<br/>	•	PowerShell Activity Monitoring: Tracks all script blocks executed via PowerShell, ensuring visibility into administrative tasks, automation scripts, and potentially malicious activity.<br/>	•	Event Correlation: Links PowerShell script block registration events with user accounts, originating systems, and subsequent activities, providing a comprehensive audit trail.<br/>	•	Real-Time Alerts: Sends notifications for suspicious or unauthorized script block registrations, enabling rapid response to potential threats or misconfigurations.<br/>	•	Incident Detection: Identifies anomalies, such as obfuscated scripts, scripts executed with elevated privileges, or script blocks executed from unusual sources, which may indicate malware or insider threats.<br/>	•	Audit Readiness: Logs detailed information for each registered script block, including the script content (if available), the user or account responsible, the execution host, and the timestamp, ensuring robust documentation for compliance and investigations.', null, null, null, null, null, null, null, null, null, 702, true, 288, 'TEMPLATE', null, null, 'Windows PowerShell Script Block Registration', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (914, e'The Windows User Password Reset Attempt report provides detailed logs of events where a user password reset attempt is made within a Windows system. This report is critical for monitoring account security, detecting unauthorized password changes, and ensuring compliance with security frameworks.<br/>	•	Regulatory Compliance: Ensures alignment with standards such as PCI DSS, ISO 27001, and SOC2, by documenting all password reset attempts to maintain an auditable trail of account security events.<br/>	•	Account Security Monitoring: Tracks password reset attempts to ensure they are initiated through authorized processes and to identify potential misuse or unauthorized actions.<br/>	•	Event Correlation: Links password reset attempts with associated user accounts, originating machines, and administrative actions to create a comprehensive audit trail for security analysis.<br/>	•	Real-Time Alerts: Generates alerts for password reset attempts, especially for privileged or sensitive accounts, allowing administrators to respond to potential threats immediately.<br/>	•	Incident Detection: Identifies suspicious activities, such as repeated or unexpected password reset attempts, which may indicate brute force attacks, compromised accounts, or insider threats.<br/>	•	Audit Readiness: Logs detailed information about each password reset attempt, including the username, time of the attempt, originating IP address, and the user or process initiating the reset, ensuring comprehensive records for compliance and investigations.', null, null, null, null, null, null, null, null, null, 702, true, 294, 'TEMPLATE', null, null, 'Windows User Password Reset Attempt', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (929, e'The Windows Object Deletion report provides detailed logs of events where objects such as files, directories, registry keys, or other system resources are deleted. This report is crucial for tracking changes, detecting unauthorized actions, and ensuring compliance with security policies and audit frameworks.<br/>	•	Regulatory Compliance: Supports frameworks like PCI DSS, ISO 27001, and SOC2, by documenting deletion events to demonstrate proper governance and adherence to change management processes.<br/>	•	Object Management Monitoring: Tracks the deletion of critical objects, ensuring such actions are authorized and aligned with internal policies to protect data integrity and system reliability.<br/>	•	Event Correlation: Links deletion events to user accounts, originating systems, and preceding activities, providing a comprehensive audit trail for root cause analysis and compliance reporting.<br/>	•	Real-Time Alerts: Sends notifications for deletions of critical objects, enabling immediate investigation of unauthorized or suspicious activities.<br/>	•	Incident Detection: Identifies anomalies such as bulk deletions, deletions during off-hours, or removal of protected system objects, which may indicate malicious intent, insider threats, or operational errors.<br/>	•	Audit Readiness: Logs detailed information for each deletion event, including the object name, location, user or process initiating the deletion, and the timestamp, ensuring robust documentation for compliance and forensic investigations.', null, null, null, null, null, null, null, null, null, 702, true, 298, 'TEMPLATE', null, null, 'Windows Object Deletion', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (918, e'The Windows User Account Attributes Changes report provides detailed logs of events where attributes of user accounts, such as group memberships, permissions, or profile settings, are modified. This report is vital for monitoring changes to account configurations, detecting unauthorized modifications, and ensuring compliance with security and audit frameworks.<br/>	•	Regulatory Compliance: Aligns with standards like PCI DSS, ISO 27001, and SOC2, by maintaining an auditable trail of account attribute changes to support access control and security policies.<br/>	•	Account Management Monitoring: Tracks changes to user account attributes, ensuring they are performed through authorized administrative actions and comply with internal security policies.<br/>	•	Event Correlation: Links attribute change events with associated user accounts, administrative actions, and originating systems, providing a comprehensive security audit trail.<br/>	•	Real-Time Alerts: Sends notifications for critical attribute changes, such as updates to group memberships, privilege escalations, or security settings, enabling rapid incident response.<br/>	•	Incident Detection: Identifies suspicious or unauthorized modifications to account attributes, which may indicate insider threats, administrative errors, or malicious activities.<br/>	•	Audit Readiness: Logs detailed information, including the affected account, the specific attributes changed, the user or process initiating the change, and the timestamp, ensuring robust records for audits and investigations.', null, null, null, null, null, null, null, null, null, 702, true, 308, 'TEMPLATE', null, null, 'Windows User Account Attributes Changes', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (910, e'The Windows Account Logon Success report provides detailed records of events where a user account successfully authenticates on a Windows system. This report is essential for tracking login activities and correlating events across systems, enabling effective monitoring, detection of anomalies, and compliance with security frameworks.<br/>	•	Regulatory Compliance: Aligns with frameworks like GLBA, PCI DSS, and ISO 27001, ensuring that successful logon activities are logged and available for audits to demonstrate robust access control mechanisms.<br/>	•	User Activity Monitoring: Tracks successful logins to provide visibility into authorized access and helps identify unusual patterns, such as logins from unexpected locations or outside of normal business hours.<br/>	•	Event Correlation: Links logon events with subsequent system activities, such as file access, process creation, or privilege escalation, to establish a comprehensive security audit trail.<br/>	•	Real-Time Alerts: Captures successful logons in real-time and notifies administrators of activity from sensitive accounts or systems, enabling rapid incident response.<br/>	•	Incident Detection: Helps identify suspicious behavior, such as frequent logins from multiple IP addresses or use of compromised credentials, which could indicate an ongoing attack.<br/>	•	Audit Readiness: Provides detailed information on successful logons, including username, logon time, originating IP address, and authentication method, ensuring compliance with audit requirements.', null, null, null, null, null, null, null, null, null, 702, true, 265, 'TEMPLATE', null, null, 'Windows Account Logon Success', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (911, e'The Windows Account Logon Failure report provides detailed records of failed authentication attempts on a Windows system. This report is essential for identifying unauthorized access attempts, detecting suspicious activity, and maintaining compliance with security and audit frameworks.<br/>	•	Regulatory Compliance: Ensures alignment with standards like GLBA, PCI DSS, and ISO 27001, by tracking failed login attempts as part of a comprehensive audit trail for access controls.<br/>	•	Unauthorized Access Monitoring: Detects and records failed login attempts, providing visibility into potential brute-force attacks, use of invalid credentials, or attempts to access sensitive systems.<br/>	•	Event Correlation: Links failed login events with related activities, such as IP addresses, user accounts, or repeated attempts, to detect potential threat patterns or misconfigurations.<br/>	•	Real-Time Alerts: Captures failed logon attempts in real-time, triggering alerts for administrators when thresholds are met or when sensitive accounts are targeted, enabling rapid response.<br/>	•	Incident Detection: Identifies unusual or repeated failed attempts, such as those from unexpected locations or outside normal business hours, which may indicate a security threat or compromised account.<br/>	•	Audit Readiness: Documents all failed logon attempts with details such as username, logon type, originating IP, timestamp, and error codes, ensuring that comprehensive records are available for audits and investigations.', null, null, null, null, null, null, null, null, null, 702, true, 266, 'TEMPLATE', null, null, 'Windows Account Logon Failure', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (912, e'The Windows User Accounts Created report provides detailed logs of events where new user accounts are created on a Windows system. This report is crucial for tracking account creation activities, ensuring compliance with security standards, and detecting unauthorized account provisioning.<br/>	•	Regulatory Compliance: Ensures adherence to frameworks such as PCI DSS, ISO 27001, and SOC2, by maintaining records of all user account creation activities to support access control and audit requirements.<br/>	•	Account Management Monitoring: Tracks the creation of user accounts, allowing administrators to verify that accounts are provisioned through authorized processes and for legitimate purposes.<br/>	•	Event Correlation: Links user account creation events to administrative actions, IP addresses, and associated events (e.g., privilege escalations or group assignments) for a comprehensive audit trail.<br/>	•	Real-Time Alerts: Notifies administrators of new account creation in real-time, particularly for privileged accounts or accounts created outside of standard provisioning workflows.<br/>	•	Incident Detection: Helps identify unauthorized account creation, which could indicate insider threats, privilege misuse, or malicious activities such as backdoor account setups.<br/>	•	Audit Readiness: Logs all details of account creation events, including the account name, creation time, associated user or process, and originating machine, ensuring robust records for audits and investigations.', null, null, null, null, null, null, null, null, null, 702, true, 267, 'TEMPLATE', null, null, 'Windows User Accounts Created', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (530, 'This report compiles relevant information about event 4726 in the Windows logs, which is generated when a user account is deleted from the system. Deleting user accounts is a critical action that can be related to both legitimate account management and malicious behavior or insider attacks.<br/><br/>In the context of CMMC Level 3 (SI.3.217), monitoring event 4726 is crucial to identify any suspicious activity that may indicate an attack or system tampering. An attacker who has gained elevated privileges could delete user accounts to hide their tracks or prevent administrators from accessing certain resources or identifying their actions.<br/><br/>Analysis of this event helps detect unauthorized actions in the system, such as the deletion of accounts that have not been properly managed or that do not comply with internal security policies. Additionally, it can identify unusual patterns, such as deleting user accounts at atypical times or locations, which could be indicative of internal attacks or external malicious activity.<br/><br/>Collecting and monitoring these events contributes to meeting CMMC requirements by allowing early detection of potential attacks that could be focused on disrupting system security through unauthorized deletion of user accounts.', null, null, null, null, null, null, null, null, null, 503, true, 272, 'TEMPLATE', null, null, 'Windows Level 3 (SI.3.217): User Accounts Deleted', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (480, 'This report compiles the Windows log event 4726 logs, which document the deletion of user accounts on the system. The extracted information is key to verify compliance with CMMC''s Level 2 (AC.2.007) Access Control and Authentication policy, which requires the implementation of role-based access controls (RBAC). This principle ensures that only users with specific roles have access to necessary resources. <br/><br/>The report includes important details such as the identities of the deleted accounts, the date and time of deletion, and the user or system that executed the action. The analysis of these events ensures that accounts are deleted in a controlled manner and in accordance with established security policies, helping to maintain an IT environment free of unauthorized access and appropriately managing permissions according to the needs of each role.', null, null, null, null, null, null, null, null, null, 510, true, 272, 'TEMPLATE', null, null, 'Windows Level 2 (AC.2.007): User Accounts Deleted', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (788, 'This report compiles relevant information from the Windows logs generated by event 4624, which is triggered when a user logs on to the system. The event is especially important when it comes to logging in with elevated privileges, such as an administrator, and is key to complying with CMMC Level 3 control AC.3.027, which requires monitoring and restricting the use of privileged access.<br/><br/>Event 4624 provides details on successful login attempts, and in particular, those involving privileged accounts. This information allows us to identify users who access systems with elevated privileges and whether such access is being used appropriately.<br/><br/>Monitoring this access is essential to ensure that elevated accounts are used only by authorized users and for the specific tasks for which they have been assigned such access. Additionally, information from 4624 events helps detect anomalous or potentially dangerous behavior that could indicate abuse of privileges, unauthorized access, or malicious movements within the infrastructure.<br/><br/>This report supports security teams in the implementation of access controls and privilege management, thus contributing to the prevention of possible security incidents. In doing so, it reinforces compliance with CMMC Level 3 control AC.3.027, ensuring that privileged access is strictly controlled, monitored and restricted according to the operational and security needs of the organization.', null, null, null, null, null, null, null, null, null, 508, true, 265, 'TEMPLATE', null, null, 'Windows Level 3 (AC.3.027): Account Logon Success', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (789, 'This report compiles relevant information from the Windows logs generated by event 4625, which is triggered when a login attempt is rejected due to incorrect credentials or unauthorized access. This event is crucial for compliance with CMMC Level 3 control AC.3.027, which requires monitoring and restricting the use of privileged access.<br/><br/>Event 4625 provides details about failed login attempts, including those involving privileged accounts. Monitoring these events is essential to detect unauthorized access attempts to critical systems, especially those seeking to gain elevated privileges, such as administrator privileges. Additionally, this type of information is useful for identifying patterns of behavior that could indicate malicious activity, such as brute force attacks or credential exploitation attempts.<br/><br/>This report helps organizations track failed access attempts to privileged accounts, enabling alerts and corrective actions to be implemented in the event of suspicious activity or security policy violations. Thus, it helps restrict privileged access only to authorized users and ensures that preventive measures are taken to prevent abuse of such privileges.<br/><br/>The report also plays an important role in improving security posture by identifying potential access gaps before attackers can exploit them. It directly contributes to compliance with control AC.3.027 of CMMC Level 3, strengthening the monitoring and control mechanisms of privileged access within the organization.', null, null, null, null, null, null, null, null, null, 508, true, 266, 'TEMPLATE', null, null, 'Windows Level 3 (AC.3.027): Account Logon Failure', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (800, 'This report compiles relevant information from the Windows logs generated by event 4720, which is triggered when a new user account is created on the system. This event is essential for compliance with CMMC Level 3 control SI.3.219, which requires the implementation of endpoint monitoring for malware detection.<br/><br/>Event 4720 provides details about the creation of new user accounts, which is an important event to detect unauthorized changes or malicious activities on the system. The creation of unauthorized user accounts could be a sign that a malicious actor has compromised a system and is attempting to gain additional access with elevated privileges, which could make it easier to spread malware or execute attacks.<br/><br/>Monitoring these events allows security teams to quickly identify the creation of unusual or unexpected user accounts, which is key to detecting the presence of malicious actors. This type of surveillance is essential to prevent unauthorized user accounts from being used to spread malware or make lateral movements within the organization''s infrastructure.<br/><br/>This report supports security by providing visibility into changes to user accounts, allowing administrators to investigate any suspicious activity and quickly take corrective action. Additionally, it contributes to compliance with CMMC Level 3 control SI.3.219 by ensuring endpoint monitoring tools are properly deployed to detect and mitigate malware threats before they cause harm.', null, null, null, null, null, null, null, null, null, 507, true, 267, 'TEMPLATE', null, null, 'Windows Level 3 (SI.3.219): User Accounts Created', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (813, 'This report compiles relevant information from the Windows logs generated by event 4624, which is triggered when a user logs on to the system. This event is critical to compliance with CMMC Level 1 control AU.1.001, which requires capturing audit logs for review.<br/><br/>Event 4624 provides details about successful login attempts to the system. These logs are essential to track user activities on the system and to identify unauthorized or unusual access.<br/><br/>Collecting and reviewing logs from this event is crucial to comply with security audit policies and ensure system accesses are appropriately monitored. Analysis of 4624 events can detect anomalous behavior patterns, which may indicate unauthorized access attempts or potential security breaches.<br/><br/>This report contributes to the implementation of appropriate audit practices, facilitating the capture and review of relevant user activity records, in accordance with CMMC Level 1 regulations. Additionally, it reinforces the ability of security teams to identify and correct vulnerabilities related to access to systems, helping to maintain the integrity and availability of data.', null, null, null, null, null, null, null, null, null, 509, true, 265, 'TEMPLATE', null, null, 'Windows Level 1 (AC.1.001): Account Logon Success', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (816, 'This report collects relevant information from the Windows logs generated by event 4720, which is triggered when a new user account is created on the system. This event is critical to compliance with CMMC Level 1 control AU.1.001, which requires capturing audit logs for review.<br/><br/>Event 4720 provides details on creating user accounts. This information is essential to maintaining control over account management in the system, allowing security teams to verify that accounts are being created in an authorized manner and in accordance with the organization''s access policies.<br/><br/>Monitoring the creation of user accounts is vital to identify unauthorized changes to the system, such as the creation of malicious or elevated accounts without proper approval. Additionally, by recording this information, organizations can conduct audits and review user accounts to ensure they are aligned with roles and operational needs.<br/><br/>This report helps ensure that complete and accurate audit logs are maintained for every action related to the creation of user accounts, contributing to effective infrastructure security management and compliance with CMMC Level 1 control AU.1.001.', null, null, null, null, null, null, null, null, null, 509, true, 267, 'TEMPLATE', null, null, 'Windows Level 1 (AC.1.001): User Accounts Created', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (610, 'This report compiles relevant information from Windows logs associated with Account Manipulation, Domain Policy Modification, Impair Defenses, and Account Access Removal alerts, which are key events for the detection and prevention of privilege escalation in the IT environment. This information is used to verify compliance with CMMC Level 4 control AC.4.028, which requires automation of privilege escalation detection.<br/><br/>Account Manipulation events include activities such as modifying user accounts, assigning roles and privileges, which may indicate attempts to gain elevated access in an unauthorized manner. Domain Policy Modification alerts reflect changes to domain policies that could allow privilege escalation at the network level, and Impair Defenses alerts detect modifications that affect security measures implemented to protect the system. Finally, Account Access Removal alerts record attempts to remove account access, which may be a sign of an attempt to cover the tracks of an attack.<br/><br/>Monitoring these events helps identify anomalous patterns or suspicious actions related to unauthorized elevation of privileges, which is crucial to preventing unauthorized access and potential security compromises. Automating the detection of these events ensures a faster and more accurate response to any attempted privilege escalation, minimizing the risk that an attacker can gain access to critical resources without being detected.<br/><br/>This report contributes significantly to compliance with AC.4.028 by providing a centralized, automated view of key events related to privilege escalation. By automating detection, you strengthen your organization''s security posture, enabling you to efficiently detect and mitigate privilege escalation attacks before they severely impact sensitive data and infrastructure.', null, null, null, null, null, null, null, null, null, 510, true, 244, 'TEMPLATE', null, null, 'AWS Level 4 (AC.4.021): Alerts', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (737, 'This report compiles relevant information from the Windows logs generated by event 4672, which is triggered when a user gains elevated privileges, such as administrator, through an interactive or remote login. This event is crucial to comply with CMMC control AC.3.032, which requires monitoring and controlling remote access to sensitive systems to prevent misuse of elevated privileges.<br/><br/>Event 4672 provides key details about logging in for elevated users. Monitoring these events helps identify the use of elevated accounts in remote sessions, helping ensure that only authorized users access critical or sensitive systems.<br/><br/>This report is essential to control remote access to sensitive resources, ensuring that access is appropriate and authorized. Additionally, it contributes to CMMC compliance by strengthening security policies to protect sensitive systems from unauthorized access.', null, null, null, null, null, null, null, null, null, 501, true, 278, 'TEMPLATE', null, null, 'Windows Level 3 (AC.3.032): Special privileges assigned to new logon', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (942, 'This report consolidates relevant information from the Windows event 4624 logs to evaluate compliance with the CMMC Level 1 requirement (AU.1.001), which requires the capture of basic security events. By recording successful logins, these logs provide evidence of activity in the system, allowing the organization to maintain access traceability and strengthen its monitoring and incident response capabilities. The collection and analysis of these logs contributes to the early detection of threats, facilitating audits and ensuring compliance with established security controls.', null, null, null, null, null, null, null, null, null, 513, true, 265, 'TEMPLATE', null, null, 'Windows Level 1 (AU.1.001): Account Logon Success', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (943, 'This report compiles relevant information from the logs of Windows event 4625, which is activated in cases of failed login attempts, to verify compliance with the Level 1 requirement (AU.1.001) of CMMC. This event is critical to detecting and documenting unauthorized or failed access attempts to systems, providing an additional layer of monitoring on the organization''s systems. Through the capture of these logs, traceability and visibility of possible threats is ensured, which allows preventive or corrective measures to be taken against possible intrusion attempts, and supports compliance with the basic security controls required by CMMC.', null, null, null, null, null, null, null, null, null, 513, true, 266, 'TEMPLATE', null, null, 'Windows Level 1 (AU.1.001): Account Logon Failure', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (611, 'This report compiles relevant information from AWS logs related to activity by user and event type, providing visibility into actions taken on cloud infrastructure. This monitoring is essential to comply with CMMC Level 2 control AU.2.042, which requires ensuring the collection of logs for the detection and analysis of security events.<br/><br/>Activity logs by user and event in AWS include detailed information about actions performed on cloud services, such as logins, configuration modifications, permission changes, resource accesses, and other critical operations. These logs help identify suspicious activities, unauthorized access attempts, or configurations that could compromise the security of your environment.<br/><br/>By capturing and analyzing these events, organizations can detect anomalous patterns, correlate potentially malicious activities, and proactively respond to security incidents. Additionally, the retention and ongoing analysis of these logs is key to conducting forensic audits and ensuring compliance with established security policies.<br/><br/>This report facilitates compliance with CMMC Level 2 control AU.2.042 by ensuring the effective collection and monitoring of security events in AWS. In this way, incident response capacity is improved, the traceability of actions within the cloud environment is reinforced, and the integrity and security of the organization''s critical systems and data is guaranteed.', null, null, null, null, null, null, null, null, null, 511, true, 239, 'TEMPLATE', null, null, 'AWS Level 2 (AU.2.042): Activity By User and Event', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (612, 'This report compiles relevant information from AWS logs related to events in the cloud, providing visibility into the activity in the infrastructure and the services used. This monitoring is essential to comply with CMMC Level 2 control AU.2.042, which requires ensuring the collection of logs for the detection and analysis of security events.<br/><br/>Cloud logs include events generated by users and services within AWS, such as accesses, configuration modifications, permission changes, resource usage, and other critical activities. These logs, obtained through services such as AWS CloudTrail, AWS Config, AWS CloudWatch, and AWS Security Hub, allow organizations to track events and detect potential threats or unauthorized activity.<br/><br/>The analysis of these events contributes to strengthening the security of the environment by allowing the identification of anomalous patterns, the correlation of incidents and the performance of forensic audits. Additionally, it facilitates compliance with security regulations and standards by ensuring the traceability and availability of records for security investigations.<br/><br/>This report supports the implementation of effective monitoring controls in AWS, ensuring that logs are collected and used to detect and analyze security events, in compliance with CMMC Level 2 control AU.2.042.', null, null, null, null, null, null, null, null, null, 511, true, 227, 'TEMPLATE', null, null, 'AWS Level 2 (AU.2.042): Cloud', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (952, 'This report compiles relevant information from the logs of Windows event 4720, which is generated when a new user account is created on the system. This event is critical to verify compliance with CMMC''s Level 3 requirement (AU.3.045), which requires auditing of critical events for compliance and incident response. Monitoring the creation of user accounts allows us to detect possible malicious activities, unauthorized access or improper configurations that may compromise the security of the environment. By analyzing these logs, organizations can strengthen their access controls, improve visibility into infrastructure changes, and ensure the protection of sensitive information.', null, null, null, null, null, null, null, null, null, 513, true, 267, 'TEMPLATE', null, null, 'Windows Level 3 (AU.3.045): User Accounts Created', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (940, 'This report compiles relevant information from Threat Intelligence activity logs used to improve incident response, aligning with compliance with CMMC''s Level 3 requirement (IR.3.098). It contains details on the indicators of attack (IOCs) identified, the analysis methods applied and how this data was used to optimize incident responses. The report allows us to evaluate how threat indicators are integrated into incident response operations, strengthening the ability to detect and mitigate cybersecurity risks.', null, null, null, null, null, null, null, null, null, 512, true, 252, 'TEMPLATE', null, null, 'Windows Level 3 (IR.3.098): Threat Intelligence Activity', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (970, 'This report gathers relevant information from the logs of Windows Security Auditing event 5145 (A network share object was accessed), used to verify compliance with CMMC Level 4 (SC.4.229), which requires the improvement of cryptographic protections through advanced tools. Event 5145 is triggered when a shared object is accessed on the network, and its analysis allows monitoring how sensitive data is protected and accessed, especially those protected by cryptographic mechanisms. This type of access is crucial to verify if information, including CUI, is properly handled with encryption both at rest and in transit, using advanced tools that ensure the confidentiality and integrity of the data. <br/><br/>This report helps identify unauthorized access, potential vulnerabilities in encryption tools, and ensures that cryptographic policies are properly enforced and verified in environments that handle critical information.', null, null, null, null, null, null, null, null, null, 515, true, 275, 'TEMPLATE', null, null, 'Windows Level 4 (SC.4.229): Access to shared resource', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (734, 'This report compiles relevant information from the Windows logs generated by event 4726, which is triggered when a user account is disabled on the system. This event is essential to comply with CMMC control AU.2.044, which requires review of audit logs for inappropriate or suspicious behavior.<br/><br/>Event 4726 provides details about deactivating user accounts. By reviewing and correlating this data with other activity logs, patterns can be identified that suggest unusual behavior, such as account disabling without justification or at unusual times, which could indicate attempts to hide malicious activity or compromise system security. .<br/><br/>This report is useful for detecting suspicious activities related to user account management, allowing security teams to take quick action to investigate and mitigate potential risks. Additionally, contributes to compliance with CMMC regulations by ensuring that appropriate review is conducted of events that may indicate inappropriate behavior within the organization.', null, null, null, null, null, null, null, null, null, 501, true, 272, 'TEMPLATE', null, null, 'Windows Level 2 (AU.2.044): User Accounts Deleted', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (923, e'The Windows User Accounts Deleted report provides detailed logs of events where user accounts are removed from a Windows system. This report is critical for tracking account management activities, detecting unauthorized deletions, and ensuring compliance with security frameworks and audit requirements.<br/>	•	Regulatory Compliance: Supports frameworks like PCI DSS, ISO 27001, and SOC2, by maintaining a record of user account deletions to demonstrate proper management of identity and access controls.<br/>	•	Account Management Monitoring: Tracks the deletion of user accounts, ensuring that such actions are authorized, justified, and performed in alignment with internal policies.<br/>	•	Event Correlation: Links account deletion events with administrative actions, user accounts, and originating systems, creating a comprehensive audit trail for analysis.<br/>	•	Real-Time Alerts: Sends immediate notifications when user accounts are deleted, particularly for privileged or critical accounts, enabling quick investigation of potential threats.<br/>	•	Incident Detection: Identifies suspicious account deletions, such as removal of high-privilege accounts or bulk deletions, which may indicate insider threats, malicious activity, or administrative errors.<br/>	•	Audit Readiness: Logs detailed information for each deletion, including the account deleted, the user or process responsible, the originating machine, and the timestamp, ensuring robust records for compliance and investigations.', null, null, null, null, null, null, null, null, null, 702, true, 272, 'TEMPLATE', null, null, 'Windows User Accounts Deleted', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (846, 'The Windows User Accounts Deleted Report provides a detailed record of all user account deletion events within the system. This report is critical for maintaining accountability and ensuring compliance within the Banking Audit framework, as it helps monitor access control changes and detect potential security risks.', null, null, null, null, null, null, null, null, null, 703, true, 272, 'TEMPLATE', null, null, 'Windows User Accounts Deleted ', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (569, 'This report compiles relevant information from the Windows logs generated by event 4726, which is recorded when a user account is deleted from the system. This event is critical to comply with CMMC control AU.4.054, which requires the implementation of advanced event correlation to detect evolving threats.<br/><br/>Event 4726 allows you to monitor account deletions, which can be an indicator of suspicious activity, such as attempts to hide traces of unauthorized access or malicious deletion of critical accounts. By correlating this event with other security logs, such as privilege changes, unusual access, or security policy modifications, patterns can be identified that indicate ongoing malicious activity.<br/><br/>This report facilitates the detection of advanced threats by providing visibility into changes in user account management, allowing a proactive response to potential security incidents. Additionally, it reinforces CMMC compliance by ensuring advanced monitoring and effective correlation of critical events within the system.', null, null, null, null, null, null, null, null, null, 504, true, 272, 'TEMPLATE', null, null, 'Windows Level 4 (AU.4.054): User Accounts Deleted', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (960, 'This report compiles relevant information from the Windows event 4663 and 4656 logs, which are used to track access and actions performed on protected objects on the system, such as files and folders. Event 4663 records actions performed on specific objects, such as reading, writing or deleting files, while event 4656 captures when an access attempt is made to a protected object, detailing the type of access requested and the success or failure of that attempt.<br/><br/>These events are essential to verify compliance with CMMC Level 3 (MP.3.123): Protect CUI during transport and prevent data loss, as they provide visibility into how users interact with sensitive data (CUI) and if there are attempts to access or manipulate it without proper authorization. By analyzing these logs, you can ensure that data in transit is protected, preventing loss, unauthorized access or alteration during handling and transportation. In addition, they allow us to identify possible security breaches that could put the confidentiality and integrity of the CUI at risk.', null, null, null, null, null, null, null, null, null, 514, true, 273, 'TEMPLATE', null, null, 'Windows Level 3 (MP.3.123): Attempt to Access a Protected Object', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (884, e'The Windows Attempt to Access a Protected Object Report provides a detailed log of both successful and failed attempts to access protected objects, such as files, directories, or system components. This report is critical for ensuring compliance with Real-Time Alerting and Monitoring within the Banking Audit framework by tracking access to sensitive resources and enforcing security policies.<br/>	•	Regulatory Compliance: Aligns with the GLBA Safeguards Rule, ensuring oversight of access attempts to safeguard financial systems and customer data.<br/>	•	Access Control Monitoring: Supports compliance with PCI DSS Requirement 10, which mandates logging and monitoring of access to critical resources to detect unauthorized activities.<br/>	•	Real-Time Alerting: Captures and notifies of unauthorized or suspicious access attempts in real-time, enabling immediate response to potential threats.<br/>	•	Incident Detection: Identifies patterns of unauthorized access, such as brute force attacks or privilege escalation attempts, which could indicate security breaches.<br/>	•	Audit Readiness: Provides traceability of access attempts to ensure accountability and compliance with frameworks like SOC2 Type 2 and ISO 27001.', null, null, null, null, null, null, null, null, null, 701, true, 273, 'TEMPLATE', null, null, 'Windows Attempt to Access a Protected Object', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (675, '', null, null, null, null, null, null, null, null, null, 601, true, 273, 'TEMPLATE', null, null, 'Windows Attempt to Access a Protected Object', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (801, 'This report compiles relevant information from the Windows logs generated by event 4726, which is triggered when a user account is deleted from the system. This event is crucial for compliance with CMMC Level 3 control SI.3.219, which requires the implementation of endpoint monitoring for malware detection.<br/><br/>Event 4726 provides details about deleting user accounts, which is an important activity to identify suspicious or malicious behavior on the system. Deleting user accounts without proper authorization could be an indication that a malicious actor has compromised the infrastructure and is attempting to remove traces of their activity or restrict access to legitimate users, which could facilitate the spread of malware or interfere with incident response capacity.<br/><br/>Monitoring user account deletion can detect unusual activities that could be related to malicious manipulation of system settings. This visibility is essential to prevent account deletion from being used as a tactic to destabilize the organization''s security or to hide evidence of the presence of malware.<br/><br/>This report helps security teams maintain tight control over user accounts, ensuring deletion processes are legitimate and properly managed. Additionally, it contributes to compliance with CMMC Level 3 control SI.3.219, ensuring that endpoint monitoring is properly configured to effectively detect and mitigate potential malware threats.', null, null, null, null, null, null, null, null, null, 507, true, 272, 'TEMPLATE', null, null, 'Windows Level 3 (SI.3.219): User Accounts Deleted', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (548, 'This report gathers relevant information from the Windows logs corresponding to event 4670, which is triggered when the permissions of a security object, such as a file or folder, are modified. This type of event is key to detecting changes in the security configuration of the organization''s critical resources, which can be an indication of malicious or unauthorized behavior.<br/><br/>Through this report, we seek to identify unauthorized changes in access permissions, which could reflect attempts to escalate privileges or manipulate sensitive data. To comply with the CMMC requirement of SI.5.223, which requires the implementation of advanced monitoring techniques and the use of machine learning to detect anomalous behavior, this event is analyzed within a continuous monitoring framework using behavioral analysis tools .<br/><br/>This report helps identify unusual or unexpected patterns in permission modification, which can enable early detection of advanced threats or targeted attacks. Additionally, the integration of machine learning technologies into the analysis process makes it possible to identify atypical behaviors that might otherwise go undetected with traditional monitoring methods.', null, null, null, null, null, null, null, null, null, 503, true, 274, 'TEMPLATE', null, null, 'Windows Level 5 (SI.5.223): Protected Object Permission Change', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (907, e'The Windows Protected Object Permission Change Report provides detailed logs of events where permissions on protected objects, such as files, folders, or registry keys, are modified. This report is critical for ensuring compliance with Real-Time Alerting and Monitoring within the Banking Audit framework, as unauthorized changes to permissions can compromise data security and system integrity.<br/>	•	Regulatory Compliance: Aligns with the GLBA Safeguards Rule, ensuring oversight of permission changes to safeguard financial systems and sensitive customer data.<br/>	•	Access Control Monitoring: Supports compliance with PCI DSS Requirement 7, ensuring that access permissions are restricted to authorized users and tracked for changes.<br/>	•	Real-Time Alerting: Captures and notifies administrators immediately of permission changes on protected objects, enabling prompt investigation and mitigation of potential risks.<br/>	•	Incident Detection: Identifies unauthorized or suspicious permission modifications, which could indicate insider threats, privilege escalation, or attempts to bypass security controls.<br/>	•	Audit Readiness: Tracks all permission change events to ensure compliance with frameworks like SOC2 Type 2 and ISO 27001, demonstrating robust access and configuration management.', null, null, null, null, null, null, null, null, null, 701, true, 274, 'TEMPLATE', null, null, 'Windows Protected Object Permission Change', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (847, 'The Windows Protected Object Permission Change Report provides a comprehensive overview of permission changes to critical system objects such as files, folders, registry keys, and other sensitive resources. This report is essential for compliance within the Banking Audit framework, ensuring the integrity of access control mechanisms and safeguarding sensitive financial systems.', null, null, null, null, null, null, null, null, null, 703, true, 274, 'TEMPLATE', null, null, 'Windows Protected Object Permission Change', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (518, 'This report collects Windows log event 4670 records, which document changes in audits of security objects on the system, such as files or folders, that may be subject to access controls. Event 4670 is generated when modifications are made to an object''s audit settings, which may include modifying permissions or audit settings that affect the monitoring of security events associated with protected resources. This information is crucial to verify compliance with CMMC Auditing and Monitoring Policy Level 3 (AU.3.045), which requires correlating audit logs to support event analysis and ensuring audit configurations are aligned with policies. security and protection of information.<br/><br/>The report includes details such as the name of the object whose permission was modified, the permissions assigned, the identity of the user or process that made the change, and the date and time the modification was made. Analysis of these events is critical to correlating audit logs and ensuring that audit policies are configured correctly, allowing for accurate assessment of system security. This report allows you to detect unauthorized changes to audit configurations, which could interfere with the analysis of security events. Ensures that the system maintains the ability to properly audit all sensitive resources and that audit configurations are appropriate for event analysis, supporting compliance with CMMC Level 3 security controls.', null, null, null, null, null, null, null, null, null, 511, true, 274, 'TEMPLATE', null, null, 'Windows Level 3 (AU.3.045): Protected Object Permission Change', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (543, 'This report is generated from the Windows logs of event 4740, which is triggered when a user account is locked due to multiple failed login attempts. This type of event is crucial for monitoring user behavior within the organization, helping to identify suspicious access patterns that may be indicative of intrusion attempts, such as brute force attacks or unauthorized attempts to access protected accounts.<br/><br/>In the context of CMMC''s Level 4 (SI.4.220): Monitor for malicious behavior across the organization, analysis of these events is critical to detecting and mitigating malicious behavior across the organization. Proactive monitoring of these types of events ensures that threat detection strategies are aligned with security best practices, allowing rapid response to anomalous activities that may compromise the integrity of organizational systems and data.<br/><br/>This report contributes to strengthening real-time monitoring capabilities, improving the ability to detect advanced threats and ensuring that the organization''s security infrastructure is aligned with CMMC requirements.', null, null, null, null, null, null, null, null, null, 503, true, 276, 'TEMPLATE', null, null, 'Windows Level 4 (SI.4.220): Account Locks', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (716, '', null, null, null, null, null, null, null, null, null, 604, true, 275, 'TEMPLATE', null, null, 'Windows Access to shared resource', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (738, 'This report compiles relevant information from the Windows logs generated by event 7045, which is activated when a service is installed on the system. This event is essential to comply with CMMC control AC.3.032, which requires monitoring and controlling remote access to sensitive systems to protect them from potential vulnerabilities.<br/><br/>Event 7045 captures details about the installation of new services on the system, which may be related to the configuration of remote or management services. These services could involve potential access to sensitive systems if not properly monitored and controlled.<br/><br/>This report allows you to detect the installation of services that could enable unauthorized remote access to critical systems. Monitoring these events ensures that only legitimate and controlled services are installed, contributing to system security and CMMC compliance by ensuring that remote access to sensitive systems is strictly managed and monitored.', null, null, null, null, null, null, null, null, null, 501, true, 290, 'TEMPLATE', null, null, 'Windows Level 3 (AC.3.032): Installation of Services', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (951, 'This report compiles relevant information from the logs of Windows event 5145, which is generated when a file or folder on a network share is accessed. This event is crucial to verify compliance with CMMC''s Level 3 requirement (AU.3.045), which requires auditing of key events for compliance and incident response. By monitoring these logs, organizations can identify unauthorized access, data exfiltration attempts, or suspicious activity on shared resources. The analysis of these events allows us to strengthen security, detect possible internal or external threats and ensure the protection of sensitive information.', null, null, null, null, null, null, null, null, null, 513, true, 275, 'TEMPLATE', null, null, 'Windows Level 3 (AU.3.045): Access to shared resource', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (565, 'This report compiles relevant information from the Windows logs generated by events 5140 and 5145, which are activated when accessing shared resources on the network. These events are critical to comply with CMMC control AU.3.045, which requires correlation of security events to identify suspicious behavior and detect malicious activity.<br/><br/>Events 5140 and 5145 provide details about shared resource accesses, including user identity, connection origin, and assigned permissions. By correlating these events with other activity logs, such as unauthorized access attempts or modifications to sensitive files, patterns can be identified that indicate potential threats, such as data exfiltration or lateral movements within the network.<br/><br/>This report helps detect suspicious events related to access to shared resources, allowing preventive measures to be taken against possible internal or external attacks. Additionally, it contributes to compliance with CMMC regulations by ensuring effective monitoring and correlation of key events for infrastructure protection.', null, null, null, null, null, null, null, null, null, 504, true, 275, 'TEMPLATE', null, null, 'Windows Level 3 (AU.3.045): Access to Shared Resources', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (959, 'This report gathers relevant information extracted from the logs of Windows event 4670, which is designed to record changes in the permissions of system objects, such as files or folders. Event 4670 is triggered whenever an object''s access control lists (ACLs) are modified, allowing you to track and audit who has access to what data and what permissions have been granted or removed.<br/><br/>The analysis of these records is crucial to ensure compliance with CMMC Level 3 (MP.3.123): Protect CUI during transport and prevent data loss, since it allows monitoring and controlling access to Controlled Unclassified Information (CUI), guaranteeing that there are no unauthorized modifications to access permissions that could put the integrity or confidentiality of sensitive data at risk. This report contributes to identifying and mitigating any attempted tampering with the security of the CUI, which reinforces protection measures against data loss or leak during handling and transportation.', null, null, null, null, null, null, null, null, null, 514, true, 274, 'TEMPLATE', null, null, 'Windows Level 3 (MP.3.123): Protected Object Permission Change', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (902, e'The Windows Account Locks Report provides detailed logs of events where user accounts are locked due to failed login attempts or security policy enforcement. This report is critical for ensuring compliance with Real-Time Alerting and Monitoring within the Banking Audit framework, as account locks can indicate brute force attacks, phishing attempts, or compromised accounts.<br/>	•	Regulatory Compliance: Aligns with the GLBA Safeguards Rule, ensuring oversight of account lock events to protect sensitive financial systems and customer data.<br/>	•	Access Control Monitoring: Supports compliance with PCI DSS Requirement 8, ensuring that account lockouts are tracked and monitored to detect unauthorized access attempts.<br/>	•	Real-Time Alerting: Captures and notifies administrators immediately when accounts are locked, enabling rapid investigation and response to potential threats.<br/>	•	Incident Detection: Identifies patterns of suspicious login attempts, such as brute force attacks or repeated lockouts, which may indicate targeted attacks or misuse.<br/>	•	Audit Readiness: Tracks all account lock events, ensuring compliance with frameworks like SOC2 Type 2 and ISO 27001, demonstrating robust access management practices.', null, null, null, null, null, null, null, null, null, 701, true, 276, 'TEMPLATE', null, null, 'Windows Account Locks', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (524, 'This report aims to monitor access to objects within the system, identifying and recording relevant security events related to access to sensitive files or directories. Analysis of these events is crucial to detect unauthorized or anomalous activities that may compromise the integrity and confidentiality of critical data in the organization''s environment.<br/><br/>In the context of compliance with CMMC (Cybersecurity Maturity Model Certification), at Level 1 (SI.1.210), which requires the identification and correction of security flaws in a timely manner, monitoring these events is essential to ensure that access to sensitive resources are carried out only by authorized users. Detection of anomalous access or unauthorized attempts allows for rapid intervention to mitigate any potential risk.<br/><br/>The continuous collection and analysis of these access events helps maintain adequate control over system security and ensure that any vulnerabilities are quickly identified and corrected. This contributes significantly to the protection of critical data and assets of the organization, aligning with CMMC requirements for proactive security management and remediation of any vulnerabilities that may be exploited.', null, null, null, null, null, null, null, null, null, 503, true, 277, 'TEMPLATE', null, null, 'Windows Level 1 (SI.1.210): Windows Access to critical files or specific directories', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (678, '', null, null, null, null, null, null, null, null, null, 601, true, 277, 'TEMPLATE', null, null, 'Windows Access to critical files or specific directories', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (519, 'This report collects the Windows log event 4663 logs, which document attempts to access system security objects, such as protected files or folders. Event 4663 is generated when a user or process performs an operation (such as read, write, or delete) on a security object, providing details about the action performed, the type of access requested, and the result of the operation. This information is crucial to verify compliance with CMMC''s Level 3 Auditing and Monitoring policy (AU.3.045), which requires correlating audit logs to support the analysis of security events and ensure that access to critical resources is monitored. and analyzed effectively.<br/>The report includes key details such as the name of the file or folder that was attempted to be accessed, the identity of the user or process that made the attempt, and the date and time of the attempt. <br/>Analysis of these events allows us to correlate audit logs and ensure that all access attempts to sensitive objects are properly monitored, ensuring that access controls are working correctly and that access is appropriate to the privileges of the user or process. This report facilitates the detection of relevant security events and provides information necessary for a comprehensive analysis, supporting compliance with CMMC Level 3 requirements for event correlation and protection of sensitive information.', null, null, null, null, null, null, null, null, null, 511, true, 277, 'TEMPLATE', null, null, 'Windows Level 3 (AU.3.045): Access to critical files or specific directories', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (775, 'This report compiles relevant information from the Windows logs generated by event 4740, which is triggered when a user account is locked due to failed login attempts. This event is essential to comply with CMMC control CM.3.068, which requires the implementation of controls to manage system configurations and ensure access security.<br/><br/>Monitoring this event can detect possible brute force attacks, unauthorized access attempts, or authentication misconfigurations that could compromise system security.<br/><br/>This report allows security teams to properly analyze and manage account lockouts, ensuring that access is monitored and controlled in accordance with established policies. Its implementation strengthens system configuration management and contributes to CMMC compliance, guaranteeing a timely response to possible threats related to access to user accounts.', null, null, null, null, null, null, null, null, null, 506, true, 276, 'TEMPLATE', null, null, 'Windows Level 3 (CM.3.068): Account Locks', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (561, 'Log of access attempts to critical files or specific directories, capturing detailed information about the subject (user or process), the object (file or directory), the type of access requested, and the outcome.', null, null, null, null, null, null, null, null, null, 504, true, 277, 'TEMPLATE', null, null, null, null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (865, e'The Windows Access to Critical Files or Specific Directories Report provides a detailed record of attempts—both successful and unsuccessful—to access sensitive files and directories. This report is essential for compliance within the Banking Audit framework, as it ensures visibility into access attempts and protects critical financial data from unauthorized access.<br/>	•	Banking Regulations: Aligns with the GLBA Safeguards Rule, ensuring oversight of file and directory access to protect sensitive financial information.<br/>	•	Access Control Compliance: Supports compliance with PCI DSS Requirement 10, which mandates monitoring and logging of all access to critical resources to detect unauthorized activities.<br/>	•	Audit Readiness: Tracks access to files and directories, providing traceability for frameworks like SOC2 Type 2 and ISO 27001, ensuring secure access management.<br/>	•	Incident Detection: Identifies unauthorized or suspicious access attempts, such as attempts to copy, delete, or modify critical data, which could indicate insider threats or compromised accounts.<br/>	•	Data Protection: Ensures compliance with GDPR Article 32, demonstrating controls to monitor and restrict access to sensitive financial data, protecting it from unauthorized processing.', null, null, null, null, null, null, null, null, null, 701, true, 277, 'TEMPLATE', null, null, 'Windows Access to critical files or specific directories', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (769, 'This report collects relevant information from the Windows logs generated by event 4663, which is triggered when an access attempt is made to an object with specific permissions, such as files, folders, or registry keys. This event is key to complying with CMMC control CM.2.063, which requires monitoring changes to the system to detect unauthorized or suspicious modifications.<br/><br/>By monitoring these events, security teams can identify anomalous activity, such as attempts to modify critical system files, changes to security configurations, or improper access to sensitive data.<br/><br/>This report allows administrators to evaluate whether changes made to the system are legitimate or indicate a possible threat, such as file manipulation by malware or a user with improper privileges. Additionally, its analysis contributes to CMMC compliance by ensuring that changes to the system are recorded and reviewed to prevent security incidents.', null, null, null, null, null, null, null, null, null, 506, true, 277, 'TEMPLATE', null, null, 'Windows Level 2 (CM.2.063): Access to critical files or specific directories', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (742, 'This report compiles relevant information from the Windows logs generated by event 4663, which is triggered when an object or file is accessed or modified in the system. This event is essential to comply with CMMC control AU.1.001, which requires the retention of logs for basic review, ensuring that records are maintained to audit access and modifications to objects in the system.<br/><br/>Event 4663 provides details about accesses to important files and objects. By compiling this information, it is easier to review access activities to critical data and protected objects, helping to detect possible unauthorized access or improper manipulation.<br/><br/>This report ensures that logs related to file access and modification are adequately retained, facilitating their review when necessary. This contributes not only to compliance with CMMC requirements, but also to strengthening system security by monitoring key activities that could signal threats or data exfiltration attempts.', null, null, null, null, null, null, null, null, null, 505, true, 277, 'TEMPLATE', null, null, 'Windows Level 1 (AU.1.001): Access to critical files or specific directories', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (528, 'This report collects relevant information from the Windows event logs, specifically event 4672, which is generated when a user with special privileges (such as administrators or accounts with elevated permissions) logs on to the system. Including this event in the security analysis helps monitor and detect access from users with elevated privileges, a critical aspect for the protection of sensitive systems.<br/><br/>CMMC Level 2 (SI.2.212) compliance focuses on the implementation of effective mechanisms for monitoring security events in real time. Events like 4672 provide crucial visibility into the use of special privileges, allowing organizations to detect any anomalous or unauthorized activity, ensuring that monitoring mechanisms are effective in protecting critical infrastructure.<br/><br/>This report contributes to improving security by facilitating the identification of unusual behavior that may indicate unauthorized access or the exploitation of excessive privileges.', null, null, null, null, null, null, null, null, null, 503, true, 278, 'TEMPLATE', null, null, 'Windows Level 2 (SI.2.212): Special privileges assigned to new logon', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (958, 'This report collects and analyzes the logs of Windows event 4663, which captures information about accesses and modifications to objects within the system, such as files or directories. Event 4663 is essential for tracking activities related to data access and manipulation, especially when it involves Controlled Unclassified Information (CUI).<br/><br/>The analysis of these logs is essential to verify compliance with CMMC Level 3 (MP.3.123): Protect CUI during transport and prevent data loss, since it allows identifying unauthorized access or attempts to transfer sensitive data, ensuring that the CUI is not compromised during its handling or transport. This report allows you to monitor and mitigate risks of data leakage or loss, strengthening the protection of critical information against unauthorized access and manipulation.', null, null, null, null, null, null, null, null, null, 514, true, 277, 'TEMPLATE', null, null, 'Windows Level 3 (MP.3.123): Access to critical files or specific directories', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (703, '', null, null, null, null, null, null, null, null, null, 604, true, 278, 'TEMPLATE', null, null, 'Windows Special privileges assigned to new logon', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (520, 'This report collects the logs of event 4672 from the Windows logs, which document the login of an account with special privileges. Event 4672 is generated when an elevated user, such as an administrator or an account with system privileges, logs on to the system. This information is crucial to verify compliance with CMMC''s Level 1 Audit and Monitoring policy (AU.1.001), which requires audit records to ensure that activities and access to systems are adequately monitored, especially for accounts. with special privileges.<br/><br/>The report includes details such as the identity of the user who has logged in with elevated privileges, the origin of the access (IP address or originating machine), among others. Analysis of these events is critical to monitoring access to privileged accounts, ensuring that only authorized users with the appropriate credentials can access critical systems. This report helps verify that audit logs are correctly configured and effective in detecting suspicious or unauthorized access, which is key to system security and compliance with CMMC Level 1 requirements.', null, null, null, null, null, null, null, null, null, 511, true, 278, 'TEMPLATE', null, null, 'Windows Level 1 (AU.1.001): Special privileges assigned to new logon', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (563, 'This report compiles relevant information from the Windows logs generated by event 4672, which is essential to comply with CMMC control AU.3.045, which requires the correlation of security events to identify suspicious behavior or malicious activities. Event 4672, related to login of elevated users, is used to detect unusual behavior, such as unauthorized access or abuse of privileges within the system.<br/><br/>Analyzing and correlating this event with other security logs can identify patterns that could indicate threats, such as access to sensitive systems or attempts to abuse elevated privileges. This report facilitates the detection of possible security incidents, thus contributing to the monitoring and strengthening of the protection capabilities of the organization''s infrastructure.', null, null, null, null, null, null, null, null, null, 504, true, 278, 'TEMPLATE', null, null, 'Windows Level 3 (AU.3.045): Special privileges assigned to new logon', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (859, e'The Windows Failed Logon Attempt Report provides detailed logs of unsuccessful login attempts, capturing essential information such as the user account, timestamp, source IP address, and reason for failure. This report is crucial within the Banking Audit framework, ensuring visibility into unauthorized access attempts and supporting compliance with stringent security regulations.<br/>	•	Banking Regulations: Aligns with the GLBA Safeguards Rule, ensuring oversight of failed logon attempts to protect financial systems and sensitive customer data.<br/>	•	Access Control Compliance: Supports compliance with PCI DSS Requirement 10, which mandates logging and monitoring of access attempts, successful or failed, to detect unauthorized activities.<br/>	•	Audit Readiness: Tracks failed logon attempts, providing traceability for frameworks like SOC2 Type 2 and ISO 27001, ensuring accountability in access management.<br/>	•	Incident Detection: Identifies patterns of unauthorized access attempts, such as brute force attacks, password spraying, or account enumeration efforts.<br/>	•	Data Protection: Ensures compliance with GDPR Article 32, showcasing controls to monitor and restrict unauthorized access attempts to systems handling sensitive financial data.', null, null, null, null, null, null, null, null, null, 703, true, 279, 'TEMPLATE', null, null, 'Windows Failed logon attempt', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (711, '', null, null, null, null, null, null, null, null, null, 604, true, 280, 'TEMPLATE', null, null, 'Windows Policy changes', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (919, e'The Windows Special Privileges Assigned to New Logon report provides detailed logs of events where special privileges are granted to a user during the logon process. This report is critical for tracking privilege escalations, detecting unauthorized access, and ensuring compliance with access control policies.<br/>	•	Regulatory Compliance: Supports frameworks like PCI DSS, ISO 27001, and SOC2, by documenting privilege assignments at logon to ensure adherence to least privilege principles and audit requirements.<br/>	•	Privilege Management Monitoring: Tracks the assignment of privileges such as SeDebugPrivilege, SeTakeOwnershipPrivilege, or SeBackupPrivilege, which could be misused if assigned improperly.<br/>	•	Event Correlation: Links privilege assignment events with user accounts, originating systems, and subsequent activities, providing a comprehensive audit trail for security analysis.<br/>	•	Real-Time Alerts: Notifies administrators of special privilege assignments to users, especially for privileged accounts, enabling immediate investigation of potential threats.<br/>	•	Incident Detection: Identifies suspicious privilege assignments, such as repeated assignments to the same user or assignments outside of expected workflows, which may indicate insider threats or configuration errors.<br/>	•	Audit Readiness: Logs comprehensive details, including the user or account, the privileges assigned, the logon session ID, and the timestamp, ensuring robust records for compliance and investigations.', null, null, null, null, null, null, null, null, null, 702, true, 278, 'TEMPLATE', null, null, 'Windows Special privileges assigned to new logon', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (945, 'This report gathers relevant information from the logs of Windows event 4672, which is generated when a user logs on with administrative or high-level privileges. This event is crucial to verify compliance with CMMC''s Level 1 requirement (AU.1.001), which establishes the obligation to capture logs of basic security events. Event 4672 provides a detailed log of activities performed by elevated users, allowing access and usage of administrative accounts to be audited. Capturing and analyzing these logs makes it easier to detect unauthorized access or unusual activities, improving monitoring capabilities and responding effectively to potential security incidents, thereby ensuring that auditing and monitoring practices are aligned with CMMC requirements.', null, null, null, null, null, null, null, null, null, 513, true, 278, 'TEMPLATE', null, null, 'Windows Level 1 (AU.1.001): Special privileges assigned to new logon', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (488, 'Provides valuable insights into system interactions and potential security risks to improve detection of unauthorized access attempts, strengthen compliance with security standards, and improve the overall integrity of your Windows environments.', null, null, null, null, null, null, null, null, null, 510, true, 279, 'TEMPLATE', null, null, 'Windows Level 5 (AU.5.055): Failed logon attempt', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (523, 'This report focuses on the analysis of events 4719 generated in the Windows security logs, which occur when a modification is made to the system audit configuration. This event is important as it allows you to record and monitor any changes made to audit settings, which are crucial for detecting and analyzing security events in the system.<br/><br/>Event 4719 may be indicative of adjustments made to audit policies, such as changes to access log parameters, modifications to critical event tracking configurations, or adjustments to the monitoring of administrative and user actions. These changes can directly impact the organization''s ability to detect security incidents, so it is essential to ensure that audit configurations are appropriate and are not altered without valid justification.<br/><br/>The collection and analysis of 4719 events is essential for compliance with CMMC (Cybersecurity Maturity Model Certification) at Level 1 (SI.1.210), which requires the identification and correction of security vulnerabilities in a timely manner. Tracking this event helps ensure that systems auditing remains active and that unauthorized modifications are not made to security configurations that could impact the visibility and analysis of security events.<br/><br/>Además, el monitoreo adecuado de estos cambios permite verificar si los ajustes en las configuraciones de auditoría están alineados con las mejores prácticas de seguridad y que no se están deshabilitando o modificando controles de auditoría críticos, lo que podría abrir puertas a posibles ataques sin ser detectados.<br/><br/>En resumen, la recopilación y análisis de los eventos 4719 garantiza que las configuraciones de auditoría del sistema se mantengan intactas y efectivas, permitiendo una detección oportuna de fallos de seguridad. Este proceso contribuye al cumplimiento del objetivo de CMMC de identificar y corregir debilidades de seguridad de forma rápida y eficiente, protegiendo la infraestructura y los datos críticos de la organización.', null, null, null, null, null, null, null, null, null, 503, true, 280, 'TEMPLATE', null, null, 'Windows Level 1 (SI.1.210): Policy changes', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (947, 'This report gathers relevant information from the logs of Windows event 4719, which is generated when the system audit policy configuration is modified. This event is crucial to verify compliance with CMMC''s Level 2 requirement (AU.2.041), which requires retention of audit logs for security events. Altering audit policies may indicate attempts to evade detection of malicious activity or unauthorized administrative changes. Analysis of these events allows you to monitor the integrity of security logs, ensure traceability of changes, and strengthen the monitoring capabilities necessary to comply with CMMC standards.', null, null, null, null, null, null, null, null, null, 513, true, 280, 'TEMPLATE', null, null, 'Windows Level 2 (AU.2.041): Policy changes', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (966, 'This report collects information from Windows events 4719, which record changes to system audit settings. Its monitoring is essential for compliance with CMMC Level 4 (MP.4.125): Automate DLP processes to secure sensitive information, since modifications to these policies may affect the ability to detect and prevent data loss (DLP).<br/><br/>The analysis of these events allows us to identify unauthorized or suspicious adjustments to security records, ensuring that processes for protecting sensitive information are consistent and automated to minimize risks of exposure.', null, null, null, null, null, null, null, null, null, 514, true, 280, 'TEMPLATE', null, null, 'Windows Level 4 (MP.4.125): Policy changes', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (744, 'This report collects relevant information from the Windows logs generated by event 4719, which is triggered when system audit policy settings are modified. This event is essential to comply with CMMC control AU.2.043, which requires ensuring that audit logs are protected from unauthorized modifications.<br/><br/>Event 4719 provides details about changes made to audit policy configurations. By monitoring this event, it is possible to identify alterations in auditing configurations that could indicate attempts to disable or manipulate the event log to hide suspicious or malicious activity.<br/><br/>This report is essential to ensure that system audit settings remain intact and protected from unauthorized changes, allowing security teams to quickly detect and respond to potential security incidents. Additionally, it contributes to CMMC compliance by ensuring that audit logs are kept protected, helping to preserve the integrity and reliability of the monitoring system and the ability to perform effective forensic audits.', null, null, null, null, null, null, null, null, null, 505, true, 280, 'TEMPLATE', null, null, 'Windows Level 2 (AU.2.043): Policy changes', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (529, 'This report collects relevant information from event 4648 in the Windows logs, which is generated when a login attempt is made using explicit credentials (username and password) by a process or program. This type of event is significant for monitoring access activities in IT infrastructure, as it can indicate potentially unauthorized access attempts or manipulations in authentication processes.<br/><br/>In the context of CMMC Level 3 (SI.3.217), event 4648 helps detect login attempts that could be part of a credentials attack, such as brute force attacks or reuse of compromised credentials. This type of monitoring is essential to identify unauthorized access or anomalous authentication behavior that could compromise the security of the organization.<br/><br/>The report allows you to identify unusual access patterns, such as login attempts from unusual locations or outside normal working hours, which is indicative of possible external or internal attacks. This information is key to activating alerts and taking immediate action against unauthorized access threats.<br/><br/>The collection and analysis of these events are essential to comply with CMMC requirements, since they allow early detection of attacks and help strengthen the security posture of the IT infrastructure by implementing protective measures, preventing attackers from achieving access critical systems.', null, null, null, null, null, null, null, null, null, 503, true, 281, 'TEMPLATE', null, null, 'Windows Level 3 (SI.3.217): Logins with explicit credentials', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (892, e'The Windows Logins with Explicit Credentials Report provides a detailed record of logon events where users explicitly supply credentials, including remote or delegated authentication attempts. This report is critical for ensuring compliance with Real-Time Alerting and Monitoring within the Banking Audit framework, as explicit credential use can be targeted in attacks like pass-the-hash or credential theft.<br/>	•	Regulatory Compliance: Aligns with the GLBA Safeguards Rule, ensuring oversight of logins with explicit credentials to protect sensitive financial systems and customer data.<br/>	•	Access Control Monitoring: Supports compliance with PCI DSS Requirement 8, ensuring secure authentication practices and monitoring of logon events involving credential entry.<br/>	•	Real-Time Alerting: Captures and alerts administrators of explicit credential logins, particularly from untrusted or unusual sources, in real-time for rapid response.<br/>	•	Incident Detection: Identifies suspicious or unauthorized use of explicit credentials, which could indicate credential theft, phishing, or misuse of privileged accounts.<br/>	•	Audit Readiness: Tracks all logins with explicit credentials, providing traceability for frameworks like SOC2 Type 2 and ISO 27001, ensuring secure and accountable access management.', null, null, null, null, null, null, null, null, null, 701, true, 281, 'TEMPLATE', null, null, 'Windows Logins with explicit credentials', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (758, 'This report collects relevant information from the Windows logs generated by event 4648, which is triggered when a user session is authenticated using explicitly provided credentials (for example, username and password) to access network resources. This event is critical to comply with CMMC control SI.3.219, which requires the implementation of network monitoring to detect attacks.<br/><br/>Event 4648 provides details about authentication attempts made with explicit credentials, which is crucial for identifying both legitimate and potentially malicious access to critical systems and resources. Monitoring these types of events helps detect unusual behavior, such as unauthorized access attempts through network services or the use of compromised credentials.<br/><br/>This report is essential for detecting suspicious access patterns that could indicate malicious activity, such as brute force attacks, password guessing attempts, or lateral movement of an attacker within the network. It makes it easier for security teams to identify threats early and respond quickly to incidents involving unauthorized access or credential abuse, contributing to CMMC compliance by ensuring effective monitoring of critical systems and protection against attacks.', null, null, null, null, null, null, null, null, null, 502, true, 281, 'TEMPLATE', null, null, 'Windows Level 3 (SI.3.219): Logins with explicit credentials', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (709, '', null, null, null, null, null, null, null, null, null, 604, true, 283, 'TEMPLATE', null, null, 'Windows Kerberos ticket requests', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (924, e'The Windows Logins with Explicit Credentials report provides detailed logs of events where users or applications perform logins using explicit credentials. This report is essential for monitoring account usage, detecting unauthorized access, and ensuring compliance with security frameworks.<br/>	•	Regulatory Compliance: Supports frameworks such as PCI DSS, ISO 27001, and SOC2, by documenting logins with explicit credentials to ensure adherence to access control policies and audit requirements.<br/>	•	Credential Management Monitoring: Tracks logins where explicit credentials are supplied, ensuring such access aligns with internal security policies and identifying unauthorized credential usage.<br/>	•	Event Correlation: Links login events with explicit credentials to the originating user, process, and system, providing a comprehensive audit trail for security analysis and compliance.<br/>	•	Real-Time Alerts: Sends notifications for logins with explicit credentials, especially for sensitive accounts or from untrusted sources, enabling rapid response to potential threats.<br/>	•	Incident Detection: Identifies anomalies, such as repeated login attempts with explicit credentials, use of outdated or compromised credentials, or logins originating from unusual locations or systems.<br/>	•	Audit Readiness: Logs detailed information, including the account used, the user or process initiating the login, the target system, and the timestamp, ensuring robust records for investigations and audits.', null, null, null, null, null, null, null, null, null, 702, true, 281, 'TEMPLATE', null, null, 'Windows Logins with explicit credentials', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (491, 'This report collects the records of Windows log events 4722, 4723, 4725, and 4726, which document changes to system user accounts, such as enabling, resetting, disabling, and deleting user accounts. These events are essential to detect changes in account configuration that could indicate an attempt to manipulate credentials or an attempt to evade access controls, which is essential to comply with the Level 4 (AU.4.053) Audit policy. and CMMC Monitoring, which requires improving logging capabilities to support the detection of advanced threats and malicious activities.<br/><br/>The report includes key details about the type of change made (enable, reset, disable, delete), the identity of the user who made the modification, the identity of the user affected by the action (account enabled, reset, disabled, or deleted), and the time and date of the event. Analyzing these events can improve auditing capabilities and detect suspicious or unusual patterns related to user accounts. By quickly identifying unexpected account changes, such as the reactivation of disabled accounts or the deletion of critical accounts, this report facilitates the early detection of threats that could be related to privilege escalation, phishing, or unauthorized access to systems. This ensures that account management practices are aligned with CMMC Level 4 requirements, providing an additional layer of security for the protection of critical infrastructure.', null, null, null, null, null, null, null, null, null, 511, true, 282, 'TEMPLATE', null, null, 'Windows Level 4 (AU.4.053): Changes in account status', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (903, e'The Windows Kerberos Ticket Requests Report provides detailed logs of Kerberos authentication events, including ticket-granting ticket (TGT) requests, service ticket requests, and renewal attempts. This report is critical for ensuring compliance with Real-Time Alerting and Monitoring within the Banking Audit framework, as Kerberos ticket requests can reveal authentication misuse or security breaches.<br/>	•	Regulatory Compliance: Aligns with the GLBA Safeguards Rule, ensuring oversight of authentication events to safeguard sensitive financial systems and customer data.<br/>	•	Authentication Monitoring: Supports compliance with PCI DSS Requirement 8, ensuring secure authentication mechanisms and tracking Kerberos ticket activities.<br/>	•	Real-Time Alerting: Captures and alerts administrators immediately when unusual Kerberos ticket requests occur, enabling rapid investigation and mitigation.<br/>	•	Incident Detection: Identifies suspicious Kerberos activities, such as golden ticket attacks, ticket reuse, or brute force attempts, which could indicate compromised accounts or insider threats.<br/>	•	Audit Readiness: Tracks all Kerberos ticket events, ensuring compliance with frameworks like SOC2 Type 2 and ISO 27001, demonstrating secure and accountable authentication practices.', null, null, null, null, null, null, null, null, null, 701, true, 283, 'TEMPLATE', null, null, 'Windows Kerberos ticket requests', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (857, e'The Windows Installation of Services Report provides detailed logs of service installation events within the system. This report is essential for compliance within the Banking Audit framework, as unauthorized or malicious services can compromise system integrity and sensitive financial data.<br/>	•	Banking Regulations: Aligns with the GLBA Safeguards Rule, demonstrating control and oversight over installed services to ensure the security of financial systems and customer information.<br/>	•	System Configuration Compliance: Supports compliance with PCI DSS Requirement 2, ensuring only authorized services are installed and that configurations are securely managed.<br/>	•	Audit Readiness: Tracks service installation activities, providing traceability for frameworks like SOC2 Type 2 and ISO 27001, ensuring accountability for system changes.<br/>	•	Incident Detection: Identifies unauthorized or suspicious service installations, which could indicate malware, privilege escalation, or insider threats.<br/>	•	Data Protection: Ensures compliance with GDPR Article 32, showcasing controls that restrict and monitor the installation of services to protect sensitive financial data from unauthorized processing or breaches.', null, null, null, null, null, null, null, null, null, 703, true, 290, 'TEMPLATE', null, null, 'Windows Installation of Services', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (705, '', null, null, null, null, null, null, null, null, null, 604, true, 284, 'TEMPLATE', null, null, 'Windows Process Creation', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (564, 'This report compiles relevant information from the Windows logs generated by event 4688, which is recorded when a new process is created in the system. Its analysis is essential for compliance with CMMC control AU.3.045, which requires the correlation of security events to detect suspicious behavior or malicious activities.<br/><br/>Monitoring this event allows you to identify program execution, detect the creation of unusual processes, and correlate activities with other security events. This helps uncover potential threats, such as the use of unauthorized tools, the execution of suspicious scripts, or attempts at lateral movement within the network.<br/><br/>This report strengthens the incident detection and response capacity, facilitating the identification of anomalous patterns and improving the protection of the infrastructure against unauthorized access or malicious activities.', null, null, null, null, null, null, null, null, null, 504, true, 284, 'TEMPLATE', null, null, 'Windows Level 3 (AU.3.045): Windows Process Creation', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (753, 'This report compiles relevant information from the Windows logs generated by event 4688, which is triggered when a new process is created on the system. This event is critical to comply with CMMC control SI.2.216, which requires detection of malicious code and response to malware infections.<br/><br/>Event 4688 provides details about the started processes, which is essential to identify suspicious processes that could be related to malware, such as unauthorized or unexpected programs running on the system. By analyzing this event, unusual activities can be identified that could indicate the presence of malicious software.<br/><br/>This report facilitates early malware detection by identifying potentially harmful processes that start on the system. It also allows security teams to investigate the source of suspicious processes and take corrective action before a more serious infection occurs. Additionally, it contributes to CMMC compliance by ensuring that risks associated with malware are proactively identified and managed.', null, null, null, null, null, null, null, null, null, 502, true, 284, 'TEMPLATE', null, null, 'Windows Level 2 (SI.2.216): Process Creation', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (537, 'This report compiles relevant information about event 4688 in the Windows logs, which is generated every time a process is created on the system. This event is of vital importance for security monitoring, since it allows identifying the execution of new processes that may be part of normal activities or, in the case of being malicious, an indication of compromise or attack on the system.<br/><br/>In the context of CMMC Level 3 (SI.3.217), monitoring this event is crucial to detect possible attacks. The creation of unauthorized or unusual processes can be a sign of malicious activities such as running malware, unauthorized scripts, or launching attack tools. In addition, attackers often use techniques such as executing code on the system to maintain their presence, which would be reflected in these types of events.<br/><br/>Analysis of 4688 events allows the detection of anomalous behavior patterns, such as the creation of processes from unusual locations or associated with illegitimate activities, which facilitates early identification of threats. The collection and analysis of this information contributes to maintaining effective control over activities within the systems, ensuring that you can react quickly to potential security incidents.<br/><br/>This report is essential to meet the threat monitoring and detection requirements established in CMMC Level 3 (SI.3.217), allowing organizations to implement efficient monitoring tools that support the detection of attacks and suspicious activities in real time.', null, null, null, null, null, null, null, null, null, 503, true, 284, 'TEMPLATE', null, null, 'Windows Level 3 (SI.3.217): Process Creation', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (895, e'The Windows Process Creation Report provides detailed logs of events where processes are initiated on a system, including the name, execution path, user, and timestamp. This report is essential for ensuring compliance with Real-Time Alerting and Monitoring within the Banking Audit framework, as monitoring process creation helps detect unauthorized or malicious activities.<br/>	•	Regulatory Compliance: Aligns with the GLBA Safeguards Rule, ensuring oversight of process creation to protect financial systems and sensitive customer data.<br/>	•	Threat Detection: Identifies suspicious or unauthorized processes, such as malware execution, privilege escalation attempts, or unauthorized script launches.<br/>	•	Real-Time Alerting: Captures and notifies administrators in real-time of process creation events that deviate from normal behavior, enabling immediate investigation.<br/>	•	Audit Readiness: Tracks all process creation activities, ensuring compliance with frameworks like SOC2 Type 2 and ISO 27001, demonstrating robust monitoring of system activities.<br/>	•	System Integrity: Supports compliance with PCI DSS Requirement 10, ensuring visibility into system-level activities for secure operations.', null, null, null, null, null, null, null, null, null, 701, true, 284, 'TEMPLATE', null, null, 'Windows Process Creation', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (627, 'This report collects the records of event 4688 from the Windows logs, which document the creation of new processes in the system. Event 4688 is generated every time a process is started, providing key information about the execution of applications and commands, which allows detecting suspicious activities such as the execution of malware, the use of unauthorized tools or attempts to escalate privileges. This information is crucial to verify compliance with CMMC''s Level 2 (AU.2.042) Access Control and Authentication policy, which requires continuous monitoring of access through advanced behavioral analysis.<br/><br/>The report includes key details such as the name of the started process, the identity of the user or service account that ran the process, the path of the executable, the execution parameters, the identity of the parent process, among others. The analysis of these events allows us to detect anomalous behavior patterns, identify the use of unauthorized tools and strengthen security strategies through proactive detection of threats in real time. This report contributes to the early identification of attacks and the protection of systems that handle Controlled Unclassified Information (CUI), ensuring that security controls are aligned with CMMC Level 5 policies.', null, null, null, null, null, null, null, null, null, 511, true, 284, 'TEMPLATE', null, null, 'Windows Level 2 (AU.2.042): Process Creation', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (791, 'This report compiles relevant information from the Windows logs generated by event 4688, which is triggered every time a new process is created on the system, providing crucial details about process execution attempts by users, including those with privileges. elevated. This event is key to comply with CMMC Level 3 control AC.3.027, which requires monitoring and restricting the use of privileged access.<br/><br/>Monitoring 4688 events allows administrators to detect when a potentially risky or unauthorized process is running on the system, especially when it is launched by a user with elevated privileges.<br/><br/>This report is essential for the early detection of suspicious activities, as it can identify attempts to run malicious programs or the execution of critical processes by users who should not have access to them. It also allows detecting anomalous behavior, such as the unauthorized use of administrative tools or the execution of commands that could compromise the security of the system.<br/><br/>By providing visibility into what processes are being executed and by whom, this report helps identify and restrict inappropriate use of elevated privileges, directly contributing to compliance with CMMC Level 3 AC.3.027. This monitoring is an essential tool for protecting systems. of possible risks related to the abuse of privileged access and strengthen security and access control policies.', null, null, null, null, null, null, null, null, null, 508, true, 284, 'TEMPLATE', null, null, 'Windows Level 3 (AC.3.027): Process Creation', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (949, 'This report compiles relevant information from the logs of Windows event 4688, which is generated when a new process is created in the system. This event is essential to verify compliance with CMMC''s Level 3 requirement (AU.3.045), which requires auditing of key events for compliance and incident response. Monitoring these logs allows you to track process execution, identify suspicious activity, and provide visibility into potential threats or malicious actions within the environment. By analyzing this data, organizations can strengthen their detection, response and compliance capabilities, ensuring effective security incident management.', null, null, null, null, null, null, null, null, null, 513, true, 284, 'TEMPLATE', null, null, 'Windows Level 3 (AU.3.045): Process Creation', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (700, '', null, null, null, null, null, null, null, null, null, 604, true, 285, 'TEMPLATE', null, null, 'Windows Network Access to shared resource', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (794, 'Este reporte recopila información relevante de los logs de Windows generados por el evento 4688, el cual se activa cuando un proceso es creado en el sistema. El evento es particularmente importante para identificar actividades sospechosas, como la ejecución de procesos maliciosos, que podrían estar relacionados con infecciones de malware, y es esencial para cumplir con el control SI.1.210 de CMMC Level 1, que exige identificar y corregir infecciones de malware.<br/><br/>El evento 4688 proporciona detalles sobre los procesos que se inician, incluyendo el nombre del ejecutable, la ruta, el ID del proceso padre y otros detalles asociados. Estos datos permiten detectar si un proceso está relacionado con malware o comportamientos no autorizados en el sistema. La creación de nuevos procesos no autorizados o el comportamiento inusual de procesos conocidos puede ser un indicio de una infección activa o un ataque en curso.<br/><br/>Monitorear los eventos 4688 es crucial para identificar posibles infecciones de malware en sus primeras etapas, así como para detectar actividades anómalas relacionadas con la ejecución de código malicioso. Esta información permite a los equipos de seguridad tomar medidas inmediatas, como la detención de procesos maliciosos, la cuarentena de archivos o el análisis forense para determinar el origen y el impacto de la amenaza.<br/><br/>Este reporte es una herramienta clave para fortalecer las capacidades de detección de malware dentro de la infraestructura de la organización, contribuyendo así al cumplimiento del control SI.1.210 de CMMC Level 1.', null, null, null, null, null, null, null, null, null, 507, true, 284, 'TEMPLATE', null, null, 'Windows Level 1 (SI.1.210): Process Creation', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (559, 'This report gathers relevant information from the Windows logs generated by event 4722, related to the enablement of user accounts on the system. Event 4722 is crucial for compliance with CMMC AU.2.043, which requires log review and event correlation to identify inappropriate or suspicious activity.<br/><br/>The review of this event, in conjunction with other security records, facilitates the detection of irregularities in the management of user accounts, contributing to the early identification of unauthorized activities. Correlating events allows you to detect unusual patterns or actions, which helps prevent potential security incidents.<br/><br/>This report supports compliance with CMMC guidelines by ensuring that activities related to enabling user accounts are appropriately monitored, strengthening the ability to detect inappropriate behavior and mitigate risks.', null, null, null, null, null, null, null, null, null, 504, true, 293, 'TEMPLATE', null, null, 'Windows Level 2 (AU.2.043): User Accounts Enabled', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (735, 'This report compiles relevant information from the Windows logs generated by events 5140 and 5145, which are triggered when access is made to a share on the network or when an attempt to access a share is blocked due to a configuration. incorrect permissions. These events are critical to complying with CMMC control AU.2.044, which requires review of audit logs to detect inappropriate or suspicious behavior.<br/><br/>Event 5140 is logged when a connection is established to a share. Event 5145 is raised when an attempt to access a share is denied due to permissions issues, which may indicate inappropriate or intentional behavior.<br/><br/>By reviewing and correlating these events with other logs, such as failed access attempts or permission setting changes, you can identify anomalous patterns that suggest unauthorized access attempts or malicious actions that compromise system security.<br/><br/>This report is key to detecting inappropriate behavior related to access to shared resources, allowing security teams to take preventive actions against possible threats. Additionally, it facilitates compliance with CMMC regulations by ensuring that access and denial events are appropriately reviewed and correlated to identify suspicious activity within the organization.', null, null, null, null, null, null, null, null, null, 501, true, 285, 'TEMPLATE', null, null, 'Windows Level 2 (AU.2.044): Access to Shared Resources', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (898, e'The Windows Access to Shared Resources Report provides detailed logs of events where users or systems access shared resources, such as files, folders, printers, or shared drives. This report is critical for ensuring compliance with Real-Time Alerting and Monitoring within the Banking Audit framework, as shared resource access can expose sensitive data if not properly monitored.<br/>	•	Regulatory Compliance: Aligns with the GLBA Safeguards Rule, ensuring oversight of shared resource access to protect sensitive financial systems and customer data.<br/>	•	Access Control Monitoring: Supports compliance with PCI DSS Requirement 7, ensuring that access to shared resources is restricted to authorized users and activities are logged.<br/>	•	Real-Time Alerting: Captures and notifies administrators immediately of unauthorized or suspicious access to shared resources, enabling rapid response to potential threats.<br/>	•	Incident Detection: Identifies patterns of unauthorized access, excessive data downloads, or unusual access times, which may indicate insider threats or compromised accounts.<br/>	•	Audit Readiness: Tracks all access events to shared resources, ensuring compliance with frameworks like SOC2 Type 2 and ISO 27001, demonstrating secure resource-sharing practices.', null, null, null, null, null, null, null, null, null, 701, true, 285, 'TEMPLATE', null, null, 'Windows Access to Shared Resources', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (756, 'This report compiles relevant information from the Windows logs generated by events 5140 and 5145, which are triggered when a network share is accessed or when changes are made to the share''s permissions. These events are critical to comply with CMMC control SI.3.219, which requires the implementation of network monitoring to detect attacks.<br/><br/>Events 5140 and 5145 provide details about accesses and modifications to shared resources on the network, which may be indicative of unusual or malicious behavior. Attackers often attempt to gain unauthorized access to shared resources to steal data or compromise systems. Monitoring these events allows you to identify suspicious access patterns that could signal attempts to exploit network vulnerabilities or lateral movement within the infrastructure.<br/><br/>This report is key to detect unauthorized access, attempts to escalate privileges or manipulation of permissions on critical resources. Correlating these events with other security data allows monitoring teams to identify attacks in real time, facilitating rapid and effective response to incidents. Additionally, it contributes to CMMC compliance by ensuring that appropriate measures are implemented to protect shared resources on the network and prevent malicious activities.', null, null, null, null, null, null, null, null, null, 502, true, 285, 'TEMPLATE', null, null, 'Windows Level 3 (SI.3.219): Network Access to shared resource', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (927, e'The Windows Access to Shared Resources report provides detailed logs of events where users or systems access shared resources, such as files, folders, printers, or other network-shared assets. This report is critical for tracking resource usage, detecting unauthorized access, and ensuring compliance with access control policies.<br/>	•	Regulatory Compliance: Supports frameworks such as PCI DSS, HIPAA, and ISO 27001, by documenting access to shared resources to demonstrate adherence to data protection and resource usage policies.<br/>	•	Resource Usage Monitoring: Tracks who accessed shared resources, what operations were performed (read, write, delete), and when the access occurred, ensuring transparency and accountability.<br/>	•	Event Correlation: Links shared resource access events with user accounts, originating systems, and subsequent activities to provide a comprehensive audit trail.<br/>	•	Real-Time Alerts: Generates notifications for access to critical shared resources, especially by unauthorized users or from suspicious locations, enabling immediate investigation.<br/>	•	Incident Detection: Identifies suspicious behaviors, such as repeated unauthorized access attempts, unusual resource usage patterns, or access from untrusted systems, which may indicate insider threats or account compromise.<br/>	•	Audit Readiness: Logs detailed information, including the resource accessed, the user or system performing the action, the type of access (read, write, delete), and the timestamp, ensuring robust documentation for compliance and forensic analysis.', null, null, null, null, null, null, null, null, null, 702, true, 285, 'TEMPLATE', null, null, 'Windows Access to Shared Resources', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (956, 'This report gathers and analyzes relevant information from Windows events 5140 and 5145, which record file access and sharing on the network. These events are key to monitoring access to Controlled Unclassified Information (CUI) and detecting possible attempts at unauthorized transfer or leakage of sensitive data.<br/><br/>The collection of these logs allows you to verify compliance with CMMC Level 3 (MP.3.123): Protect CUI during transport and prevent data loss, ensuring that protected information is adequately controlled during its transmission over the network. Through this analysis, suspicious access, changes in sharing permissions and unusual activities that could compromise data security can be identified, thus strengthening information loss prevention measures.', null, null, null, null, null, null, null, null, null, 514, true, 285, 'TEMPLATE', null, null, 'Windows Level 3 (MP.3.123): Network Access to shared resource', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (495, 'This report compiles relevant information from events 4673 (A privileged service was called) and 4674 (An attempt was made to perform a privileged operation) in the Windows logs, with the purpose of verifying compliance with CMMC practice AU.4.053 Level 4, which requires advanced logging capabilities for threat detection.<br/><br/>Monitoring these events is crucial to identifying the use of elevated privileges within the system, as they may indicate attempts to exploit vulnerabilities, abuse of privileged accounts, or lateral movements within the network.<br/><br/>The report includes key information such as the user who performed the action, the tool or process executed with elevated privileges, the result of the operation, etc. This analysis allows you to detect suspicious activities, respond to potential security incidents, and strengthen privileged access controls.<br/><br/>By having this visibility, organizations can improve their ability to detect and respond to advanced threats, ensuring effective monitoring of critical events in the IT infrastructure.', null, null, null, null, null, null, null, null, null, 511, true, 286, 'TEMPLATE', null, null, 'Windows Level 4 (AU.4.053): Use of Elevated Privileges', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (854, e'The Windows Changes to Defender Settings Report provides a detailed overview of modifications made to Microsoft Defender settings, including changes to real-time protection, firewall rules, and other security configurations. This report is critical for compliance within the Banking Audit framework, ensuring that endpoint protection settings are managed securely and consistently.<br/>	•	Banking Regulations: Aligns with the GLBA Safeguards Rule, demonstrating oversight and control of endpoint security configurations to safeguard financial systems and customer information.<br/>	•	System Security Compliance: Supports compliance with PCI DSS Requirement 5, ensuring that antivirus and other endpoint protections are configured and maintained securely.<br/>	•	Audit Readiness: Logs all changes to Defender settings, providing traceability for audits under frameworks like SOC2 Type 2 and ISO 27001, ensuring secure management of endpoint defenses.<br/>	•	Incident Detection: Identifies unauthorized or suspicious changes to Defender settings, which could indicate attempts to disable security protections or introduce vulnerabilities.<br/>	•	Data Protection: Ensures compliance with GDPR Article 32, showcasing controls that secure endpoint configurations and prevent unauthorized access to sensitive data.', null, null, null, null, null, null, null, null, null, 703, true, 287, 'TEMPLATE', null, null, 'Windows Changes to Defender settings', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (790, 'This report compiles relevant information from the Windows logs generated by events 4673 and 4674, which are related to monitoring the activity of privileged accounts. Event 4673 is triggered when a privileged user attempts to access a sensitive action, while event 4674 signals the performance of a privileged type operation on a system. Both events are critical to complying with CMMC Level 3 control AC.3.027, which requires monitoring and restricting the use of privileged access in the IT infrastructure.<br/><br/>Event 4673 provides information about the initiation of an attempt to use elevated privileges, and event 4674 is associated with the actual execution of these actions, such as installing software, modifying critical configurations, or accessing sensitive information. Together, they provide detailed insight into how and when privileged users interact with the system, which is essential for detecting and preventing inappropriate uses of privileges.<br/><br/>This report contributes to security by identifying patterns of activity that could indicate privilege abuse or attempted exploitation of privileged accounts, allowing stricter controls to be applied to restrict unauthorized access and closely monitor critical actions performed by privileged users. . In addition, it is a key tool to ensure that security policies and segregation of privileges are respected, minimizing the risks of unwanted or malicious access.<br/><br/>Monitoring these events directly contributes to compliance with AC.3.027 of CMMC Level 3, improving the organization''s capabilities to restrict and monitor the use of privileged access, and ensuring that only authorized users can perform critical activities on the systems.', null, null, null, null, null, null, null, null, null, 508, true, 286, 'TEMPLATE', null, null, 'Windows Level 3 (AC.3.027): Use of Elevated Privileges', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (690, '', null, null, null, null, null, null, null, null, null, 602, true, 288, 'TEMPLATE', null, null, 'Windows PowerShell Script Block Registration', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (570, 'This report collects relevant information from the Windows logs generated by event 5007, which is recorded when changes are made to the Windows audit policy configuration. This event is critical to comply with CMMC control AU.4.054, which requires the implementation of advanced event correlation to detect evolving threats.<br/><br/>Event 5007 can indicate legitimate modifications to audit policies, but it can also be a sign of malicious activity, such as attempts to disable security monitoring or evade detection of suspicious events. By correlating it with other security events, such as changes in user privileges, unusual access or disabling of security services, it is possible to identify patterns that suggest attempts at manipulation or compromise of the system.<br/><br/>This report makes it easier to detect potential advanced threats by providing visibility into alterations to auditing configurations. In addition, it contributes to CMMC compliance by strengthening the ability to monitor and analyze critical events that may affect the organization''s security.', null, null, null, null, null, null, null, null, null, 504, true, 287, 'TEMPLATE', null, null, 'Windows Level 4 (AU.4.054): Changes to Defender settings', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (906, e'The Windows PowerShell Remote Session Creation Report provides detailed logs of events where remote PowerShell sessions are established, capturing information such as the initiating user, source IP address, session commands, and timestamps. This report is critical for ensuring compliance with Real-Time Alerting and Monitoring within the Banking Audit framework, as remote PowerShell sessions can be exploited for unauthorized access or malicious activities.<br/>	•	Regulatory Compliance: Aligns with the GLBA Safeguards Rule, ensuring oversight of remote session activities to protect sensitive financial systems and customer data.<br/>	•	Access Control Monitoring: Supports compliance with PCI DSS Requirement 10, ensuring all remote access attempts and activities are logged and monitored.<br/>	•	Real-Time Alerting: Captures and notifies administrators immediately of remote PowerShell session creations, enabling rapid response to potential threats.<br/>	•	Incident Detection: Identifies unauthorized or suspicious remote session activities, such as from unusual IP addresses or privilege escalation attempts, which may indicate account compromise or insider threats.<br/>	•	Audit Readiness: Tracks all remote PowerShell session events to ensure compliance with frameworks like SOC2 Type 2 and ISO 27001, demonstrating secure and accountable access management practices.', null, null, null, null, null, null, null, null, null, 701, true, 289, 'TEMPLATE', null, null, 'Windows PowerShell Remote Session Creation', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (897, e'The Windows Installation of Services Report provides detailed logs of events where new services are installed on the system, capturing information such as the service name, installation path, initiating user, and timestamp. This report is critical for ensuring compliance with Real-Time Alerting and Monitoring within the Banking Audit framework, as unauthorized or suspicious service installations can indicate potential security threats.<br/>	•	Regulatory Compliance: Aligns with the GLBA Safeguards Rule, ensuring visibility and oversight of service installations to protect sensitive financial systems and customer data.<br/>	•	Threat Detection: Identifies unauthorized or malicious service installations, which could be used to execute malware or maintain unauthorized access.<br/>	•	Real-Time Alerting: Captures and alerts administrators immediately when new services are installed, enabling prompt investigation and action.<br/>	•	Audit Readiness: Tracks all service installation activities, ensuring compliance with frameworks like SOC2 Type 2 and ISO 27001, demonstrating robust monitoring of system changes.<br/>	•	System Integrity: Supports compliance with PCI DSS Requirement 10, ensuring secure system configurations by monitoring all service-related activities.', null, null, null, null, null, null, null, null, null, 701, true, 290, 'TEMPLATE', null, null, 'Windows Installation of Services', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (684, '', null, null, null, null, null, null, null, null, null, 602, true, 291, 'TEMPLATE', null, null, 'Windows Restoration of default security policies', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (498, ' This report collects relevant information from 7045 (New Service Installed) events in Windows logs, for the purpose of verifying compliance with CMMC Level 4 practice AU.4.053, which requires advanced logging capabilities for threat detection.<br/><br/>Event 7045 is generated when a new service is installed on the system, which can be legitimate behavior or an indicator of malicious activity, such as the installation of persistent services used by attackers to maintain unauthorized access to a system.<br/><br/>This report includes key details such as the name of the service, the associated executable binary, the startup type of the service, the user who performed the installation, the date and time of the event, and the affected computer.<br/><br/>The analysis of these logs allows us to detect the creation of suspicious services, prevent persistence attacks and strengthen defenses against advanced threats that seek to compromise IT infrastructure.', null, null, null, null, null, null, null, null, null, 511, true, 290, 'TEMPLATE', null, null, 'Windows Level 4 (AU.4.053): Installation of Services', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (771, 'This report collects relevant information from the Windows logs generated by event 7045, which is triggered when a new service is installed on the system. This event is crucial to comply with CMMC control CM.2.063, which requires monitoring system changes to detect unauthorized or suspicious modifications.<br/><br/>Reviewing these logs can identify the installation of unauthorized services, unapproved remote access tools, or malicious activity related to persistent threats on the system.<br/><br/>This report helps security teams quickly detect and respond to the installation of new services, ensuring the integrity of the environment and minimizing the risks associated with uncontrolled changes to the infrastructure. Its implementation contributes to CMMC compliance, ensuring that system configuration changes are monitored and potential threats are detected before compromising organizational security.', null, null, null, null, null, null, null, null, null, 506, true, 290, 'TEMPLATE', null, null, 'Windows Level 2 (CM.2.063): Installation of Services', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (532, 'This report collects relevant information from event 4907 in the Windows logs, which is generated when auditing is disabled on the system. Disabling auditing is a critical action that can be used by attackers to hide malicious activities by disabling system event logs. This activity, although it may be legitimate in some cases, represents a significant risk when performed without adequate justification, as it prevents the collection of important information about actions taken on the system.<br/><br/>In the context of CMMC Level 3 (SI.3.217), monitoring this event is essential to detect potential attacks that may be manipulating system configuration to bypass auditing and surveillance measures. Disabling auditing could be an indication that an attacker is trying to avoid detection of their actions or movements within the infrastructure.<br/><br/>Analysis of this event helps identify unauthorized changes to the audit configuration, which could be a sign of a security compromise. Monitoring these events can detect attempts to conceal malicious activity and ensure that auditing systems continue to function properly to provide complete logs to help identify threats.<br/><br/>Compliance with CMMC Level 3 (SI.3.217) requirements is supported by active monitoring of these events, as it ensures that security monitoring and auditing mechanisms are functioning properly, and that any tampering or disabling attempts audit is detected immediately.', null, null, null, null, null, null, null, null, null, 503, true, 291, 'TEMPLATE', null, null, 'Windows Level 3 (SI.3.217): Restoration of default security policies', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (948, 'This report collects relevant information from the logs of Windows event 4907, which is generated when the audit policy retention configuration is modified. This event is essential to verify compliance with CMMC''s Level 2 requirement (AU.2.041), which requires the retention of audit logs for security events. Monitoring this event can detect changes in the way records are stored and retained, which can impact an organization''s ability to track security incidents and meet regulatory requirements. Analyzing these logs helps ensure audit integrity and the availability of critical data for security investigations and reviews.', null, null, null, null, null, null, null, null, null, 513, true, 291, 'TEMPLATE', null, null, 'Windows Level 2 (AU.2.041): Restoration of default security policies', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (686, '', null, null, null, null, null, null, null, null, null, 602, true, 292, 'TEMPLATE', null, null, 'Windows Audit Policy Change', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (780, 'This report compiles relevant information from the Windows logs generated by event 4907, which is triggered when a change in security audit policies is detected. This event is key to complying with CMMC Level 4 control CM.4.070, which requires automation of the detection of unauthorized changes to systems.<br/><br/>Event 4907 provides details on modifications to auditing configurations, which are essential to detect unauthorized adjustments that could alter security audit behavior, thereby compromising the integrity of monitoring and data protection policies. Unauthorized changes to auditing configurations may indicate attempts to hide malicious activity or interfere with monitoring and control processes.<br/><br/>Automating the detection of these types of changes is essential to guarantee transparency in system activities and the protection of the infrastructure against possible malicious manipulations. This report makes it easy to identify unauthorized modifications to audit policies, allowing preventive measures to be taken before they affect system security.<br/><br/>Automated monitoring of these types of events ensures that any alterations to audit configurations are detected quickly, allowing security teams to respond immediately to threats or suspicious activities. Additionally, it contributes to CMMC Level 4 compliance by strengthening the organization''s ability to proactively detect and respond to unauthorized changes to security systems.', null, null, null, null, null, null, null, null, null, 506, true, 291, 'TEMPLATE', null, null, 'Windows Level 4 (CM.4.070): Restoration of default security policies', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (743, 'This report compiles relevant information from the Windows logs generated by event 1102, which is triggered when system audit logs are deleted or their status has changed. This event is crucial to comply with CMMC control AU.2.043, which requires ensuring that audit logs are protected from unauthorized modifications.<br/><br/>Event 1102 provides details about deleting audit logs. This information is key to ensuring that log deletion activities are reviewed, preventing the alteration or destruction of audit evidence that may be necessary for subsequent investigations.<br/><br/>This report contributes to the protection of logs, allowing security teams to detect and react to attempts to manipulate or delete key records that could compromise the integrity of the monitoring system. Additionally, it facilitates compliance with CMMC requirements by ensuring that logs are adequately protected against unauthorized modifications, which is essential to maintain audit reliability in the organization''s security environment.', null, null, null, null, null, null, null, null, null, 505, true, 295, 'TEMPLATE', null, null, 'Windows Level 2 (AU.2.043): Cleaned Event Log', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (866, e'The Windows Audit Policy Change Report provides a detailed log of modifications to audit policies, such as changes to audit settings, logging configurations, and retention policies. This report is a critical component of the Banking Audit framework, ensuring transparency and control over how audit data is captured and managed.<br/>	•	Banking Regulations: Aligns with the GLBA Safeguards Rule, demonstrating oversight of audit policy changes to protect the integrity of financial systems and sensitive customer data.<br/>	•	Compliance with Monitoring Standards: Supports compliance with PCI DSS Requirement 10, which mandates monitoring and logging of audit policy modifications to detect unauthorized changes.<br/>	•	Audit Readiness: Tracks audit policy changes to provide traceability and accountability, meeting the requirements of frameworks like SOC2 Type 2 and ISO 27001.<br/>	•	Incident Detection: Identifies unauthorized or suspicious audit policy changes, which could indicate attempts to disable monitoring or obscure malicious activity.<br/>	•	Data Protection: Ensures compliance with GDPR Article 32, showcasing controls to monitor and restrict changes to audit settings to prevent data breaches or unauthorized access.', null, null, null, null, null, null, null, null, null, 701, true, 292, 'TEMPLATE', null, null, 'Windows Audit Policy Change', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (710, '', null, null, null, null, null, null, null, null, null, 604, true, 295, 'TEMPLATE', null, null, 'Windows Cleaned Event Log', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (500, 'This report is designed to monitor and analyze events related to system security configuration and policy changes. Event 4902 is generated when there is a change to the Windows auditing system configuration, including enabling or disabling auditing policies that can affect the collection and analysis of security logs.<br/><br/>The analysis of these events is crucial for compliance with Level 1 (SI.1.210) of the CMMC (Cybersecurity Maturity Model Certification), which requires the timely identification and correction of security flaws. This event may indicate that system audit configurations are being adjusted, impacting the visibility of security activity within the organization''s IT environment. An unauthorized or unexpected change to these settings could decrease the ability to detect malicious activity or compromise the integrity of security logs.<br/><br/>This report facilitates continuous monitoring of system audit configurations, allowing rapid correction of any changes that affect the ability to detect security incidents. Ensures that the organization is aligned with best practices to maintain complete visibility of system activities, contributing to the protection of critical assets and data, as well as the continuous improvement of security control.', null, null, null, null, null, null, null, null, null, 503, true, 292, 'TEMPLATE', null, null, 'Windows Level 1 (SI.1.210): Audit Policy Change', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (868, e'The Windows User Accounts Enabled Report provides detailed logs of events where disabled user accounts are re-enabled within the system. This report is essential for compliance within the Banking Audit framework, ensuring visibility and control over account status changes to protect sensitive financial systems and data.<br/>	•	Banking Regulations: Aligns with the GLBA Safeguards Rule, ensuring oversight of account re-enablement to safeguard financial systems and customer data.<br/>	•	Access Control Compliance: Supports compliance with PCI DSS Requirement 8, ensuring that account re-enablement is authorized and properly monitored to prevent unauthorized access.<br/>	•	Audit Readiness: Tracks all account re-enablement events, providing traceability and accountability for frameworks like SOC2 Type 2 and ISO 27001.<br/>	•	Incident Detection: Identifies unauthorized or suspicious account re-enablement, which could indicate insider threats or compromised administrative actions.<br/>	•	Data Protection: Ensures compliance with GDPR Article 32, showcasing controls that monitor and restrict the enabling of accounts to prevent unauthorized data access.', null, null, null, null, null, null, null, null, null, 701, true, 293, 'TEMPLATE', null, null, 'Windows User Accounts Enabled', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (869, e'The Windows User Password Reset Attempt Report provides a detailed record of password reset activities, capturing both successful and failed attempts. This report is critical within the Banking Audit framework to monitor credential management processes and ensure compliance with access control policies.<br/>	•	Banking Regulations: Aligns with the GLBA Safeguards Rule, ensuring oversight of password reset attempts to protect financial systems and sensitive customer data.<br/>	•	Access Control Compliance: Supports compliance with PCI DSS Requirement 8, which mandates secure authentication and password management practices.<br/>	•	Audit Readiness: Tracks all password reset attempts, providing traceability and accountability for frameworks like SOC2 Type 2 and ISO 27001.<br/>	•	Incident Detection: Identifies unauthorized or suspicious password reset attempts, which could indicate account compromise, phishing attacks, or insider threats.<br/>	•	Data Protection: Ensures compliance with GDPR Article 32, demonstrating controls to monitor and restrict unauthorized password reset activities to prevent unauthorized access to sensitive data.', null, null, null, null, null, null, null, null, null, 701, true, 294, 'TEMPLATE', null, null, 'Windows User Password Reset Attempt', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (913, e'The Windows User Accounts Enabled report provides detailed logs of events where previously disabled user accounts are re-enabled on a Windows system. This report is critical for monitoring account management activities, detecting unauthorized actions, and ensuring compliance with security and audit frameworks.<br/>	•	Regulatory Compliance: Aligns with frameworks such as PCI DSS, ISO 27001, and SOC2, by maintaining records of account enablement activities to support access control and audit requirements.<br/>	•	Account Management Monitoring: Tracks the re-enabling of user accounts, allowing administrators to ensure that such actions are performed only through authorized workflows and for legitimate reasons.<br/>	•	Event Correlation: Links account enablement events with other related activities, such as privilege escalations, group modifications, or logon attempts, to provide a comprehensive audit trail.<br/>	•	Real-Time Alerts: Sends immediate notifications when accounts are re-enabled, particularly for high-privilege accounts or accounts that could pose a security risk if reactivated.<br/>	•	Incident Detection: Helps identify unauthorized actions, such as the reactivation of dormant accounts, which could indicate insider threats, privilege abuse, or malicious activities.<br/>	•	Audit Readiness: Logs detailed information, including the account name, enabling user or process, originating machine, and timestamp, ensuring comprehensive records for compliance and investigations.', null, null, null, null, null, null, null, null, null, 702, true, 293, 'TEMPLATE', null, null, 'Windows User Accounts Enabled', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (503, 'This report collects key information from Windows logs related to event 1102, which is triggered when system event logs have been cleared, an action that may indicate an attempt to hide suspicious or malicious activity on the system.<br/><br/>Event 1102 is directly related to monitoring activity in the event logs, as it records when a user or process deletes the event logs, which is a critical action that can impact the integrity of the audit logs. In the context of compliance with SI.2.212 of CMMC Level 2, this event is essential to implement real-time monitoring mechanisms for security events, as it provides the visibility necessary to detect attempts to manipulate or delete audit records, which which could interfere with the ability to audit and respond to security incidents effectively.<br/><br/>This event is especially important for detecting suspicious or malicious activity, such as security breach cover-up attempts or unauthorized activities. Including Event 1102 in log analysis ensures that log integrity is maintained and effective real-time security monitoring can be performed, meeting the requirements of CMMC Level 2 (SI.2.212). .<br/><br/>The continuous collection and analysis of 1102 events ensures that organizations can detect any attempted security log manipulation and take the necessary corrective action to protect the system and its resources. This practice is essential to maintain traceability of security incidents and to meet the continuous monitoring requirements established by CMMC.', null, null, null, null, null, null, null, null, null, 503, true, 295, 'TEMPLATE', null, null, 'Windows Level 2 (SI.2.212): Cleaned Event Log', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (777, 'This report collects relevant information from the Windows logs generated by event 1102, which is triggered when the audit log is cleared on a system. This event is critical to comply with CMMC Level 4 control CM.4.070, which requires automation of the detection of unauthorized changes to systems.<br/><br/>Event 1102 provides details on the deletion of audit logs, which is essential for detecting suspicious or malicious activities that attempt to hide traces of unauthorized access or malicious actions on the system. Deleting or altering audit logs can be an indication that an attacker is trying to cover their tracks or modify evidence, posing a significant threat to system security and integrity.<br/><br/>This report is key to detecting possible attempts to manipulate or delete logs, ensuring that audit logs are protected and that any unauthorized changes to the system configuration can be detected. In addition, it facilitates the automation of the monitoring process, which is essential to identify threats in real time and ensure that organizational security policies are met, supporting CMMC compliance at its most advanced level.', null, null, null, null, null, null, null, null, null, 506, true, 295, 'TEMPLATE', null, null, 'Windows Level 4 (CM.4.070): Cleaned Event Log', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (759, 'This report collects relevant information from the Windows logs generated by event 1102, which is triggered when the system audit log is cleared. This event is essential to comply with CMMC control SI.4.221, which requires the use of automated tools to detect and respond to network anomalies.<br/><br/>Event 1102 provides details on audit log deletion, which is critical to identifying unauthorized actions or attempts to manipulate system logs, behavior that could indicate an attack or malicious activity. Monitoring these types of events is crucial to detect attempts to hide traces of previous attacks, which is behavior that can compromise the integrity of the network security system.<br/><br/>This report is key to strengthening the detection of anomalies and the protection of the network infrastructure, allowing security teams to take preventive and response measures against the unauthorized deletion of logs. Additionally, it contributes to CMMC compliance by ensuring that appropriate incident detection tools are used and the integrity of system logs is maintained, facilitating the identification and mitigation of potential network threats.', null, null, null, null, null, null, null, null, null, 502, true, 295, 'TEMPLATE', null, null, 'Windows Level 4 (SI.4.221): Cleaned Event Log', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (504, 'This report compiles relevant information from the Windows logs generated by event 5158, related to the Windows Filtering Platform (WFP), with the objective of supporting compliance with control SI.2.212 of CMMC Level 2, which requires the implementation of mechanisms to real-time monitoring of security events.<br/><br/>Event 5158 is triggered when a network connection is allowed through the Windows Filtering Platform, a key component in the Windows network traffic filtering infrastructure. This system monitors and controls network traffic, allowing the detection of unauthorized or malicious connections and ensuring that only authorized connections can access system resources.<br/><br/>This report allows you to identify traffic patterns and network access, detecting possible threats or suspicious activities through the filtering platform. The data provided by event 5158 is essential to implement intrusion detection and prevention measures in real time, contributing to the early identification of security incidents.<br/><br/>In this way, the analysis of this event helps satisfy the requirements of CMMC Level 2 (SI.2.212), by providing continuous visibility of network connections and ensuring that security monitoring mechanisms are effective for the protection of network connections. systems and information.', null, null, null, null, null, null, null, null, null, 503, true, 296, 'TEMPLATE', null, null, 'Windows Level 2 (SI.2.212): Filtering Platform', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (946, 'This report collects relevant information from the logs of Windows event 1102, which is generated when the system audit log is deleted. This event is essential to verify compliance with the CMMC Level 2 requirement (AU.2.041), which requires the retention of audit logs for security events. Detecting and documenting audit log deletion is key to ensuring data integrity and preventing attempts to hide malicious activity. The analysis of these events allows us to identify possible evidence manipulation attempts, strengthening the system''s ability to maintain reliable traceability and comply with the security standards required by CMMC.', null, null, null, null, null, null, null, null, null, 513, true, 295, 'TEMPLATE', null, null, 'Windows Level 2 (AU.2.041): Cleaned Event Log', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (807, 'This report collects relevant information from the Windows logs generated by event 1102, which is activated when a reboot or cleaning of the security logs is performed. This event is critical to compliance with CMMC Level 4 control SI.4.221, which requires automation of malware detection and response.<br/><br/>Event 1102 provides details on cleaning the system event logs, which is critical for automated detection of suspicious or malicious activity. Deleting or modifying security logs can be an indication that a malicious actor is trying to cover their tracks, posing a significant threat to systems integrity.<br/><br/>Monitoring this event in an automated way allows you to identify when changes or deletions are made to the security logs, which can signal cover-up attempts after an attack or intrusion. Detecting and responding to these incidents automatically is essential to ensure the continued protection of the organization''s IT environment.<br/><br/>This report is key to supporting security teams in implementing automatic controls that not only detect possible intrusions or cloaking attempts, but also provide immediate responses to mitigate any potential threats. By doing so, you contribute to CMMC Level 4 compliance, ensuring that detection and response to security incidents is carried out in an efficient and automated manner.', null, null, null, null, null, null, null, null, null, 507, true, 295, 'TEMPLATE', null, null, 'Windows Level 4 (SI.4.221): Cleaned Event Log', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (973, 'This report compiles relevant information from the logs of Windows Security Auditing event 1102 (Audit log cleared), used to verify compliance with CMMC Level 4 (SC.4.229), which seeks to improve cryptographic protections with advanced tools. Event 1102 is generated when the security audit log is deleted, which could affect the integrity of cryptographic tools and processes that protect sensitive information, including Controlled Unclassified Information (CUI). Monitoring these types of events is essential to detect attempts to tamper with or delete audit logs, which could include activities related to the use of cryptography or key management. This report provides visibility into actions that may compromise the traceability of crypto-related events, allowing administrators to take immediate action if an anomaly is identified that puts the security and integrity of the organization''s cryptographic infrastructure at risk.', null, null, null, null, null, null, null, null, null, 515, true, 295, 'TEMPLATE', null, null, 'Windows Level 4 (SC.4.229): Cleaned Event Log', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (505, 'This report focuses on the collection and analysis of relevant information from event 4662 in the Windows logs, with the objective of supporting compliance with CMMC Level 2 control SI.2.212. Control SI.2.212 requires the implementation of mechanisms for the Real-time monitoring of security events, which is critical to quickly identifying and responding to cyber threats.<br/><br/>Event 4662 is triggered when an attempt is made to access or modify a security object on the system, such as a file, folder, or registry key, that is under protection by an access control system. This event provides details about the operations performed, such as reading, writing, or deleting objects, and who attempted them. Details include the session identifier, the type of access requested, the object affected, and the identity of the user or process that performed the operation.<br/><br/>The analysis of this event in real time allows monitoring access to critical resources within the system, detecting unusual or potentially malicious behavior, and generating alerts regarding possible security violations. This helps identify unauthorized data manipulation attempts, which is crucial to meet CMMC''s continuous security monitoring requirements.<br/><br/>In summary, event 4662 plays a key role in improving security auditing and monitoring capabilities, enabling the detection of potential security incidents related to access to sensitive objects, and directly contributes to compliance with CMMC Level controls. 2 (SI.2.212).', null, null, null, null, null, null, null, null, null, 503, true, 297, 'TEMPLATE', null, null, 'Windows Level 2 (SI.2.212): Protected Object Access Operation', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (882, e'The Windows Protected Object Access Operation Report provides a detailed log of access attempts—both successful and unsuccessful—on protected objects such as files, folders, registry keys, and other critical resources. This report is vital for ensuring compliance with Real-Time Alerting and Monitoring in the Banking Audit framework, enabling visibility into access to sensitive resources and the enforcement of security controls.<br/>	•	Regulatory Compliance: Aligns with the GLBA Safeguards Rule, ensuring oversight of access attempts to protect critical financial systems and sensitive customer data.<br/>	•	Access Control Monitoring: Supports compliance with PCI DSS Requirement 10, which mandates logging and monitoring of access to critical resources to detect unauthorized activities.<br/>	•	Real-Time Detection: Captures and reports unauthorized or suspicious access attempts in real-time, enabling immediate incident response.<br/>	•	Incident Detection and Mitigation: Identifies patterns of unauthorized access, such as privilege escalation or brute force attempts, which could indicate potential threats.<br/>	•	Audit Readiness: Provides traceability of protected object access events, ensuring compliance with frameworks like SOC2 Type 2 and ISO 27001.', null, null, null, null, null, null, null, null, null, 701, true, 297, 'TEMPLATE', null, null, 'Windows Protected Object Access Operation', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (796, 'This report collects relevant information from the Windows logs generated by event 5158, which is triggered when the Windows Filtering Platform (WFP) blocks a network connection due to configured filtering rules. The event is particularly important for CMMC Level 3 control SI.3.219, which requires the implementation of endpoint monitoring for malware detection.<br/><br/>The Windows Filtering Platform (WFP) is an infrastructure that enables filtering of network traffic, providing fine-grained control over incoming and outgoing connections. When a connection is blocked by network filtering policies, event 5158 records information related to that action, which helps identify suspicious traffic patterns, unauthorized access attempts, or the communication of malware across the network. .<br/><br/>Monitoring these types of events is crucial to detect malicious activity in real time, such as malware attempts to exfiltrate information or connect to command and control servers. This event provides key details about network connections that have been stopped by WFP filtering rules, allowing security teams to identify, investigate, and mitigate potential threats before they can compromise the system.<br/><br/>This report is essential to ensure that network infrastructure protection measures are working correctly, contributing to compliance with CMMC Level 3 control SI.3.219 by enabling effective monitoring of endpoints and early detection of malware and cyber attacks.', null, null, null, null, null, null, null, null, null, 507, true, 296, 'TEMPLATE', null, null, 'Windows Level 3 (SI.3.219): Filtering Platform', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (883, e'The Windows Object Deletion Report provides a detailed record of deletion events for critical objects, such as files, folders, registry keys, and system components. This report is vital for ensuring compliance with Real-Time Alerting and Monitoring within the Banking Audit framework, enabling visibility and control over sensitive operations that may impact system integrity and data security.<br/>	•	Regulatory Compliance: Aligns with the GLBA Safeguards Rule, ensuring oversight of deletion activities to safeguard financial systems and sensitive customer data.<br/>	•	Incident Detection: Identifies unauthorized or suspicious deletion events, which could indicate malicious activity, insider threats, or system misuse.<br/>	•	Real-Time Monitoring: Captures deletion activities as they occur, enabling immediate response to unauthorized or risky operations.<br/>	•	Audit Readiness: Provides traceability for deletion events, ensuring compliance with frameworks like SOC2 Type 2 and ISO 27001, demonstrating secure management of critical objects.<br/>	•	Data Protection: Ensures compliance with GDPR Article 32, showcasing controls to monitor and restrict unauthorized deletion of data or configuration files.', null, null, null, null, null, null, null, null, null, 701, true, 298, 'TEMPLATE', null, null, 'Windows Object Deletion', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (506, 'This report focuses on the collection and analysis of relevant information from event 4660 in the Windows logs, with the objective of supporting compliance with control SI.2.212 of CMMC Level 2, which requires the implementation of mechanisms for supervision in real time of security events.<br/><br/>Event 4660 is triggered when a process attempts to delete an object on the system, such as a file or folder, which may be related to sensitive data deletion actions or unauthorized changes to the system. This event records details about the affected object, the operation that was attempted (deletion), and the identity of the user or process that attempted the action.<br/><br/>Analysis of this event is essential to ensure that critical object removals are monitored in real time. This helps detect unauthorized activity, whether due to error or malicious intent, and generate alerts that allow administrators to quickly take preventive or corrective action.<br/><br/>By monitoring events such as 4660, you can strengthen control over data integrity and systems security, detecting unauthorized access or unexpected actions. Compliance with SI.2.212 is crucial for incident response capability and for maintaining active protection of sensitive resources within the infrastructure.<br/><br/>In summary, event 4660 plays a key role in detecting potentially hazardous activities related to the removal of critical objects, contributing to compliance with the real-time monitoring requirements mandated by CMMC Level 2 (SI.2.212).', null, null, null, null, null, null, null, null, null, 503, true, 298, 'TEMPLATE', null, null, 'Windows Level 2 (SI.2.212): Object Deletion', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (957, 'This report collects and analyzes the logs for Windows event 4660, which indicates the deletion of an object within the system, such as files, folders, or registry keys. This event is crucial to monitor the manipulation of Controlled Unclassified Information (CUI) and detect possible attempts at unauthorized deletion of sensitive data.<br/><br/>Reviewing these logs allows you to verify compliance with CMMC Level 3 (MP.3.123): Protect CUI during transport and prevent data loss, ensuring that protected information is protected against improper modifications or deletions. Through this analysis, suspicious activities, unauthorized access and possible attempts to exfiltrate or destroy critical information can be identified, thus strengthening data security and information loss prevention strategies.', null, null, null, null, null, null, null, null, null, 514, true, 298, 'TEMPLATE', null, null, 'Windows Level 3 (MP.3.123): Object Deletion', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (876, 'This report compiles and presents relevant information about AssumeRole events in AWS, with the objective of verifying compliance with CMMC level 2 practice AU.2.042. The main focus is to ensure that audit logs related to role assumption are collected comprehensively, allowing security events to be detected and analyzed. The report includes details such as the identity of the user assuming the role, the ARN of the assumed role, the account involved, and the source of the request. This information is essential to monitor critical activities, identify unusual patterns, and ensure that necessary logs are available to support event analysis and respond effectively to potential security incidents.', null, null, null, null, null, null, null, null, null, 511, true, 357, 'TEMPLATE', null, null, 'AWS Level 2 (AU.2.042): Roles Assumption', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (886, e'The Windows Critical Hardware Failure Report provides detailed logs of hardware-related issues, such as disk failures, memory errors, or overheating events. This report is vital for ensuring compliance with Real-Time Alerting and Monitoring within the Banking Audit framework, as hardware failures can lead to data loss, downtime, or system vulnerabilities.<br/>	•	Regulatory Compliance: Aligns with the GLBA Safeguards Rule, ensuring that critical hardware failures are monitored and mitigated to protect financial systems and sensitive data.<br/>	•	Real-Time Alerting: Captures and notifies administrators in real-time of hardware issues, enabling immediate action to minimize risks and prevent system downtime.<br/>	•	Incident Response: Identifies patterns of recurring hardware issues, supporting root cause analysis and proactive maintenance planning.<br/>	•	Audit Readiness: Provides traceability of hardware failure events, ensuring compliance with frameworks like SOC2 Type 2 and ISO 27001, demonstrating secure and reliable system operations.<br/>	•	Data Protection: Supports compliance with PCI DSS Requirement 5, ensuring the availability and integrity of hardware components critical to financial systems.', null, null, null, null, null, null, null, null, null, 701, true, 299, 'TEMPLATE', null, null, 'Windows Critical Hardware Failure', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (717, '', null, null, null, null, null, null, null, null, null, 604, true, 301, 'TEMPLATE', null, null, 'Windows Account Authentication Using NTLM', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (508, 'This report groups the events generated by the Windows Service Control Manager (SCM), specifically event 7035, which is activated when a service is requested to start or stop on the system. This event may be relevant for real-time monitoring of critical services and their management in the IT environment.<br/><br/>Including these events in the report makes it easier to track changes in the state of services, which is essential for detecting suspicious activity, such as unauthorized attempts to start or stop services. This information helps detect possible malicious actions that could compromise the integrity or availability of the systems, as well as the effectiveness of control mechanisms in real time.<br/><br/>Compliance with CMMC - Level 2 (SI.2.212): The analysis of these events meets the requirement of Level 2 (SI.2.212): Implement mechanisms for real-time security event monitoring of CMMC, allowing early identification of threats in time real by monitoring the actions performed on Windows services. The collection, storage and analysis of these logs is essential to identify attempts to tamper with or interrupt services, and to ensure rapid response to incidents.', null, null, null, null, null, null, null, null, null, 503, true, 300, 'TEMPLATE', null, null, 'Windows Level 2 (SI.2.212): Monitoring of Critical System Services Status', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (887, e'The Windows Monitoring of Critical System Services Status Report provides detailed insights into the operational state of critical system services, tracking events such as service starts, stops, crashes, or failures. This report is essential for ensuring compliance with Real-Time Alerting and Monitoring within the Banking Audit framework, as service disruptions can compromise system reliability and security.<br/>	•	Regulatory Compliance: Aligns with the GLBA Safeguards Rule, ensuring oversight of critical system services to safeguard financial systems and sensitive customer data.<br/>	•	Real-Time Alerting: Captures and notifies administrators of service disruptions or failures in real-time, enabling immediate response to restore functionality and prevent downtime.<br/>	•	Incident Detection: Identifies recurring service failures or unauthorized modifications, which could indicate security threats or system misconfigurations.<br/>	•	Audit Readiness: Provides traceability of service status events, ensuring compliance with frameworks like SOC2 Type 2 and ISO 27001, demonstrating robust monitoring and management practices.<br/>	•	System Reliability: Supports compliance with PCI DSS Requirement 10, ensuring critical services remain operational to maintain secure and reliable financial operations.', null, null, null, null, null, null, null, null, null, 701, true, 300, 'TEMPLATE', null, null, 'Windows Monitoring of Critical System Services Status', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (954, 'This report collects relevant information from the logs of Windows event 4776, which is generated when an authentication attempt on the domain controller is processed by NTLM. This event is essential to verify compliance with CMMC''s Level 4 requirement (AU.4.052), which emphasizes improving audit logs for advanced threat detection. By analyzing these events, it is possible to identify suspicious authentication patterns, such as repeated failed login attempts or authentications from unusual locations, which may indicate attack attempts such as brute force or lateral movement within the network. The correlation of this data with other sources of events allows us to improve threat detection and strengthen the security of the infrastructure, facilitating rapid and automated responses to possible compromises.', null, null, null, null, null, null, null, null, null, 513, true, 301, 'TEMPLATE', null, null, 'Windows Level 4 (AU.4.052): Account Authentication Using NTLM', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (779, 'This report collects relevant information from the Windows logs generated by event 4776, which is triggered when an authentication attempt is made through NTLM. This event is essential to comply with CMMC Level 4 control CM.4.070, which requires automation of the detection of unauthorized changes to systems.<br/><br/>This event is especially useful for identifying unusual patterns that may indicate unauthorized activity, such as login attempts using compromised credentials or brute force password guessing attacks.<br/><br/>Automating the detection of these events helps protect against unauthorized access to critical systems and ensures that any change in authentication is quickly detected, preventing malicious actors from executing internal or external attacks. In addition, it allows for a faster and more efficient response to incidents related to unauthorized access.<br/><br/>This report is essential to strengthen the security of the systems by detecting possible gaps in access to the systems and maintaining constant surveillance over the credentials used in the environment. It also contributes to CMMC Level 4 compliance by ensuring the implementation of automatic controls for the detection of unauthorized changes related to authentication.', null, null, null, null, null, null, null, null, null, 506, true, 301, 'TEMPLATE', null, null, 'Windows Level 4 (CM.4.070): Account Authentication Using NTLM', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (745, 'This report collects relevant information from the Windows logs generated by event 4776, which is triggered during failed authentication attempts on a system through the use of incorrect credentials. This event is crucial to comply with CMMC control AU.3.044, which requires maintaining event logs for advanced review and effective response to security incidents.<br/><br/>Event 4776 provides details about authentication attempts. By monitoring this event, patterns of failed login attempts can be identified, which could indicate brute force attacks or unauthorized attempts to access the system.<br/><br/>This report is essential to retain relevant logs that can be reviewed later to identify possible threats or security incidents. Additionally, by storing these events appropriately, security teams can conduct subsequent investigations if suspicious activity is detected. This also facilitates CMMC compliance by ensuring that authentication records are thoroughly reviewed and can be used in effective incident response or analysis.', null, null, null, null, null, null, null, null, null, 505, true, 301, 'TEMPLATE', null, null, 'Windows Level 3 (AU.3.044): Account Authentication Using NTLM', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (757, 'This report collects relevant information from the Windows logs generated by event 4776, which is triggered when a login authentication attempt is made using the NTLM (NT LAN Manager) protocol. This event is key to complying with CMMC control SI.3.219, which requires the implementation of network monitoring to detect attacks.<br/><br/>Event 4776 provides details about failed authentication attempts over NTLM, a protocol used for authentication on Windows networks. Identifying these failed attempts is essential to detect patterns of unauthorized access, such as brute force attacks or password guessing attempts, that seek to exploit vulnerabilities in authentication mechanisms. Monitoring these types of events helps prevent unauthorized access to critical systems and applications.<br/><br/>This report is crucial to detect potential vulnerabilities associated with NTLM that can be exploited by malicious actors, allowing security teams to quickly identify and respond to incidents related to unauthorized access. Additionally, it contributes to CMMC compliance by ensuring that appropriate network monitoring practices are implemented to detect and mitigate potential attacks that compromise the security of the organization''s systems.', null, null, null, null, null, null, null, null, null, 502, true, 301, 'TEMPLATE', null, null, 'Windows Level 3 (SI.3.219): Account Authentication Using NTLM', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (896, e'The Windows Process Termination Report provides detailed logs of events where processes are terminated on a system, including information about the process name, termination path, initiating user, and timestamp. This report is essential for ensuring compliance with Real-Time Alerting and Monitoring within the Banking Audit framework, as monitoring process termination helps detect unauthorized or malicious activities.<br/>	•	Regulatory Compliance: Aligns with the GLBA Safeguards Rule, ensuring oversight of process terminations to protect financial systems and sensitive customer data.<br/>	•	Threat Detection: Identifies suspicious or unauthorized process terminations, such as forced terminations of security services or critical system processes, which may indicate malicious activity.<br/>	•	Real-Time Alerting: Captures and alerts administrators immediately of abnormal process termination events, enabling rapid response and investigation.<br/>	•	Audit Readiness: Tracks all process termination events, ensuring compliance with frameworks like SOC2 Type 2 and ISO 27001, demonstrating robust monitoring of system activities.<br/>	•	System Integrity: Supports compliance with PCI DSS Requirement 10, ensuring visibility into system-level activities for secure and reliable operations.', null, null, null, null, null, null, null, null, null, 701, true, 302, 'TEMPLATE', null, null, 'Windows Process Termination', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (510, 'This report compiles relevant information about event 4688 in the Windows logs, which is generated every time a process is created on the system. This event is of vital importance for security monitoring, since it allows identifying the execution of new processes that may be part of normal activities or, in the case of being malicious, an indication of compromise or attack on the system.<br/><br/>In the context of CMMC Level 3 (SI.3.217), monitoring this event is crucial to detect possible attacks. The creation of unauthorized or unusual processes can be a sign of malicious activities such as running malware, unauthorized scripts, or launching attack tools. In addition, attackers often use techniques such as executing code on the system to maintain their presence, which would be reflected in these types of events.<br/><br/>Analysis of 4688 events allows the detection of anomalous behavior patterns, such as the creation of processes from unusual locations or associated with illegitimate activities, which facilitates early identification of threats. The collection and analysis of this information contributes to maintaining effective control over activities within the systems, ensuring that you can react quickly to potential security incidents.<br/><br/>This report is essential to meet the threat monitoring and detection requirements established in CMMC Level 3 (SI.3.217), allowing organizations to implement efficient monitoring tools that support the detection of attacks and suspicious activities in real time.', null, null, null, null, null, null, null, null, null, 503, true, 302, 'TEMPLATE', null, null, 'Windows Level 3 (SI.3.217): Process Termination', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (511, 'The SI.3.217 (System Time Settings Changes) control in the CMMC (Cybersecurity Maturity Model Certification) focuses on monitoring and controlling changes in the system time settings. This control is critical to ensure the integrity of the systems and the security of the organization, as unauthorized changes to the system time may be indicative of attempts to tamper with or evade audit logs.', null, null, null, null, null, null, null, null, null, 503, true, 303, 'TEMPLATE', null, null, 'Windows Level 3 (SI.3.217): System Time Settings Changes', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (953, 'This report compiles relevant information from the logs of Windows event 4689, which is generated when a process ends in the system. This event is key to verify compliance with CMMC''s Level 4 requirement (AU.4.052), which emphasizes improving audit logs to support advanced threat detection. By monitoring process termination, you can identify anomalous behavior, possible security evasion attempts, or the unexpected termination of critical processes. The analysis of these logs, combined with advanced correlation and threat detection techniques, allows you to strengthen the security of your environment, respond more quickly to potential incidents, and improve your ability to defend against sophisticated attacks.', null, null, null, null, null, null, null, null, null, 513, true, 302, 'TEMPLATE', null, null, 'Windows Level 4 (AU.4.052): Process Termination', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (760, 'This report compiles relevant information from the Windows logs generated by event 4689, which is activated when a process or service ends its execution on the system. This event is key to complying with CMMC control SI.4.221, which requires the use of automated tools to detect and respond to network anomalies.<br/><br/>Event 4689 provides details about the termination of processes in the system, allowing you to monitor the activities taking place on the network and detect unusual behavior, such as the termination of unexpected or malicious processes. Monitoring this event helps identify potential attacks, intrusions, or malware that attempt to disrupt critical systems or evade detection of malicious activity.<br/><br/>This report is essential to ensure that security teams are capable of detecting and responding to anomalies in the network in an automated manner, allowing rapid and effective intervention in the event of any event that may jeopardize the security of the system. Additionally, it contributes to compliance with CMMC guidelines by ensuring that appropriate tools are implemented for the detection and response to incidents related to malicious activities within the network infrastructure.', null, null, null, null, null, null, null, null, null, 502, true, 302, 'TEMPLATE', null, null, 'Windows Level 4 (SI.4.221): Process Termination', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (900, e'The Windows System Time Settings Changes Report provides detailed logs of events where system time, time zone, or clock settings are modified. This report is critical for ensuring compliance with Real-Time Alerting and Monitoring within the Banking Audit framework, as changes to time settings can disrupt time-sensitive operations, affect audit log integrity, or indicate unauthorized activity.<br/>	•	Regulatory Compliance: Aligns with the GLBA Safeguards Rule, ensuring oversight of time settings changes to maintain the integrity of financial systems and customer data.<br/>	•	System Integrity Monitoring: Supports compliance with PCI DSS Requirement 10, ensuring that time settings changes are logged and monitored to maintain reliable audit trails.<br/>	•	Real-Time Alerting: Captures and notifies administrators immediately when system time settings are altered, enabling rapid investigation and response.<br/>	•	Incident Detection: Identifies suspicious changes to system time, which could indicate attempts to bypass security measures, manipulate logs, or hide unauthorized activities.<br/>	•	Audit Readiness: Tracks time setting changes, ensuring compliance with frameworks like SOC2 Type 2 and ISO 27001, demonstrating robust configuration and log management practices.', null, null, null, null, null, null, null, null, null, 701, true, 303, 'TEMPLATE', null, null, 'Windows System Time Settings Changes', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (706, '', null, null, null, null, null, null, null, null, null, 604, true, 305, 'TEMPLATE', null, null, 'Windows Service Installed', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (512, 'The SI.3.217 (Certificate Configuration Changes) control of the CMMC (Cybersecurity Maturity Model Certification) focuses on the management of changes in the configuration of digital certificates in systems. This control is essential to maintain confidence in security systems, especially in a business environment where data protection is critical.', null, null, null, null, null, null, null, null, null, 503, true, 304, 'TEMPLATE', null, null, 'Windows Level 3 (SI.3.217): Certificate Configuration Changes', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (933, 'This report collects and analyzes relevant information from AWS logs related to the DeleteUser event, with the objective of verifying compliance with the Level 2 requirement (AU.2.044) of the CMMC framework. Reviewing these logs can detect potentially inappropriate activities, such as unauthorized deletion of user accounts, actions taken outside of business hours, or from unusual locations. By monitoring these events, you improve your ability to identify potential insider threats, administrative errors, or malicious attempts to remove evidence of unauthorized activity.', null, null, null, null, null, null, null, null, null, 501, true, 359, 'TEMPLATE', null, null, 'AWS Level 2 (AU.2.044): IAM User Deletion', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (776, 'This report compiles relevant information from the Windows logs generated by event 5058, which is triggered when a private key is loaded or modified in Windows Key and Certificate Manager. This event is crucial to comply with CMMC Level 3 control CM.3.068, which requires the implementation of controls to manage system configurations.<br/><br/>Event 5058 allows you to monitor changes in cryptographic key management, which is essential to detect possible attempts at certificate manipulation, unauthorized access to private keys, or improper configurations that may compromise system security. Identifying and recording these changes helps prevent attacks based on altered credentials or misuse of digital certificates.<br/><br/>This report provides visibility into changes to the key and certificate infrastructure, allowing security teams to evaluate the integrity of cryptographic mechanisms and ensure compliance with organizational security policies, thus strengthening risk management and protection of assets. critical assets.', null, null, null, null, null, null, null, null, null, 506, true, 304, 'TEMPLATE', null, null, 'Windows Level 3 (CM.3.068): Certificate Configuration Changes', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (974, 'This report compiles relevant information from the logs of Windows Security Auditing event 4616 (The system time was changed), used to verify compliance with CMMC Level 4 (SC.4.229), which seeks to improve cryptographic protections with advanced tools. Event 4616 is generated when a change is made to the system time, which can affect the validation and synchronization of cryptographic certificates, encryption keys, and other components essential to cryptographic security. An unauthorized change to the system time could compromise the integrity of cryptographic tools and affect the protection of sensitive information, including CUI (Controlled Unclassified Information). Monitoring this event is crucial to detect alterations in time synchronization, which is essential for the correct implementation and verification of cryptographic policies, ensuring that encrypted communications and data are not compromised. This report allows you to identify any deviations that may interfere with security controls related to cryptography.', null, null, null, null, null, null, null, null, null, 515, true, 303, 'TEMPLATE', null, null, 'Windows Level 4 (SC.4.229): System Time Settings Changes', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (513, 'This report focuses on the Windows logs for event 4697, which is generated when a service is installed on a system. Installing services is a critical operation that can be used by both legitimate administrators and malicious actors to alter systems configuration, establish persistence, or hide malicious activities.<br/><br/>In the context of CMMC Level 4 (SI.4.220): Monitor for malicious behavior across the organization, event 4697 is essential to detect unauthorized installation of services that could indicate a malware attack, persistence activity, or the establishment of backdoors. The presence of a service installed without proper authorization or outside of standard procedures can be a sign of suspicious behavior and is therefore an important monitoring target.<br/><br/>This type of malicious behavior can be an early indicator of an advanced attack, where an attacker installs a service to maintain control over the compromised system, or to continuously execute code without being detected. For example, an attacker could install a service to run a Trojan horse or rootkit that remains on the system even after reboots or configuration changes.<br/><br/>Monitoring this event allows you to quickly identify unauthorized installations of services, facilitating early detection of intrusions and response to possible security incidents. This surveillance capability contributes to risk reduction by allowing security teams to proactively act against potential threats before they can escalate and compromise critical systems or sensitive data.', null, null, null, null, null, null, null, null, null, 503, true, 305, 'TEMPLATE', null, null, 'Windows Level 4 (SI.4.220): Windows Service Installed', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (567, 'This report collects relevant information from the Windows logs generated by event 4697, which is triggered when a new service is installed on the system. This event is critical to comply with CMMC control AU.3.045, which requires correlation of security events to identify suspicious behavior and detect malicious activity.<br/><br/>Event 4697 provides details about the installation of new services, allowing you to monitor system configuration changes that could indicate persistence attempts by attackers or the execution of unauthorized software. By correlating this event with other security logs, such as privilege changes or unusual access, patterns can be identified that suggest suspicious activity within the environment.<br/><br/>This report helps detect possible threats related to the installation of unauthorized services, facilitating the taking of preventive measures to mitigate security risks. Additionally, it contributes to compliance with CMMC regulations by ensuring effective monitoring and correlation of key events for infrastructure protection.', null, null, null, null, null, null, null, null, null, 504, true, 305, 'TEMPLATE', null, null, 'Windows Level 3 (AU.3.045): Service Installed', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (754, 'This report compiles relevant information from the Windows logs generated by event 4697, which is activated when a service is installed on the system. This event is key to complying with CMMC control SI.2.216, which requires the detection of malicious code and effective response to malware infections.<br/><br/>Event 4697 provides details about newly installed services on the system, which may be indicative of the installation of unauthorized or malicious software. Many types of malware are installed on the system as services to maintain their persistence. By monitoring these events, you can quickly identify suspicious services that could have been introduced by malware.<br/><br/>This report makes it easier to detect potential malware infections by monitoring newly installed services, allowing security teams to respond efficiently to any signs of malicious activity. Additionally, it contributes to CMMC compliance by ensuring that the services installed on the system are legitimate and not related to malicious behavior.', null, null, null, null, null, null, null, null, null, 502, true, 305, 'TEMPLATE', null, null, 'Windows Level 2 (SI.2.216): Service Installed', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (514, 'This report collects relevant information from the Windows logs corresponding to event 4799, which is generated when a user logs out of the system. This event is crucial for monitoring user account behavior and detecting possible user account enumeration attempts, a technique used by attackers to obtain information about valid accounts on a system.<br/><br/>In the context of CMMC SI.5.223, which requires the implementation of advanced monitoring to detect anomalous behavior using machine learning, event 4799 is analyzed to identify unusual patterns that could indicate account enumeration attacks. Attempts to log out repeatedly with different credentials or at unusual times may signal activities of an attacker trying to discover valid user accounts or learn about network login and logout behavior.<br/><br/>The report is integrated with advanced tools that use machine learning to detect anomalous behavior associated with account enumeration attempts and other types of persistence attacks, improving the organization''s ability to identify advanced threats early and effectively.', null, null, null, null, null, null, null, null, null, 503, true, 306, 'TEMPLATE', null, null, 'Windows Level 5 (SI.5.223): User Accounts Enumeration', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (908, e'The Windows User Accounts Enumeration Report provides detailed logs of attempts to list or enumerate user accounts on a system. This report is crucial for ensuring compliance with Real-Time Alerting and Monitoring within the Banking Audit framework, as unauthorized enumeration activities can indicate reconnaissance efforts by attackers or insider threats.<br/>	•	Regulatory Compliance: Aligns with the GLBA Safeguards Rule, ensuring oversight of user enumeration events to protect sensitive financial systems and customer data.<br/>	•	Access Control Monitoring: Supports compliance with PCI DSS Requirement 8, ensuring that access to user account information is restricted and monitored.<br/>	•	Real-Time Alerting: Captures and alerts administrators immediately of suspicious enumeration activities, enabling rapid investigation and mitigation.<br/>	•	Incident Detection: Identifies unauthorized enumeration attempts, which could indicate reconnaissance, brute force attacks, or credential harvesting.<br/>	•	Audit Readiness: Tracks all user enumeration events, ensuring compliance with frameworks like SOC2 Type 2 and ISO 27001, demonstrating secure access and identity management practices.', null, null, null, null, null, null, null, null, null, 701, true, 306, 'TEMPLATE', null, null, 'Windows User Accounts Enumeration', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (950, 'This report gathers relevant information from the logs of Windows event 4697, which is generated when a service is installed on the system. This event is key to verifying compliance with CMMC''s Level 3 requirement (AU.3.045), which requires auditing of critical events for compliance and incident response. Installing new services can indicate legitimate configurations, but can also be a sign of malicious activity, such as malware persistence or lateral movements within the network. By analyzing these logs, organizations can identify unauthorized changes, improve threat detection, and strengthen their ability to respond to potential security incidents.', null, null, null, null, null, null, null, null, null, 513, true, 305, 'TEMPLATE', null, null, 'Windows Level 3 (AU.3.045): Service Installed', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (909, e'The Windows Group Membership Enumerated Report provides detailed logs of events where group membership information is queried or enumerated. This report is critical for ensuring compliance with Real-Time Alerting and Monitoring within the Banking Audit framework, as unauthorized enumeration can indicate reconnaissance activities by attackers or insider threats attempting to identify privileged groups.<br/>	•	Regulatory Compliance: Aligns with the GLBA Safeguards Rule, ensuring oversight of group membership enumeration to protect sensitive financial systems and customer data.<br/>	•	Access Control Monitoring: Supports compliance with PCI DSS Requirement 7, ensuring that access to group membership details is restricted and tracked.<br/>	•	Real-Time Alerting: Captures and alerts administrators immediately when group membership enumeration is detected, enabling rapid investigation and mitigation of potential threats.<br/>	•	Incident Detection: Identifies unauthorized or suspicious queries of group membership, which may indicate attempts to map privileged accounts or escalate privileges.<br/>	•	Audit Readiness: Tracks all group membership enumeration events, ensuring compliance with frameworks like SOC2 Type 2 and ISO 27001, demonstrating robust access management practices.', null, null, null, null, null, null, null, null, null, 701, true, 307, 'TEMPLATE', null, null, 'Windows Group Membership Enumerated', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (696, '', null, null, null, null, null, null, null, null, null, 601, true, 308, 'TEMPLATE', null, null, 'Windows User Account Attributes Changes', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (669, '', null, null, null, null, null, null, null, null, null, 601, true, 312, 'TEMPLATE', null, null, 'Windows Password Reset Attempts', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (774, 'This report compiles relevant information from the Windows logs generated by event 4738, which is activated when a modification is made to a user''s account within the system. This event is key to complying with CMMC control CM.3.068, which requires the implementation of controls to manage system configurations and ensure infrastructure security.<br/><br/>Monitoring this event is critical to detect unauthorized alterations to user accounts, which could indicate privilege escalation attempts, account compromises, or misconfigurations that could impact system security.<br/><br/>This report allows security teams to audit and validate that all modifications to user accounts are authorized and comply with established security policies. Its implementation strengthens system configuration management and contributes to CMMC compliance, ensuring that account changes are appropriately monitored and controlled to prevent improper access or incorrect configurations.', null, null, null, null, null, null, null, null, null, 506, true, 308, 'TEMPLATE', null, null, 'Windows Level 3 (CM.3.068): User Account Attributes Changes', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (681, '', null, null, null, null, null, null, null, null, null, 602, true, 308, 'TEMPLATE', null, null, 'Windows User Account Attributes Changes', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (985, 'This report presents a detailed analysis of Windows Event Viewer events ID 6005 and ID 6006, which record events related to system startup and shutdown. Event 6005 indicates the start of a Windows event log event, while event 6006 signals a controlled system shutdown.<br/><br/>The collection and evaluation of these events is essential for the validation of Disaster Recovery and Business Continuity, according to CMMC (Cybersecurity Maturity Model Certification) standards and requirements. By analyzing these logs, it is ensured that the system is being booted and shut down correctly, which helps confirm the correct implementation of recovery strategies, effective monitoring, and continued availability of services.', null, null, null, null, null, null, null, null, null, 517, true, 311, 'TEMPLATE', null, null, 'Windows Event Log Service', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (699, '', null, null, null, null, null, null, null, null, null, 601, true, 310, 'TEMPLATE', null, null, 'Windows Kerberos pre-authentication failed', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (660, '', null, null, null, null, null, null, null, null, null, 601, true, 311, 'TEMPLATE', null, null, 'Windows Event Log Service', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (592, 'This report collects the logs for Windows log events 6005 and 6006, which document the startup and shutdown of events from the system event log service (Event Log). Event 6005 is generated when the event log service starts, while event 6006 is generated when the event log service stops. These events provide key information about the state of the system and ensure that audit logs are being generated and maintained correctly. This information is crucial to verify compliance with CMMC''s Level 1 (AU.1.001) Audit and Monitoring policy, which requires audit logs to ensure security and monitoring of system activities.<br/><br/>The report includes key details such as the date and time in which the event registration service was started or stopped and information about the computer on which the event was registered, among others. Analyzing these events allows you to verify that the event logging service is working correctly and that audit logs have not been disabled or interrupted. This report is essential to ensure that system audit logs are being properly managed, supporting compliance with CMMC Level 1 requirements and allowing monitoring of system access and activities.', null, null, null, null, null, null, null, null, null, 511, true, 311, 'TEMPLATE', null, null, 'Windows Level 1 (AU.1.001): Event Log Service', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (747, 'This report collects relevant information from the Windows logs generated by event 4771, which is triggered when a login attempt via Kerberos is unsuccessful due to an authentication failure. This event is essential to comply with CMMC control AU.3.044, which requires retaining logs for advanced review and appropriate response to security incidents.<br/><br/>Event 4771 captures details about failed login attempts using the Kerberos protocol. Monitoring these events is key to identifying potential unauthorized access attempts or suspicious activities, such as brute force attacks or credential exploitation attempts.<br/><br/>This report is essential to maintain detailed records of failed login attempts and enable advanced review in case of security incidents. By storing this information, security teams can investigate patterns of failed attempts, detect unusual behavior, and take steps to prevent unauthorized access. Additionally, it contributes to CMMC compliance by ensuring that records are adequate for analysis and response to potential security incidents.', null, null, null, null, null, null, null, null, null, 505, true, 310, 'TEMPLATE', null, null, 'Windows Level 3 (AU.3.044): Kerberos pre-authentication failed', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (928, e'The Windows Application Errors report provides detailed logs of events where applications encounter errors on a Windows system. This report is essential for identifying software issues, monitoring system health, and ensuring compliance with operational and security frameworks.<br/>	•	Regulatory Compliance: Supports frameworks such as ISO 27001, SOC2, and ITIL, by documenting application errors to ensure adherence to incident management and operational reliability standards.<br/>	•	Application Health Monitoring: Tracks error occurrences, helping administrators identify and resolve application issues that may impact user experience or operational efficiency.<br/>	•	Event Correlation: Links application error events to user actions, system configurations, or external dependencies, providing a comprehensive audit trail for root cause analysis.<br/>	•	Real-Time Alerts: Generates immediate notifications for critical application errors, enabling rapid investigation and mitigation to minimize downtime or service disruptions.<br/>	•	Incident Detection: Identifies patterns such as repeated crashes, errors in high-priority applications, or issues stemming from configuration changes, which may indicate underlying problems or security threats.<br/>	•	Audit Readiness: Logs comprehensive details, including the application name, error code, user or process involved, and timestamp, ensuring robust records for compliance and forensic investigations.', null, null, null, null, null, null, null, null, null, 702, true, 309, 'TEMPLATE', null, null, 'Windows Application Errors', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (845, 'The Windows Password Reset Attempts Report provides a comprehensive overview of password reset activities, tracking both successful and failed attempts. This report is a critical tool in the Banking Audit framework, ensuring accountability and security in the management of user credentials.The Windows Password Reset Attempts Report provides a comprehensive overview of password reset activities, tracking both successful and failed attempts. This report is a critical tool in the Banking Audit framework, ensuring accountability and security in the management of user credentials.', null, null, null, null, null, null, null, null, null, 703, true, 312, 'TEMPLATE', null, null, 'Windows Password Reset Attempts', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (849, e'The Windows Connection Blocked by Windows Firewall Report provides a detailed overview of network connection attempts that were denied by the firewall. This report is a critical compliance tool within the Banking Audit framework, helping organizations monitor and enforce network security policies while safeguarding sensitive financial systems.<br/>	•	Banking Regulations: Aligns with the GLBA Safeguards Rule, ensuring the protection of customer information by monitoring and controlling unauthorized network activity.<br/>	•	Network Security Compliance: Supports compliance with PCI DSS Requirement 1, which mandates the implementation of robust firewall configurations to secure sensitive networks.<br/>	•	Audit Readiness: Documents blocked connections, providing evidence for frameworks like SOC2 Type 2 and ISO 27001, demonstrating proper enforcement of network access policies.<br/>	•	Incident Detection: Identifies repeated or suspicious connection attempts, which could indicate network scanning, unauthorized access attempts, or malicious activity.<br/>	•	Data Protection: Ensures compliance with GDPR Article 32, showcasing controls that protect sensitive data by preventing unauthorized network connections to critical systems.', null, null, null, null, null, null, null, null, null, 703, true, 313, 'TEMPLATE', null, null, 'Windows Connection blocked by Windows Firewall', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (682, '', null, null, null, null, null, null, null, null, null, 602, true, 312, 'TEMPLATE', null, null, 'Windows Password Reset Attempts', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (597, 'This report collects the Windows log event 4724 logs, which document password reset attempts for user accounts on the system. Event 4724 is generated when a password reset attempt is made, either by an administrator or by the account user themselves, and provides key information about credential modification attempts. This information is crucial to verify compliance with CMMC''s Level 2 Auditing and Monitoring policy (AU.2.042), which requires ensuring the collection of logs to detect and analyze security events related to access and changes in credentials.<br/><br/>The report includes key details such as the identity of the user whose password was reset, the identity of the user or administrator who executed the action, the date and time of the event, among others. The analysis of these events allows us to detect unauthorized or undocumented attempts to modify credentials, providing an effective way to monitor access and activities related to user credentials. This report is essential for auditing password management processes, ensuring that appropriate controls are applied to protect access credentials and contributing to compliance with CMMC Level 2 security policies.', null, null, null, null, null, null, null, null, null, 511, true, 312, 'TEMPLATE', null, null, 'Windows Level 2 (AU.2.042): Password Reset Attempts', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (618, 'This report collects the Windows log event 5158 logs, which document attempts to establish incoming or outgoing network connections on the system. Event 5158 is generated when a Windows firewall allows or blocks a network connection based on configured security policies. This information is essential to verify compliance with CMMC''s Level 4 Audit and Monitoring policy (AU.4.053), which requires improving logging capabilities to support threat detection, allowing the identification of suspicious or unauthorized connections that may be indicative. of an attempted intrusion or malicious activity.<br/><br/>The report includes key details such as the name of the application that attempted to make the connection, and the action taken by the firewall (allow or block), among others. Analyzing these events can improve auditing capabilities and detect traffic patterns that could be indicative of advanced threats, such as unauthorized access attempts or lateral movements within the network. This report facilitates early detection of malicious activity, ensuring that network security policies are properly configured and that unauthorized connections are effectively blocked, aligning with CMMC Level 4 requirements for threat detection and security protection. critical infrastructure.', null, null, null, null, null, null, null, null, null, 511, true, 313, 'TEMPLATE', null, null, 'Windows Level 4 (AU.4.053): Windows Connection blocked by Windows Firewall', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (860, e'The Windows Credential Access Report provides detailed logs of events related to credential access, including successful and failed attempts to retrieve or use user credentials, such as password hashes, security tokens, or Kerberos tickets. This report is critical within the Banking Audit framework to monitor unauthorized credential access and ensure the protection of sensitive financial systems.<br/>	•	Banking Regulations: Aligns with the GLBA Safeguards Rule, demonstrating oversight and control over credential access to safeguard sensitive customer data and financial systems.<br/>	•	Access Control Compliance: Supports compliance with PCI DSS Requirement 8, which mandates secure authentication and management of user credentials to prevent unauthorized access.<br/>	•	Audit Readiness: Tracks credential access events, providing traceability for frameworks like SOC2 Type 2 and ISO 27001, ensuring accountability in credential management.<br/>	•	Incident Detection: Identifies unauthorized or suspicious attempts to access credentials, such as pass-the-hash attacks, keylogging, or unauthorized Kerberos ticket usage.<br/>	•	Data Protection: Ensures compliance with GDPR Article 32, showcasing controls to monitor, restrict, and secure credential access to prevent unauthorized data breaches.', null, null, null, null, null, null, null, null, null, 703, true, 315, 'TEMPLATE', null, null, 'Windows Credential Access', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (697, '', null, null, null, null, null, null, null, null, null, 601, true, 315, 'TEMPLATE', null, null, 'Windows Credential Access', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (750, 'This report collects relevant information from the Windows logs generated by event 1100, which is triggered when the Windows Event Logging service stops. This event is crucial to comply with CMMC control AU.5.055, which requires the use of advanced tools to ensure the integrity and availability of the logs.<br/><br/>Event 1100 provides information about the stopping of the event log service, which is essential for monitoring potential interruptions in the audit process and ensuring that event logs are kept intact and accessible for future review. Collecting and analyzing these events can detect unauthorized shutdowns or issues with log integrity, which could impact the ability to perform accurate audits and respond to security incidents effectively.<br/><br/>This report facilitates the identification of events in which the event logging service has been stopped, allowing proactive monitoring to maintain continuity in the collection and preservation of logs. Additionally, it contributes to compliance with CMMC requirements, ensuring that log protection and availability mechanisms are effectively implemented and monitored in accordance with best security practices.', null, null, null, null, null, null, null, null, null, 505, true, 314, 'TEMPLATE', null, null, 'Windows Level 5 (AU.5.055): Event Logging Service Shut Down', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (880, 'This report compiles relevant information from the Windows logs generated by events 4728 and 4732, which are triggered when changes are made to user security groups within the system. These events are critical to complying with CMMC control SI.5.223, which requires improving detection capabilities on endpoints using advanced tools.<br/><br/>Event 4728 is triggered when a user is added to a security group, while event 4732 is triggered when a user is added to a privileged type security group. These events are key to monitoring and detecting changes in access configurations to critical resources and privileged groups, which could be indicative of an attempt to escalate privileges or unauthorized modification of user permissions.<br/><br/>By collecting these events, you can quickly detect inappropriate assignment of users to privileged groups, behavior that could be an indication of malicious activity. In addition, this type of monitoring, supported by advanced tools, strengthens threat detection capabilities on endpoints, allowing a more agile response to incidents related to the manipulation of access permissions and the potential abuse of privileges.<br/><br/>This report is key to improving visibility of activities within the system, helping security teams detect unauthorized changes and respond effectively to any threats. Additionally, it contributes to CMMC compliance by ensuring that advanced tools are applied to protect endpoints and detect suspicious or malicious behavior.', null, null, null, null, null, null, null, null, null, 502, true, 316, 'TEMPLATE', null, null, 'Windows Level 5 (SI.5.223): Additions to Security Groups', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (782, 'This report compiles relevant information from the Windows logs generated by event 4728, which is triggered when a user is added to a group with elevated privileges on the system. This event is key to complying with CMMC Level 2 control AC.2.007, which requires the implementation of the "least privilege" principle to ensure that users only have the permissions necessary to perform their tasks.<br/><br/>Event 4728 provides details about changes to user groups, particularly those related to the assignment of elevated privileges. By monitoring this event, organizations can check whether unauthorized or inappropriate changes are being made to user permissions, which could violate the principle of least privilege.<br/><br/>Detecting these changes is essential to ensure that users do not gain more privileges than necessary to perform their functions, thereby minimizing the risk of privilege abuse, unauthorized access, or privilege escalations. Additionally, constant monitoring of this event allows for rapid response to any attempts to assign excessive privileges to unauthorized users.<br/><br/>This report not only helps maintain tighter control over the assignment of privileges within the infrastructure, but also reinforces security practices based on the principle of least privilege, which is essential for CMMC Level 2 compliance.', null, null, null, null, null, null, null, null, null, 508, true, 316, 'TEMPLATE', null, null, 'Windows Level 2 (AC.2.007): Additions to Security Groups', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (783, 'This report compiles relevant information from the Windows logs generated by event 4729, which is triggered when a user is removed from a group with elevated privileges on the system. This event is key to complying with CMMC Level 2 control AC.2.007, which establishes the need to apply the principle of "least privilege" to ensure that users only have the permissions strictly necessary to perform their tasks.<br/><br/>Event 4729 provides details on changes affecting user groups, especially those linked to the removal of elevated privileges. By monitoring this event, organizations can verify that users are being appropriately removed from groups with additional privileges when they no longer need them or have a valid justification for maintaining them.<br/><br/>Monitoring and reviewing these types of events ensures that security is maintained within the IT infrastructure, minimizing the risk of privilege abuse or unauthorized access. Proper removal of excessive privileges is essential to prevent privilege escalations or improper access to sensitive systems and applications.<br/><br/>This report is essential to strengthen CMMC Level 2 compliance by ensuring that the principle of least privilege is consistently implemented and respected within the organization, reducing the risk of potential internal or external threats associated with unnecessary privileges.', null, null, null, null, null, null, null, null, null, 508, true, 317, 'TEMPLATE', null, null, 'Windows Level 2 (AC.2.007): Security Group Member Removal', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (773, 'This report compiles relevant information from the Windows logs generated by event 4735, which is triggered when changes are made to the properties of a security group on the system. This event is key to complying with CMMC control CM.3.068, which requires the implementation of controls to manage system configurations and ensure infrastructure security.<br/><br/>Event 4735 provides details about modifications to security groups. Monitoring this event is critical to detect unauthorized changes to security groups, which could indicate attempted privilege escalation, alterations to access permissions, or misconfigurations that compromise system security.<br/><br/>This report allows security teams to identify and respond to changes in system configuration, ensuring that changes are authorized and aligned with established security policies. Its implementation strengthens configuration management and contributes to CMMC compliance, ensuring that controls over security groups remain within the parameters defined by the organization.', null, null, null, null, null, null, null, null, null, 506, true, 319, 'TEMPLATE', null, null, 'Windows Level 3 (CM.3.068): Security enabled local group change', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (628, 'This report collects key information from event 4732 in the Windows logs, which is generated when a user is added to a security group. Including this event in security monitoring is essential for tracking changes in group membership, especially those that provide access to critical resources or elevated privileges.<br/><br/>Within the framework of CMMC Level 2 (SI.2.212) compliance, real-time monitoring of events such as 4732 is a crucial measure to ensure that only authorized users have access to the organization''s sensitive resources. This event is an early alert for the detection of changes to user permissions, which may involve unauthorized elevation of privileges or unplanned access to critical systems.<br/><br/>The report provides visibility into who, when and why a user was added to a security group, which is critical for access control and detecting potential threats or security breaches. Ensuring these events are appropriately monitored helps maintain a robust security environment and prevent improper access, in compliance with CMMC continuous monitoring requirements.', null, null, null, null, null, null, null, null, null, 503, true, 320, 'TEMPLATE', null, null, 'Windows Level 2 (SI.2.212): Member Addition to a Security Local Group', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (889, e'he Windows Member Addition to a Security Local Group Report provides detailed logs of events where users or accounts are added to local security groups. This report is critical within the Banking Audit framework to ensure compliance with Real-Time Alerting and Monitoring, as group membership changes can directly impact access control and system security.<br/>	•	Regulatory Compliance: Aligns with the GLBA Safeguards Rule, ensuring visibility and control over group membership changes to protect financial systems and sensitive data.<br/>	•	Access Control Compliance: Supports compliance with PCI DSS Requirement 7, ensuring restricted access to critical resources and tracking all group membership changes.<br/>	•	Real-Time Alerting: Captures and notifies administrators of member additions in real-time, enabling immediate review and action to address unauthorized changes.<br/>	•	Incident Detection: Identifies unauthorized or suspicious additions to privileged groups, such as the Administrators group, which could indicate insider threats or compromised accounts.<br/>	•	Audit Readiness: Provides traceability of group membership changes, ensuring compliance with frameworks like SOC2 Type 2 and ISO 27001, demonstrating secure access management practices.', null, null, null, null, null, null, null, null, null, 701, true, 320, 'TEMPLATE', null, null, 'Windows Member Addition to a Security Local Group', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (631, 'This report gathers relevant information from the Windows logs generated by event 4732, which is triggered when a user is added to a security group. This event is key to comply with CMMC control AU.2.043, which establishes the need to review logs and correlate events to detect inappropriate activities.<br/><br/>Analysis of event 4732 can identify changes in security group membership, which may reflect unauthorized or anomalous activity, such as elevation of a user''s privileges or incorrect assignment of access. By correlating this event with other system logs, patterns can be identified that indicate potential security incidents, such as improper acquisition of permissions or unauthorized access to sensitive resources.<br/><br/>This report contributes to compliance with CMMC regulations by facilitating the review of changes in security configurations and helping to detect possible inappropriate behavior, which improves the ability to respond to possible threats to the integrity and confidentiality of the systems.', null, null, null, null, null, null, null, null, null, 504, true, 320, 'TEMPLATE', null, null, 'Windows Level 2 (AU.2.043): Member Addition to a Security Local Group', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (784, 'This report compiles relevant information from the Windows logs generated by event 4732, which is triggered when a user is added to a group with elevated privileges on the system. This event is essential to comply with CMMC Level 2 control AC.2.007, which requires the implementation of the "least privilege" principle, ensuring that users are only given the permissions necessary to perform their tasks.<br/><br/>Event 4732 provides details about adding users to security groups, especially those with elevated privileges, such as administrators or users with access to sensitive resources. Monitoring this event allows organizations to ensure that users are not assigned to these groups without adequate justification and that permissions are granted only to those who truly need them to fulfill their functions.<br/><br/>Proper monitoring of this event is key to avoiding privilege overload within the IT infrastructure, which could result in the risk of unauthorized access or escalation of privileges. Reviewing and auditing the information contained in event 4732 ensures that the principle of least privilege is maintained and that the risk of improper access to sensitive systems or applications is minimized.<br/><br/>This report is essential for CMMC Level 2 compliance, as it ensures that permissions and privileges are appropriately managed and that the principle of least privilege is correctly implemented to prevent potential internal and external threats.', null, null, null, null, null, null, null, null, null, 508, true, 320, 'TEMPLATE', null, null, 'Windows Level 2 (AC.2.007): Member Addition to a Security Local Group', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (647, '', null, null, null, null, null, null, null, null, null, 602, true, 321, 'TEMPLATE', null, null, 'Windows Local Security Group Member Removal', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (915, e'The Windows Member Addition to a Security Local Group report provides detailed logs of events where a user or object is added to a local security group on a Windows system. This report is critical for monitoring privilege changes, detecting unauthorized modifications, and ensuring compliance with security frameworks.<br/>	•	Regulatory Compliance: Supports standards such as PCI DSS, ISO 27001, and SOC2, by maintaining a record of all group membership changes to ensure access control policies are enforced.<br/>	•	Privilege Management Monitoring: Tracks additions to local security groups to verify that privilege escalations are authorized and comply with internal policies.<br/>	•	Event Correlation: Links group membership changes with associated user accounts, administrative actions, and originating machines to create a complete security audit trail.<br/>	•	Real-Time Alerts: Generates immediate notifications when users are added to critical groups, such as Administrators or Remote Desktop Users, enabling rapid response to potential threats.<br/>	•	Incident Detection: Identifies unauthorized or unexpected additions to security groups, which may indicate insider threats, privilege misuse, or malicious activities.<br/>	•	Audit Readiness: Logs comprehensive details, including the name of the group, the member added, the user or process performing the action, and the timestamp, ensuring robust records for audits and investigations.', null, null, null, null, null, null, null, null, null, 702, true, 320, 'TEMPLATE', null, null, 'Windows Member Addition to a Security Local Group', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (778, 'This report compiles relevant information from the Windows logs generated by event 4732, which is triggered when a user is added to a security group on a system. This event is key to complying with CMMC Level 4 control CM.4.070, which requires automation of the detection of unauthorized changes to systems.<br/><br/>Event 4732 provides details on modifications made to security groups, which is essential for tracking changes in access privileges to critical resources within the IT infrastructure. An unauthorized change to security groups may indicate an attempt to elevate privileges or compromise access control to sensitive data. Detecting these events automatically helps prevent unauthorized users from gaining improper access to systems or applications.<br/><br/>This reporting is critical to identifying and preventing malicious internal movements, such as unauthorized access to privileged systems or escalation of privileges, ensuring that appropriate security configurations are maintained and that access controls are constantly monitored. Additionally, it contributes to CMMC Level 4 compliance by enabling the automation of unauthorized change detection, which is essential for rapid response to security incidents.', null, null, null, null, null, null, null, null, null, 506, true, 320, 'TEMPLATE', null, null, 'Windows Level 4 (CM.4.070): Member Addition to a Security Local Group', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (904, e'The Windows Local Security Group Member Removal Report provides detailed logs of events where users or accounts are removed from local security groups. This report is critical for ensuring compliance with Real-Time Alerting and Monitoring within the Banking Audit framework, as group membership changes directly affect access control and system security.<br/>	•	Regulatory Compliance: Aligns with the GLBA Safeguards Rule, ensuring oversight of group membership changes to protect sensitive financial systems and customer data.<br/>	•	Access Control Monitoring: Supports compliance with PCI DSS Requirement 7, ensuring that access to critical resources is controlled and membership changes are tracked.<br/>	•	Real-Time Alerting: Captures and alerts administrators immediately when members are removed from security groups, enabling rapid response to potential unauthorized changes.<br/>	•	Incident Detection: Identifies suspicious or unauthorized member removals, which may indicate insider threats, account compromise, or policy violations.<br/>	•	Audit Readiness: Tracks all member removal events to ensure compliance with frameworks like SOC2 Type 2 and ISO 27001, demonstrating robust access management practices.', null, null, null, null, null, null, null, null, null, 701, true, 321, 'TEMPLATE', null, null, 'Windows Local Security Group Member Removal', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (712, '', null, null, null, null, null, null, null, null, null, 604, true, 322, 'TEMPLATE', null, null, 'Windows Registry Value Modification', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (916, e'The Windows Local Security Group Member Removal report provides detailed logs of events where a user or object is removed from a local security group on a Windows system. This report is essential for monitoring privilege adjustments, detecting unauthorized modifications, and ensuring compliance with access control policies.<br/>	•	Regulatory Compliance: Ensures alignment with frameworks such as PCI DSS, ISO 27001, and SOC2, by documenting all group membership removals to maintain an auditable trail of privilege management activities.<br/>	•	Privilege Management Monitoring: Tracks removals from local security groups to confirm that privilege reductions align with organizational policies and prevent unintended loss of access.<br/>	•	Event Correlation: Links group membership removal events with related administrative actions, user accounts, and originating systems to build a comprehensive security audit trail.<br/>	•	Real-Time Alerts: Sends notifications when members are removed from critical groups, such as Administrators or Remote Desktop Users, enabling timely response to unauthorized actions or configuration changes.<br/>	•	Incident Detection: Identifies unexpected or unauthorized removals from security groups, which may indicate insider threats, administrative errors, or malicious activities.<br/>	•	Audit Readiness: Logs detailed information for each event, including the name of the group, the removed member, the user or process performing the action, and the timestamp, ensuring robust records for audits and investigations.', null, null, null, null, null, null, null, null, null, 702, true, 321, 'TEMPLATE', null, null, 'Windows Local Security Group Member Removal', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (785, 'This report compiles relevant information from the Windows logs generated by event 4733, which is triggered when a user is removed from a group with elevated privileges on the system. This event is essential to comply with CMMC Level 2 control AC.2.007, which requires the implementation and monitoring of the "least privilege" principle. This principle establishes that users should have only the permissions strictly necessary to perform their tasks, avoiding the unnecessary granting of elevated privileges.<br/><br/>Event 4733 provides details on removing users from elevated security groups, which is critical to properly managing access within the IT infrastructure. Monitoring this event ensures that users who no longer need special permissions are promptly removed from such groups, which helps prevent misuse of elevated privileges.<br/><br/>The analysis of this event allows us to detect possible violations of the principle of least privilege, such as the unauthorized permanence of a user in a privileged group, which could generate risks of unauthorized access to sensitive systems or resources. It is a preventative measure to minimize entry points into systems, ensuring that only users with a legitimate need maintain such privileges.<br/><br/>This report is key to CMMC Level 2 compliance, as it helps ensure that privilege management is carried out in a controlled manner and that access is appropriate, helping to prevent both internal and external threats.', null, null, null, null, null, null, null, null, null, 508, true, 321, 'TEMPLATE', null, null, 'Windows Level 2 (AC.2.007): Local Security Group Member Removal', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (629, 'This report collects information relevant to event 4657 in the Windows logs, which is generated when a system object, either a file or a registry key, is modified. This event is crucial for real-time monitoring of activities that could involve changes to security settings or critical files of the organization.<br/><br/>In the context of Level 2 (SI.2.212) of the CMMC, monitoring events such as 4657 is essential to detect and prevent unauthorized activities that may compromise the integrity of systems or allow the execution of malicious actions. This event provides visibility into changes made to important objects, allowing you to identify unplanned or unusual modifications to the environment, such as alteration of sensitive files or system configurations.<br/><br/>The report helps ensure that all critical modifications are detected and analyzed in real time, allowing early intervention in the event of potential security incidents. Additionally, it ensures that a detailed record is maintained of activities that may have an impact on security, aligning with the continuous monitoring requirements and the improvement of audit capabilities that are fundamental in CMMC compliance.', null, null, null, null, null, null, null, null, null, 503, true, 322, 'TEMPLATE', null, null, 'Windows Level 2 (SI.2.212): Registry Value Modification', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (890, e'The Windows Registry Value Modification Report provides detailed logs of changes to critical registry values, capturing modifications, deletions, or additions. This report is vital for ensuring compliance with Real-Time Alerting and Monitoring within the Banking Audit framework, as unauthorized registry modifications can compromise system security and stability.<br/>	•	Regulatory Compliance: Aligns with the GLBA Safeguards Rule, ensuring oversight of registry modifications to safeguard financial systems and sensitive customer data.<br/>	•	System Integrity Monitoring: Supports compliance with PCI DSS Requirement 10, which mandates logging and monitoring of system configuration changes.<br/>	•	Real-Time Alerting: Captures and notifies administrators in real-time of unauthorized or suspicious registry changes, enabling immediate investigation and mitigation.<br/>	•	Incident Detection: Identifies potential threats such as malware activity, privilege escalation, or insider misuse that may involve registry tampering.<br/>	•	Audit Readiness: Provides traceability of registry changes, ensuring compliance with frameworks like SOC2 Type 2 and ISO 27001, demonstrating secure system configuration practices.', null, null, null, null, null, null, null, null, null, 701, true, 322, 'TEMPLATE', null, null, 'Windows Registry Value Modification', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (719, '', null, null, null, null, null, null, null, null, null, 604, true, 323, 'TEMPLATE', null, null, 'Windows Service Control Manager Log Information', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (853, e'The Windows Registry Value Modification Report provides detailed logs of changes made to critical Windows registry values. This report is essential for ensuring compliance within the Banking Audit framework, as the registry is a central component for system configuration and security settings.<br/>	•	Banking Regulations: Aligns with the GLBA Safeguards Rule, ensuring oversight and monitoring of configuration changes to protect sensitive financial systems.<br/>	•	System Integrity Compliance: Supports compliance with PCI DSS Requirement 10, which mandates monitoring system component changes to detect unauthorized modifications.<br/>	•	Audit Readiness: Tracks registry value changes, ensuring traceability and accountability as required by frameworks like SOC2 Type 2 and ISO 27001.<br/>	•	Incident Detection: Identifies unauthorized or suspicious registry changes, which could indicate malware activity, privilege escalation, or insider threats.<br/>	•	Data Protection: Ensures compliance with GDPR Article 32, showcasing controls to monitor and restrict unauthorized changes that might expose sensitive data.', null, null, null, null, null, null, null, null, null, 703, true, 322, 'TEMPLATE', null, null, 'Windows Registry Value Modification', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (621, 'This report gathers relevant information from the Windows logs, specifically from Service Control Manager event 7030. This event is raised when a service attempts to start but fails due to a configuration or security restriction, preventing it from running interactively. The collection and analysis of these events is crucial to identify possible failures in service configuration, security problems related to access policies or operational restrictions. The report is aimed at supporting compliance with level 4 (AU.4.053) of the CMMC, by providing clear visibility on failures in attempts to start services, allowing better detection and response to possible threats or operational irregularities in the environment. .<br/><br/>This type of report helps meet monitoring and auditing requirements for critical events, contributing to the early detection of security problems and the optimization of control over the execution of services within the system.', null, null, null, null, null, null, null, null, null, 511, true, 323, 'TEMPLATE', null, null, 'Windows Level 4 (AU.4.053): Service Control Manager Log Information', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (967, 'This report gathers relevant information from event 4698 (A scheduled task was created) logs on Windows, used to evaluate compliance with CMMC Level 4 control MP.4.125. This control requires the automation of Data Loss Prevention (DLP) processes to protect sensitive information, including Controlled Unclassified Information (CUI) during processing and storage.<br/><br/>The analysis of these events allows us to identify the creation of scheduled tasks in the system, ensuring that unauthorized processes are not implemented that could compromise the security of the information. In addition, it facilitates the detection of changes in the configuration of critical tasks and possible persistence attempts through automated execution of scripts or applications.', null, null, null, null, null, null, null, null, null, 514, true, 372, 'TEMPLATE', null, null, 'Windows Level 4 (MP.4.125): Scheduled Task Creation', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (858, e'The Windows Service Control Manager Log Information Report provides a detailed record of activities related to the Service Control Manager (SCM), including service starts, stops, failures, and configuration changes. This report is critical for compliance within the Banking Audit framework, ensuring visibility into the management of services that impact system security and performance.<br/>	•	Banking Regulations: Aligns with the GLBA Safeguards Rule, demonstrating oversight and control of service activities to protect financial systems and sensitive customer data.<br/>	•	System Monitoring Compliance: Supports compliance with PCI DSS Requirement 10, ensuring logging and monitoring of critical service activities to detect unauthorized or suspicious changes.<br/>	•	Audit Readiness: Tracks all SCM events, providing traceability for frameworks like SOC2 Type 2 and ISO 27001, ensuring accountability and secure management of service operations.<br/>	•	Incident Detection: Identifies unauthorized service manipulations, abnormal service failures, or configuration changes, which could indicate malware activity or insider threats.<br/>	•	Data Protection: Ensures compliance with GDPR Article 32, showcasing controls to monitor and secure services that may process or protect sensitive financial data.', null, null, null, null, null, null, null, null, null, 703, true, 323, 'TEMPLATE', null, null, 'Windows Service Control Manager Log Information', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (802, 'This event is logged when a Windows service fails to start due to an error and may be linked to system services that are responsible for managing and controlling other services, including those involved in system security and monitoring.<br/><br/>The Service Control Manager manages interactions between Windows services, and when a service that should be monitoring or protecting the system against threats (such as malware detection) fails, event 7030 is an indication that something has gone wrong. This event is important because it can alert you to attempts to disable critical services that help protect the system.<br/><br/>In the context of CMMC Level 4, where automation of malware detection and response is required, the logs generated by SCM allow the identification of failures that could have been caused by a malicious attempt to disable security or monitoring services.<br/><br/>So, event 7030, being part of the SCM logs, has a direct relationship with monitoring the health of system services, especially those related to security and incident response, which is crucial to comply with CMMC Level 4 control SI.4.221.', null, null, null, null, null, null, null, null, null, 507, true, 323, 'TEMPLATE', null, null, 'Windows Level 4 (SI.4.221): Service Control Manager Log Information', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (761, 'This report collects relevant information from the Windows logs generated by event 7030, which is triggered when a service on the system stops unexpectedly or cannot start correctly. This event is essential to comply with CMMC control SI.5.223, which requires the use of advanced tools to improve endpoint detection capabilities.<br/><br/>Event 7030 provides details about failures to start or stop critical services, which may indicate security issues or attacks aimed at disrupting the normal operation of systems. Detecting these events is crucial as it could signal malicious activities such as disabling key services, manipulation of system configurations or attempts to hide traces of an attack.<br/><br/>This report allows security teams to identify compromised services that may have been affected by malware, ransomware or other types of threats. With the use of advanced monitoring tools, these events can be analyzed in conjunction with other logs to detect suspicious behavior patterns on endpoints and trigger immediate alerts.<br/><br/>By implementing this type of monitoring, the organization strengthens its ability to identify attacks or anomalous behavior on endpoints, allowing a faster and more effective response to security incidents. In addition, it contributes to compliance with CMMC regulations, ensuring the integration of advanced tools for threat detection and proactive protection of critical systems.', null, null, null, null, null, null, null, null, null, 502, true, 323, 'TEMPLATE', null, null, 'Windows Level 5 (SI.5.223): Service Control Manager Log Information', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (736, 'This report collects relevant information from the Windows logs generated by event 4767, which is triggered when a user account is unlocked on the system after being locked out due to failed login attempts. This event is crucial to comply with CMMC control AU.2.044, which requires review of audit logs to detect inappropriate or suspicious behavior.<br/><br/>Event 4767 provides details about the account that was unlocked, the account that performed the action, among others. By reviewing and correlating this data with other activity logs, anomalous patterns can be identified, such as attempts to unlock accounts at unusual times or by unauthorized accounts, which could signal attempts to circumvent security policies or unauthorized access.<br/><br/>This report is useful for detecting suspicious behavior related to the management of blocked accounts, allowing security teams to respond quickly to possible incidents. Additionally, contributes to compliance with CMMC regulations by ensuring effective review of events that may indicate inappropriate or malicious behavior within the organization.', null, null, null, null, null, null, null, null, null, 501, true, 336, 'TEMPLATE', null, null, 'Windows Level 2 (AU.2.044): Unlocked Account', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (968, 'This report gathers relevant information from the security events recorded in the Windows event 4659 logs. Such an event indicates that an identifier has been requested for an object with the intention of deleting it, which may represent a risk to the protection of Controlled Unclassified Information (CUI).<br/><br/>The objective of this analysis is to evaluate compliance with CMMC Level 3 control MP.3.123, which requires the protection of the CUI during its transport and the prevention of data loss. By reviewing these records, we seek to detect suspicious or unauthorized activities related to the deletion of files that contain sensitive information, guaranteeing the implementation of appropriate security measures to avoid improper access or loss of data.', null, null, null, null, null, null, null, null, null, 514, true, 373, 'TEMPLATE', null, null, 'Windows Level 3 (MP.3.123): Delete Object Attempt', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (724, '', null, null, null, null, null, null, null, null, null, 601, true, 331, 'TEMPLATE', null, null, 'Office 365 OneDrive File Download', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (725, '', null, null, null, null, null, null, null, null, null, 602, true, 332, 'TEMPLATE', null, null, 'AWS DescribeLogStreams Logs', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (613, 'This report collects and analyzes key information about DescribeLogStreams events in AWS, for the purpose of verifying compliance with CMMC practice AU.2.042. Its objective is to ensure that the query and retrieval of log streams in AWS CloudWatch Logs are recorded and monitored for the detection and analysis of security events.<br/><br/>The report includes details such as the account involved, the identity of the user who made the request, and the source of the request. This information is essential to audit access to critical logs, detect unusual activities, and ensure proper log collection and analysis in the AWS environment.', null, null, null, null, null, null, null, null, null, 511, true, 332, 'TEMPLATE', null, null, 'AWS Level 2 (AU.2.042): DescribeLogStreams Logs', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (614, 'This report collects and analyzes key information about PutObject events in AWS, for the purpose of verifying compliance with CMMC practice AU.2.042. Its goal is to ensure that the creation and modification of objects in Amazon S3 are recorded and monitored for the detection and analysis of security events.<br/><br/>The report includes details such as the account involved, the destination bucket, the source IP address, and the source of the request. This information is essential to audit access and modifications to sensitive data, detect possible unauthorized activities, and ensure proper log collection and analysis in the AWS environment.', null, null, null, null, null, null, null, null, null, 511, true, 333, 'TEMPLATE', null, null, 'AWS Level 2 (AU.2.042): PutObject Logs', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (727, '', null, null, null, null, null, null, null, null, null, 602, true, 333, 'TEMPLATE', null, null, 'AWS PutObject Logs', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (728, '', null, null, null, null, null, null, null, null, null, 602, true, 334, 'TEMPLATE', null, null, 'AWS GetBucketAcl Logs', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (726, '', null, null, null, null, null, null, null, null, null, 602, true, 335, 'TEMPLATE', null, null, 'AWS DescribeLogGroups Logs', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (986, 'This report presents an analysis of Windows Event Viewer events ID 1001, which are related to system shutdown errors or unexpected failures in the operating system. Event 1001 is generated when the system detects an unexpected shutdown or system crash, which may be an indication of problems related to system availability.<br/><br/>Tracking these events is crucial to meeting Disaster Recovery and Business Continuity requirements, as stipulated in the CMMC (Cybersecurity Maturity Model Certification) model. The collection and analysis of event ID 1001 logs allows the identification of critical failures that could affect the continued operation of the system, helping to ensure that recovery and contingency mechanisms are implemented and functioning correctly to maintain system stability and availability in the event of unexpected incidents.c', null, null, null, null, null, null, null, null, null, 517, true, 339, 'TEMPLATE', null, null, 'Windows Error Reporting', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (762, 'This report compiles relevant information from the Windows logs generated by event 1001, which is triggered when the system registers an event related to error activity or failures in system processes. This event is essential to comply with CMMC control SI.1.210, which requires identifying and correcting system failures, including those caused by malware or other vulnerabilities.<br/><br/>Event 1001 provides details about errors and failures recorded in the system, allowing security and infrastructure teams to identify issues that may be indicative of system failures, malware attacks, or malicious activities. By monitoring these events, the organization can quickly detect anomalous behavior or system vulnerabilities that could be exploited by malicious actors.<br/><br/>This report is key to identifying and correcting any system failure that may compromise security, allowing an early response to malware incidents or other threats that affect the integrity of the system. Additionally, it contributes to CMMC compliance by providing a proactive mechanism for fault detection and correction, which helps strengthen the organization''s overall security posture.', null, null, null, null, null, null, null, null, null, 502, true, 339, 'TEMPLATE', null, null, 'Windows Level 1 (SI.1.210): Windows Error Reporting', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (763, 'This report collects relevant information from the Windows logs generated by event 6008, which is triggered when the system detects an unexpected shutdown or unexpected restart of the operating system. This event is crucial to comply with CMMC control SI.1.210, which requires the identification and correction of system failures, including those caused by malware or other vulnerabilities.<br/><br/>Event 6008 provides details about the cause of an unexpected shutdown, which may indicate the presence of system crashes, critical errors, or malicious activities such as malware attacks that affect system stability. By analyzing these events, security teams can identify patterns that suggest tampering attempts or attacks that exploit vulnerabilities in the system.<br/><br/>This report allows the organization to quickly detect problems that may compromise security, facilitating the correction of system failures and the mitigation of risks associated with malware or operational failures. Additionally, it contributes to CMMC compliance by providing a tool for early detection of incidents and taking appropriate corrective actions, strengthening the organization''s security posture.', null, null, null, null, null, null, null, null, null, 502, true, 340, 'TEMPLATE', null, null, 'Windows Level 1 (SI.1.210): Logging Unexpected System Shutdowns', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (926, e'The Windows Logging Unexpected System Shutdowns report provides detailed records of events where a Windows system experiences an unexpected shutdown. This report is critical for identifying root causes, monitoring system health, and ensuring compliance with operational and audit requirements.<br/>	•	Regulatory Compliance: Supports frameworks like ISO 27001, SOC2, and ITIL, by documenting unexpected shutdowns to ensure system reliability and demonstrate adherence to incident management practices.<br/>	•	System Health Monitoring: Tracks unexpected shutdowns to detect patterns, identify hardware or software failures, and assess the impact on operational continuity.<br/>	•	Event Correlation: Links shutdown events with preceding activities, such as application crashes, power failures, or hardware errors, providing a comprehensive audit trail for root cause analysis.<br/>	•	Real-Time Alerts: Sends notifications for unexpected shutdowns, enabling administrators to respond promptly and mitigate potential disruptions or data loss.<br/>	•	Incident Detection: Identifies anomalies such as repeated shutdowns, shutdowns during critical operations, or those affecting key systems, which may indicate security incidents, hardware issues, or environmental factors.<br/>	•	Audit Readiness: Logs comprehensive details for each shutdown, including the time of the event, potential triggers, and user or system actions preceding the event, ensuring robust records for compliance and investigations.', null, null, null, null, null, null, null, null, null, 702, true, 340, 'TEMPLATE', null, null, 'Windows Logging Unexpected System Shutdowns', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (984, 'This report collects and analyzes relevant information from Windows Event Viewer events ID 6008, which indicate unexpected system shutdowns. Monitoring these events is essential to evaluate the availability and stability of the systems within the framework of compliance with Disaster Recovery and Business Continuity Monitoring according to the requirements of CMMC (Cybersecurity Maturity Model Certification).<br/><br/>The analysis of these logs allows us to identify unplanned interruptions, possible hardware or software failures, and evaluate the effectiveness of disaster recovery plans, ensuring operational resilience and business continuity.', null, null, null, null, null, null, null, null, null, 517, true, 340, 'TEMPLATE', null, null, 'Windows Logging Unexpected System Shutdowns', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (764, 'This report collects relevant information from the Windows logs generated by event 7031, which is triggered when a Windows service stops unexpectedly. This event is essential to comply with CMMC control SI.1.210, which requires the identification and correction of system failures, including those related to malware or operating system malfunctions.<br/><br/>Event 7031 provides details about which services have failed, which may be indicative of critical system failures or a potential security compromise, such as malware attacks that disrupt the normal operation of the services. Analysis of this event can identify services that stop abnormally and, by correlating it with other security events, can help identify suspicious patterns or malware infections.<br/><br/>This report is useful for detecting failures or interruptions in critical system services, facilitating the correction of failures and the investigation of possible security incidents. Additionally, it contributes to CMMC compliance by providing visibility into operational issues and the need for corrective action, helping to protect infrastructure against risks related to system service failures or cyber attacks.', null, null, null, null, null, null, null, null, null, 502, true, 341, 'TEMPLATE', null, null, 'Windows Level 1 (SI.1.210): Windows Unexpected Service Failures', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (792, 'This report compiles relevant information from Windows logs associated with Account Manipulation, Domain Policy Modification, Impair Defenses, and Account Access Removal alerts, which are key events for the detection and prevention of privilege escalation in the IT environment. This information is used to verify compliance with CMMC Level 4 control AC.4.028, which requires automation of privilege escalation detection.<br/><br/>Account Manipulation events include activities such as modifying user accounts, assigning roles and privileges, which may indicate attempts to gain elevated access in an unauthorized manner. Domain Policy Modification alerts reflect changes to domain policies that could allow privilege escalation at the network level, and Impair Defenses alerts detect modifications that affect security measures implemented to protect the system. Finally, Account Access Removal alerts record attempts to remove account access, which may be a sign of an attempt to cover the tracks of an attack.<br/><br/>Monitoring these events helps identify anomalous patterns or suspicious actions related to unauthorized elevation of privileges, which is crucial to preventing unauthorized access and potential security compromises. Automating the detection of these events ensures a faster and more accurate response to any attempted privilege escalation, minimizing the risk that an attacker can gain access to critical resources without being detected.<br/><br/>This report contributes significantly to compliance with AC.4.028 by providing a centralized, automated view of key events related to privilege escalation. By automating detection, you strengthen your organization''s security posture, enabling you to efficiently detect and mitigate privilege escalation attacks before they severely impact sensitive data and infrastructure.', null, null, null, null, null, null, null, null, null, 508, true, 347, 'TEMPLATE', null, null, 'Windows Level 4 (AC.4.028): Privilege Escalation Alerts', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (972, 'This report compiles relevant information from the logs of Windows Security Auditing event 1058 (Group Policy Management: The system failed to apply Group Policy settings), used to verify compliance with CMMC Level 4 (SC.4.229), which requires improving cryptographic protections using advanced tools. This event is raised when the system is unable to enforce a group policy, which could include policies related to cryptography settings and key management. The information contained in this log is key to monitoring possible failures in the implementation of cryptographic policies, ensuring that information protection policies, especially those related to CUI (Controlled Unclassified Information), are applied correctly. The report can be used to identify problems in the application of configurations that could affect the integrity of advanced cryptographic tools, facilitating early intervention to correct erroneous configurations and maintain the appropriate level of cryptographic protection for sensitive information.', null, null, null, null, null, null, null, null, null, 515, true, 344, 'TEMPLATE', null, null, 'Windows Level 4 (SC.4.229): Application of Group Policies Errors', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (767, 'This report compiles relevant information from the Windows logs generated by event 1058, which is triggered when a problem accessing network resources or group policy files prevents the system from completing the update or application of security policies. . This event is essential to comply with CMMC control SI.5.223, which requires improving detection capabilities on endpoints using advanced tools.<br/><br/>Event 1058 provides details on failures in the update of group policies due to errors in accessing files or resources on the network, which may be indicative of an attempt to interfere with security settings or a system anomaly. Since group policies are essential for system security and configuration, any errors in your application could signal a tampering attack or the presence of malware attempting to bypass security settings.<br/><br/>This Reporting is crucial for detecting and responding to anomalies related to system configuration and security, helping to ensure that endpoints follow appropriate security policies. Additionally, it contributes to CMMC compliance by ensuring that advanced tools are used to detect failures and threats that may compromise the integrity of the organization''s systems.', null, null, null, null, null, null, null, null, null, 502, true, 344, 'TEMPLATE', null, null, 'Windows Level 5 (SI.5.223): Application of Group Policies Errors', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (944, 'This report collects relevant information from the logs of Windows event 4634, which is generated when a user logs out of a system. This event is essential for verifying compliance with CMMC''s Level 1 requirement (AU.1.001), which establishes the need to capture logs of basic security events. Event 4634 provides important data about user sessions, allowing organizations to monitor and audit login and logout activities. Capturing these logs ensures traceability of user actions and helps identify potential suspicious or unusual behavior, contributing to overall system security and compliance with CMMC audit controls.', null, null, null, null, null, null, null, null, null, 513, true, 350, 'TEMPLATE', null, null, 'Windows Level 1 (AU.1.001): Account Logoff', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (840, 'The Windows Account Logoff Report provides a comprehensive view of user logoff events, serving as a critical compliance tool within the Banking Audit framework. This report ensures transparency and accountability in user sessions, enabling organizations to track session terminations and ensure adherence to access control policies.', null, null, null, null, null, null, null, null, null, 703, true, 350, 'TEMPLATE', null, null, 'Windows Account Logoff', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (879, 'This report collects relevant information about event 4634 (Logoff) in Windows logs, with the objective of verifying compliance with CMMC Level 1 practice AU.1.001, which requires the implementation of audit logs to track activities in the system .<br/><br/>Event 4634 indicates when a user session has ended successfully, which is critical for access monitoring and detecting anomalous activity. The report includes details such as the user ID, logout time, event source, and workstation used.<br/><br/>This analysis is key to ensuring that all user sessions are effectively logged, allowing for security audits and detection of potential incidents, such as unauthorized access or attempts to evade session controls.', null, null, null, null, null, null, null, null, null, 511, true, 350, 'TEMPLATE', null, null, 'Windows Level 1 (AU.1.001): Account Logoff', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (932, 'This report collects and analyzes relevant information from AWS logs related to the ConsoleLogin event, with the objective of verifying compliance with the Level 2 requirement (AU.2.044) of the CMMC framework. Reviewing these logs can detect inappropriate behavior, such as unauthorized access attempts, access from unusual locations, or multiple failed login attempts. By monitoring these events, you strengthen the security of your environment and facilitate early identification of potential insider threats or compromised credentials.', null, null, null, null, null, null, null, null, null, 501, true, 353, 'TEMPLATE', null, null, 'AWS Level 2 (AU.2.044): Console Login', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (936, 'This report collects and analyzes AWS log events related to the AssumeRole action, used for role assumption in AWS IAM. Its objective is to provide visibility over remote access to sensitive systems, allowing possible misuse or unauthorized access to be identified.<br/><br/>The report contributes to compliance with Level 3 (AC.3.032) of CMMC, which requires monitoring and controlling remote access to systems that contain sensitive information. Reviewing AssumeRole events can detect unexpected privilege changes, accesses from unusual locations, or the use of compromised credentials.', null, null, null, null, null, null, null, null, null, 501, true, 354, 'TEMPLATE', null, null, 'AWS Level 3 (AC.3.032): Access Roles Assumption', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (875, 'This report compiles and presents relevant information about CreateRole events in AWS, with the objective of verifying compliance with CMMC practice AU.1.001. It focuses on ensuring that role creation in AWS is properly audited, ensuring that changes to role configurations are effectively logged. The report includes key details about the roles created, such as the role name, the account involved, and the source of the request. This information is crucial to verify that actions related to role management in the system are correctly monitored, ensuring that access to sensitive resources is managed and documented in accordance with security policies. This allows any unauthorized activity or unapproved changes to be detected, helping to maintain the security and integrity of the system.', null, null, null, null, null, null, null, null, null, 511, true, 355, 'TEMPLATE', null, null, 'AWS Level 1 (AU.1.001): Access Roles Assumption', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (877, 'This report compiles and presents relevant information about AttachRolePolicy events in AWS, with the objective of verifying compliance with CMMC level 2 practice AU.2.042. It focuses on ensuring that audit logs related to the association of policies to roles are collected effectively, allowing the detection and analysis of security events. The report includes key details such as the identity of the user performing the action, the ARN of the attached policy, the affected role, the account involved, and the source of the request. This information is critical to monitoring permission changes, detecting unauthorized activity, and ensuring that necessary logs are available to support event analysis and improve response to potential security incidents.', null, null, null, null, null, null, null, null, null, 511, true, 356, 'TEMPLATE', null, null, 'AWS Level 2 (AU.2.042): Attach Role Policy', null, null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (939, 'This report consolidates relevant information from the alert logs that have generated security incidents, providing visibility on critical events and their management. Its objective is to demonstrate compliance with CMMC''s Level 1 requirement (IR.1.002), ensuring that a basic incident response capability is in place. It includes key details about the alerts and incidents created, allowing you to evaluate the effectiveness of the process and ensure adequate detection and management of threats.', null, null, null, null, null, null, null, null, null, 512, true, 364, 'TEMPLATE', null, null, 'Windows Level 1 (IR.1.002): Incidents Generated from Alerts', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (941, 'This report compiles and analyzes relevant information from Threat Intelligence Activity logs to evaluate compliance with CMMC level 5 (IR.5.102), which emphasizes improving incident response through the use of machine learning and advanced analytics. Through data correlation, detection of anomalous patterns, and prediction of emerging threats, this report enables proactive response to security incidents. Additionally, it provides insights into how automated systems identify, classify and mitigate sophisticated threats, ensuring more effective protection against advanced attacks targeting critical infrastructure and sensitive data.', null, null, null, null, null, null, null, null, null, 512, true, 365, 'TEMPLATE', null, null, 'Windows Level 5 (IR.5.102): Threat Detection and Response using SOC AI', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (982, 'This report is intended to demonstrate that the SIEM system monitors third-party risks in AWS environments, in compliance with the security requirements established by CMMC for Windows systems. The SIEM is configured to analyze and correlate activity logs from AWS, specifically CloudTrail events, to detect potential threats, unauthorized access, and anomalous behavior on the monitored infrastructure. Continuous monitoring of AWS logs through the SIEM allows us to detect third-party risks in the infrastructure, aligning with the CMMC security guidelines for the protection of Windows systems. Proactive access and configuration monitoring helps mitigate vulnerabilities and ensure the integrity of cloud environments.', null, null, null, null, null, null, null, null, null, 516, true, 382, 'TEMPLATE', null, null, 'AWS Activity Monitoring', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (961, 'This report gathers relevant information extracted from the event logs generated by Windows event 5142, which is related to the creation and configuration of network shares. This type of event is crucial for compliance with CMMC Level 3 control (MP.3.123), which establishes the need to protect the CUI during its transport and prevent any loss or exposure of it.<br/><br/>Windows event 5142 is triggered when a share is created on the system, which could involve exposing sensitive data if not configured properly. Through this report, the activity related to the creation of shared resources is monitored and audited, ensuring that these resources are configured correctly to prevent unauthorized access to CUI and guaranteeing that security controls are applied in accordance with the best practices established in the CMMC.<br/><br/>This report helps identify any shared resource creation events that may represent a risk in terms of CUI protection. In addition, it allows verifying the correct configuration of access and use policies for shared resources on the network, thus supporting the implementation of protection measures in the transport of CUI. In combination with other data monitoring and security measures, these logs provide key evidence to meet information protection requirements during its transfer in the corporate environment.', null, null, null, null, null, null, null, null, null, 514, true, 367, 'TEMPLATE', null, null, 'Windows Level 3 (MP.3.123): Shared Network Object Creation', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (987, 'This report presents the relevant data from the logs of Windows event ID 41, which indicates that the system has rebooted without shutting down cleanly. This type of event is crucial for monitoring system availability, as it can be indicative of unexpected interruptions that affect the operational continuity of the technological infrastructure. The analysis of these events allows us to verify the system''s ability to recover from unexpected failures and maintain its proper functioning, fundamental aspects within the principles of Disaster Recovery and Business Continuity Monitoring established by the Cybersecurity Maturity Model Certification (CMMC).', null, null, null, null, null, null, null, null, null, 517, true, 384, 'TEMPLATE', null, null, 'Windows Unexpected System Reboot', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (988, 'This report presents key information extracted from the Windows event logs (event 1074) related to planned system shutdowns and restarts. The goal is to ensure that shutdown and restart activities are performed in a controlled and documented manner, which is critical to compliance with Disaster Recovery and Business Continuity Monitoring policies as required by CMMC. The collection of this data guarantees the traceability of actions related to the maintenance and operational availability of the systems.', null, null, null, null, null, null, null, null, null, 517, true, 385, 'TEMPLATE', null, null, 'Windows Scheduled System Shutdowns and Restarts', '', null);
+                INSERT INTO public.utm_compliance_report_config (id, config_solution, config_report_columns, config_report_req_body, config_report_req_params, config_report_resource_url, config_report_request_type, config_report_pageable, config_report_filter_by_time, config_report_data_origin, config_report_export_csv_url, standard_section_id, config_report_editable, dashboard_id, config_type, config_url, config_report_note, config_report_name, config_report_remediation, config_report_status) VALUES (983, 'This report aims to demonstrate third-party risk monitoring in Windows environments within the Azure infrastructure, in compliance with CMMC (Cybersecurity Maturity Model Certification) requirements. The security monitoring system analyzes events generated in Azure, recording administrative activities, accesses and modifications to critical resources. Logs of operations on virtual machines, computing resources, storage and networks are collected and analyzed to detect possible threats and unauthorized access. The main data sources analyzed include Azure Activity Logs, which record administrative activities; Azure Security Center Logs, which contain security events related to access and configurations; and Azure AD Logs, which monitor suspicious authentications and logins.<br/><br/>Key data analyzed include the type of action performed, the user ID and source IP, the affected resource, the status of the operation, and the correlation ID for tracking and auditing. Thanks to the analysis of these logs, risks such as access from suspicious IP addresses, administrative operations outside established hours and changes in virtual machine configurations without authorization have been identified and mitigated.<br/><br/>Active monitoring of activity logs in Azure helps ensure the security of Windows systems, reducing risks associated with third parties and complying with CMMC guidelines for the protection of data and resources in the cloud.', null, null, null, null, null, null, null, null, null, 516, true, 383, 'TEMPLATE', null, null, 'Azure Activity Monitoring', '', null);
+
+                SELECT setval('utm_compliance_report_config_id_seq', (SELECT COALESCE(MAX(id), 1) FROM utm_compliance_report_config), true);
+            ]]>
+        </sql>
+
+        <sql dbms="postgresql" splitStatements="true" stripComments="true">
+            <![CDATA[
+
+            -- ##################################################################
+            -- # Restore constrains
+            -- ##################################################################
+
+            ALTER TABLE utm_menu ADD CONSTRAINT fk_dashboard_id
+                FOREIGN KEY (dashboard_id)
+                    REFERENCES utm_dashboard (id)
+                    ON DELETE CASCADE;
+
+            ALTER TABLE utm_dashboard_visualization
+                ADD CONSTRAINT fk_visualization_id
+                    FOREIGN KEY (id_visualization)
+                        REFERENCES utm_visualization(id)
+                        ON DELETE CASCADE;
+
+            ALTER TABLE utm_dashboard_visualization
+                ADD CONSTRAINT fk_dashboard_id
+                    FOREIGN KEY (id_dashboard)
+                        REFERENCES utm_dashboard(id)
+                        ON DELETE CASCADE;
+
+            ]]>
+        </sql>
+    </changeSet>
+</databaseChangeLog>
\ No newline at end of file
diff --git a/backend/src/main/resources/config/liquibase/master.xml b/backend/src/main/resources/config/liquibase/master.xml
index 3b58d78d2..9037050e4 100644
--- a/backend/src/main/resources/config/liquibase/master.xml
+++ b/backend/src/main/resources/config/liquibase/master.xml
@@ -73,6 +73,6 @@
 
     <include file="/config/liquibase/changelog/20250127001_add_compliance_data.xml" relativeToChangelogFile="false"/>
 
-
+    <include file="/config/liquibase/changelog/20250227001_add_compliance_report.xml" relativeToChangelogFile="false"/>
 
 </databaseChangeLog>

From 07702dd56c96d02cf7c4fc3069524a1fa1391ef2 Mon Sep 17 00:00:00 2001
From: Manuel Abascal <mjabascal10@gmail.com>
Date: Mon, 3 Mar 2025 09:54:13 -0600
Subject: [PATCH 02/13] fix: update sophos guide

---
 .../factory/impl/ModuleSophos.java            | 24 ++++++-------------
 1 file changed, 7 insertions(+), 17 deletions(-)

diff --git a/backend/src/main/java/com/park/utmstack/domain/application_modules/factory/impl/ModuleSophos.java b/backend/src/main/java/com/park/utmstack/domain/application_modules/factory/impl/ModuleSophos.java
index c3af1e181..0c7cc72b1 100644
--- a/backend/src/main/java/com/park/utmstack/domain/application_modules/factory/impl/ModuleSophos.java
+++ b/backend/src/main/java/com/park/utmstack/domain/application_modules/factory/impl/ModuleSophos.java
@@ -41,32 +41,22 @@ public List<ModuleRequirement> checkRequirements(Long serverId) throws Exception
     public List<ModuleConfigurationKey> getConfigurationKeys(Long groupId) throws Exception {
         List<ModuleConfigurationKey> keys = new ArrayList<>();
 
-        // sophos_api_url
+        // sophos_api_client_id
         keys.add(ModuleConfigurationKey.builder()
             .withGroupId(groupId)
-            .withConfKey("sophos_api_url")
-            .withConfName("API Url")
-            .withConfDescription("Configure Sophos Central api url")
+            .withConfKey("sophos_client_id")
+            .withConfName("Client Id")
+            .withConfDescription("Configure Sophos Central client id")
             .withConfDataType("text")
             .withConfRequired(true)
             .build());
 
-        // sophos_authorization
-        keys.add(ModuleConfigurationKey.builder()
-            .withGroupId(groupId)
-            .withConfKey("sophos_authorization")
-            .withConfName("Authorization")
-            .withConfDescription("Configure Sophos Central Authorization")
-            .withConfDataType("password")
-            .withConfRequired(true)
-            .build());
-
-        // sophos_x_api_key
+        // sophos_x_client_secret
         keys.add(ModuleConfigurationKey.builder()
             .withGroupId(groupId)
             .withConfKey("sophos_x_api_key")
-            .withConfName("X-API-KEY")
-            .withConfDescription("Configure Sophos Central api key")
+            .withConfName("Client Secret")
+            .withConfDescription("Configure Sophos Central client secret")
             .withConfDataType("password")
             .withConfRequired(true)
             .build());

From 2f87899f6707d0c85acc83e87c16816549ed4c6f Mon Sep 17 00:00:00 2001
From: Manuel Abascal <mjabascal10@gmail.com>
Date: Mon, 3 Mar 2025 09:59:59 -0600
Subject: [PATCH 03/13] chore: update version and changelog

---
 CHANGELOG.md | 8 +++++---
 version.yml  | 2 +-
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index eac08d3c5..f5fe0b581 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,5 @@
-# UTMStack 10.6.1 Release Notes
-## Bug Fixes
-- Fixed ISM policy to ensure snapshots include only indices older than 24 hours.
+# UTMStack 10.6.2 Release Notes
+
+## Features
+- Added additional compliance reports.
+- Updated the Sophos Central integration guide.
diff --git a/version.yml b/version.yml
index c4fb4fc29..23251a8ee 100644
--- a/version.yml
+++ b/version.yml
@@ -1 +1 @@
-version: 10.6.1
\ No newline at end of file
+version: 10.6.2
\ No newline at end of file

From e2983b59a9be3218470c00da737a46f791330c03 Mon Sep 17 00:00:00 2001
From: Manuel Abascal <mjabascal10@gmail.com>
Date: Mon, 3 Mar 2025 13:15:33 -0600
Subject: [PATCH 04/13] fix: update sophos guide

---
 .../factory/impl/ModuleSophos.java               |  4 ++--
 .../20250303001_udpate_sophos_guide.xml          | 16 ++++++++++++++++
 2 files changed, 18 insertions(+), 2 deletions(-)
 create mode 100644 backend/src/main/resources/config/liquibase/changelog/20250303001_udpate_sophos_guide.xml

diff --git a/backend/src/main/java/com/park/utmstack/domain/application_modules/factory/impl/ModuleSophos.java b/backend/src/main/java/com/park/utmstack/domain/application_modules/factory/impl/ModuleSophos.java
index 0c7cc72b1..56ac49109 100644
--- a/backend/src/main/java/com/park/utmstack/domain/application_modules/factory/impl/ModuleSophos.java
+++ b/backend/src/main/java/com/park/utmstack/domain/application_modules/factory/impl/ModuleSophos.java
@@ -46,7 +46,7 @@ public List<ModuleConfigurationKey> getConfigurationKeys(Long groupId) throws Ex
             .withGroupId(groupId)
             .withConfKey("sophos_client_id")
             .withConfName("Client Id")
-            .withConfDescription("Configure Sophos Central client id")
+            .withConfDescription("Configure Sophos Central Client Id")
             .withConfDataType("text")
             .withConfRequired(true)
             .build());
@@ -56,7 +56,7 @@ public List<ModuleConfigurationKey> getConfigurationKeys(Long groupId) throws Ex
             .withGroupId(groupId)
             .withConfKey("sophos_x_api_key")
             .withConfName("Client Secret")
-            .withConfDescription("Configure Sophos Central client secret")
+            .withConfDescription("Configure Sophos Central Client Secret")
             .withConfDataType("password")
             .withConfRequired(true)
             .build());
diff --git a/backend/src/main/resources/config/liquibase/changelog/20250303001_udpate_sophos_guide.xml b/backend/src/main/resources/config/liquibase/changelog/20250303001_udpate_sophos_guide.xml
new file mode 100644
index 000000000..196e14293
--- /dev/null
+++ b/backend/src/main/resources/config/liquibase/changelog/20250303001_udpate_sophos_guide.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="utf-8"?>
+<databaseChangeLog
+        xmlns="http://www.liquibase.org/xml/ns/dbchangelog"
+        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.5.xsd">
+
+    <changeSet id="20250303001" author="Manuel">
+        <sql>
+            <![CDATA[
+            DELETE FROM utm_module_group
+            WHERE module_id = (SELECT id FROM utm_module WHERE module_name = 'SOPHOS');
+            ]]>
+        </sql>
+    </changeSet>
+
+</databaseChangeLog>

From ac3172e81eb9b9941593c51444f1721b9855e9ec Mon Sep 17 00:00:00 2001
From: Manuel Abascal <mjabascal10@gmail.com>
Date: Mon, 3 Mar 2025 16:46:47 -0600
Subject: [PATCH 05/13] fix: update sophos guide

---
 backend/src/main/resources/config/liquibase/master.xml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/backend/src/main/resources/config/liquibase/master.xml b/backend/src/main/resources/config/liquibase/master.xml
index 9037050e4..c295ca165 100644
--- a/backend/src/main/resources/config/liquibase/master.xml
+++ b/backend/src/main/resources/config/liquibase/master.xml
@@ -75,4 +75,6 @@
 
     <include file="/config/liquibase/changelog/20250227001_add_compliance_report.xml" relativeToChangelogFile="false"/>
 
+    <include file="/config/liquibase/changelog/20250303001_udpate_sophos_guide.xml" relativeToChangelogFile="false"/>
+
 </databaseChangeLog>

From 32aae65dc1e0b8a889485e1c15da3d1e53ee869f Mon Sep 17 00:00:00 2001
From: Osmany Montero <osmontero@icloud.com>
Date: Tue, 4 Mar 2025 16:35:33 +0200
Subject: [PATCH 06/13] Enhance log alert message with key details.

Include the specific blocklisted key in the alert message to provide clearer context and improve debugging efficiency. This update ensures more actionable and informative alerts.
---
 correlation/ti/ti.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/correlation/ti/ti.go b/correlation/ti/ti.go
index 6b82caa00..68c045f28 100644
--- a/correlation/ti/ti.go
+++ b/correlation/ti/ti.go
@@ -96,7 +96,7 @@ func IsBlocklisted() {
 
 					if strings.Contains(log, key) {
 						correlation.Alert(
-							fmt.Sprintf("Maliciuos %s found in log", value),
+							fmt.Sprintf("Malicious %s found in log: %s", value, key),
 							"Low",
 							"A blocklisted element has been identified in the logs. Further investigation is recommended.",
 							"",

From 3848c8235cd0dd1044bab5a525c40fb3417e2810 Mon Sep 17 00:00:00 2001
From: JocLRojas <joc.l.rojas02@gmail.com>
Date: Tue, 4 Mar 2025 17:40:13 -0500
Subject: [PATCH 07/13] Update how events are retrieved using the
 Sophos-Central API.

---
 sophos/configuration/const.go |   2 +
 sophos/processor/processor.go | 176 ++++++++++++++++++++++++++++------
 sophos/processor/pull.go      |   7 +-
 3 files changed, 153 insertions(+), 32 deletions(-)

diff --git a/sophos/configuration/const.go b/sophos/configuration/const.go
index d333000bd..ce3e6275a 100644
--- a/sophos/configuration/const.go
+++ b/sophos/configuration/const.go
@@ -4,6 +4,8 @@ import "github.com/utmstack/UTMStack/sophos/utils"
 
 const (
 	CORRELATIONURL = "http://correlation:8080/v1/newlog"
+	AUTHURL        = "https://id.sophos.com/api/v2/oauth2/token"
+	WHOAMIURL      = "https://api.central.sophos.com/whoami/v1"
 )
 
 func GetInternalKey() string {
diff --git a/sophos/processor/processor.go b/sophos/processor/processor.go
index e462c5cb0..db67760df 100644
--- a/sophos/processor/processor.go
+++ b/sophos/processor/processor.go
@@ -4,65 +4,181 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
+	"time"
 
 	"github.com/threatwinds/logger"
+	"github.com/utmstack/UTMStack/sophos/configuration"
 	"github.com/utmstack/UTMStack/sophos/utils"
 	"github.com/utmstack/config-client-go/types"
 )
 
 type SophosCentralProcessor struct {
-	XApiKey       string
-	Authorization string
-	ApiUrl        string
+	ClientID     string
+	ClientSecret string
+	TenantID     string
+	DataRegion   string
+	AccessToken  string
+	ExpiresAt    time.Time
 }
 
-func GetSophosCentralProcessor(group types.ModuleGroup) SophosCentralProcessor {
+func getSophosCentralProcessor(group types.ModuleGroup) SophosCentralProcessor {
 	sophosProcessor := SophosCentralProcessor{}
 
 	for _, cnf := range group.Configurations {
 		switch cnf.ConfName {
-		case "X-API-KEY":
-			sophosProcessor.XApiKey = cnf.ConfValue
-		case "Authorization":
-			sophosProcessor.Authorization = cnf.ConfValue
-		case "API Url":
-			sophosProcessor.ApiUrl = cnf.ConfValue
+		case "ClientID":
+			sophosProcessor.ClientID = cnf.ConfValue
+		case "ClientSecret":
+			sophosProcessor.ClientSecret = cnf.ConfValue
 		}
 	}
 	return sophosProcessor
 }
 
-type EventAggregate struct {
-	HasMore    bool                     `json:"has_more"`
-	Items      []map[string]interface{} `json:"items"`
-	NextCursor string                   `json:"next_cursor"`
-}
+func (p *SophosCentralProcessor) getAccessToken() (string, *logger.Error) {
+	data := url.Values{}
+	data.Set("grant_type", "client_credentials")
+	data.Set("client_id", p.ClientID)
+	data.Set("client_secret", p.ClientSecret)
+	data.Set("scope", "token")
 
-func (p *SophosCentralProcessor) GetLogs(group types.ModuleGroup, fromTime int) ([]TransformedLog, *logger.Error) {
-	baseURL := p.ApiUrl + "/siem/v1/events"
+	headers := map[string]string{
+		"Content-Type": "application/x-www-form-urlencoded",
+	}
 
-	u, parseerr := url.Parse(baseURL)
-	if parseerr != nil {
-		return nil, utils.Logger.ErrorF("error parsing URL params: %v", parseerr)
+	response, _, err := utils.DoReq[map[string]any](configuration.AUTHURL, []byte(data.Encode()), http.MethodPost, headers)
+	if err != nil {
+		return "", utils.Logger.ErrorF("error making auth request: %v", err)
 	}
 
-	params := url.Values{}
-	params.Add("limit", "1000")
-	params.Add("from_date", fmt.Sprintf("%d", fromTime))
+	accessToken, ok := response["access_token"].(string)
+	if !ok || accessToken == "" {
+		return "", utils.Logger.ErrorF("access_token not found in response")
+	}
 
-	u.RawQuery = params.Encode()
+	expiresIn, ok := response["expires_in"].(float64)
+	if !ok {
+		return "", utils.Logger.ErrorF("expires_in not found in response")
+	}
+
+	p.AccessToken = accessToken
+	p.ExpiresAt = time.Now().Add(time.Duration(expiresIn) * time.Second)
+
+	return accessToken, nil
+}
+
+type WhoamiResponse struct {
+	ID       string   `json:"id"`
+	ApiHosts ApiHosts `json:"apiHosts"`
+}
+type ApiHosts struct {
+	Global     string `json:"global"`
+	DataRegion string `json:"dataRegion"`
+}
 
+func (p *SophosCentralProcessor) getTenantInfo(accessToken string) *logger.Error {
 	headers := map[string]string{
 		"accept":        "application/json",
-		"Authorization": p.Authorization,
-		"x-api-key":     p.XApiKey,
+		"Authorization": "Bearer " + accessToken,
 	}
 
-	response, _, err := utils.DoReq[EventAggregate](u.String(), nil, http.MethodGet, headers)
+	response, _, err := utils.DoReq[WhoamiResponse](configuration.WHOAMIURL, nil, http.MethodGet, headers)
 	if err != nil {
-		return nil, err
+		return utils.Logger.ErrorF("error making whoami request: %v", err)
+	}
+
+	if response.ID == "" {
+		return utils.Logger.ErrorF("tenant ID not found in whoami response")
+	}
+	p.TenantID = response.ID
+
+	if response.ApiHosts.DataRegion == "" {
+		return utils.Logger.ErrorF("dataRegion not found in whoami response")
+	}
+	p.DataRegion = response.ApiHosts.DataRegion
+
+	return nil
+}
+
+func (p *SophosCentralProcessor) getValidAccessToken() (string, *logger.Error) {
+	if p.AccessToken != "" && time.Now().Before(p.ExpiresAt) {
+		return p.AccessToken, nil
 	}
+	return p.getAccessToken()
+}
 
-	logs := ETLProcess(response, group)
-	return logs, nil
+type EventAggregate struct {
+	Pages Pages            `json:"pages"`
+	Items []map[string]any `json:"items"`
+}
+
+type Pages struct {
+	FromKey string `json:"fromKey"`
+	NextKey string `json:"nextKey"`
+	Size    int64  `json:"size"`
+	MaxSize int64  `json:"maxSize"`
+}
+
+func (p *SophosCentralProcessor) getLogs(fromTime int, nextKey string, group types.ModuleGroup) ([]TransformedLog, string, *logger.Error) {
+	accessToken, err := p.getValidAccessToken()
+	if err != nil {
+		return nil, "", utils.Logger.ErrorF("error getting access token: %v", err)
+	}
+
+	if p.TenantID == "" || p.DataRegion == "" {
+		if err := p.getTenantInfo(accessToken); err != nil {
+			return nil, "", utils.Logger.ErrorF("error getting tenant information: %v", err)
+		}
+	}
+
+	var aggregatedEvents EventAggregate
+	aggregatedEvents.Items = make([]map[string]any, 0)
+	currentNextKey := nextKey
+
+	for {
+		u, err := p.buildURL(fromTime, currentNextKey)
+		if err != nil {
+			return nil, "", utils.Logger.ErrorF("error building URL: %v", err)
+		}
+
+		headers := map[string]string{
+			"Content-Type":  "application/json",
+			"Authorization": "Bearer " + accessToken,
+			"X-Tenant-ID":   p.TenantID,
+		}
+
+		response, _, err := utils.DoReq[EventAggregate](u.String(), nil, http.MethodGet, headers)
+		if err != nil {
+			return nil, "", err
+		}
+
+		aggregatedEvents.Items = append(aggregatedEvents.Items, response.Items...)
+
+		if response.Pages.NextKey == "" {
+			break
+		}
+		currentNextKey = response.Pages.NextKey
+	}
+
+	transformedLogs := ETLProcess(aggregatedEvents, group)
+
+	return transformedLogs, currentNextKey, nil
+}
+
+func (p *SophosCentralProcessor) buildURL(fromTime int, nextKey string) (*url.URL, *logger.Error) {
+	baseURL := p.DataRegion + "/siem/v1/events"
+	u, parseErr := url.Parse(baseURL)
+	if parseErr != nil {
+		return nil, utils.Logger.ErrorF("error parsing url: %v", parseErr)
+	}
+
+	params := url.Values{}
+	if nextKey != "" {
+		params.Set("pageFromKey", nextKey)
+	} else {
+		params.Set("from_date", fmt.Sprintf("%d", fromTime))
+	}
+
+	u.RawQuery = params.Encode()
+	return u, nil
 }
diff --git a/sophos/processor/pull.go b/sophos/processor/pull.go
index 4cfd18044..c694bab8b 100644
--- a/sophos/processor/pull.go
+++ b/sophos/processor/pull.go
@@ -11,6 +11,7 @@ import (
 const delayCheck = 300
 
 var timeGroups = make(map[int]int)
+var nextKeys = make(map[int]string)
 
 func PullLogs(group types.ModuleGroup) *logger.Error {
 	utils.Logger.Info("starting log sync for : %s", group.GroupName)
@@ -26,13 +27,15 @@ func PullLogs(group types.ModuleGroup) *logger.Error {
 		timeGroups[group.ModuleID] = epoch + 1
 	}()
 
-	agent := GetSophosCentralProcessor(group)
+	agent := getSophosCentralProcessor(group)
 
-	logs, err := agent.GetLogs(group, timeGroups[group.ModuleID])
+	logs, newNextKey, err := agent.getLogs(timeGroups[group.ModuleID], nextKeys[group.ModuleID], group)
 	if err != nil {
 		return err
 	}
 
+	nextKeys[group.ModuleID] = newNextKey
+
 	err = SendToCorrelation(logs)
 	if err != nil {
 		return err

From b489896f1126b20f882158221624d821c2503588 Mon Sep 17 00:00:00 2001
From: Manuel Abascal <mjabascal10@gmail.com>
Date: Mon, 3 Mar 2025 09:54:13 -0600
Subject: [PATCH 08/13] fix: update sophos guide

---
 .../domain/application_modules/factory/impl/ModuleSophos.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/backend/src/main/java/com/park/utmstack/domain/application_modules/factory/impl/ModuleSophos.java b/backend/src/main/java/com/park/utmstack/domain/application_modules/factory/impl/ModuleSophos.java
index 56ac49109..3c4557cdf 100644
--- a/backend/src/main/java/com/park/utmstack/domain/application_modules/factory/impl/ModuleSophos.java
+++ b/backend/src/main/java/com/park/utmstack/domain/application_modules/factory/impl/ModuleSophos.java
@@ -41,7 +41,7 @@ public List<ModuleRequirement> checkRequirements(Long serverId) throws Exception
     public List<ModuleConfigurationKey> getConfigurationKeys(Long groupId) throws Exception {
         List<ModuleConfigurationKey> keys = new ArrayList<>();
 
-        // sophos_api_client_id
+        // sophos_api_url
         keys.add(ModuleConfigurationKey.builder()
             .withGroupId(groupId)
             .withConfKey("sophos_client_id")
@@ -56,7 +56,7 @@ public List<ModuleConfigurationKey> getConfigurationKeys(Long groupId) throws Ex
             .withGroupId(groupId)
             .withConfKey("sophos_x_api_key")
             .withConfName("Client Secret")
-            .withConfDescription("Configure Sophos Central Client Secret")
+            .withConfDescription("Configure Sophos Central client secret")
             .withConfDataType("password")
             .withConfRequired(true)
             .build());

From 68f32c41ffc10d06743633294cf9225802f1e2fb Mon Sep 17 00:00:00 2001
From: Manuel Abascal <mjabascal10@gmail.com>
Date: Mon, 3 Mar 2025 13:15:33 -0600
Subject: [PATCH 09/13] fix: update sophos guide

---
 .../domain/application_modules/factory/impl/ModuleSophos.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/backend/src/main/java/com/park/utmstack/domain/application_modules/factory/impl/ModuleSophos.java b/backend/src/main/java/com/park/utmstack/domain/application_modules/factory/impl/ModuleSophos.java
index 3c4557cdf..45fc10610 100644
--- a/backend/src/main/java/com/park/utmstack/domain/application_modules/factory/impl/ModuleSophos.java
+++ b/backend/src/main/java/com/park/utmstack/domain/application_modules/factory/impl/ModuleSophos.java
@@ -56,7 +56,7 @@ public List<ModuleConfigurationKey> getConfigurationKeys(Long groupId) throws Ex
             .withGroupId(groupId)
             .withConfKey("sophos_x_api_key")
             .withConfName("Client Secret")
-            .withConfDescription("Configure Sophos Central client secret")
+            .withConfDescription("Configure Sophos Central Client Secret")
             .withConfDataType("password")
             .withConfRequired(true)
             .build());

From af493eeea5b2a232db93c43920c01069e0acd6f1 Mon Sep 17 00:00:00 2001
From: Manuel Abascal <mjabascal10@gmail.com>
Date: Mon, 3 Mar 2025 10:02:45 -0600
Subject: [PATCH 10/13] chore: clean up unused imports

---
 .../alert-view/alert-view.component.ts                 | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/frontend/src/app/data-management/alert-management/alert-view/alert-view.component.ts b/frontend/src/app/data-management/alert-management/alert-view/alert-view.component.ts
index 6f4277857..2095ff084 100644
--- a/frontend/src/app/data-management/alert-management/alert-view/alert-view.component.ts
+++ b/frontend/src/app/data-management/alert-management/alert-view/alert-view.component.ts
@@ -1,6 +1,6 @@
 import {HttpResponse} from '@angular/common/http';
 import { Component, OnDestroy, OnInit} from '@angular/core';
-import {ActivatedRoute, NavigationEnd, Router} from '@angular/router';
+import {ActivatedRoute, Router} from '@angular/router';
 import {NgbModal} from '@ng-bootstrap/ng-bootstrap';
 import {TranslateService} from '@ngx-translate/core';
 import {ResizeEvent} from 'angular-resizable-element';
@@ -47,16 +47,14 @@ import {SaveAlertReportComponent} from '../alert-reports/shared/components/save-
 import {AlertDataTypeBehavior} from '../shared/behavior/alert-data-type.behavior';
 import {AlertFiltersBehavior} from '../shared/behavior/alert-filters.behavior';
 import {AlertStatusBehavior} from '../shared/behavior/alert-status.behavior';
-import {AlertUpdateTagBehavior} from '../shared/behavior/alert-update-tag.behavior';
 import {RowToFiltersComponent} from '../shared/components/filters/row-to-filter/row-to-filters.component';
 import {EventDataTypeEnum} from '../shared/enums/event-data-type.enum';
-import {AlertManagementService} from '../shared/services/alert-management.service';
 import {AlertTagService} from '../shared/services/alert-tag.service';
 import {getCurrentAlertStatus, getStatusName} from '../shared/util/alert-util-function';
 import {CheckEmailConfigService, ParamShortType} from '../../../shared/services/util/check-email-config.service';
-import {Subject} from "rxjs";
-import {takeUntil} from "rxjs/operators";
-import {ElasticDataTypesEnum} from "../../../shared/enums/elastic-data-types.enum";
+import {Subject} from 'rxjs';
+import {takeUntil} from 'rxjs/operators';
+import {ElasticDataTypesEnum} from '../../../shared/enums/elastic-data-types.enum';
 
 @Component({
   selector: 'app-alert-view',

From 239e13fb886ee8c5658800d3bc0f65c13ecd1dc1 Mon Sep 17 00:00:00 2001
From: Manuel Abascal <mjabascal10@gmail.com>
Date: Mon, 3 Mar 2025 13:16:34 -0600
Subject: [PATCH 11/13] fix: update sophos guide

---
 .../guide-sophos/guide-sophos.component.html  |  59 +++++++++++++++++-
 .../guide-sophos/guide-sophos.component.ts    |   8 ++-
 .../guides/guide-sophos/sophos.steps.ts       |  31 +++++++++
 .../img/guides/sophos/sophos-step-4.png       | Bin 0 -> 50428 bytes
 .../img/guides/sophos/sophos-step-5.png       | Bin 77220 -> 0 bytes
 5 files changed, 96 insertions(+), 2 deletions(-)
 create mode 100644 frontend/src/app/app-module/guides/guide-sophos/sophos.steps.ts
 create mode 100644 frontend/src/assets/img/guides/sophos/sophos-step-4.png
 delete mode 100644 frontend/src/assets/img/guides/sophos/sophos-step-5.png

diff --git a/frontend/src/app/app-module/guides/guide-sophos/guide-sophos.component.html b/frontend/src/app/app-module/guides/guide-sophos/guide-sophos.component.html
index b85754a50..93f4da64c 100644
--- a/frontend/src/app/app-module/guides/guide-sophos/guide-sophos.component.html
+++ b/frontend/src/app/app-module/guides/guide-sophos/guide-sophos.component.html
@@ -5,6 +5,63 @@ <h4 class="card-title mb-0 text-primary">
     </h4>
   </div>
 
+  <div class="card-body">
+    <p class="font-size-base">
+      Sophos Central has secured APIs available for customers. These allow the retrieval of event and alert data from
+      Sophos Central, for use in other systems.<br><br>
+
+    <h6 class="font-weight-semibold mt-3 mb-3">
+      How to send alert and event data to UTMStack:
+    </h6>
+    <ol class="setup_list">
+      <app-utm-list [items]="steps">
+        <ng-template stepTemplateRef let-step>
+          <li>
+            <app-step>
+              <span stepNumber>{{step.id}}</span>
+              <div [innerHtml]="step.name"></div>
+              <ng-container *ngIf="step.content">
+
+                <ng-template [ngIf]="step.content['images']">
+                  <app-utm-list [items]="step.content['images']">
+                    <ng-template stepTemplateRef let-image>
+                      <img [alt]="image.alt" class="step-img" [src]="image.src">
+                    </ng-template>
+                  </app-utm-list>
+                </ng-template>
+
+                <ng-template [ngIf]="step.content.id === 'stepContent5'">
+                  <app-int-generic-group-config [moduleId]="integrationId"
+                                                (configValidChange)="configValidChange($event)"
+                                                [serverId]="serverId"></app-int-generic-group-config>
+                </ng-template>
+
+                <ng-template [ngIf]="step.content.id === 'stepContent3'">
+                  <div  class="mt-3">
+                    <app-app-module-activate-button [module]="module.SOPHOS" [type]="'integration'"
+                                                    [disabled]="configValidity"
+                                                    [serverId]="serverId">
+                    </app-app-module-activate-button>
+                  </div>
+                </ng-template>
+
+              </ng-container>
+            </app-step>
+          </li>
+        </ng-template>
+      </app-utm-list>
+    </ol>
+  </div>
+</div>
+
+
+<!--<div class="w-100 h-100">
+  <div class="card-header d-flex justify-content-between align-items-center">
+    <h4 class="card-title mb-0 text-primary">
+      Sophos Central
+    </h4>
+  </div>
+
   <div class="card-body">
     <p class="font-size-base">
       Sophos Central has secured APIs available for customers. These allow the retrieval of event and alert data from
@@ -72,4 +129,4 @@ <h6 class="font-weight-semibold mt-3 mb-3">
       </li>
     </ol>
   </div>
-</div>
+</div>-->
diff --git a/frontend/src/app/app-module/guides/guide-sophos/guide-sophos.component.ts b/frontend/src/app/app-module/guides/guide-sophos/guide-sophos.component.ts
index 03fcc8e80..c2fffefc1 100644
--- a/frontend/src/app/app-module/guides/guide-sophos/guide-sophos.component.ts
+++ b/frontend/src/app/app-module/guides/guide-sophos/guide-sophos.component.ts
@@ -1,5 +1,9 @@
 import {Component, Input, OnInit} from '@angular/core';
 import {UtmModulesEnum} from '../../shared/enum/utm-module.enum';
+import {AS400STEPS} from "../guide-as400/as400.steps";
+import {ACTIONS, PLATFORM} from "../guide-as400/constants";
+import {Step} from "../shared/step";
+import {SOPHOS_STEPS} from "./sophos.steps";
 
 @Component({
   selector: 'app-guide-sophos',
@@ -11,6 +15,9 @@ export class GuideSophosComponent implements OnInit {
   @Input() serverId: number;
   module = UtmModulesEnum;
   configValidity: boolean;
+  steps = SOPHOS_STEPS;
+  platforms = PLATFORM;
+  actions = ACTIONS;
 
   constructor() {
   }
@@ -21,5 +28,4 @@ export class GuideSophosComponent implements OnInit {
   configValidChange($event: boolean) {
     this.configValidity = !$event;
   }
-
 }
diff --git a/frontend/src/app/app-module/guides/guide-sophos/sophos.steps.ts b/frontend/src/app/app-module/guides/guide-sophos/sophos.steps.ts
new file mode 100644
index 000000000..294cbd325
--- /dev/null
+++ b/frontend/src/app/app-module/guides/guide-sophos/sophos.steps.ts
@@ -0,0 +1,31 @@
+import {Step} from '../shared/step';
+
+export const SOPHOS_STEPS: Step[] = [
+  {id: '1', name: 'You require a Client ID and Client Secret to access event data via the API. ' +
+                  'In Sophos Central Admin, go to <strong> Global Settings > API Credentials Management </strong>. <br>',
+  },
+  {id: '2', name: 'To create a new credential, click Add Credential from the top-right corner of the screen'},
+  {id: '3', name: 'Enter a name and description for the credential, then select the role you want to assign and click Add.'},
+  {id: '4', name: 'Click Show Client Secret to view the Client ID and Client Secret, then click Copy to store them securely. <br>' +
+                  '<div class="w-100 alert alert-info alert-styled-right mb-3 alert-dismissible">' +
+                    'The Client Secret is only visible once. Ensure you copy and save it securely</div>',
+    content: {
+      id: 'stepContent4',
+      images: [{
+        alt: 'Client Secrets',
+        src: '../../../../assets/img/guides/sophos/sophos-step-4.png',
+      }]
+    }
+  },
+  {id: '5', name: 'Insert information in the following inputs.You can add more than one Sophos configuration ' +
+                  'by clicking on Add tenant button.',
+    content: {
+      id: 'stepContent5'
+    }
+  },
+  {id: '6', name: 'Click on the button shown below, to activate the UTMStack features related to this integration',
+    content: {
+      id: 'stepContent6'
+    }
+  }
+];
diff --git a/frontend/src/assets/img/guides/sophos/sophos-step-4.png b/frontend/src/assets/img/guides/sophos/sophos-step-4.png
new file mode 100644
index 0000000000000000000000000000000000000000..aaff6d72d613832d46410d4ad20266c6bb4830e9
GIT binary patch
literal 50428
zcmZ5ocOcaN{|^}rv?RMySxMsT(LyQn9NEcs#@RXJl%ixLBjc=e&c5t%I1<Xv+4D*^
zXPk4^@q0&~@8{F+{ipZ1*Lc33ujgaDyw=uKV?N4x^w6P0%=hoz)jf2GUgppt8Wa-)
z@Ru>O1kXc<0uSB4drR-B*}~{Cm|lPKlCRs9i25eg_>eEgKSkdjQgl2KaK!ON{nszI
zZ@9_p-W|HKCazi*<#ttM<<PU0G}zT(sH@`1>-;2G{maVhN~)74uZ<svTg1Ghd&+W)
z<Ko;0!Qh)G=#D?SF*&|i<4qxk7_q*3)<mM}d0r;gl=zZ~HC3VJd;LbEs$mh)D__-9
zKMra&&aK#g=j0rH05tOVb%I#sL)THM71p)m!z#SJ83GFUe8Qhf?yq;EIe6lH-T=*X
zv4q;Ul@TlIbumcvsVC2e|J=JdutJY?e-axjem|k}io-|+jUJ5l;58;+uR7Vq6+uN=
z|4-ZEdi-j450}#&+zR|;$%u?p9#YGWRH@?A;S@(|1RvZv^g>yl;3q7qDq(wf{@ZMW
zq}$ykg4dsWC%hH{C8)FF@U3i}L|MxU)yTP4PUN4PpHp~X9SMp?TBz`@wvs4L#VT`{
z{GWSF@?LeDYk4|0b(=kH-#I0u-W}EabIYQ$oMHMQ{|I+FdOFNtp@Qb{e?O?SX%&_N
zcPQze*3?_rxK+RS=dJS#z>u^VW{^F$p86xq-aVOMVEngp6T?<B+tF)|Hbpmz(RL;~
zZ~yLrsG^zslxFvc&wWlV=~p0`KSTLKQJ#Q&$C=+Fpf>xu<U4VX$Th<9Pv;_dU{^GG
za@4?T4nwCiB>k*X|Nf?hdI@iUM@c3sqHp=6f5L}9FP>i*q?wN25WM`5J1gWJqr=y?
z+d=<MT_Ih^kBluLuO7O@6T@mj4C^1CpFa4(n*+sk9V;v1>aVyy{5lc@vV#4;SqS*a
zbXg#xyC+0dM6L?)pMefwLw-+`5mJ49pI`DRZ2YfQy02B-3+HiB+)^8B{?EK&p1VIm
zGzuKo8~G@xqDnsQ%=pjTG_%O?A>|$lMMm_*goHr5-ZBaQHCn57VY~r;FEW*+Zr=$e
zUm+Ymc=5#gLZJI<gDSmk*cC0FoccSy^yOGl&aqByy>jO*%@JKlDznm@D>;5F`TL#G
zkwsd*QIKD^hjn#{E_Qd(fiN!V3{lmS_C#2PN6_<B@gqla2B}p-!qD8>4dD$!`wAIl
zIRq)vg_ikelKOX8{Kzl8YTl*2di6+FiU-ezyJPAONzK2fU5<THy0+)UqQrF2E|0H3
ze**ksGOPHa(W*dqt~1Gm6WsL0v>tI}yr%@59Qpi&5h<RyXq5Bw!xL)BjAso}!uUv3
z$|s2@RROh~Vha3(>VOnzAGD7Fv|%oR3zS{4O+EEz!4cwCAuy#Iy3u^R=^wu}e7;Di
zUQGfejuj_eyn+(k!j7IvC>HUEpJpD|>gbD$zSUgo(1%`XyODbnt6Zd;YPzbRRp&z;
zIwr$x8#!AX)V!v$OftP)cVxfqfn2tX$Y@^fyd(GN*iuiRXo85ib|}oO7cHXOlVM!4
zyB*<>`%Xgmj`5!2-RFHeb@ml&3HnOirlS{apba?RxnnNp2?~4j`NF&P9*ygsskydc
zr)*?PZ`f6NkuYZZYu;F>(f!gKM5P`F_(=~HD-Pc@s3i~`CeTCL@#!&9CvAEy?|M8>
zp$=Z-Aq8W0fyUb|vA6zE(h|!!Rcaol>(-aGMF{qy>nKPbKgx!s+|ypcDB;yEi#d1|
zVKJlpXGr&g;|lhA*!4NVUG5i$uhBd<(;Bb5O&^2Uu?mW_K?zFDIlF%g%=$G5-%O75
zxSD3Tjo=%CP?r#98I7Hpf>%Dzgls2TiT3uHZ|^xVPJ7@|_sHEaPpnJT7<Ghnh0FWf
zk6ONq#ZohP^BQRKwwX6VpuO)6ahLO10fm%$X0Tyr2Yv0SK`O%;wrx{<O{zox(U8n$
zl^JL6y-X!@$MvQ82h2GE)7I7sr!tr*{-;h#8!L}~_cFp&a@UQ^fD{MqrUN4VEkTOt
zM_ep^CkOg)<3#A{YTjX$%Fd+aKHI9f&5>Ht=;4~p`@{2a@_4@QOo~0!uU>h72J3i$
z=!-@lm*9KN%G{fFp(bc}RM%YE06KeVX(-8{_mj|_lcN_Uef@{8XW;`$xnd>cO+ksS
zt(QD@ra)jon#a5oAs<Ia{9h%<U9jzNMBVk44yyfOxHR-5{UofZBK1w!8we(#FmbmU
z{9xQDW6$$5JW32fDzITKqrJ_);Qq^MV0w1<o-08v!+@*AvtEWY;Qis0<gkCiH2(CN
z-Wu$w;u|qt8BTSBWRfp!owJU5{Hctria~g#RZv-hSRDW0QPtC-If_5>x2b!0PBz>-
z3)3Jw@8QqVWc<7Qt-L{|`a2=7&37EK2i5oo!V-QGTOY8rr<}4*!S<KLZb?>%rGNhV
z*c_Bw^_8hM{INSS(^ht}EwLcpcXV%5LZxy2#$g_0aZq6K_SZAvZ+Ovzn7r@7<^?hQ
z^@(uhb;A%{)h35^D71u3^@i*?=56}1Qno)8JgfKB;E#FBo$&+AZB!W$6tL3bQT)8Z
zxW_}b+cJL|Q3>HvN2<@-nxvkS_1<`=%Rk~r8KjxoY=4ZWR>~Knp(bLvi=-v#jix~K
z_~-{qHhd@5u)}Qz$6nAA?BBOpyJ3s=QND6kUu0RhLK$zaw8#rql=L@!B~HITtuRI)
zi^r&igJhcH_vEbx=;{}pv&Dq-(_p&a(fZfj-Ez&&?Id^g+9cB>ZF5T{JD8qv4^6g5
z6$lVKaAo{eNwpGv9FJ~o^|EixfJ82NJf#(Osk7Hhs@+biJDpS?tMi&u+*Cx7Cgxkb
z>Yg;d{gZu5C}QQXj(!&Ou;qjamNxT+xzo<q<B0YXcrilt7|GZI$=1F3Sv8?Q_xzy$
z?gip}?+nEc3+}n|;x!RkTy9tPWWom8erwOJee``QDhoRfI<`q!bVZ!y@Xw!QP$EO&
z<Z|OlB=Taje9AT|!`<ry%*etrXml-Sx>n+LYaop35F};A%#;(cW{NkH=-Z%AZBKFd
zRhDE8S`yL!?2XN)6dU&vHo3#!4rL8!_*|ZGr>vox&+MVj?rhbxi*2mAA>!UNm-(9l
zv0fVhX+KEL-h#mPySmJzA>RLkyP&>-x56LX)1F-_KG&zHB7#^vVjebq_AWN{L03y)
z-9sJ*q=A+`R6{?ELrw$UZXA_0&m@DH8>q6MJIM|60ZGr`{r5gpsm@;-3v@S03YDc4
z1~sbBd>>^W+9CyiiVn>ubZn>W+>sfEfOg!<WUWV)3DpIpZ3tJ#@YJ!jhpMr^M4C$1
zvAe<ZM`Yv)HL9;$l}RR@^BcaMC39xQevsmHPgq9;ZO5;lb%&_A3{FqW3?7p)-?om2
z<@^kz)bw{6ux)=Xt79%qR5r|UB~rMl-D=Ms94*;2k%N`iR|#CCKDTw5%y#7qspchi
z7G3YFV%crI<hNUpspbLxMH*gs%(g!+1Wjv3Bx~lEne^-ivbK5&12d6rgxDvZv-Tmc
zl!khT%LQVawA|&wzSI>-RQGUVJ|0-b34`~i9_NrOvwrD48oMezw%jqF6MzjUyBJ26
zQ9c@F<zwEA)tni0s8Q%<8rjJq@0{bhuCYkugPBclE?&QO_t1>ey1mYm;ZiOaNy1K!
zp}F5~w$f19EohurtYs*OevIh}MxL;yr^$(M$upldDZIr;y<%soo@=o^y>Oo3NE!>9
zWG>plBxyBl_Z1x}mZFZ49&TfNdYMvj!y1<6$Ev)Olp(IG-g!q`Pq<L$1{wUzT;7)z
zm}jR}*%&`Kyw=(kmljy8ful+yo*W+UgAPAn$xAw`r*iCI%}uWw2T2&QYVf3o=mrD(
z_^V;PdV6|LRnI3FAr?_lVf{kNihA&qrMXOJe)B%H-O4Z?Sd(2DG#gX1@@S>Ni|6>s
zKu-`sk``nsj6w98Fv=a3QQl6<zVNv}O^tGf`Z<1RtfDnBLSbUGtG@ReK_j?;w8Qhl
zbzHB`r?k*W#9cR!ET9;fRdE+}sW~2B>LN&xJU890{z(eh#o=Mdg2wq=s+a2$0r`U$
z#>w@-$tY*gGQSkuu68%<ROUy)GMDms7MXU9vdoH3w(TNWjnPLfkK0SIqZ3~_WFijM
z15q0&-!Hg+dMD5<=%XISFjjE1<3Xz7j|Z^p?8{6!3iFRc;aFg*%d-6z9;wlw4J`&m
zZ{q{XAidi;ca)VjAEL!t%;XDej%vDxx^|vmLz*fg7%fJmPr(9KqI&mUoe|x&E)AG}
zz}s8xlFgwv4y&`r=7<GQqond+4nz0mQ(k-epaZ>OnoDks792pO;WCzB6I|Ya!|7sK
zq&DIp*E3tuY9@#}`?XxFsw%GD8eg0?$)zuzqM1~C(1nq7053TIJf!iEH|Gmu$Y@z0
z>2p0~%EQRgsV=besA9n`93=~q|7nQ3Ic>v$oEzdqrY4tYb_dkW9$SB6zG8f=L{W7z
zt8m>?%caq}?iRKM^q9G0UUt79Ct;la;(f?4QAaFqmbdK^7mG|1PTL(ev)!oX#tGh1
zgoI8_uXlJrIoFlxV}+`g-h(8FES-V)jgjyZ_>rAvT)Jx;*vDs-2EDC?faX_nkh=B#
zOB`~lC`?<92bh5P*sG2s_4?h@r$PklkIV2sA0DMmVb-Z?oKf+`l5VcA4Kd+hbD0cC
zX8~`+ABH^(b;;jxTetaYo~-qkXFmjHg~LXJ=<FO*vX)BgUG2O}W{`bnN&W(@O)jp%
zW~reVowMA@BxalOcA@bAnrU(}j(WXdG>~+R;`xfDkl*{2`zGUentsXx&Tg`V%RGqm
z1`%Lb=<R9n8G0*;ENPS)Rfw%B|Jlp+QMCe->Y_%<-CDd7Qi}JNVL*<BT1;>UB++tA
z?^4Uy^8?0j0>i3#I_5@RQt4@|zs8?1bM&f9SbiLK<ua=T9~~p5mJIzJAf<(x%bZCx
z)!;(kjoV+6cwjAA_pa)zYgx8<KEGjRnDg`Vdyss`&_Gsy7|82Uk42pjznz}}M^HYj
z$Y8`n*37L%oWHL)#VU*&x0ZXVW+*NHSd*bsG!J|;{0SRwuB#`D7z(#4J4HNpR0cD@
zvl!yK$bdAj+$Q<Opp}a!Vflr*mxqz98xK=TrRe6QWNsC+U+wMgM<yyt>57B%$PzA>
z2tDk*!uQJhG8dF?sBkE+A`mBAmT>{LdyPl^!Y#iG5qGckwl)nVH^JiyEsW~z709_L
z8)HlNya9V+XHD0Pcj%Lme(}b0e87@unZuOwI(Tac9q~sTz~_<IK<v(@|4@Gz(f8%!
zg;36?2pBer_=bl?BGCRcEq&$I5?73cW7#{CJgxBH^78~q$vvCgP{ei9LVs+oairko
zHdt1g)q5pUuFb+#f~5aScG+%Q`mE)Lwsx<uL)TWL*vUkJ3%aJ34GEMtvEq$G@y$#t
zSFH2($o2U)pV+uziB%rE>kSoNbeau=i0|0WW~1p+bZ5DHfmlxIln<^w5dOt(3p%_u
ztGxFT3QM6rG&b0|ho89E9&k6Tgto_fZ?;$pObQQ=*o`!>5wZ9ra3<V+1`)89;8k<x
zbQulWHN|o`&H-NHB5K4>Fayulu1l9NphIjYasuaU_k$zQg$8%D!;WH^b>-4=-8~vb
z7k_$zz@+JqY;zRN@d2N6zp0l)hxSXLFCoFg7kpm*Jk6McxI`ncyyyx^El?MiHihp}
zg9$<V4<7QC#09#)0zyr9<Ri@-d#^+VPoR8zFT>*2V5^%A>d^!Gr|$vQ=J&O6cIB8%
zIII}g)I`=v-5mvBa|K?~2wIvr|4Gx=kSpL$)d4c9^#{P_lhs3wnll+umcDb(YQ5?I
zr2+t+W94;JXgK0#h60TM^ncul_wVF-p&R+Z`33S{xK3bs%!s_t%3LhPkvL%P&+q#m
z#$@7{i~uX-XV4wc1&g#Twb9lye_DFTqLW2N;4*Xf$6pr`<7Kp?=!nPug3!%c3z#FX
z=|DpEuRbuWfA|aI4^#w%rb^yCeVP$kS7-Jgeq#dyQ?=iDaj&s*Pui`H`ky-kG`3IN
zN`4A(V6#}Y&(H`Qj8~w1AP-DQ#`@!_cOO6(>K_G3JpY^7h`)Z<HJU+WjQWbR?qBeq
z>cZTyK@*x}_fUt=s-XTp{Xd_BO_zV`Iv<{T{hnpBT8<0O_sD;de^@xz<KQHIRpqoX
z|Em8mFTij&sHw#NnEER2--BLK{Hxj1pMFpVFHF<@kKrL60@AC5@a+aQRY99C)X=8{
z=f1x<gyl~}PELPJFbhuWWM2Kjd>`7Mq@du@{9AXH`nuwMd$*rq0W9Tbz*%bTT9(O1
z{JtXcETmS+9L?sV$)*ot<UQ0?n<+fm>22@1I7#65PHW8(71Q0yWs~!}urc6S<z)zh
zBGn%zv9Cr+qVElBl`-rc)Lu;B04QuMH(i_}2>;>_Pt&3pE2~h|Gseu3=^sl>YKpKr
zq5&aHGS9eR$uwx$4&*gaOeJ+<;U~^1n%@@XCGC@H?}<xh7QQN<c4bd2gv(<^uf}0M
zVy@rQbEvrBW_AQ*s2bPdSFlcEpl-Gja234ya+S~oo7!41^DX7R{h1APNde~QB*j;X
zV=jNJ+%j}4R@JGavv0!ZT01PSn+UEwDom?MVDQVO?MOmFn6dALoGdCG_PSfNx&8!4
z`8%NeX;N|U+d0%25ve;KKpBZU+R?r#>lVY;wH|w|-O$k5z@hYr492u?rG^b|ZBYQq
zmz>wg->tZ{XTj?TX^6Op!kHBm_0p>+Nod_Sq&KQ9H&gS%#PYYsKcDOQK-q<8cx`m$
zWDboQ>BM7t3`sGG;E!zbbG1?G;)JplRv8TSJ{B?cF2e(@J`NMI&J@443aQ@yDC=yb
zsqgTedt7qy7m}PKPKWDgZfZQe4XGO8gn~z!4VE@=dhzcuy`BLWtWA>sFZtLT<u|RH
zjpVr-5Cy_IIpZ-aJ(G+c#6(a5-fTQ$+}8|C?z!dUx6O>QZNv9$ZW<L8=&E%XH|Kp?
zhp@S1Yp3Jk;mss{hlwAA<+7T<;%LeuaWBdgT6$i<;G6xRx_hi0RVib2r^rFww03?*
zX=;e=QPcsOS8Mn?X;{44e3dGBkD39ja&Hnq-G;(V6%0|Ix!;FUlEqo+8Ic;>eGW|~
z?~f|We4Nl=&MA15S(10rNy$Rb-{{u87H-N4k6Le!9%dBvAm&|M{@PEc99dV@W(vga
zmVQK>pB+7`C~i2Lo}&_OVHz7D37Th3HE?LWjW&_zWV!;IKFT69-U89>yAiwS(p6a;
zK2>qQU9hVOo@*qhM{jFu*|3q++u_*m5t%;+rwrr_W<RfXyxi`#Nvlbj=cLKptTHg_
zb;~an=gxU9AxNl(=`CGdt8u=Qj5RMXX%{SzymOCKBQquB>00T<C!gWIH?HGkM$`)}
zc6!SpOjua(H<z0tng@d)Nbz*JBymEv>xFSG?tf^(irC+|_@{QG#yLBExAiv*93#Z3
zVmeL!o7ZoLK-Ap}49J7P&U5m-iNaEn*F3XLD21ar|NJFSi<c25MG@u5oSsN3dd>{0
zPaeM3Zft;l(=>G%VV;%;3IV3rUmdh)n!RS=T{gJPRAG6T5s6srLG}hvHtG419&-YG
z+tjxwPQbjBq&gPOb3Hm`$Z`h70M)xekF3W)=j@Jq^TLARqj9Hwf3*nRpfg_bZhBYK
z=PTi7|KeQ)FhR4pXWChT#UzS<p;t}HH=*xlOY`RLxYP$@q(2-VOk`7721wN=eu!|6
z{(j_#fL8j$$R>oe-Gg+nA<9$Ed%ai+*o)=8ZYD`X?8tKvH<_t~q|=7CG={VDRJ)45
zL}9uc#scvJDubvsP{^7sW!@P<-IS6SO2P`s_vJK6OtMu>ykL^ynIzZdSW(UmS8S;G
zf-zDwwhwGAGaw;*={IK^AzK-Ur#@BcFIjLxbM=_{@4M%SG6YAvBh)H$^BjYOR_m08
zqcWpQlWAgiK>;(c$qiwB(F?R4n&agwM$AJd3zFz2v8NO4Ml~q)kj{VlCcmMf!}oEZ
zVwaO=czV5{ewJCr`XSwDHodC$s%xxyosXfK5)jH^ev|K=@l%oW9=`@I<eSap-^K0*
zx|5)q)&<#m8jCtmcI(cG{ynS?J6%pkp!`>9U`7<A^3q(VJQ<P6;Xev~&&E8nOn6Q^
zPLi;&;lI7RZbH4_WLExg*8N7zj8X_Wi0MCxOLJ8Z7Qx%E=D!_siyl2&#9{SOZZ$UL
z#}OIDA9u#i;=F8Gvt_26XgiAYiF<qAn~9{d!l>7j7u^V?Le3Dl7IwH|V&rk1;R5iJ
zuHD}T?6#i9cCYq%$*Cw3Jmq;BQUdXh@Hg((*@w+5>&MO{RF{E!*kzCEt#3}^t`ZhL
zZ}-KvI>>QJHY#;yKhMDz(RKLIYVK!dXL|Fx1WCOKfxGq(9nHx{qK|6gUuFoK##?Bb
zgXlV-?Kvhyy}8fiA*xTYkr>Ef+*d`tre0`HHE?AzTbON1w$#oP<)D@P{acXy=;Cw|
z)Ptdbi)rLmfi$6752I^PaN|Ml+I=dAyF{91b1=t4qa><c@~4QTq~j=0U{K|P6)mje
z9yDTEX1`|d=`B}CWxjH`>XFD5!hzWi>C7#G7vjyNNn%H3dN;R~%3bnPT(9;|ZM8bs
z@7Cmq=nMH5Y%B7WoZSTlnK$2X8bRnWPgBiV_j~4tUjSlM(cjPSV^i1?yBQ67xN^wN
zx?|-q^2X;7x~<_I6R2r*<)-jh5x8;PMyQ_;#(6EER_&#1isyQ_Tj^ts*g3_dGc?{G
z=a0)UPdk*`>*%Z2Z51bnhrbbE&2sd4)@@TcY<0$t9N`4NjLs06OAfb4uw45Z0a5o(
zl_;%H*XX|;Hec*1EV71dpnip8yNUhgoG?x~zw!P=2y|hGXqqI!Z~oFaVk_W;D<XB#
zEEyA1;wZY2w&=~d--V5-4cd;^L6QNVZ-(>m*)t#y!T62B_|CW;T_cLeJ>7rikaQ{_
z>s)FS4EXst{PiMc%pVREe1TH6O8)mmR*$Vki+Va#t;SZ)b~H_1Lsbb6>D~PU4vyCb
zO312COfWiZWHFKFs5OAja^iL_r-N5c*JP5g5{c{vNqsVUfB$D-P(ZBOI6^1s;K;|!
z6@Y=0Yv=ng|CBR_`oFQrsD+1jE$dK3Y^=1%#5?~h!j`9x$yhE)^JQ52=DHyMt&Mg8
zY$8?rzDeupP1ooxA-B4khdO^mn|<v?*9~!5Nm82?b^LqUg_D05VGWUuGlljUYa6F6
z*(5&jvHe$W(@YZA$ER@THfKimeTrB5`^AiGeo6B8bC)%Ev$CF182+lUzkwN`x^5qz
zOz;C$pXp!k+4|j9mKfodT~|`<TKa$W-OdXoPWExN!WI8svDK8nv?>W_U2{rC>d!0d
z23C4nf5}c^;W(`cfi<b1jw~9=KkCb&eYw;5iI#>sG2;tkhU8=I&c8lL`q7*LA{SaD
zt}bgcbG!XlGXuoQUu`RJkD+@g1<w5XI{?oAue_?&I3Lxcleh{CV_;ou|F?Dq1kc1D
zQ~cs^Sc^6@XSYZN&p}ijdcgxwnQL7)HPj<?pRC?w=6?7`#W{3-XVXhZYbO8oeJWWS
zc*`PG?%<t3`I|R^WMci67x5%7I5O;S5w2NaUBCMm4cu|aF8mya&$h6PShB8Xqmd}g
zN<>!F*uKNsh-y)D&Fq--xd<cA>JK+1#<TRm50=FVXQ4UW?<z?#@n<*g0VP?xfKiZf
zxod$<es}Ub#9e9Q9%I4pns4%V&8K_A#Hhq3(xKA`Lnfo(v7&8`c)khoQW480>Zo>Q
z_FWc=cf%RAXQ3i2*|X}8qx-;&rL{8V*~KH{JO!tm@)R=y@m^iZ_`y5EZATZ9Ruq2?
z^`3jmyWhbRQb1*J`-!r~!@1lSjQk)N449qrFa6W=dQ~#ULZmlqHa;j}*1l|bGhDXF
zEw+4iMuS;aY<E~n)=l5R8@wDff2;2G^(TjshMJ<AgttHyJrs#h97%J(RsUEJ$UkQK
z)Uu21u*mUVzW&_o*^k2gmCX&Uds#!rhz<Qly=(I3%57>IDE%ElWB0zESrfI1ZS@SV
zy;5*?LFtfLe^%z{kdoTEY@pIuz-@1>UC96Hjxeb9)@Gj8%+7q0(0${mo{{&U`#a68
z={`5N^0Vy-h=|e}&W0>U<a@rK6#_p2;^E5aZM)mIl^X@tAbT_bXdU(Izm_|-v>H2i
z)#Y@SNuH>Ijee9=-+1-gXMv~3<uo8IsY~5+MlN;U{y^H76qXz}UFdmNW9z4tqL}ux
zddF+~aRhdge(34dHCHkIryi4s0~q7SkI7yh^6lHe=<~Qn*60}k#nY-}MW15;`rO0{
zMbvbDys?3;Wv5;klClmuh~yvbEHajsO9ne1l@i|$7(~$lnGU<z!Kde{={%F2CTgo!
z>>Ih>XC7B@P^eqBOXYv{7PfYN))G;gXwmeYwKW#kMI8YTsvDbp2;Zi5OiI`EB2Qsq
z`DMPhW0ehJ1$$l89p+Z)^dXOIrycF}7bD1Slas>sng!gg<@WB`Y*{5-Ff%)CYoFJ$
z^vd=H;A3$HkCs{q{w^qa$X4(JA&F@rArbRNtk#?|Z6~cqK`~IAZx0`rA&qo887^VX
z4V)q5Y_9;j3NJ&A=J{SicCch+GdZ-{Yl{#-Z7DZ}+xS4XCmQElICzx%vXl|CzAa4r
zJhGSd&-tKqlFVBnQ@(0+O)ZU8Zsv~%U+yLkFCFou4(~^2;HRlv0{6J_=__QNk&ldR
zM>~vb7;IZ#D;g05XR6ilOf*2r{iH8Rc-ZA(sS{+rR3Efpit72j0YcE@sqz^UkV$yG
ze{FYzsvz7DWWA}LfO}}YJx6YiPPK3CG*vg9$z69at{?m+8$JO5G*HG(<-O%BPR(9u
zXBDl4pp&;^J+ytOd<Yd&eacB`AT9H>r;T#vuRKVp&dVtum-~jTc@(cQonE#+s0Z9M
z@G&5NB#(~k*Cp7DbZSzlM#EW|mW+B^@Pf>$vdx@J@+-|br%=;A#HI710$vXFJC_5%
zUok;wIf<HqoQ|H~MaoRiJ61Zxd2uvSeh9P6vS6MYfXlsyzp+|6L-s>u+KTwQzV2H(
zwvur`xifJAP@UZu)6~obLDsN=mir7~W^!d3EI{etf{|-$Wun;|%9hRbhc3;k2T8G2
z=~eW*+&QTgzu}jF{*XKQuETUWY0TkpVgRQ93Sr?Fl6|yUdP;tB=sQ847~o9mc0`q(
zhLxRzUIg~-OF@+@p{=LeOyoz`YfQ874rs9Q=75WlXcya}<BgcI)xZwZxs6?^rZ5gz
z<}~Bsw@r#B@%Y^scZ7LLR?n#rFlK?}<Oxn?xtJ-D#c)N3na}XFXGWtgPWj!_?1SLp
zaI$Z>dfQL`b{bJ*O^8EO#!c(g@<o@dT~Mzhc%_9rWI|4GSU0dIRaqyB_oF63&!!K=
zz8?)NGR@(eDNW6z8TVh;fS%s#G&Zld*EjM^*ZqDPCf73WpZ;x-PPpx>-RWQP`1bLf
zZoc-}srR0Kd%Ur+@1c#W7g3$xK6yne4Qkc_!H}fMcRh%A?^Cx4<ELt>&>TCoUqr+u
ze|-~UZ^xi`4O$!%C*d@nbn@f10CA6dhdn+fYXnCiw>mYKTrArjfqR08{bwzOE5L8O
zJlvF1lyi!9Oi&o56K+?})lZyi4yO-cpQn@@x#IaPhj4uNLfWLaeC#w+A=FQRTI|!u
zkfOs4f4J`m3LFL~tkVLcnAfM5dcV9#;gp%_)6!Y`q`RWt#fhxHkaki^&O~^`^*SuX
zhQCdAFz>7-<J6>>FvvC`?)_3XF)>5V4BLKG2{13n%TB*XD_8CYk_cO6&!SGI<+&O{
zk`5y`u6RnS)Bp>*q8|`j*!>6wmE6Ao!F^~q4vb$dpM`xby()%nzW=P-Y%Fu@nx-ek
z!Co#cb&9GT;TZtwn0lt_w8uvbfE-?LeFP>YAm0TFttL}C&2tl#Osv;SbMdSDiLNdm
zkjsR?A7XY0bcr!fQ$H{Sh*gZXPa6uj5B)^wIjLc@0Kz8Rer%o{`}}sDK8QytXNyF{
z$(o`rNBHHhCpkc!mEN(PfywC)(%9NguW5?1GQs7NJ`l5YnNvQP&8_Nv@yX0O4g1OU
z{Z`%JAl1nZ5ejFFeGg>N$|h9Ld#S9dn&huqeA=#>^2#<Ib@9PwRWb&%E(R~-`^Iu6
z*ys}zaCr7ac;<+&w~n-Dk21x(D~eTJuX-};8oU8aaWA$0<KQ~cu@Ff55yI#&*F%%|
z?iA|Q9pVvZ?+1@)RLgXy*k{{U)giojU^0+qttN$Cq6Ivd07(QuzL<w<&-53vzzwq!
zTjYXMs7}wh_8h#8=S*m|BMLK;F_hWrAnUKkHNFw`Zfc8G(=s|k#qb*2lAM*skHrP#
zjn$0OM3Tv~xTSmpFu2AGBceN(=L4|wHjh>*^og^BC5;0McBEm9a681}WmWnZz%n`O
zG18#Zi?@fd-?T&B^UL}{bF5@WJ);@P{&t12E01G11pDH|AT3Bgs-HKZWMcx2Ta|Qx
z06R8H^s0dqx;I)$^*k1J-Qd0~v9K7|u{1&~oIWCn1M2WbAI(aotp3Jh;W^jLZJf{P
z8O<ND#C9oL;?pH5<9P%AddvXFGFGBKOWZT_|CD@_eLtg*c-01yqMjvgEg#a*e0`&z
zQ0;W>pOPtQp5}^dXvxn8I4(5j#D%nMNHe7XGQ|z$ss9+}$F{VQY|9DFO=NM7ZnfZf
zu=_(ec2V$sgG*?YVNI!JY<GBI(Lk}YZOHW6PCH|6+lj9-DZ71AP6*7`kwIB2z<A@P
z8asb9<_3N%DZ7B2v*w(4X0GNW?5C>dDVUcRA_;((1^w%+eJwu*^8`V-+aUC?p#Wv!
z0-J5ADIWjS%DISWKcRNqQYe&f>1g850ATYXx!(?hzR___=KWcH-(E9+*%!gC#j9=a
zTB~boEz%D85MCOPB<Pur=%ds*xQCDZDse>NYW2C4W!Z|f_Q&JA0)Rn&3Hh&e-C-5n
ztgq#i{558bV-N`3tGdSBJATb0`>As5yZuKATL8nX+dZoOu-4!{D<?K<{I?Iznb*>(
z^S!=3wmgwz|FN_;KzP=N5c`6nmwN9A)qt!7X#@g|r+?PFi9T(0kvPBqRNyrLFgNqf
z=QpEOD*5Qxc-)o2J%5VpeZ!rSsIG)<cvl{}*{&z6_Alfx4VJK6Ya4lrLN`O#W&-{;
zHrlQ~Rg6~B(NYq>eTT7_;UC(18L&y&YlT7PGJvvNSB!avV(_1DZe(V4zUt2a2Mhc7
zX)(_s4E|%B1GqhTrw^H^<KUJTOe(Ak^?w!m9rt)p&C&eiM^9YBx#53<2U(}Nn;H+o
zy4t=`LC$y0|ASS=IgydayYS#G`?0lim&5q}#R0#4fjel`8OGvfK{5VY-;R9$Pcwn>
zCywYC#Uy`JsRYL&@BWJ(fShDD^;ERQ=bp0J@~e06EdPU403Qn9<fZw>5h0`HhHUkF
zVK&SMJjJ1Xg(B7aQWf7fII;3>V<RieUjoInB0HusVIp>yy22?@_IKwtM@TDhIm<j7
z1qmbmCWX4cR1bHz(`4#`O#9b!sQB;y#hC#1=DTD!#(Krx%d1-T%X<31q6aCzUe+b7
zc5mlyyQ{Kl#QfhT%Z~PQ8G{KEk`vpO@&A}82@!xQQ=H0?-fY9t9b-=gUD_HWcu9}P
zs@C9S?!2}q(eeV!?bZrWwe)Z~&iOsW*zDt)fr!V(Z2$lnXJxBDm|}<!nD|ZZCux;1
zlsiwDv>T!1`*WxKmZMlquz3@{t>l)^CMc_l61#TZ-jq_a`S}NAVdMD0OywraIj&fT
zImfr=a;O%K%Wg77phlgvpP_dgs!k1j1i0pWu?~Z|JV#WedP(8>LxQ&&Bb8M3$Q-3h
zk?o$E60U*Ol=XlRbmIpuFoF#*O}10vy{EOBXQBicgy46-<O8~{dWO{Wv><g+y|;%K
z;*?C$!32|%L&TGz5O6O8TO7}f!abT==CDAC*6hoC+^bw#YGe$cCtMRecYJb-uA?<)
zT>m2n=}pPj1RMlP)|;%NZTH*cgFtt(VC{+wh-u}r(a1#g{0*J5sl04_CA5B;G_e~n
zK<(E=RrNXenr0+wa(8dhqKo>ti}r}~_>hu|Vg^1-JbDe4;GFE=v>$D3pXoaCWAtui
zDRLm=vMjJ;c=0KZ=S^(4ke@f~aqlnp^CLj)s(MwYB+9GeZJ7I)b^HO%+z;T`biUs#
zJ+rJ~m!rGu_g=q$?2(Lj4Gmf+eUtbE9k-x3;k&v(!!|uxJ{<C9uS_H259GnbMPnyh
zgu0vH<B>e<(AL-l@P``P@I8m#s8Cvfk@5KT4qabr)4O9@Yg4O}JznmCLgdTUqV7qU
zk7qNu99mFPn^b>aq(1Lam~rUreiKKe0HOU-dw>@*vy(eLK8kgu>}UsITRf%)nQMu)
z1lQ~~_<evhdtU`73IuL$`6cVim_t?~6pf;m^jg4!iP7dCil}3=i}?-%Iv-2=De)G~
zjh!ODz8a&v$BeVv!W>cg3Xk=lbAU~xYpKEA5>rCo;y+gbBE$}DihHR%WX3HOF{PmK
zO-Oeou4-N6HU>056EbP^6Rsmv>=v`TW#n{xPHStPZK$GY6eHWzV}U*!!@K-aq|W?9
zaUk9uF(p>g^kC@cDcm;xG;FFeb-2jv826xh;(V?00YVba!I<jfSKy!xF&fw1H2q(t
zct(B&zhRVZoI$B_aCHIl`-)}w7U_L0`WmlS<PYR2NQzVh7N=~s50MndSyQAuCx64o
zTn#i83KCJcLysi&_0l5`w$>M{<5%t&o|c3XWl)*nJzep`(keBhfnZfaky(P+Rs4E%
z{_oQ5vjQN981_E0shf>Q#~@ER6+nAZJEgLU{1UpS&SovRi&QhQ$Vg0EiOd60FJ-F#
zX5|BW#9Z>rL3NQlZELE1vZ5iny_HHEf6P<(TdV%oYVvQLgc-zUbbWj@gxbD4x(36I
zjX|c)46<P(bJDYK^|Cb~rhPN9M%4QW6M8=wJ>@phHar;N_x$_@50rMU^l>*Ld;sXw
zM@^8E29W05+P1rG+jb{1!hgWQ<uKB|X)9in5})IwhcBcP_E$6jn-2Ry-X(8XLSA>1
z`f`TyijMcVJwf~KT&*me9Z#8STYHi#hu@*GN-u675EoWvm!%a^rqWX|lUAs>t6%%I
zC{i;Y#8G4CCS+BHtO7y~wnUf}BT}o46G&%wp{x8slCZD-fN8MSON!%$)Ln5}4R9+5
zv}$HJcF45qQrc?kaT)g_s<6T+fXriCYkCcw=sJ8zbkfGM<%s+n>;?n#D;#YnuDB$W
zaY3MH)~xFSuqvlkl-Kh}5$2(dDsTZ$z_a|5EqSg&R42>Po4Lx_$LP>KoJ$xyndw=9
zoo)1mVxvvne<0gwUJA9`rSw7Pdqc=uo4N!d^Dj|RqB}$6vvoh854sPyHET{eM1O+5
zhkz3?CDQ97HyeuzQ;0?=Y%|8&0V})P&Zj_&aI}+!WUH_&MRGs8P3cs;ro8i#V}Y~3
zW#HFU7rag;dLMM0XaXpqmI)pBaukiaI!78!kc(Cwhg)=dCl_rdDv?d!FhRY=D3d4P
z$44I6VLfo!+^+&_o2)??%BgPltD(JyDY-;(hZR$HBq&d<c1)c19l*Gc>V51vj=n)M
z$lj<?%qei;LdJI(S!9)ScI3`ZoI)kdA7)r@b~7xUUj<D&L8}y&+3jtk)A`Z6_$p<I
zq208{3c9~R8^#Bnh3Qq=1IZYNWfL?-hfZEBS@Yh_YFTxUt(9BLG*ex!`0}HBHBq~_
zlLz|<hjzN|1AwfZZ_NSo(5liMXY?xf1+Q?{L7cw3UuL_z{ry4S#WBk3vb_c)fZi&d
z30fCvJpe3=0APvc<H-sEhs=MUE#&0H{{}4mFNNk9_z7*&ea*;Wa-h3SZDFRF0c{6u
z`y-QrmY`emihKnI(c>{Adv-bfW1`T~#{t1uzQu>;WIf+gu%BhKcA-_Shy&2JY$i?H
z72Q5{Zb6V>(sheKA)^?a5Uttvo5LOhh?)n();vOD+C#0wdgG1RM6;&uGs^AT>D=>v
zShO)CXDJm?vCXzdwa~Lxjs~B)u2NgG%hAb|bb?;b6q`J3@WFPqs&??yerQ*e0ySaO
zEdSa@^hC_oue;3QuaCEaWNN@YwzXyj-O@-Wbe4P(s8gb*&lxw8y#}fk`mxA}Od)Ta
zjbnVM)4v&=L){583cKFuAK{Kp^2bAd>&EYKS!*ZculjmBvVc@Z7reC*R{=c90B9hb
zl<BR;0x5iP5(^)M>N6h_w2sd5*7mUvlcgx8Y;`k0w!`xe0gFNg?Nn-Q8z%n$u-H^2
zhnL-4g4@!l%4m<y-Zh@yp_i3TIpFX>iS{3(`3HRN3od!W!$bw`Bhev(*DT&{sjeRf
zgkR4K1W73l_0FQc(c->NC;)su*y7Jvg8AH|(>Gfc@L+jXned|pqAxX3>;_q@BnbyO
z*PAHJl(1)EX?Cc$(P9#x^xV%_8=mZ(t`D2H<^#5X^;~mfntf)Pj~9ZUWq`OCPL?~L
z2f$Sk3$1354?^x}$&(P@YNS$z`I4~CmI-<+uZZELcXaxhX(J~Lw1;nQbfR8SDa=zM
zvi!(7YtbLtwR%GCt7OvXGyKoU)ZG^R*P(0$(T$K7n&+M^#C<lo%#rkJ5krzM$5d?r
zJH8%rI%YlyZd%=y<v`g;wQ-z-08mSQKDF@LjNJQo5}|rtT}DZ3KgBKOszFZ5J$k<T
za}L`EO4;QB-cVlu$l&8RHHyjzU{IZc0*Phf$3S;loK0?3iw<#gd7>!7MMyUhpC~t%
z{9!j*R31{j>_b`#OZ%A|G^SqML8plyl#8wTQDW|EV^Jv_&K&$Of2(2FjVjn67Z)={
z?3`=y%KX7O;=cpSzcKxE>;b^XLD9-%>p(Cxd7OeJLLz<rDYm+*wV~cS9krA;p}AxI
z&}~NO<g%lFOrm*uB0k;wQa`{>cR0uggsV+u!X>UtHqHKKm&VxE?gUd9BiwRLKfUps
zRA+S^`zVRl->AX;)~iZ>liWqIQ^MbyjBpw;Rb9#%e6jPPv{D@KAB&1SVXg-QfdvNQ
z?aA@pwD=`^!gYSa&RBlxhh6qn24pL18T-^BCSzcKb75z|q#tl<U9$3ou;eat{wAfg
z3;gie-B*B*<)tEE=3ueOTiomxb}G+B9bl!ZCct8JiS>JY#XV-OLE{>@H~RVMI#KtP
z$CYQRC(Aib?6=@1JJ5nGSN}7LIqyL#HT_PHg8rN*I#dwN17qPCG!6Q&r2p$JwuiKf
zJNh3C;1Zp_WdFF$n+>#v=_&3<{B2+g39mA~6FiQ3_T787_7$#b;(toivUw!%T|WGs
z2361gt|-Nxd7A&-I{~Ov?#s(diTIw7u$lB%O5+*-q5$A{6HUWz5`)S(s=mQD%U}u1
z^sm3joZj}KH#2WQWbl`@9%>Da{jYOaETNTJK_7e_>OT4Q6tn+p=|TVuCFmEg3Jb9y
zfR5OwsJJKmmm;$uofWdhJX4?)H4diu?s5J5CU8)0(7SGQ?zCq)oKpTr-92=O2{4Iq
z$ZqhGxd!g|XAt#SGqe7jpR1tTkm3l9(C&G=-Qz+~tfJIn|A$ugk9@uQuETj|)R@XR
z3I&wMgX;tl7!Svt>nf28=&!dFJ(sBeZ$MU}RqZxr1ev+drf>8ARw57H+dr(g@|s@~
zzHq4Vi$WUX*2v$O>58JH`soP<`-Nr39$e@D^IT<QpN=^pt?kMW7s^>u{GW+xzm-AY
z4<Mm})KgEk?H(ik*EuF&AQKdP-d+(<v0weN%PBRp3y_=uhrT4%q5Wh?VLK`joF*;J
z)3tJ}KHLTMubHZWx^bn0#sr-yESfOSrM2&-$=9{FuIVs6=InRO)V^y<+5}#^))h{f
zNRm0wD>w8%(RBcTy&Eqv5wqKKH=Kvf)0p<RH%T3V)diKRL5gweN#n-3^btPlu7H1J
zwhypLsTlR@mEL-3&Dhg(%I|6krnBGvB_7~u+f!@{_PFcJ+n8jEkw&Za7kYbov#T5;
zTl%how~)tCq8Pn~Sb}neN&zT0v-+-xlB0Hi@SR*uqETi7W@(MQS=C8{VBd2};+7RD
z#R_d4oE!7z1&%~66sE&(fK>5(9637tTMU4BqCkVrxG4BZ#uw0vi(<=G>v+J~y;6k3
z&O!e(n+2l9`kbOIoeRtcN1ukg2)aP4xufzY(8sR;vg7g{s^n#%+mR1n_k8`q`dg9#
zDAdv2N01LCo4I~_=WtzVEvu(wf7kaDF%$WSo-w%jD}1-dJyhf7z7>n(ny68+np%f%
zWLZwOSGoR~DG|>;1(ek!^#10B+@jT?)RJx6YqEWg_)tHz?$p_tQOmvTU>+59U;oH}
z@t@3M``AW530(vdz}>ap&i|AJ)UIdSSCY;mi_JjnMsyt(>p%bNs3I!m<*t#x4@Y(<
z3;Q>qViJgyA4J;~V)PcP*6B3x;$h@(Lmdjx%a_z#9?u|@6D_Y00;==)v3(A=Gz)AK
zeF0s8bW9DvJzt4#lVTo;6bA>hD0QW>2;b%h7Cx0{sRSR?FKTMeCW&Kl7fPuR#dwz&
zHZ@7m50}*V#omxmu<Q=-&&BNG7fi7u)3shhOWX{d6#)&31^D9FIg?DlceW5Z`zF=k
zYgD<qH5-(?v*Soo=scsBm6_bKoLM6R;_p=ST3lkL4D60-ipIP637qRMK8AT;tQ(8=
zM~tui5JrgsB=m#Y>8nKO@{b!7&-|{ForQ7WST}2{ZGXP9xu+`6Y|g@!iXWi$D!*;9
zNEWpAyo8pHF1(kc?rs!sZ%g(fgx*eicSNe~ui+PfGMF9BIQva41LW;h-4w}n2G}C!
z0n_kqA?~YAT2ZH1l0{2xFA-5Po!8xz2)F?qgL0%r!HMGG)V#KdSdnD-$Oa?AG-FpA
zaWj{FQkYbeF{MmwfBTt<MO_5qo1>$)Uhtm3H9OVMujwem*dMiOJk1?&d%;DoBPHp$
zEQkCwUrS*-U8)1DE4Rth@GZ198}b&-^vevmtwov5Sr@P;l>^iRad;_WAQ39!e=8Tu
z_gi@iKsxDpHr_zloUya?pSj6kmr)alUmU4Dr8vR7tU$3evUn*xuQk8$O%8C1bxXA7
zwr#I;7dp9F$&^~*X{cq{I;DJh-N&1S7nQ6>-sIbyi<j$1{p9g<kg*O6k&cx@BzPh1
zN}F5t`r*{^=EUCaZimtFTQs&UdEAq+K$<CTmoqF^YXnSfj{<HYB!kL<!wf*l5ixHf
zDwx}Sl2W0x<@)lhRb^*o<Cc;*Z8IQHw7{{tIA@1GJ|*wSO1{c*((vL7-{0V<8O6rv
zZ@IA%cd@-~JbS{RY8`IMDl<AQU#RBu+XH41?m|*aHY7>rcaf5R>;{bJ&h*eyC=>5h
zZ<@wo&QL(th7B;vDLW611BkkFx3z8#y<B4b!}$GP(XyUTlogeH(o#}5aw}GXoQFA)
z>9m>>j<AZ7Dq@jQVvZicB$Gl7s(k>^4Q|;_&5L`wvld?}>zchRFKS)<u)WlFVxq`l
zPs!ZgWka~XZMo1U((4>sd`iwI*<7mhwIe5CQ&z2o*<%J8K8sp_!Kl01({sulI9xWp
zj)7E3za?L%Wiil<V!QeDb5dY{$#3yY;1zw<hoC^x&w4Wa3i?YmWB9hXyX#8_s#KkW
zY$5pAYMlLcw!Udz=@5}ThUp*aG+hnD?Sn@=x6ArdJK2mxR!Tgick0nscZY9gxNWJs
zb+XpGIf2)^juP_vmlOykO`coE`se3+*IZwBv&SVZwK8!}w^Qg}O~sG!JOXjl?WBL<
z#IuKs+c`R{C4!GBU9U|AM!x?vEU{mF9A%)SV95}l8gtgJevZ7g^7#~ryNNRP4oO=x
zv3XKO^t}i1`I3BBwHZq%dG0fX@xUBL82(buV0$};H|fSrdwd9VVIbf)iUw+B>~m5)
zTiM4=4a{0<Rn_AVanUjeV!*thEzG3dl`R{l@v@B1vE=qqmyOx%A_x8~;kHv332pA#
zPjP!&iTZ~uOT=m8fs<Xqar!*FA+$jG?vsPRdSI-Z%)P`+3^^HiHDHCsNcv>CDWH4k
z)F%)nKg&!6_?5OlE#lp@Nn8I7u&#L}J`lS4KbIZ+b7`?E%Cc5{eyBFMUfwK@Z%v-}
zB4JHmm0>4YF<6d8##nJ;=qR7RktR_JA$k3FyY{mTA7+JTR)SNkCsQWI_|CTlt}&Qn
z8Un%ZJwI08OmN}T#&5!Fw&77N4v`LEi`s2Yqz+!m-27qxwfT)*MPU)K{?JL4sV1HK
z?jsog8x^<v_-D3*0{2V8WhWpd;enIx*#b}2sJ2b^BO6}<PSqUfkGQG3O@~qOP+OjY
z`_=v?f6ttJdCp}SBD3jnc1{S^JL#xtrMh~tl->%%1!)n2<n6=)2BgIB5t(-Na&78)
z!WXiG7-221-d^<e<IzZov+r|P9}}MDD4Jld$cI6DE4S_pRd)=%RCKkd1l5dk!FX$B
zX>48D=``K9);$>_fKZ-du<bAy?OzIuSc2hPmbTtYZ@_sNk;J94Avf8x1qPmrnxZY<
z=HoUZYaV&qcVnTev87GmsM+0uk(wP9)YMh{>Z<9G>BKHEchpA1Rp7u=zQg{TcTpGt
z&lU&IRkp2!Mn)b_5}GqlE%VZ$XqK-9GtoeG%8=iq<Sg4C&MS+hC|d3z<V`%B@KFx{
zPPxx36ppWN2?V@q49Ez_c9G(~HOWeIoLeP$Hs#R8>qvWF7XDA5KIP*nABe`bC8R*w
z89jNL>Bg#~?(F2td`6UauF7RcwmMSv7N>3VP&@@D`gp@}*=l^pu^dg`OnpWz9T)w@
z5G*w_3oxo?T8WbKX6*|zO?=TYjJts+{8-#ITDrTyO*LHfFOPD|Gs|E=xi%WLW{-;1
ztm)tQSz?Z1D5yf`?D51z)t8wkFQKc3SY<qS(*kO*o4?F`Kl`$`Zzye=rNCh7v$c`c
zPS%sF^%gSwvZwnu77T!TTH2~Q05hao?4J-31!(tiExw#QA4|zSK#_kl&j;*U$5;UK
z(f26-;gU-N#zLx)Xz6&skx@GNAhzt&T`r1rR(7@-w*Qw12%1oa-E(z$hz9i?ZZq+|
zr=fb?y+T*y?DRmA=Q%7=EFl%@e8c18Y)OPcEc6+`!W1wfNij0}#9U9;uR$xj-5c_4
z*K@=lm{zu2&F>Z<+YUMFS*;azW&id}%ekr|HmcQg+2#G&j7*sX12yUCk)ln(CVY92
zsS%&V;-VIoW8vH1v+g|<E6|>tw(arw8K`dF4w-v0p+>{cWCGRKa4Ep$#Z8UpRy~RB
zp04Wj?NXl$o5gopRphO}s=g1cwMy_-al<;0)4Y6rSJav^jT<{m+C|9u7Y5f>gi*3_
zmCZXkAfyY|Pk)~r^_Q}mqVT1_2<c?k$oZq9@cQiATCaTX(4ZA)EL96C(<4iHvrxtT
z5}(yA^T*nX<dUJ{UM71t-%NFab%B#&wn35^KS#`pdmbTVS_cNlnD`Yji291mL3Q&=
zwNedY=dU##C%*|b^+bRV!tdO=+`7@W@BCaV+qWMPB7pEF-B1&BA3JC5hbU=kT(1#j
zLjpxR(<8d;Ak4i+W0vd-GA96eve#Ngom`TXSgxMLl2W)QKJHf3GIC+iHzfh{KDT=#
z1lL^IfGzpLBotmMZ!25+D+mq^@6fKlnH4C}iAr@G%>MbZ(|G!;V7L6bb8DP?>2Qgl
z$esHUr8%;EPg#D0c($n_e@QRzvY^O=gm6PD^EV<;g-QJ`GWWECJaO9+#Aaz^tvGmw
zS7Pkul2NgPNZcTF{EGFjTv)5lID=FZ{4MrDj8ZGf$j~LH4VVbP{t5mijhprjUyBWx
zsDJ#h6)=6CvCKEMba?uTk00=#HuLu1w-1;YQt+~*K^Hdcj8C=WCEeu^g!Blr&MrOh
zwUFs8v`oK4#>%c4@jSt!*y|%DcSrJl?^lR}1!@V~kS8~O<vm4yAtYC?EMp|++~Siu
zdp{dBue=+|#XV`0H};FU3OpdC78_>7M2Q=@r*dQ$T5cUK4^sPD$56+7^yF?xG@v9@
zb!Fe)GbQYU_nVIZ$>(A7BkT4^h|Sc%u!IVg<yPGhzv#~(f@5#$e56sU)-OXY<o?5f
z%fKvh3^st4Do?h+ox^@k9FZBmv;VXNL9*FLGx*(<7&u{k^?-{%zXJeK_%$Prgoe>b
zozOQ+i2441PS6C-1D`S^sR@!Qfq!PggRc0U;SV6?q2K?>#l8OdVd`?oYxwTV*P%%#
zRQ~5W{RC*J$IRjPG^g*hv?t}gj%GOhzjIRnR8H6qI!q<JylbtTngzI8frD9l%DxoZ
zIF$qn>yAGKUOv>O08QyU8k+X=h{k2sc!m$$hjmVT#z$W&xD{G*C6mMIm|=X)$Hpgd
zAF=UEEk=(-zMEgXU)N4=Ag-f#hW^(5<z?!)1c`f^hWCulyQS%>fcHwBBb{xE5|j}M
zk|oRCf3ENdrFvN>b+PK}rL1O8)A_b2F1gp#{<(X%XJ+O!(o(g&X~T6<+~T&t+AOuC
ziu>e0mrh287EIHV$jts;DPFurjDf|j*%o%{-`i*{SO=La*e9Stywh7Im}NHauaBQQ
zg>(;j+~Fwyw6m!G|9E@Ls3^ZR4pc=!l<sZ>q(NY4C8dV$ZV(wj7<xcLI;C5>OJeA5
z1f-FMp}RZo;QySX=iIyQT6f*M?)w2gz`Q%2XTR^Wf3b%m32p1se_9rM=-K8f`y<fk
zHT+qNu5oJBt34JN@UJUxc$5xs+qk>5D}=$Bd+rsZ$_VDA`uCL~A(^(AeCn=W)BF>O
zjPttPQNc~GRq8)C4^4&Nd*=Yfj1SyR!b*%nI-;l>_U~H<<P8tg0dm9lo($zf*oV5&
z+Wj1r;;8?9Z>kRtC&<8aWC)v64l3RNabRS7U0(mchm48I#dq~|{YhH61{NEd41QSm
z2BzQz3h>XTPfm~rX<317GIvAoIQKPCh<`8w{tW97KCHP^s9)~!+aIaC1U^XMHQeMs
z{hk|0YQfik<aS=*|Ar9WPCVtnBA`GpHEoPoO>H+}k>=m+1i$tu7PGtrM@Q>gjZiWp
zSZWHe(bB$kK-oLlK)l&&{=DC;9%sP;@5^v|s$cto8i8N|sq2YF$)EU`h)8ebV?*Qw
zi3ECGR-Ts`Q2yMJqAh0-uULDl8dGNyl@5=6@=sh?ms8h<IsZ59bF-~a=s=gpXdT@Y
zE#1WJ$qh?5HHeXJ#|n-z{5KQgG>v4>(`p1%mWeo)+ZMkwk!fbXGPZm>8PP~f08H<t
zkDj*bB)p;RK^0AzJzd%$_Ew!yio9;w5>t_fmQXs~(>))5+Sba2@tD|=qF7;^U9Y!w
zaD(f>_Si4ewch<v9|vsFs4_*$P#8>T6i&FMsTm(wOsr;9SGd9dW*al=tBqRsa%OLU
z4k3!9xp0jysO#(p*65Qe`hJ;r4r0%fb?25A2}82Al_K@iSxmEzP#jC1``(|qZ#db2
zH7Cy7zo_`S2AbkjzO3y67txDoEt@f+o#6Hl5s&&9M?_?6A%gRabz@H(Uk^@s8F<=E
z@mpdf*vZ|Md}kvqPxpAW-C%p~3MiQNon^^dFn!%zC<h*`<yY+qMQ@FcnZET>`<1WK
z5#+eMQczi*A~|kd^uio{SLA}j^zzDP>PzKIiGJw!=lr6L18e>4RJfhfraE!EkFzh|
zPghD<mI@haBt_@mHxib!&eSR~y`1EF|5^n#stdcGj4ZXUn!ItLtYo_qt)nK2+pop0
zfL|im6#U&Q{PZE`H(HltlGZ4hqptVPtQY%Py`->FrQ~3?VAcB!Dfmh-cb#f8?Rq2&
zfj=EiEVEh8-_F*44cwrx0XTm#RMp}5if+368Gw0yc;a(kO|t6SN7JhLr7b!fgDC04
zr%#&XruWm2$rr$Dbk448$b-HH`ZXWlOK3@;jiBXF7zRgw!=;P%O0sLY$co8R#IkmE
zBS?N?T*g`WJdSmhnwR@2@Fgt5QCvIg4SIR2QT@yb=_l5h#hqcCA}s)UqF82!E&_iX
z)-$>VdK!`+ViIOyB*G@EnF>h__4bscR=2l{nB^}Q(q4;rbdfQg>WBP<n4f@|1_Rnj
z(lEsKhD4WQs7&@}P@IMrJ_?%g)`BxBp2-LbvYEP&RPW1+kC>CUbPs5si1XGIuoM}`
zE*7<aZ(=Q>gtZ&+4!@ZOw7SS#&bRUsq^AW4anlkGFA)u|O9TqZPpWH{Jmi94VNdr2
zt%t2<BSJ6XC4EVeh)2*AdXE$z10_L*{IaSZug^zo?TF>>AF?#vrCw3y1Xw_g4L8-%
zT6a<1Z!ABslTBUR%BK2>$+jI0*6&O@K+nB0lk$!gb&0W$D}-OLln^n^9ih|g&U~rr
z*N;BOU%+Lg-HQ(1mBSABJcW}*IG}&VAj)4=DcB<=US8^;Rr`|g87%<JM)o+h>8E?F
zy0sg#5CKA5{vJFsBP1P&mrJ#@>{E5D&-h^(i%V<%aZZfZbu8Q8E{GM?<;&-2v#IO9
zJw`kEoi^!8bms)pvpo2$Piz{WIgHNx=_xmyr(VU$1;O7bbOtmH?tX0p5Q?JW8KDbv
z+aT=yN++Ks0t=4}{a8#Sbi41BT&2=6iw*aCT&<hfrP3!lU$Gv|+iIEDEc@lX!^M3}
z?%{lnNg8%fEQna|%|q1W#{X15ged%8yIkr{=a5d{9q<A1I~BNjCPap{mSU~;5>U}=
zp~Elq3=5l>LP*r`K(@%<16Q1XtUbEsD7V(xYJ@8JqGN+cCb=Bc^?H>j%`=3$BDGz+
zDKhUuN879$>B4iAZc%rjzD9EZ5Sr`hn9rzIQ_|MU+KkwwmI3(iSTCszgD}u<UzW-R
zsp&K|2&(>SG3VscCMlB5<@McpF)NCx;~n8WfA2Hoq_f2PJF?8z9?V850_Ds<u^G)u
zBwFt+{dbjePMd9lH$BfuZ7<j&uGDD;T^}zM-Un@utlLz>sPWZ18t!8_bb?BkF*pZE
z$st8IYs+id7nw6wfHV2sgZ9k}+BSTd8=mxoh`o9@6!u$yI(i4_TJ19Vkhw{}`uToS
zIjMPbfQWAtD^~M+p8FJ>O?}w5X+;^^iG4JQFmiGct;ZGC{y?IS6IOUUdZGQw(#p(B
zcALZQng~WAa$)a#s1X_-(>)2k!zlhj_MM_Tew}vy=rCkzZ8tCgy;(8_B#^;EKA8B0
z%WlC+c)yE(&;DSZMG@-#WU&ud6=zA9{1y|$3JKC@$@6DW^jOsWk#s1z^Mh%`)9KE}
zY7vI(6)m88$tk>?*~z-RI*u8?UjD>W*o?qY=#cA2@->S`50C71+%DrH_rC7UN${mZ
zXNd7aUu}Hj)qah;l(vvwv_46={$St`&mKdR?8Cb;G@h@#TOniK<Er<D`(%1~p>~V?
z4TA(S(CtU6)k}1AD-?n$HQkaWU0z>XePIhnb^B)urkEpN&kXeExhfa|$Jp(QmG0qp
zvCsl<(Ie|97SLXq)2P8=j){rBqMwv{Knbdj-@)$TbJUZlQV`L8Gn#f4)Laj)iL4zT
zyl{N$!}ki1-q_Y<1!3-0%DCS6NqLMG)@r~;_Jx2~X%6;K8z@qz19#Y?Yv`b$aSviw
zx#8>zS6R7-;%jCSQLmzSY3Ua_f;E}Dcg0Z$+0zSOdUeZ*oa(3MmS}ekKZ$|qhwlgL
zKg;BDL}H}3o&@0V5;D*MAhSyZIR072;`Bl()P6{9lx%2()9a@5P)5L)K5rAIGxjE~
z$h^nwt-bKBj2n1I!Iy2`uoB%FeAVJ^hW)6Ug|FDBPxHE`R^U~hkbTV4+<HlJlrqcP
z78^xY;c5gSA*-^A#d+-H5zY<)@8#28X{psf-RB4DU5xPJ3!&UWKhom@)uqnxJs?~5
z+~XBsHO~EFY}XWD?6m7ColmQ?it!3PIQ(}x8S48xMnDeEn3<pCr7-IaE^!Bxh_ri)
zu6*UKY&B+x_voYzo7qsgSCXWShGvyQoRw`%?$?z<(*4sHgExJzO&|?FcH~N=pTdSD
zOD(aJiNr`a-n`j-EfZR5Sa;6Zn&0d_dQn_0hWZ5=i0E^ehlu^Va0-q6-LRUz`(pqg
zp8TAnAaEf+POl1OXffH?|5t_e;@&*c#02x<x6(y1%U4tg2!~r9?c*`7xUp%i`7{7g
zHePzPUVjuDhZt%`^e?N^+GFGf-pa0s>o^MpBsEz?Z^tm=7fsj*!auP6E-}X}^0D2{
z83)t&{CT)nTR_8<H_&^-kN|<O-R_da7^@=1!sGQA?U8JA^MY{5K5f?F$;O?9M5$ih
zOZXi0&mg8&T(u7r<0EQ7RpP9iN3_R`eGYYg()Ijo!g-&&2F**F&tRd&(ZwT5&1I<n
z^ny?_SixnR1uI#os*xZMggnTP9}Ugpm&{Q=&Y;RbZ22b=qF3A84~fVnz11-f2^?L=
zz`3Hn5>I_Aa%Q@+n%X`?zSgo8WBeYV3DRrAlt@ugdlDGfvN62Y-QtA3-<V5g9|f=V
z>)f;qyMCm?YkguwEvQnQ8%5Sr6Nd;Ml7_aj*DQp+{v37`cAV}4w~NipNTx~|WwB4!
zQ;ys}qNDoCI179Y$4fsDdz}$?*~)H#^nKg;S?<aA%+6FI-+iE@V=EZKi|`V8@QBL9
zvjRZ|(&^4L8-jqZB24#zex!mS%iL)UCm1imlkQ71z6aS)bWd`D$Ls4X7z>xMqYlFh
zH&*SNowE#`wX4d=3%5y+3y%zZ58O1H>spw3ebdyO)0-E!(TB6PE_e%IXxk84l<j~i
zA4_<(xYl|qfNvf*o*h~Ed?V;h(s0eP05()Nhhm|Qu4(V%7yX=CgbD%0C4ffserRT9
z_5y#V#l>5a9S)3US=@F(vv1C}HtsX+Xw9<8enFPlhrx2>?lW^}>nVaO3k#{-WWRLl
z7qz!B0m8$`adei(-#J09&V4ZY@1tSHM<}yr4w9X|OFbJSs0nDJ9p>^b0$iQexr!G~
z*T4(tDVq*CKOQZ2V+5@bIXR!2OZ%LdWV8mjeJKoL2kOw6B@iSrcXjAMx1NFJ4G_$x
z0+4M<LOFH$mUGFt=?M#Oa&$u0bJ6B(9arr8oL>c)PU}W*a$|HFcP(}0QTE_B_wMnK
zsEz=#IL5!g06OHnFVs)jvGA{DPB;BuQcJ-6U^FhSao6C;=K41pA@W7%$E4E%ms?+g
zTF+V(FdeyTrka?;oHhbK&7?2$^Q)X}1;C2=zxB8V=&Xgw2`5|5X|dRke|S`)iK=4M
zLNQCkCrc<_W$0f>Izs`4I7Oongz$?ZrWb8<_E^p1nO{v?=GuhX?@ll2G`E^HHye)<
z=ZXokphj$E!=0PSR-<UoAc#w0w+gGJZs0(&6uWFqd!5Z$(fhe#;I8e`CSJ`*6DR0w
zBaE0-3)VnyUu(=`TBD)1o)ow=<j`5Xr)yWN`!d-rgK)6Q9TDmP`x#q1`z|C?TV2Oy
z=EZs<kEB%Y-t^{4N2nunr&F<Ql|9ew)-<6hb6Tvh{{DnA!{{!d&WE#T4Rlh)@p4X(
z@Fh*j{g83ZnTh?ZCBxYev(}PXMYqCPM^xU&`6p0q9?4bm=pj{R?Y{Qmj4wC3E)`}q
z<66-!N60#EJM20(AcAh|!}}!WRBo{fIt7-#o7Y>O^)6Ps&WTpJbF$Hv3~`ZN#ya@<
zKT5*|DZ7f3sx4<hETQKNis*-zhus6{U0YZqkIDbNru871l{>GMga^FGXL2JUy&Kmf
zN;~fN&$}QVnD|*k>nzK+=;3XS!{{3qeTq+a>jOr!Cl$3+eAV@a+PsIt+buWIo!y5q
ze@FugL$*&eFZ|3XPv};q73L~;=7ob{*=yi@`Pr&=|Hu0Jc0X?1j$wu}OIrnG+7C|!
zVA`-UQ}|x|<}?B~f>vR_AYk<w0E67;5xLFfWx^SJb5hSEF9nkRAZ6RfVoK#``t9yA
zNm&FIQ3SD5)Wu33iOKpExV^+NP8znv05Eqv&35rVW_<^GHFV=}f-ZV-=CBf1=qWP>
zP{qrk<{K-UL$QA;Dw{YAqv~*stmi?rpADJ5{5tTS&v4dKozh7kMIbq5=?v8RTwb80
z(YyA=7k|gMuuRhXhSLDK5KfoYIDybCdY74~+@;zV<^Iwq#&LI_BXI~({27d92Q$zE
z0wlkCTp3Nzh{{%r>Q2=ccMHuKQ;FSwZD2qNt1|?8Y1HXncVh=<xde0@v93a+;>0N(
zJxh9RR{200MdVPkexZ-L`Cj*q?YQ%Jaa9W7CAN&XYlilehNW6cLKmmGG?k^XJ+64H
zhL^Rtem2>Bd$Zqk!;DCoLxCb%>6`Z6R;9+IabQ#sPS$d<f$6+oT@d$o2!2~AnLO3`
zs8>cBkh92*bQ4|Sv0m2@m)e@$_j|Lf{E{1J*45_NgkSm&xsWzG-R@0Y(Y#lRcH1IW
z$sD;w|B8Dp;p5c4I(tnrpW+4Fc%e425B}v=i*Hmd`yaou)>KS3oYEsfm^9ekBhhIx
zB+$D)`=<K3@1quixw;b|z?#{}Nw3%mr-ya!Sl8GQNz`tQ#g|28B0(jN2P<^j$dc4z
zX6Z<`hv$R;LrHeBp+I-GMH<HnYwV#uxVZ|tWV4Qr)qB^LLrrk_?r{^pZcsz!v-sxa
z=Xf{ALCK3K$a38<#-oS`?V!=_p{1&Tw3Utx7u~NXqg1p~uA3PIuRP+kK5&O#bqUtT
z%}ge7;rq|aUEi|$LG!Ms+ML2j*9NOQF=o)v?+E_`mz*SJ0C&duS@2<@0o3tnYW5@L
zCnk>t)Nex0PoRZy)NTtyWsuxQzt)2>>bB@Eh-jJR$@|&^CV`8E8CE@V1D!nqQSTca
zQ1Qc3d`E+HXi~Y;Bp{jdC(u%1tJI%GEKT=%f_|^W;YbsYQ$Rp^JWn?e_y_zNmq?i^
zw0W;?-qi?s%5u$;ggV-JnR!V7eT}Z4%IQu=%bwk_ivFyRd8=;bXLe15o3xZkDlSae
z9_^*tiU9=3pyWi}8Gu+Ls2g-GT?f&1?a;9fcMl3sxG#`m*J<4ZeW^`FVCx=DRR2$#
zk>Xn&dbgP*`GLG;kad*rp;+PB+3JU?%j`^3>LD+=bXs}eyMl7hUI1a*v!SJn(W$Em
z7p<7GmnSF_jS1rv&|H~e3KpH8^G);P0<FA`MRg8Q8Ss}ruONc_I_SV|KRn%W=$|6z
zA;w}=@LF<DvIqIcVmm?kX4Vbf=`2kA0)C?1Dm1S<g=tdQ$9~1%JQAY$+7s`k8ewYd
zrSt~6Mb#FdNr1U8m9ec3+{X#XUI$6T;y}t!?O5bOh1CM!>B+w28~VB3?U9$}r&5Cp
z2<oK;GTd;qE4RPG^YdgSi?dxdsRY{oe?e6#Q}z0GR~nDK_3km7lcK`zQ;!j@8eK^2
zx>2Ah{WgjVUwu4|3*CaRFfTk3{q2HB4(l%^7c<;~>-M1LgKa$Yq;o_YXATTx1h>1}
z@=qQBwudIyivo)=7U#)XhsaU=6&uG^A9lXKFWEe7H+25!r@5P)fN@3Fe1h!>t{*d_
z;KLRv8~vdlDxUE3v$2y|>(1M;?hQ2x2>m0eUH^g!6X45(%yEpi^-|_c3ecG9&r1Bz
z{6^~t9RQ!zvE?f*>|g{-5`}m;W#~VsUWOLDvP9?qAY&UFtJ@hze(T%4W==_e8g!SC
zjEZ?;u!)`gm{l<NQYKY&(MS@7wCfMDnCH0FK_-gqS_Vh_2rCfV$CZ8SNsAC26#f94
z9KUxc-;iX|7D>1pNO%0JIu$Te_;_H<Tfd_X|DjSia<pyM+n7T(!jb;_AE(yQ%l593
zP%1%wXS?L;f89;-&?;NgyENawQug<#B+)+jEcs{|PAyJs%w9_U1;^q^Aq(pD=Ihk<
zuB^4gK}8{+2Gmz!pzuH#U%L8G?)aZc4<I6ic-vq3I>z%B6Pp3|QMVsk{}q#e{v77!
z^y75TpSJ?Z;ODoq|Amx!Z9u{o*QmawrOb%vdp-Y)RwF(|X=`xtVefW&{&APD;J<KP
z3FN`0cuuG10s^}Rf(L|ujX>-HQ0AR9rxy^gW}h3tyDk0;ip}VfPg^`m<;B<o`7Ca6
z6R08Z<^R`x;c3PccW0Z#`<zp7$Ix_C^MA2u!JIR{+<H<0h(xQa0{;Kv-0s6}PoJ!X
zw(Hy<5*W<H{7Dz83<-G4?yK3B8W{;M^gSg}Dt8P1;Jg2T`-c5yA{7=d)~-T3DeCwB
zceZM8vh#m3C5E^>4kIv`429-lKhzr!mtrOy+ec(|Xp;%frJ%5Vg80i(`A_tJgXDv8
z>+&5pk0dXygkEYlnf!a@1O#{>z!7wtNv{J3;-@@3+8Wwbe<jYp@O4YbBD+1t?A%B8
zmO7vRr5vt)RCexYp2c&z(d;0CRsW}5pyxj3!8rtv^@`tUBZABwk?x-^V`6Hm99q#z
z_m^g7?Px`zSrWeQUrx`<dvtfDehQWIql9n9A2%ueAVi&cm-1KE$-YMx1ZR}ycl*eG
znrC2os^>{+F^XpEq>c`P1L(lXd^KB-Cf4NKGoLEedVi;9=KoJ2a9dM4wB_3XHd&`r
zzf4bpHfU~UnTT#sUSvHO)sh&2eXMtmX-6>AcJXVqj-}97?qaWsLVgnWwlZ!8^v*hK
zCABX%KKvL>ItbnQdqznZGrLXh?T(E30H3T-%A<o}#;C}<^HbX*P#us+%uJ8-YDp05
zI5vd<8J&k6$lBhZq6-M|eLrkdGvJq5=Q;d(aMq_P-AFI_cCnlTO{$w|Y+dQK2*hW<
zWZuYyBq03jH6KzbhOb9-(9Mw>y)rfXy|y>IAl0*Vm1A=eEua+pfi2!PGu60BBcA!r
z+p=cpcOXYW67=;-m%l-fM%tIUTPT74UK609;V0ZfN5nK=gG3ltAnTzT8|S@oU;wDS
zYNd7HtTvBraX#0NB}Bpp*T>hPly{@R@=HMD5c7h>D=j5O-^!s5p<XD<_FE<yb`Li?
zVPA44c0#4(TA4~rCzRv4kT<Z~n5lJIn_%y7jqXf$5ezcV^Xso$Yub8Un3R3o+YeB`
zSfeVe*p0u`rD=;JrCt>dOUmC9h~86AXdC)zcn}Te<Xp8;3y>kbkewO3RX%Q*Fm)?p
z`q43g%D8HbKsVspk(GD#PKK$<pXjQJXlAk)s~lnzyZv#$z{^be#i#LZ8E`x+R|VLC
zfiyieXQs#jCHEJktIT?m!v>CQU@U%Y5{_sycN2Que~eN8v;AW{&d8k@R8Sq4q|Iy?
z3IN8$dg4@@;Ut_efBmkUAAoDEHhI4z@S!0!Mo2^u_4HE}AcgP5Cst#Nj`8IvW~~4Q
znsNt6&=60`-LrD}BP?qg3;a*uUCE+#Utz?=5^Q6zAX%QN;FeT3O8NHE(kAo1dFJ`T
zsw2f|ePB{K;HUb@?R-2LiH|SS_}N9v*a%%-yfr@F_$+iT-#DqXJY@_F*;1J_tNgHF
zrjX06Xe>w`-G^neGmjG5oHjCKEyJ^*J`SCep1Hk~@3_L5$+n_+!oBlWYiZ6J&J5YQ
zYg*S=09d)8f{lDT!dV{l++#yK1jQ`fcBk|DN}279JOiRyuTb~u_djc<w(NVbE;mO{
zeHYg)=>16tNFzOb)5TlawGyanFxNaFDrGzWn}gVV#E(+A{58^@9vi9SaaedR`3-cH
zJ|$JkTiIcdft>OUchw$UAzt*Y6_UIABxSyWV8=HmEB}ohpK?bhz7Y<N$Ob2TDp7=`
zyg*66tB$3|1u}DiV|_1<A|exv140~V#4J|Ml9^LhqyweO2Y8ETzl3;WCG!!4Ka$tC
z5bAGN-30`pcNx?HkP|BG@V_=)q9Mae>Xo8*Vu?!>H5W<r02e<B4hGU+&n6XJR^b&{
z&b4vQRP1u+zCe3~ZAL1RuZZb84m`JKMu)LDS)|H9A;y==m}K-#*htm6EV19%?9oMT
z5e`3nUGgnu;v};d;L@mL#;wH<ifBC7b^f90)4VdSl*>o*IT54ZVf_QDj@rIRqDD>}
z(A3EOJw-B47SY#8FoSX-9}Pg}xQt6D`H>th9mz6<^LIP%3Mz8#xPX22{kNYagjg2X
zF0*6#44qM3_}kbtPnIIDj}<hWU-Tw*9MGn1TzB<hyOoWp`y9})-$)~WY7T5Cu@k|u
zuG|^S4yaxx{^IMCaCLSls@AmRn_pL_dY(cEhA?9wom=h)VSis;Zn;-M4ti-HQRZ6S
zAX|8S8|sb2bb5k8*XHGiZD^+ygNKhOxry#5)MR^b-x5JT4AKruB-r^O;M0b^dBk@%
z8((sTAi`XbV52LT!xY|rcANkHY6sz>#wGaHEX*URG09PH*PRfeKjX0X<;tWOKusp3
zXOzYW^kBhX>%EQgd2{2vxxeS1xK_n7150_islf<L6{K=px>gqN8N#rh^JEt}ACFK_
zDin2N+n)Sjr9Zu^I34Rq#@zO+0jEfpzONX_ojf&Z*i?|IC#mH9seF>7Xf6p<Dcmbs
z!jf-pIsaNr-*(JGn1;%_d1|ue+4A_UxREwaw_CTIzj+p|@ow<E?R-2#xG41I7D^)G
zVfT0>>ozdSazQB;Dmga#U;GX|wwsE!g!Bt>tByP1bZW?%ys-XQnzMFl*s8}*tp3{-
zE|ZTh{EQ7yu$p?`HT61omZAH^h)vDW02I$*UPP0bS#OZa-+4HLq)@8&WLgJn=$&gW
zmsaNrXg<n;7*3sR(IhtLmUSo|_$s5M^B}Bl=-REaXkod0o}X)dS=K~TF`D(f5`TG(
z(CG&Y&b)SRWq)qN{8UunPCvRBQvZ5fWFW(P=@9Hw%znF+;iiVBT{XV7X_hPPa=E=9
zuiI8-F5ictdX2ULvUC;W8ef6|O>eB6!0~ZfGpRpD?lNCoGAxtmHXXc^-tdd3VPz)m
z9(VJU3jNAg3&-%^MF#?J+R+~q6N@U10)VM1_ZbiCpDuLYmm#XYb-eS1&&O272Uzso
zYW+xS;$_&|tr|gr_A*tzLk{>;!4ogacLaG~BGmoB#{J1_@YpaW`}+p;zyvqb^1Txa
zw|mH9F?3HbYe9z8)B$j3b3)*LH=<p`AaqZ(7R=n9Lj{>LGpz~uY6^1pjOM>Pt-c_+
z#`AFZcvJ1{54%F@vvtP^jjDLHJlD&*G;%%Slw@al=+GgnlXa^j*8viX?I&mu=Imfg
zb?qq4NV~8YLopHGY8ss|bbmDXk;C1o%QHx4C^)He9i2PSm46umjq&5NSl`e5Ty=D$
zATJr_By!N17kD9g@#@%cyrZ;~wMCM;g99>JChLg`KPaHiRI8h#s=FS*X-+lobV)7!
zK_eA9uNh{|iAT9THvrh;BqVO2RycE^ilASHz28Y(^c|Y?$Z#*=77|^;GA~Lhf1&Oe
zFy!fifA8$^r20!IVc*Bl7V|LW$V$q04EIM5gxNFknPvq)&pY<8AC7JO$5e`x^4ihJ
zv3(6eRF=tRqq0R!4=-W7f~!PS_0H~X@wt?;?a=Vk1=WD4tax+5L&%PKj%la+3Sz@&
zsM&>a(#3!|=JbO55!#(i*T);`Wdxir16{<}Yt-l1t2{i$`knV-X<jz-Tp`<6e&WvN
zvpOWdwB#TKFDou524TmofKz<Y+GXe(tP1&MWaI@`nJ4RAwq2{$@k0Cf?eg&?)mNuQ
z?frb`<8gUg<*TCLThI39*dHBM^Q@E;z0YPc?sG_EL%h`m%iF-XKo3iLeUhpcHd5H(
zthi3NZdetNh~(F4Rg>OQFgNkm)oS+?j1SkQ`KsJfcbk}NurP0QLe<&6?PJzQd2V<7
zdK@b{=AT1_0{g5?lAy1k<Z08D+gF2h>YReAv$IWj>``Xam&PzlCiNUj=9h=HRKPLg
zk>HEF<I<SssrzGl_pN&@EZEu7jvK3C;I=f$<+|ZwSwQLX!QPwStlyDl#{etO(!jbo
z^&RU%Z(6BmIoZ+>(&D~8*+^XNU0jSacv{K*KE_dCyyLXF!B1UR?_JmA^bkK)hmBsr
zAy16{9ia{IWlL&vPEwd?A~49sg#;+Mr2VqIW0#9$bRhh7$vzI)=}3G8f21J`=IqOg
z=PCx5l~&7kL3>`Lgwoz6DLB8sOvc>t5^lormm&1ySg`7FdYAT1<!aBr^k4{Iw|uLr
zIin!aa>9}?-&1^<Nxh-5w`?{N%U=V({Zpynh@ES(Fy1vtthM<lCMvoeDY8yh7FH!#
z<Dug&l<MWvzh=-|2dR05$`e#z1Epw#Jf26^edKwsk$j`cAC}hKz3{|*Nj?cqGH&s3
zb;;{53!ZBRTqs=1jkls7PRpWVDIcAfmfY^jJsr>q^fY^&#`@9i*<Hna$5NUDtXH(v
zzn@M1BhoL;aamDPf8lPw1p6{d%Jze~VH}!^fevzN<sWO%cd!f0n~OSOJSIKn*iDj#
z<6oG^91@hw!L)mxZRh?2{t4nG8sz<JZP%eTcB>r>tNboP=9Cu4;du>IKtC15yIV;O
zHhbji+%(*@;Da>u`{&R&p;p%QN>i2;5ou?Nwc>lcNtT3rvfL)|v7K6t+FSFeLv=Hc
zAY7q$8c@FHpkUY`dFCOh&M{R(`+eAP-JxYJyW8nx4O3HL-?Z1No@d8dySSe#nKS;K
zo>jyV`R1|U*s+kLshL2m^V212ms*B}nB49_Q_H;b%Z^Dl`@Q-LO8xVCs+;eSXR~XK
z!D$}s<hhy_al6~~$0!S{x1@!QdL1+RggI7NJT|Yp_p`H?X-a-<e4g(SqyfA<FZPM*
zy>!4mikj%@Rl5vliZL&<7yl-t$P!sX;2}(pad$X<Y_%Drr@u=cU-?>|*7z{lU=@gI
zCzRY^hpIQ18hDfDMA_00Xw}T7k&N4Km2xpz%X*p@Tq4BLPX5j63YE*_0ec9%-s-S3
z=zQ@_obfm-hvn)-5e{TM$V+NxjH)LwE-u5`A}Hs^SBd6hM4z9Z7T&S;$B4g|nf8IW
zDEWVIeP-^FVTts5j+;hzZ;xuOiFOXJl7aBoG@4$Wh=cVahp$bzq{X+io4CHiyX`Vn
zx0!y^;a@}x9EDA~%4(wCqapNh6+CFIFA<gw8hDbuGs;fC4L9`0-CFs}M}js{MaMi$
zYf4hn?d&uJoT`_CLPp$ax*4FKr}%?S%dW6Z6TXFkb0xLAfor5BK5%N600j~LOW;HK
z3hn7H3_-EqBXq5YXkWHNgM%-*735}JECXFp<bsxHMUN$xJ3q6>3*Ylj&73R2dCigC
zmyd-g`&1LF@|jyT6Mckb;)eXYsCoCj-3wzJdK>o~MR@HtU})VGo0@;<-Jb{eS#>(k
z7-EoZkE3iR-}6O>8=Z3MWV!BYqf1U2`0fvO^e$7a<XG5r_k1OCiMg5Nl2k`+!{&_C
zr=Vp~Z|$`Tb$^yulA6htbO<%3%`1v7(P3`oi6jDClypy2x?fKCBg{;+FxXbyu{whD
z`32j4^P0a$%0?hZ8Nc{ZWh_w859?gEu1>pdd$6ysVRsVG^EwGmWy3Wen>;r3?ht?D
zl6{M*X|U(w&?3{nNMz;P&&E|+aG>A*k)XG1nvbT75&n~#n8Ut6(fhYdbLKU(cYXqM
zY&6MAIogvnhO1vlc0%w*Q@6qlm17DSqU1MHC8NTv(}{fdI9)dyxZm;eb0e9KaE`_@
zLLYCWDZkRqu2Zj-uBvlY!^@$dQ8;z4JR%XZdh`5VqV`Eu2|RE(*vbDI1`1*(!&B_!
z(4Yrac)8@3A77&m$Kou@B?(H<tW4%L><dTH^yViH;!S-BLDgm7_wraK7gvzRCSiZE
z&|be;XmFq?Dis<bQQ}F9#{&uNltRPA`gVGr^tt{T-GVfWz8r%fYv(|5qH9gN9r(qI
z)%C=ulNYwTTU(m3<%GcT5P4S_%eNVytgdw@Q^=TQZ8`o)D>j0V91K}o?$^JwiZ2o*
zdVeHiFd}yB=)uG8TIu@Zw{XC1(4c1Md#8gs|H<|}h8~AXVqnkPQGdd1RSgfs+^>r$
ztt;OEG~`N+V73R|dYlezJ7sZfL>J63sV{ACWr30C+*3(L^<6&Zo6>cQ#i}FNetf)Q
z=ck$Md0@+g4T??X=$Ad_>~k$AS24B+4Z*)Umng#4`YR6(fBxTd+!<7>rp<G83DAAF
zz;1GNy|-gIp+`1gO4RM~?YmA2ZG*g9NFYBp-D|1&#N{NLF`1ts@D$=Se>yARxA+X7
z|73UJ&}$)srCD5%n_%b}#2aN?wTi1*eC`Afe9ZG5Ssh3Tv%q|9qnZXN;%?onXzHR#
zKZ&i4|Kf4*%gn*8c14M=?G^zuQHd(<7fDuYzf>2iY=MZO8ro5bN-wm`232h#L(e;;
zQAz@uSGeW!T53$W9_2(IkCK1%07XFto-`zXlBSCq+v#q*d7#PI!UuU!LL3e^v)Wye
zc#C+7HTPh@?`aBYn6-DlZYR-b{Dgu`*FVtD)0Q{><z-7E*RsGJ;qlo3TR3T2LEJaO
z2mJC!YrFvXQJ4Hi_@3ZQLBAk|k`XIk4>6jap$2YT$cktJAfkp)DAnU&A=Zauvv{$J
z2CyH!ZtP}3q0<J7bgz8=g-!{x@dtX?JN^h=J?PW_6N}D1kacSNX@bJx+Ub4&4>7Gi
zGO-dJl<sHblyXVQ%tAGUWI~i0jE!O&BA6btq|fjt-xf*NQlPWmyh0qE%i4V3K19!o
za-`++bWX-k<un?rh0w0F#WMYb`^+5&Z;jH@n2khm(jfQjGCg)17+!h0{TY{WkKr|f
zUW+<pH<Eu_+@Mut)Y%RVh(`K(#ZXysZ9n|0CCv7lxv)D=>r2&_od@E_itJ#(-F!cu
z=4gZMTsH!p{|rTboFLG3NWF`)FPirkY`;26@hoGw=GKg&A`Q36(*q481LH{CLya>(
z1nX;?03Aht>FDb?e0uvyp3$UXk<sru(;y!AOiM6Wne48Hlnu$e8?|eG@HRq7j;IMk
zl?>bV+rsnYL}P;WQ%h=bLF)*HEzK$eOwhHgWDZ#W#`xlmPFg85b<TA-sPS-!optd>
z7G1|defc}ISxM59b!9qW0VUzHh>d>qKzzuFM`L;Y%p;T9XFaf*T^LhSg+yYziq4T@
zU)JefXsKlVk~;fM*g1~-WFhMvuOnaIlMVoa8LT7V@zD*=6~k#>$&cP8gwQ?>4a8u*
zj@5GRskv;PJ9Y<-K^brg%hoWI{El~CRMV-#Eb!o|fZ4a6YMzmgufC0lUZ-r++{_l@
zdw78Sjx@!-zznj$yWwfwLg6pg*A)R-!cDtV&la@8#lO^Zq%JSr+I}<EzY#E_Vv+we
zBKga~$@IdYoP<w%sl#`(W_L3%Nx5q=7i2_&K!OUxFm2j3^w)m{6z!}Gyy(n9Z`uX<
z9}kjoO%&JdGmW3GMMu8hpF)t7knN}<+{<$y3f|e%Jph+t(kCnh&Wv_ZRoJVS>vUy&
z%pu5~alk>{WgS{L?B(oy(_xb%Xv2{fM?%_h;~=?qu&%&o?I#d^brnJy;3Me2Jc6?8
z#F^U7dRqtE2322l+I=5(7K3DO26DuNi5}e71-jVA`&zM#+PPFRkMNy$3?G(o4W94j
z8%O-A%GL4bFgMpBGW1E~b7(zGH$L@zTwDniQM*RF_~lA3?HArQ9w{9i?%1&#7^QGp
z<a5W*Ani9zb)H~;V6$y_#R2V}T3XoU?_JRSM{Cgm;7^dv{g8+Io!>#SY2dj^2yu9!
zBV?6>&X3*{6i!IhH6t}9O4zMh@6iLAd@Ss+5!?@>V}N0t3Qw2w1H)}Q2Fj@wr|Pje
z_z3;f1FGF>MA30j2z?6HN$enHRRUo}P1JT)BTs|dw}nbcS6$Tv=yLcCQ3lU9gW5@p
zPfjD&R-OIP0JC!vACV+rBwT8;lF<np0a%5g43<Vkz>emuvm?&n>6UkU3R1=oMWS_!
z<n0Me;ea#nphuQsO4p*_8y#8L1ihu^Nmpn2@^OVRisvaAH;O8R59VACq9-r9mbt)y
zi!~@b)y?>y@*tgv8YXe~V8iZJ&*MHN%>(AXGs8`;uRM7=5Y_phlA!CoWu7_?h~iHz
z24zEYpQCwQyYHrqBvy0c`Z)#q>LfP9dOwC9&6ZWY(>x!%kcWRO*Meu65<dHUKk4+M
z#tci%>;lnb5#m<nhaLrM$gaXjKJ(pZtuP3U)a*<hf<hXkUv+Fh02Gw%_;zP>H@)OA
z<W<Av9FZqVw^H>noXUzHl8}^<s?_+xO&iwr&8ucQGfKw>=BoE`L9M7em7drln0NwW
zTcS&RSR3w<pqUy*S^~BS_Y`JkMjv%)G%Wm42ufIU+N6ukC-uO+ZONb5waqCd-J3#x
z=Q8Pd1Soaf3*$GsZZe&FDL#<aR?AIlC(~q<!CwOX5cbl#e%aCHuvXGZ1-$1?oKp88
zle47C%FBLWW;yY~y|7+IqB0b3!1k;+*EV05P6fQ}M@%}s+!n>$@oB%L84KnZS8b%l
ztT<8Sf2j)pI^Q6>H{A)j+L^N^uG5z9P3r`Gme&UC%H@z|H(2B{1zChnae}6ul((h}
z=|GiMf%X}wy1TP-HzkGDCB+?|wi$-B#ff$2>S1b=<_bp+_Bh=8pZik#_HC+dX#JpX
zExSQSM|oTH1Km-8g}RD(zw9MHKD<CaHAnpZ5@Y__usHEcexn;`9nqRhkUqatM88bG
z+-ufi>|6J09=%xkzW$sH|4NdX{_P@-%F84{*Pdg$S{F|ChDJvr*CpUFo!xG^@M6Kn
z0w~xzr^u9(J<Zy#Lfq;$hMOlz(Cer>_08oV8(i9Qdkd=>&d9#G49gojy>~$|l^6J;
zT^z$vXSvY_7riLnnFZ&bDxTJy%+M(^#HJkX_mjJ!;L3A#?@kPeCkXeXd0J11@TcPC
z-S{Y>Z#s3sMnl^_32HBPMK$BYATLzqtD?70w~d>-tLTzoK$-kh`GD^u``Q6R%(mCP
zbR7bMen)2V{b}ISSP#Zf87(u@`(rmnb5YVl;^xCoA}_Onlc^tHZOto@`M*KcC3QHa
zl#?v*uVl))jP0_kudM`iyzwZN6@`{WgU{oKzpKZ_l#m_4b(zTZl^!6T(o0P@S=$M$
zf9kXUKV&y!Ql_*K@p-dGC7^XDZ0uL`LyJYsEc%GR)CSMUC<GEAcl~9cbkI@PMdI>}
z%js9n2T6{*$D>q83A!Ku$=h5OX7U@{WWGP59KxvoOHmGC%)doB@X8kKtt?GrMpxqB
zuL5`O<Sr(I>bgSu-jCX1G^79e>isc_QNA#uo)wX7P@2#UYT!#pCRy$wR6@zaAT1o0
zo?3|E_TEKP0el(_mju84NI+6`%suTXSWU{|5vfSJ1<ZO?oxcM1vJHCwE`8~%vGQ*x
z1L9ywMq{uwhmliiI<pKYh62W!z59#*veg_+;%F8VuhZ)O;hacTv+3pKG-DWeLGEm!
z=)V1P{xme5_*uR)<COd_51r1k-FghrNqq1J@?R9z)Kcv6Ff-?{Vi_@xqrR$k#^5sh
z?2+?4<4Q$gWzG1Y_o3Cv+Rrl__uu7tvQdSm7HT`HxUUx$*K53bOstGDiW$V|MA@;x
z#_azk=@g=>+dtNX($N4y#yf_-<mV~=dX2i7(6~pe96I3@dq!))vaNL5ufFI1L|iyJ
z=R`)DmmOH13LZjmgj)dkp}wuO0-BcmBQZOvYyH3%;nqrN%qq$6j&j&;0a<(lzsis_
zCDi9-Jd31*Q2g3)%6F2*J;^a`oCA~IG$cNt>YZ18yWG+XT{%S|k|MK20L$f7;UK9j
zFb0u@2GW_36$a#I-hyfrIW*(l#k)*b3*0?zq};c|^Hs-Ma3(G8Lu^c=GR1`1#v1f&
z_uKSk>>dFCC%jXy&*l|tu*lAxPP<2C*zT-Y)v>7|-!w<nxV{oo*I|ZZ5=kQ)qUWzh
zLZLhMKF;DQ82rGFBBW4ql7I1IA=L=^jXUm)Vj$R2HC`jqjGEPAIlFR6aQ2c}L5jM}
zOlJJhE~Qz&a>DxQRBjS}{;i~ckF_?@S{{2yCd+R6w1=F`T$70s@j@|)@~`?2-+o1V
z>%f-E-sn$r#7;!I-(Vu+oAbCNIsT(v+JHvY{Ybj`E>()rK~{Wc^7g~_NM;D$?qI3i
zH6wpa&;yGIJjI)_gR^IO)vAg^$*eroEy|m2W2ez7xFjRzg=eX)&b-{3V0UvvKJX^e
zm*t{4jjc>~*2bbwo8}VTb+K1cmd&K;Uh8<{b7HR35YPe3%GQ+|`=GCIlW*tDSIlBT
zV0Bu-JBtyib^sFz`k1Mp^ooal`gaskgvrIwjt2$R8>*Mx6-V6l@9NPpAYCIHG+DUw
z3)W2&tEFnnX$murivG93olOHuNu@IU`KFM>f}DZ(OdmPHAFyM$7#=v;jaBKSNIy3a
z8%dI;R$3MLONQ4kM-M$}BsSd|3l>V4p)-lsHi2(KHx$}=H`t(T9a;HgjcWZa1z9ZJ
zaaGm)x`Z;vM(Mk~TV?kV@A0RezK5K%k6Kr*!D{&SST}hj;rb*eou-g;s_>TMZN|0s
zN<}SKxN{-QpabdI#hwGhQ5c@VT@ba#!4TsoZ`d(L&!b0TP${u@Dx5TLNW)8eM7=E<
za>LWwtuTdq1BZ|6Xf|`jrN5qxh_lPyuvCqGBsvYPe?@!k4)N;tv`KBL#2E<=1jT>c
z`MrDn^bsA!e#7tG8R>9|DCb|A25h*7sS);xeLeu-eQC)>M=B$a*J9r}<Sg%55C2+&
z^IMb|rxy{BrswH}9^R#jBS$Cc0wK=3Pn%xX`OS{$goFSB$7CjLm!_lu#XaK7mdBQ3
zJbMWaRm<C@2)i?hbR1T}HqENx`48BWf5=vl7rY0PIm}vB*MG?jB9Y-=gW5!?n?iVg
zhFP;y|B+i3e?5H7c(y>m-DU6~CAuRTD^3`P9-6le5{+9H*<+xMbWsbr|G~?o5$SWv
zoBe(cf<sNT2$%G1$<<LQ*FhjF?~hH)z?gT551<fSEn=Zzegd@$*F%{8W~%+_KNi3T
zq0awH4VRt%CP@EYml;|bPLh46`XJ#ttFR7k;<o<TUq`D|1zBDa^m#A?{JuP}#{wI#
zF+V-wykL{~$j1QRZ=XA3-W_c!UNUdl(e<AWEs|U=X`1NA_N8@ttNNMSHep>MXchB?
zvC0R3Uk@q+r5vFEH*1qdF0yCFc4JN3UaQm=C=1?RW1=nr4bwkeyC!k3Ap<v`nbEH8
zKe2cXS0K$JXnli%WljjEURX~Hr~lEUn27v;CFCL+D{X#qc-ZpoU5?aX77e)fm1x@H
z&UiDgtG00H9m34FTh0OJXa7-#j7z6XxlN_h0Oa7J|F996P7P>@;e2XIFw)v@Lb?xr
z$_r~DTodNU2)O1EB`?hV>1iNSxqm?OkIUdeA*I3yHrh9ogbP}mP11Zvw_Ps2dx7NR
zmc97xNSyB>4-ylhR!hzrRK)43)<;Qd7L#{&|DE{r?P1ec$=RmrhpUppOXZiE&!rnP
zJYSiMJ{8n}tAsYp-3)w1)ltZ%AMf%X{1G~;@Pm!Q)BpLODLX+nGx*vf|MiTNUoiW>
zr`DMM9eON0_tt&^2{^0yC3qb~bAbbwf9$CRs&LO}#fqLXx@E#opKN#?kvfa7oJt;W
zIHZ|w9~b+VKIj$PVfseqfa^3O7WtufxictkHG?ExfxzmGk*caclATCGhV*Vm-WW!n
zgjsjMgLjtj%+`)HZ2i^rH~YAW2Jw`Cr(yt+U^{N|sQ>aae7BIvKWic&fQTP%jadEi
z&iU>OrSpW{BR)q^=O1w!+|>fN&8ECM?_OEAX73s%8glsXS5m=+P6YEAdnR83hh~gU
zoUH^#Ba#0y<lev&vK;2tYUr+yLO6`QJ1zXzto<XB^6>|M4uwdbR9O0}72mh~uV@U7
za2|8Qhd(16%wPHO)c4QO;VLP3EjEq1>wV|L_suO$&0_e-?tgV-zlQ3#Tu-b6Sp*Yd
zo4Mr1zkNFYObL-7#Jj?2L2ZLFLwgAC=r1R*SZE47js`898|HIljaQXxod0=(1Z?oM
z+6KEeS8vRea=D&?0@aHDN_0#v4|oa}^SAUBkY1fwf0-ywTm0*@dBdCy;&VCJAFcV@
z`|3!wpi6($e_~@7gdoNJxfc^^y9TD?c-Aw5`G4~3pP7QVRee@%u0AT>BISFt{`Y4$
z;JB*V?Tpc4OIR7<6!PxO|9P5?Q%M8N)2h50AvO*c-G9gT!4|D+7UEyg4+tSP_YWJY
zRQXHv<(fC*dGXj&>y|I4ez3(iFlq%(8K;<sb&lan^sC!({O$Y>jGi59s1!?^dLv`o
zw8)JZm4ntD5P7=-_m*$)l(0RMnQK_Wj`Jxjc=y}4n#MH+KbC@PrIi5~>=hNo?^n<!
z#76dOb!#L%AjqAjXw1OTfiK7=A8DlVH9rwL+~@kf=^L4n{C{d~6#FAT<wYW~y#dh#
z(A->IK-MHeCwHvBw2r8R4uMW=Cw1YN2@`6`PRF|ja!kL?l6l*IB=0zCc`~=vxVhGT
z;rB!|$$4!lj0qasrSCe@tqQ<DA8m2nS@q0gg=}In0M03@&t1o>Hft0kynnuhb29oT
z2eG5YRy}j~$Rb=`w(-kh!+Nb6b+ovbR}g*Nqu+Knbf8*dwWo}1b-3G@0_1}=Wc)Vo
z{8j;On)VINV0FUorcu6S69gd6aLSyt%WYl$Jlo8GWWgQDpHNA38<t2&zD$)Kqh9Ao
z6bSW~q)(g3k?FX-nVZOutd9;-STGPX<94XelM*Gj5+d3?1f3<E%+TuA<^w^AG=TM{
z4HT!+K!WwW*^EK>V!G{;LI$ckP4W91Y_pG&9?rp?WC((GA_S3UfSyuT-quY*zo}?h
z6O%Ops?xk+@~njlZQA$2!EMuxmq&qMQKm^rU2uO9CD1)<Qw+(ay_NAlq9Cl!$5H=?
zf~?1A(p6}=Yae{cL2cI#3iLL)MonK|jEkc5eRrg2p(C(z%B5ze#_n}<qU3mk5tis|
z@}{TNW^OEd&k5EQXi}sLMOeTs1PT!I<*Sz-a<*Rn3^e^p0xuF{1=`84q>szMq9|Bl
zLRr{jeN-e<H7IC<L`>5)2ySR*RLrLMA_%vOm7ma$R%miJrE=`9p(`M4PV@r#sxkFB
z>qcUc%W_?foy}KUIA1n8R7e2PVJQzvBD|2EN~+or%X{NG`O@as$<vL9%CY+*9-*FD
z1tNQUr?$u;B5gbwy8(Q!XuFK_o5=-uCYUv+*qA08;bEbiHnE0>#r+MIw48(>cJiq(
zcinw=Vh)j~TM;NN+pKP=a+YV<ChE|7bNm(H7Ju;bOi>^Kry~VlC44oxQC$^BVkM`-
zMPUT=PFsCaQ5oel0A2Ttvi+~F??;C*`cD<r=Q!&3>4f0^{M|VN0Ad&AZqVkp?;!wZ
zXFo$LJyjpNXeP4fGIRmNT(<KOA3iC$t&8wwP#Z;DVBCMQF5f$Cd1{Wjr8+680!AM6
z-_eoANuCuclS?sZj0mz_fKx+m5_dkmjj1N{)<$csC;7401@*<}w~o02=x~Y4CsH|V
zBqRQLvRC`)L_(NWmtr~v=9LnYKot0<jl!h81hKB5kY!8Z+?A>Rdj1u2p1kh<V580U
z35LMQQ*%+Po89s{h}tgGx!lQ27Vu*tEkMvrzT;_bdKuvuVX^kT7hGC@JAs=+F(u<u
zb*)_HXh?y#%Y73w%LIQM2z@&1GR!v<de{S*x}a2(si37Y!r9UCiY2@w!=|LjSLAQi
z)7hwztwep60B~zd6WpU8pD)ZF;Q@sUsp3L&tbQ1ISH$vdI<~O%!!YV8pN0*3XhfU1
zma*2;0%aZHhbT<S*LG@Pe;HUHh+!O%{G=1Dfj3{~gyuW6C11umwDC=RjFO)LPHM)?
zJkQqN$~a?eF5O#%9$m1oGn>}F=3g{@9va-fTwAfUc>j2W1%DG8V|AQqa=#>c@iPE9
zxnUYWNfmoMe`@>ntF;*&3m3Eh^kk^J+e(u&T$?GM(6s&<Zjqm)d$bq5PHj0#Bzvv`
z8a{p=F8X!&Q~qm!FZ^(YKIlO&R1G98QO$x$Ppf&C<t2Z@B33%q(?2lJNw6f9djczE
z!lA2LYPH2Ww%N~VT@H0aX)YC)vsQFkjyjP09&gS*06*SIkH~-JN#@hEY_RoCAEj?F
zcjhl$xugOn5v>ujRcHYtU;yofRYFb)1WxnDmCk-$GjF)(`#7M4HpP-F);hc~j2ecS
z6ZlvYRSJP~+FA<KJ@Oqnh+{gICTF+vT~TSa-KMnLaPd$me;K#N%{<rB^6sn^&;YDR
zW-i;hbAb*8xlSmLioBf222dh9!79v~AmAkU^`)FVXrH@PQ`@bol1#RXl@_n#h6VUW
z%h8CJWa^t&Ki{#-7%d=0ZSSr3RBEzr=l9bW?|Nc!R)}o+t16?maLji`7N!OI)awS+
z>#eP}w=k1}R;-QOQ;po=)}-4X8|5$Rz>ORlO;zLUwxQ`ZKL>-myJT-0a6GYTtCdly
zI4e){1$<H%qgNHpEPtuy0&iUfszE5qS4iaoPcoF{fYKq8xwD=G=fV;zzT+b3?J)Tq
zmZ+H$&FkUn{hrln4<WV}GZjY>B#qMfKIYHor_3A3D}FXlNSu&MEqU1%R5u1(3fCa<
zkHU``FzZdJpW>0ay&N1TlGRW7c;pZ4Mc7u}{;9sXMcTxQi)`fiirEdRTsTzFWGwZA
zm2ft108YQC>&a*MVIJI;2K%^Q5b9tkyu6fQ!6DuGs<F7}=;b8~>T`!w_0c|A9XPcq
z3034#ce!WPl&tFarvahitshxehv`N|mm?kDX_ZVy;1#nMy<{({gG8{jUVZ|13v@9R
zld}t0_RsVk<j>n82Xz5=8`Rxyl(c55)w}B^zwdm|=U$s>3H4U-MGCreuD824D~fGG
zi_JCHnS`qqF&3+E%DX(He^&Dx8_SpP?&(s8@t}rl7cjl|lW;XrX(%Dj7Xi6H&+*;E
zgd}}0mPelVLRhZ(Xt^j*-gL8wZCTei(Xhij6s)z>1diWn{<VT$b97i3S8_XP_$&YG
zz=&Oe%ulomAqh#>llF-oHWy*~D$KY5-JYMIxVo!*mwrCyfYq#Ra;qfsDmPL|>(j5@
zZp#!I)X{hErxzqVsu5VNu#=Cfo$<S$a*+{_Pn0J7A7x#6Jk;Iy4@ng2ktCr~DOs|w
zLkP*1eH|*x#DtM8#tfxW*(%xhov}=I#;%ZkHwI%w3<hHxgE9Q3dY<Ro^ZL!dpShoV
z?z!i@&$;K`&wYzyWfvkJ&di=(MixT3Ji0&l2=j^?;Y3#W&uT6bE&5{(CNnP#0g$k-
zuUu3D(Cww(NezWDvsyasbkZwj!(Ogi{9H?;Kk;0l#5rdA!r|oYG1k==DFExV)}ctr
zX6-HOTs?@U)2FnxX{NQfGTYRCDLu%$<c<c?2Ip09)YJENaghw`gZKw`z=vv<Si7zt
z!IxxJx-nPS_D<+PwjY-!-5t5&!an`;8@>v;>*MCsh^+0Sx!DRg6mN&*KR<p}keqw3
z;J#(gozBR&yIv>04!Y*=_<rYh2&m+Xf{hAjD`;~lj=5iM?M3?nDs$#$H?E3@yUwIZ
zLCUrr^6n`g_wwQtw3%rVZM;3+9Liyfl$N%2eH1gj<<b7Q$7z4X;%#2)E@$9~2zo|6
z@%wikM>)uF%BkA+1Qnf%oVf?i*fVgB;EqQPYAQNf#dS~6-y%=kPchBh&)$?@mwy__
z$8uuxv+;#O`C~-2;!h5zm`H)P3*k4u&pc2<9^Z|BG<jY{m(4)tilrH)dCE8`j;~v5
zJzH{Phqo1FQtU6Rx`DbKW_K<)IUWR&5##(2N;@B)joOu@g}^8_2c@L?@0awCOR(I#
zFWkmm-(9UAGg@(D*P%_z8aF;1GhKd54@iNWe5XEGa`{YZud3Qhxv?SJt5@>7?Dn!H
z22tA<RSeo8UpHhZgz{1mdDJn10N-o+XSpuPUS;$Ax~~Dc;cD(IHuK}Al@%QHzTN=E
zX_t7tzu4dgvnbNQL&D6vYeP<C1Q^IUsC<?C5`XzU!Hc%2%0O0($IMYkb}1WCzS%jw
z-pYpk+HB+N!boqy?D2KGds@|>KJB(CJ<PZw7tH|X5~qIRcqE^_(qhCfR(%H?_2%sO
z+xS7<J8z?oFJ2MW3lmcju}%8)ZjpA>{s}ZA@*P#Pu;3=>eayM5`pYL_HO217-*Cc$
zEzt6mRw4lQy%9JeyUZn+f1*NgelWUw=Id>ROKX@MU<21lbEJihkJHi^GBhf_zwb_<
zPstrObLEVNy@HW)!q5#Vz79Vw$f8M3T#jbLy~^>Uvm%?cATS>36Yr|*b?lYk;9P@!
z+=4NeyWuvEv(aH5q47aYV3A&OlriGqt5iCKi*l{x@b1*Pu*I9;hEk&HR{mc)uxM?l
zg4N5eN4TgfOREb!nK(i8INVEn`0kvHt9*0OhmXE9atrT2dVknPt{!MI8weOp#2&o2
zfK5o>0;_0JBeN^ht&3B5KCWlF?Sy6k2po;xHG_9+G=SqFVzg^mYU~P31b1ktg@t%1
zm78u6jB0U05t0`U1EIe3S2U8Rp_2or7lIqu-B5|goX;>OCvzGMpGGra=}sokH#1lR
ztyC?R;cs@7&M`A_aiy>)iQflVo>tfLy?E!iI^@d-L4aO)Qt8FPu#4}G%fw!wu2F3d
zB+H5m3p?rAS*Y;KLTZbJg>^!khleAF=W3e{Rw*%d^o`KwiIn9rMqVDG<b(OK^WiBx
zyW(v(7i_t<{KO~xpM}h$(PQN1e%O!OLpB9AuF>QS^}yI0>SHR?HTBn*%_h+7Bc>#`
z-6kOJvEtfEELk_cyM`!@w0Hmz)O=kfy)eeKqH}?w%*VTBjUEo*C{>uNGl{^yJ(@IM
zyR*MDQS|hO4b_k8BaM`071MP2teB;?wJp1<^y3qrVH-nm7(HDMoIf9D%W*>`4)04n
zPDqi+8+C2=%W$M`EH!L`iRdqvT?)XJZ$Hd8y*5@kC}cl5zkiE7_E*8lMyygS_)Fhh
z{{};$e_N;-_v9o`OmD?1>wG&{@ugBn>63S<{5IEEMVWR0Wp#CZ-Dyw`eS@h7lA_af
zpY6;^tEO3{#qyn9&Ulzg(2$<owAW4fd9KzFY|DMGCckRSK7%cj-pO|@(}I`TcgI3H
zE=em}bIDFc<$JNFOdoqlw||XWg43CTUTboF$`{0-&bfY+O-ea4QR~jDyip3<1+Sa=
zqwDzvekO-}ypMQoK&Hyr7jJ7>Gv_tDU8Rc1w5x82t!Losf!oKDGB49bh`b6KI(lxX
zD6qhK{?mmXp9H(mC{C|Ok?KPDHU&02jZv;~w%psJOJ~M1tOggyRCytNiz&V!=g+x+
zfmt>y1RmA8h6u&WKvO51y33CgG=5Po{_Y8#z8}CSLf2^T#3G^Y9%^#!WLdIot;iYr
zzKRguutZ{rLF-k`k3o_PlGNhJ%x%1;m2?}|ODgX~g+8)7>4|xo?k#&b&~C2;3NIq;
zyz(!YDZk>P##z<0mncv0YHG06z4;}N9)*eJ4BbNPYEXBIcQ&~{>u<uCr+f&W_%QS>
z-})SS3u=?3KV<n??w}*AE%fjL&&ed+CT_3#V<}91dn@2C)Cit!cIiwty0BOd2wPqR
zwU&E->ZR~}!x^vSugr{L>1U%Q><q|_)CTChvW)U@%U5}HI{x;z-l~-0>DuJZ5NBsE
zyM-}}=tc|&LCSGniZ$_v4gdDRs2r}K$sX@byM3C%^uY@Iqf$s3?>RO$w(b}SdxG`V
zy1LVl^B2UbUDzaDdb^I2bxh-M$I0|#ps(*jK-SYhJz=jy#Gyf|Cy#)3Q~XSs^U^zB
ztMwPo%w@O3nXLfaDqjK8S1|RRME}x|@%#o{{xc?9m7LZRZ`ddby;1oJh4e|tQIWCD
zw7XTbe;FOP|NgW-<Fo$y6Gn<54dm2mu)smJ72fZm7r1fw<_uJ(fp<u!rCgW&)tD;2
zeV^LkLQwt-`;k=8lVXM_!C&5~<*HkG8wp%1VTLiCb;A~N<qjkE7LTm}&ev~0ZYHDB
z`a&_I{kT<D#%HU0>dzZvVYs4^YT1T<Ljnrw?v$))5U6?RRkg{G0^8RbUbM@k&#rzt
zne=V#nrgf9W4oDZ@<_UYtbCCj7QeC(+v9t)!ru2XUGB<lo$3pV)P`2~z%^xP@|MEK
zC$V<B%}R~#67}aNC3fFNGY52P-k3x`YE|Y@!<o8wk)D%2fF*5YF{?3tnsO>uuT%L~
zJqK;rDF6aHDmG~W&lJlKYhX`#8ibSV3Ju!KZRUB>#+VcfoV2Fy`HaZVwF-6jtTpgA
zEnZWY{<QgCqH!!Cq(6mZNSCXaqMJ8oy0emViv!pn3Xh9>?=s{5sHLNyaJfK&$XnGP
zd3Z%Vab(|AXyOdzi2hfv9;nB?aIA>;7Q<o2;%2OKPi(LH_{-F(An7xu5i$>NKjsMt
z)^PuhKFtqlJHT3}MJg7{<UZh8ntD`~chBT5>CBxcH&PM-Jck)vc5%6jL%Ejd7o;jx
zfiH}o>?dLtn+=^}CKN`Lx5J#oEb+ZwgqNwoxnIprCC5ngR?K0w5^pqx*AKZ?3?mG1
z$psJ9HJ5V6I}oYj2FSw64{4#6N{#mO=3_G0M0f8K@z3!J8#0Oc=OTAwMC5{%H);Fl
z4}I-<PVY`uzks|Co~W1!XH1ZIn1#*m7k!XOc=qjm^~x>e^Bj85G1eq?5skY2UQm-l
zPsNAMN?MWQmhr<qL~HSpDe{s+QJitE;(YNCAM{OVp1p?=9cYcTL<WS*vrmyigo@{_
zlvhvQ_|7VIIZ1R0?Wb&4TgVb@UBimfpV{u%>u%#JY&m>?o|Q*M&-mc;-7a;ke*J_?
zHL$a1*VQ}F1|n2)dfs35IT9#dUQ8oQO{OaDtX~f22Ai&qTHt5ghBoS38)RRhxS9AA
zkx?jQVyDr9WY2EWDc`~*^fOuEwY%ceVaiTEjNV^`>p9N1HPzedz7igxfG_u=X4(zH
zVy{f=&S9h;y+jZQQfo0g+Q;hQZ=fz0QlZf}(izDq;55nppj`+bmhgmFwo6`Wk9A%t
zwHz&ZrkB_dwzt|=*!&Rgz|1JuaRmimCYm=@eD}5KxpnG8A7K4mHFG#uFSO0y30th1
zeilZD2N}#Jt<`LC1d1B%t}?nqGweaVTKy&Bf&4z;qPDQAPOr@U*UN7|w$zI*Y}U0m
z(Jtc%NKN7o)NQiIaRkT%PQ8v_w`r76Ib-RFZS(d|hu4t+l$KQu4p{Fj5$eX}Q_G~j
zR>D5crQ-99Ywuwfb)XM^Ea^wdiIZ|G#C>prJf3?b@zRBE(!y(tb;5}$5HiYEt7T<F
z>}P<i-}SiYbqGk8cy55X9!;@2*%&0bS9{)W^^LM``rL{w|3kOWisBLuEgi9rQGxLL
zyB@g|b<oVypu<1?41IDr*KQlxUjuk&`Z00wXZQ;joG#~o=OnCEaK9FUsk_^>Sb6;3
zHY6MxXTf-J6HNTfty7U9?sCkFP_gu7xCM~~9A>EMAkxL%E!ckI_PM=@Cm@P+zkVWK
zZoa7#<mE}S_dnq66J8w!M=`5%oKaAlIl;LXL9dUoe{LG-Z=_S@j#evp%D1TlKAAdu
z>X}<%OM6#N*W9!4)SBC34I^0<JUmMFvGJtxJij@ko`4<Y+E?GE7oBDptGq!kn!dTM
zeCIg#^;l9dOmVo{;rS9+Yy7)Q#=YEFoOr0%n7`1hDt`PXsx=?|eYkD<<eqLL;R_F2
zE9Xn&AB7WG_$ClhDf9?g95xYAF=5q`j%H>|q9c^wEXaRCiFG<zq0nQA$%;2)><^<l
zs`Y*6;Cj5vQ}T-9&H=erYs=85KDlRI;n(cIS}By$qsZgXma@Uq*LT{kzbc;PBh;N4
zrT-VE(X%Y3J2iWtigiGvO4sLF;oAu_`RI|nprO^X@mVuVCWV6FvDvOIbHW9aM3%i~
zSN{RTj-KUUTD(1$U*gj=U!3r?Qa%MGJ6$+bVUKrN>>RTnsdg%>NFD%t!`SIS8<c|D
zk9Q_xt`CT43RoHQ1WQJPj7j%_Hk;Ksx_NIC;;}gPrv`c#_iX2U0j)=qo}(j^2-N3R
z;eOu9F}-<ZsW+K)7yQstJ%QwkJc5#KHK_!LGd>qQ6wvshn6+_skH(R93X08POf)?>
zuAp+Q{1#rqD;(OI8fwz;GpAe_!}Ns(+1oQEp{*T1FgZEvlI|ARl#9~H(_cY>{rFbi
zV0*i<SyDpGkfOR{c^=t6o~T2@_C5BS1)rCk67sE-O9zpLh?p;$chqh*Qc`56b>Yjw
z+pXx>-c7LoEZ6uJ!c>{fyG*&mK2~^ID(Wo;I4{^eSh%ZGQRiHC;6g8LK$skZNbJ%=
zQn$iKck=>C-3Z*KqQbP&zwQx66q}Y(Kl7C~z2uJ^)cxs=OdOfU8h=pN>}1pA*E(14
zJ;0dk4R?I5aK=I67>)KV^n~18d9Pm+V$Fg*^LZ6YHEHp++-M{8P99Wu;i1IUty><T
z_-*}jp92#~@5fi|7B}vlg&cE@Iur{~X5%016%&}?K<LJ=;?kMibTuZ0nu=YYwjcAX
z^=b2Acw#uqb0Qhib@CRGxw(7CRyHI8JgIKy!MImFyHt8}*uLk-MI@%kFhCISdG|s{
zn&+%p%OiRbNvHld-x@AVpfi#wm)ozRW*n?);@sX%i8ki6W@5wp1#hh#OJZu+zwELv
z?aS|yT+;Yrhqr9!h3gYXr8OI9yuBQ#uJ}B~-2<q|(U-vo6@8&RMBH0@t=@b8uc5zQ
zznoWy_pZuc@S}%7Pv)H;5d)XR`Z*O=jTjY}s#@pv<W!VTJQ|zOfZ;o{#eu__eV{dk
z;419A**Ps0ah=TeT266ezr6e**sMA>`+^`BM4_nkBM|u<-wdK|Q?vjGyj`+m)os1W
zkJml8NX^?N&a8F%GZy3qK&{nfPG}h{66+kf=+|_?fLQW|MNZGWgHw`P%cp4|_YnSo
z8{RIZmu!^lUz?pS**o_6ZRFDE;n~G;u4l_i`l}6m)+Ot%j^q&;>0&Z>NI!(3cR?H;
zT%4Lk2kNIvGx`vUCiq4|(_^YGX*(H4*0eJ!C8|+CLKrRI`rHsrs;}wcC69Ak>XXLC
zDDzz#g8^DI(yU32b;YhD$7r_^bxbRHrK}4u3Y&kf0KLrBc%<zXArQWQmo<5DWiQF$
zEGduBegJ2*;eof0$WE6Bzy2mMuq>Y8E<O9sAAZg?A@^aG{9I((rl(h}0T&6DSh41v
zdJ4_Ck3BK9eW$%wl<VjP9tv?4=4p^g!l}EECVXM=mr_R6Xhv8HPW%>;Uk09H>o<<#
z-_yO!F<TJ5w}Lg3ciYQ6uZ*=E<+G=*Y8BzNw(hgR$@L3Ck~_4uSg07KR?_whNO&*_
zCH?{L$I>o((0&BZE&h4*km9H&;b{=A#MBd)>a=@@mIC~8ofnl|%Vo}IW?*nF8lAS0
z7{}MxaHCqJ28E5jcWJ`Dom92Ts>6SRb!5Y}tCTL4-vYixQQl!nnnD>%;esSP>X~x|
z-9K}4L2RFD*NCFh?%>HT$cR_2^+YBJYW;+qh|kS0*4>3(Q3CdDbzn}ETfvY!&LTIt
zHlZTmK&pU#-fL5$o59&><t}StjV{sEhvisKkd3>kZg<$r@Cod5+U;Lu>ddwMWXGtK
zRB@d?!JVs;mQBuAaMv1{9w<rj#qQ1xm|Tghcv8W%$`=r-_&ta_61+-1?^P9FkHn<t
zwx{$rv0i62K3$Iyx|8_)bE5AG<k+YTr?GLK<inOP0^ZT44<%-8<KxfwTsfH|ZQ4nf
z+vnk3{i@a4tqM&vf8e#lACiS{LmW?h(cM&=I?zHAaRF4T6Ze}Db+1r)iL(-*I^by=
zM@|{GC+>rx2D<%6d^fm;Rt|Uf64tVAq!!!dESh~6o;=?yc<T*~qoRi*IQn>Oh;`hV
zenDDC+I#uUw`mI9enh-ovkXcirL$&R0`E?{<h+QQQpkiC9T|+)vpPV;2Y|9PUs*+5
zVWuU9zx~%Ieb>yBD*bq68~LS6!y>f?k^t!PrtXu=GxD`>#)u4VF||FO2KH&Z7Py7W
zUQ&Rb9i9i;Jsu&Lr60ze2b?>PAMs*pbj<>E^p7XkF4JMPYNJl>GA7+9l7vjKmQf?e
zfh{ewn&Tq(dM+MFGh2VUT5tu*_{+83sX5k%S?4Jf`6v2UUWVh(Y^_*o@U!W$IKa5H
z<k0V_4MBvjU8~nDfdx#s@pOg|>vA8AQg}@dw*g^#{Rds{t}JEhR!jVC(2%}lbtCEE
zyR_T;MG1TTi1RMEE;UYzp&9UJ?-WrsJ(-*{5y_DpjYz1F%;>IEQRp#)_}px>tKRtb
z-XF5*9fmX2oUPAii{=t5Tg|@(^tulQ8Pk!?De!WW#zbW?pSJbKqh<EHVa(fEmk*`v
zpP#J<H&h`pk^@>+*4LQjqW3XB0AkSYNQu!>W86A>Fgy<GvR2<&i>+KZo5X^GU+~$H
zc$O!cACHgF=3Ydcmx{+Wha)Y?MVHQ7P_mpF_P9jsFlpxVasa*@<eGEMat-ZRQuxm7
z5^KhCM+AbuB7&d*`o<^5p{a|kNYRUQ>9y8#dGcg%5RJ#6BX?8A(oOnz#c?MH@+$qh
z66G24N~hm2`*e$MDstrqkY7{+FeN7xWJ&^k)j?ni*RHMmuXWz0;xT=&V!<Q`K=>Fg
z4KA|=qsIUyE%xyVWSooBrq2tj5FAWQX8NSUwkqZ08{TR*Zf854fmy3#yowxC2_6@E
zHr@NgC1>}#Mm@icBahPMa_2s+_U>-$1Ai9$GHH($AZT47WboDX*$S3Lq^+<}7fuVQ
z#1TEQ*L`P77cQw8iE`}FV4?=85x_-<zYko{->|<XT`I`UGU8f?wr{HcaYqGr*Y+n=
zJnN!c?-Ldyl1}-$m#$_K>u%{Z!lc(D1Mdd@F2*cxNKiMpuA)A>M<_)91)<Nar^!QI
zD`C-Rn7k;u<(@bdm;F$-#y&lcI||VJBc+Yer&+~6sf2;Rg?UA{$!GkA2Viem4Y4=>
z>dqSval)hpN$$$*0*=5e7`rtk8HyDfx-`tLX2TCq-;k>zMepV>aIDG)HaZMT)qj@o
zp9X_@&RVfg5vY~TH;yK(ifrRv4=;B3^}Vb;Xjj?l*$WUFQf?oC2su}^dvm;t-jTba
zD63U<sL@!);=1jVsMfoWmb!|PUTWy^aTJsi?QPBM4qGs6pX<8TlkbajukS95{;pQk
zr|fSHNf1~5(%$0_l=Uc%d0nhAH14$j=H>I~?*ON%7h$K3xn*DUR;1F_c>z<x;l)0c
zq>QDGguU1Cg)LNQY0%K!jd(a(%SO%t7znmYcCrg($Yco>&xjFE6>stn#PTPZ$(=TH
zbk_b+>(IbtY)ieKL+VJ8Mp|=v;E7HfkrZ1W@(?j#oPIREv$E^Vb`QJghjlx3&f5EF
zd{0a1az#2w=b!NfpovGz7z*#{XLy|A)mO!JKcmrJvMbm_Sy4cB(Eim*PSuZuD=Ct%
zS9sMg<5rdySASfFPb@LZv3j~6PX=>b3F-5G<BhYCsn=x4VA_>cjbb*+yvB4w$)`bo
z>u1C+iQnA4t@q==P({`w?y-Djnd(q`0`c<@>#c=7W)`_{2eLWzi6WsvK~R<JX`)|c
z9mySmEGh{(vipiz5pRLksGdntn%3QZ@=ire|D4yH>(H|0D0TlLc{m7ay6<ySl$J<R
z<(50$dsf819Eo$SvIe$Bhs^L!V6wPCx}y)siZY*lV&-Kvlm!;{w0&H6c+u4tJN=J|
zCMnx8bf5Emn{t@$*j-^SBAe%v04MLE#$s}5^%$%6!Fca&g(PagwSB+_fJ?LASM0$=
z6mM;sJqOvBP-dHK#BuNeV^9hOPVRkDYvN`R0TgX;h;!(&hV7+)+of~Q0?_Gr#c>DX
zLRsZpwIg8t4Oe~~#Cb>eIcRs#w);I>ZA@`9@K~_Z;;zaagO(o;J7>gHxDTdm$xTZ2
zkJT!!h|rqRil$kkr#}PRN|FNyw#M_G9uP*!P?Ie{$K49uw4;uh(-f<(zNa8oU5D((
ztBn)fk~>`L*9dk|fRLz39sR9M-j2>l<y4|E+nRD&-ApkPvA$!KS=<QiZzVLlHNz@1
zOW%8w$!uYxt9G$er#7z;DheE?n?57a+?RJ}_Bl1~m6LD;H~;awVmUJjkk?j6nj-r=
zK$Un%Wbjb3=~RNBuinRwkM9vf*}A9r@6zXr{Z0)$SL9K9=Jj4ZNPmQu#&a_DNDzNZ
z$yrz6P#PCs@koVnM&R7xTZrJxH>;wIS>Z6na;MhIwXL2lZ{v>~Q4w-_RK@AuZAx;T
z4Ypp)t~Xo3*7YtXEOXocCAc7Ulj9U*rv2-$64D_=-43XjchB4on9n!oS3Z3-$hhg`
zZ8s+t-p5YxedgBzOlG|!3n76onnm>)^wBqlTAjzX@*Z;2da-Ty1uuRPSSjHm*hZY6
zUyyPPu@QK^a9J_}T>9|psp+jhJ8C>{lHDanEY=ZQO<M()(UP6tydXiwZNCI*+^1Zo
zW&}pSF=EzOMbI-G``^4FxnZ(nVJGCoc<*O)9XmsK7aD3hCEZ1V|NU6b@%P%KD;(xE
z<X!KDm7ZI&{Lpvq9}3LD*T0$v!i=Nc8q%vsOPQYj(f{x5?&pTpWpQI#hjKdsB<0*s
zXaCcjUG6YF)@?t;(~FwsIb4?U{x@6Ekt4Uq*N!Ew)8ScRUMtc7ueog6jEbQDpKREQ
zdM{G6BkIv@uISVM@S5Be_=V>CBTXzosA+aFw?+O&X#kP(n|<}j^r!V>i5_%#653>G
z4-6&jsltXcwZ!fJZO-$n`2{a;c2-nQZgCANw(};-|5K|u5Tj>qYnjs}O3ZN!Yi9nf
zwTt1;f_tiiHs3vWL~U)jorh?1c@tvPxxD{Ys`HoM^~HGFUsh4w{?Xzczv*6&1WEli
zc{+2iQAcwhG$#WzudeR>fAvM1t@?~a?2Dl~ly~1|1OMM|)#v_Y+iZ0?YO(CX=&P~5
zrd6xD5=Z}*2}YA?Cunntr8aagh~`P)stf;58)8hKmbe1#3Qrss-%qY}5I-jPyKzwY
z_g|i<Of4PGb${JUNX(Alm8|=pk<HIrABc-ihB3?C+$%Tjvjye5rwV&7P9B7~H~T#c
zIe;yn0?Ivpydw=6b^z?O*bN8t*FxxN2L4?@8j(_K*<KgO0Dor{>9RW`f@*+AOK3?u
zHyK-#CS%NqM!0+dMc;gsTLl6KDEu;|0tdH~4)#YBJfErWMEmtwVb_+~L@>MIzTe*n
zFiFq89a$nz^1<Mfv|CZh7=*}@@1bVT)HZLSF7EN{469J$UcSsV1?k*rCHT#DYtnp~
zo<f;ZaEgwPt(p}(c$-5H^`no;U@2kOt?!o;T?A75LipdFkhQ1pO~E@ZCV7r8?0b5S
zWDn&t%h_E}Q43DBKyZc=w$Rb6Ry!L+@AmiUC};oR?JOhrtJ6m>Td@<eF$JciuY&&h
z&d9T}%Y(~|iNk@qQSi-P@@Zuh+cG)~!|&XdLlg+|r0=cMwl0FX3~We4N&N1C8B5yX
zok`_-U2M-{eR)+7ttXTR>)lgrg66${xTh{o<*E!MLXD3T=^2kE<t{0~c_`ZmC$(U>
zOr4=@U37~Kyenw47VyhNg1ko7(2a=g6etH%65jSb65&}kl50?TPci9*=#pELB>*XZ
zEoriBhMToGCFhl5=7IQWdi{&b-*Cz!BeSD~_4x%mrU*iCD}TO!^As`b>MVO7vz($n
zMRy{jrRhtpkMlzH2+A|sPAzWrBU4iDte=#KP{Dy;=ISBUDq7`xqn&tzW797e*;%}G
zDc8A!8w&(nfTW;hwP1Vmh(5+$A??hd&9Qc*vkA!o(1^*uROM!uk57GeJ2>Rz$knQF
zG|WJ3WE?s9iWU{jR-V}8<&$Qm*Y?uS%RMU1X&BE+&Pv^3KF(xs{qgDpT%I2(7v($d
z;(Y;=_JWz<ji0ICn`F(hl5rghddnm2cyNu>SfI*jKpe#-6p^ON%#39;ipaM^S5t?x
zc%~Gx1ae4IUq?_?9l(xtv--nPGphffPzCo?S_FseLW(cD#*0D*Ceq*wz4Nz<4M7oB
z*>D5bAsz9Dwo->d#&$$s<-?UPy?8Wo)ZKOp!E;SY$aBU_1m|la1{ldYII%sE$}^61
z4&1xTu<BuT-b`;IN7h%%>IfgEL@Tn-7KunWmTWkbMJMTNLGZAuOeB+2KWmGv#0*&t
z?A0Z-rY@yuC47=EHFS)8GC0d>D8f}_zt$Y+c7i`xvc1q8xN|P+9ORl(q%yHenMlGV
zita*3GWrkP2E(rQiaXo$;_0SlpY#q*^!k;Ozo#$2Aj+98OJ;iU^=7<9<V4RE9?gW+
z#Zi!X&s1hOKRhF}-L-$2Hzg*TvQ4N7q=*6Ka#Z7ei$>q?DoV|LxZA|tu&S$LN<dLC
zdDnoF?vctCW$Nln=JI$#he7$IYYDffazvtMy%j^sL^>taqR58u3>0QrkWj@o-u{d0
zY;Bf<O|HNnl()36lnj0N_MW1nUo7R|>Tx-Csh*L~-*XsqO+9f{`iK7H6_i^iy$Ejq
zRYGEni_6MgprT_whm}8luRVW#&Vah6%g#_&xeq8*8R#w&=o{{07fwAnt<|wQzW<!1
z&9%Qi)R#a7uG3*Y%=4m_iZy{7?Z8o7WS-v;2oXP=Rd818Ma~H=X++<0-!hrsncC(*
zbg3t0G%M83qeU&#kt##tuNvTX7r!>Wuh~O<ViJ-tg0QVK=ketmCY+GTn+5PlK__H=
z&XM+riJw#+X7bs2-%TX~vSexNveG?~(zE0b7pEsHtVd=OOokq;a*X05!S@e>t+xha
z1bSsA(#@YVId2y<*4q{J!qKvbC$xj{xx8aCh%dvgqY7-`*#raWI=5)va|w;@j7g(-
zN6SMMDD@$jpKXj{VO3@pIdN%Cc5j~=IZW-nW-3-1(JTt)KP)%ow3m6@hSR-`=eVzV
z;-_7ZndK<qF85nGQWtu7wMdwVdjClUK0l7Cg&tV1f*L;GNjo%w%tr&$N|&bU3jYOl
z5WkG5Epq>Z-uVp>t-k<!Ui8|ruj94t%7?x(7b=4BH=+`~zI@EPHJr4G8I_lP4j#HB
z?T#tBF-mfHfm;X~Qda3pAZ&b|3fvSRabwcz_9CUA;iMG3S}$VOx7~N_a_0F(-T}E%
z)#%|=nY=H+DYMT%<4+KOD5MEPo>Vg>iJ0|mvP9cWu6_z{=H`X)QJyB-CK+X_vI`rP
znG&#@tF*Jrewtm4VRb8G?V%=$Ew10WIUsySvt`~WZ_VYMWW`ve;${xpp=-Dtt)|HC
z_1V2?7%1$X<RydEudFCfkI)IV&FYvwyMlv0O@q4Gqd*uRCOs$94dT`3FZ(7`c+<|^
z)nr#abs-qpbC}rgQ6!WyKKC+WfG#(F666wfY~MLBi)2GEtl!+u^&zMZRqUfl{4Sba
zYYrig3QRW-2EH}E+C7@2#kQD@Lz*Q*b(=U@EE1)DB<G3M7&LL$+BwlizD%pX<HmFQ
zcq;QEdE+#;YqR~T=IiRw2R80ae(f(cNs%l8J$R8gOcp%Qi(a$r0J*KPl1WM_A?YD1
z$peCETlf6=U{gd6h^@uY8D~?l#RSBi>H^{^+}s*2A1Sf-M~R42`oJZl-;X9`M<vZh
zb>mt2^IclB{CnJh&dEqdu!&61c%?uuuIGx0`n5ujVB-+L*W0f4w0&|<c;QOocE1oo
zfyMjbq2|QYff(idNxNKeI#3h>&hHK6e_Rqte(y^yzVUPNnifR|UzCCJQRZjzvcNeK
zp1m8QWa?(T1~x^TIt3~p)|arVn2+>6ujCl79NNizfNSnaFt#o@Tp#74y^>JE>+d+@
zJ~Ilk<udIXe0RUfXIk((53Iql%4y#t6X9aEh|pm2t|on+*Y&2CBoe|r^t&43rmuH?
zNKSSBcC>1ueBxeTcY<3en;aRQzQhdnKJ-8Au(KKsC}c_PlSLMsrFcJ&NY%i?!za>0
z%wQ|R#FfkLjXi?XTSwz^q8*9a))o6r9z}4+qRy19^1s4oSmpH6T&nn3DVjX7)#;hM
z%ku4qcD9%t6wZD4>TIFCQb06M_3qJ6%)3cijbzHvB%c!#KtuecGcCP1qyW?xyaQav
zH`P5&9nYShRZjih9<aK64SGHJe)Yo3==4!UuRKw5U7%_%uYd$rJRZp`mx-(u2-zAI
zNT*6S42=59=120}r7$L?d#=<Srtt-SJDL8z<>fD0>YyQgx#{Jpn)|KUmYt$<)}Sg%
zyl)LL6?B%=#;GGsikOg=o1`CNmP6{Cf=pFiQJxN1PX$Xod0pF(^9?)_qUaTr@@_}_
z=?jDr$H^7NEO}$|#TJmtP$Jl>JODNf?s~XFX;fA<zDsxrAP>6$Nx9U${Vz_?fOd$*
z0tZAt%%zB{DBC%7FAST8YiN|+-lSD5hin_oexz6q7tJY;tyq$2n_C|=8e)SsKk$w}
z`%$fIQLf5Mv?@yPgJocdt0RY)QZ%3BmaO0f$m=`F?MT>^JMGiXtP7CJ<*A}ev&#2L
zGk}!M{tU8j`CdpKe0z1kef2H7_DYlg2M&t~{G{x(jmGaJL+*wl9jN48sOP6-w5IEL
za{O7~@QUc7`jQlgdWmwVV!fT^#>a`%fazA$>Y6n9ZS7nt+OeDU9^wdmyO_}sIH4fz
z<~z!?|4g3lKBjui?A<(0#iD#_(H8#M)cs&U_ZWw>E2w<=@c>0JIq=Pigq9?dIiOUp
z?66vunt}elm~k*H@U}LOAG@CKc1uJxvo_B<Fffp+3S0GYj+h(Lz!I#FC3UgMVGCzb
zd50pj-G~H_a5r-|^8yY&v-s6REjCOM2l8#or2rzIsljpYc>S|{IS{@^pVudkdn2nb
zvsuM7cJojaK-B5Ygx=I@=OGE6dStCSLFLIn8|+3H$C5<*=Y2kd2lY;o2jt}up=6g9
zTMT}G$pb8X6=8~8%uxP1p^^N1vGqO!(quVRk*VM#Y-XrkEFsai{nJfp6u^!35*_h(
z9@9RBuqw0cL!%$BePXoQUgz5LqDtuTTXS%Oh9o=s2UfaFR1li>DYl5V6}!h1ooFvR
zlI!_BFJs*W=Kbp{l0`>(q7VDc096Q$uEgyHdFbfcHR^aW-9%W31)xOR{BT`T1m|bM
zlc+orK6`$pL?EhiTFQrLMtZ3^hvno?YSoq4I?zI(z!k5>Fa_bY$=WY<kIT%ux39#!
z?&2ymZ@nUEPga#CjwA6Yz=Aq)o>|aTCG{3vF7rNI(K}kQ<NoGD-;Jvr=k|16XuE_?
zIo@TFBIDIv@pn6xXO~@__>(_N1`eJDR4wL31i&nieRjwfCbfCF5I$>VFZ%8TG8^GB
zxM0c-rEQvd{t<oefdJ3&XmWS{t~*rvivnLZJ1m3Tb6_>`ppAD$#jSo-DoS-lxo}QL
zCcmnpcZqB?rujveZ)=N5D3O~dj>n18V((&w4_L3OSh_Wkd@Ii{GDm43tDA<$zam}~
zEgR}Wd70q#uL|AhF*h^w*OhR%U?FMn<@NAV38&jco>-z(F5KanQjaxl_0hwGeFdNu
zDGx}YCMqqwP|yCm;VC7;rAli8zR%En*u#FI+R!y_0rPxZxyW9uX~`vnt{ekXK=Y#J
zleSlNdl=yA4^^69m(OaE_zjSQ+_Os9@Orw;_=|WE(Ag)owWaY`)D48+{D&|8uqppJ
z6fk~5Z!!-Dhe)ZOA~7%~#R%A~j(p1REuml_pf+#Z?2L~g@?eu~q&n(IvIlxE4yIJ<
zS+&IHG3ssBV};%2r(I?OTcT~+_hmA_JES21*4~0NEVwPaSOOfDeLOx>gz^t7(@oU2
z-uf6%QeLi>X(($=am8XnDrm_Tjtymu(NtXH<6^l3Shid=*RU#q!|wL=__P^GqbI{R
zRfc8_?pW2dCG*qk|J3L0zrF{Rf!mF|g++`!v{QI#t9+wruDqQ1>ZV@{?;!pUaiU8=
zh3Gu{_RDiW9Q<M#j_h3eO}je%>7AD$(I%rfIdr5*=k3O3S$!AXk^NJ@D+Q2y8sW{B
zc^hu6ONIl68X7e!`~TKPATL_zK;+&P)6t^afSZbW)z{l=FZ>jT_RC8Cb}k7!UXUSd
z0DykV%gY0Z$o*ZK$f~DhJGJI-Y1fD4gZdtEaytG?)_NEEJ!ta<96LhZFGeg4X=}8u
z{1oQb@Afz|QxX>ynB5C#Ozec7y@|Xv^hbA)CO`P0gz2`ZVQ%Smr^vT8(Z4H1N1SO;
zyS)rVY;<1sMhcs#{!s)8q^YgcJYA^ohLIog@*Ec}CujKGTTnU8LMcgTZCEd{FvT>x
z^JZ44!rza!xM+mZb$K>0u?0lult$;x$6Eg@eTdN(d{DQyLeO~xnC#QpL9OwX|K0A$
zUD{q*S>Xg`X?RgL+Gi(z9KRp-zsiTL+_W&!rxN8&twC8J_h0;)hQCMtwmZXiKp!9^
zVS*8`ZoL{mHTU-`FRr{~=-otYjMSRP2;G!4vFR3G`uou!j$4+kMrVEm>Hd5#B{8=F
z&sE@wR%-i)Z1??ki-;VB)Pu$ymKGG(A?|TT^Va=W*(r7i9VU~djhl$!qQba8M9pHv
z`vJYaGdeDT>)+`-J^ts^T8?C9`kQ@1KrKt2($XN_-{RcfJHeC$sO8EJ@iX-?fg3`J
zPyd$lz0YMjkmYlKve1YhtjlEbQr~}P)y-6kv^r#n-&!o(pLz0!_?M$jlElnMcCn^Y
zwZTtW%Kj@nOblT{gkw!@N3`W%{jYLGeZ|mQI+eZTug~PYY=~Ii7e?j%J>@@*Pcqk-
zXU^LV`9gHJ^IOl>e{9I<OqC&p4I{K*lh&<d^=~09@Iz49b@iI;97fRd(x>qb$Nw0x
z>xqdQwO4fHd7lo`j?VlsWSZkR8OD_AltvF-GIwSEM}JAjXu9yI9FLtxz(SNNTvMC>
zb+$p<E7QUqhB2g084<ZM=YLCaRE?gDl*~#EjEi|vQCZo<;0unw1sJDk9K=;_p4cK>
zaieq8((*U<(w+|5$xSOsis^tj9VRZ}E#qDPt2!02Z-$9#LwW!$kmLXAje&;1Vb77u
z>jvCcYZMd<ivDBPn}z!qDnz<XH9v4bXa_rfOAzGc+ZL|A`q7W7Bx~);^7ND8C-oD*
z@QU_4_mw2vW3fj9DJeOzv^=Tn$T^qiYWAm&XsT$#xI{&zFK1k+=yLh5j~yr#6phb0
zU9Y`p>?+Z_{hx`d>~hZSo;>L|S81H+0~+{`LgX1SogIB9KDLS#J#t-tSlZpD_}KJq
zzm-qP6Pm7)@Kqq&??D_Hq@|qQod-3gp1o%Jwu+7pmFxfM&B-Y_ds`k<kak@Mvm$ve
z_+RyhdKvb)+BdSilUVtu;Co~cNb~aR-6pE4uUSINqLcrpk43R-)51cXMjjzHj(7*!
zw%qUTe;Q?3|I5T|d7%}PG@73NYeXK-&}gqtQ|H)#-+|zlVj)fO=96ZOyb>nEH>@q?
zUH^d4w=}4q)YnLsG?|pwv8-|ZLtL7*VEs7};J(Y=#ogxm4`2Uhg3Iu`$-|lMS|qtD
zlijPB{{j%=0O+OP*t_Hh*W&bfZ14vd{sple)1aN)%j1LTnBM<5_lH)qLiZT65zE#Y
z8_KUbZ}z7BOXgipgI8#hdDc766Q*XS519U`rN3XLc}=Td>(aw|p}jLV8n65b|96`(
zxpx7*A|-aTLgC*tr_Vss9TZ7#x+Q8<L+TXkbvXHt^*PgE+NYqq%$9L!s_b?R<9`7{
z)UjsCC?(fzZnyL1gR}oswHJwDJRy@;H<!i%=D<R8@&^4Jm&5=30}9$&nJ{lWAR$NU
zg>mrcXs-OUTN8g+7%c&{HO$)BP&3`SZuam$2uK^4hF`kB$r(gx>7CYA`9IWqhrain
z8pYJovT$Z*`+s7tXfP)2juzbJ1hAM|eEL(b!{?Ix5P9EBBRc~)&pP`55zyi_>XocH
z0Z&IZlP+^|f`<OZ=ATFbM1k@$Bn<FdHw-<P%l^g0pXes64)CALC)e<r3|<QPGYW+I
pJ4Of<yfg8()l&Q?tOR+H59us$;pd*3X8+Q*wub(lVzmb^{tsa~&};wz

literal 0
HcmV?d00001

diff --git a/frontend/src/assets/img/guides/sophos/sophos-step-5.png b/frontend/src/assets/img/guides/sophos/sophos-step-5.png
deleted file mode 100644
index c139364d56f5ec3f08161cb26640ca2c8cee7c07..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 77220
zcmcG#WmH^E*DV@Cg1b8bg1bAN;M%ym1PSieKyZg(K^qSe2=4Aq<8Hy-t?`rhNuKY#
z=f@rQ$36E)k1eCR_NrRDR?Rin+~G<<DO4mPq*t$Ap~^^$tGs&k+VRyZ7y<;i-*-4O
zvw43XV4PK?L|>IbNcMkUys`MG@bT5F%2?z_<F~)B5gnwponO5|>-o<QCW#S^_|>bI
z?=s>a)jSN2!0=yid!PCN<?ZgRw?m|@w+s=K472mO%BEfqv<3K6-X>gbrl((Czn=W)
zb$Z>9x7_L2dfPlV>}S3v_~uP-(O&A^uS+)z3kzRWx1HwdYQd&2uYyH$l<07fBw|I$
z?@Ru3_WQ=(M>@>HKj#y$%9Ox=S_J39=Za_iZH+GOUD>(q7UG8cpZ33-W=SxaTU#=Q
z(QFVAe->;0dpBZ?5;2@U=jXe$FlPbM9R0r!>$SivnZa8`$_?jh?j~DQ|MOHO5FTQ6
zaBy8f5kB!hW+>5ly_4;s|8suzVR}>T&;RjJ0}VoZ&0e)aeTd$GJXS=OpD)V=eoXl*
zELyUK=&^8g^?jL(6?+8k9`zUh+d%_e3W|W9Xo^jl)%V=tz;S0idHP+<CgxR>t*U9u
zTpOBYi}3g126TLZWNve{s?$WE^GlP(J#0Y2K+3Rc?qFD*$!&{u9+u;up|J=!y@9Ns
zV>Uk`ko<s6cEF)L$;JBmLz%Ae(UQTQNL;1iZS3g^CO`jc3rsiPPu}$9<*cy%-V&>{
zv23EWHnJ6!ce60^($W0fl!bq1H6jw2GBbb;|D(~~jUq@&PMub7>_z%A;UmKPJA&HQ
zXjb6Z`sm=@Ja~1S-8gTs!#{*4q_sjbh2~9yj0o@v#|9;gPq4|z=zZH#=sFgU9PPE+
zkAHj<5g7~VxS4gMPzt(Ylg`;dk4TEV$99Y;VoyueXSKoP0s9+BsfS{dh}<3V?!9EJ
zgW>`F2Q<$i+Bp+3W2g8ua(Qc!|1)qT$-9<|Wv@3uTAka7&&#6Xh@_X{l(zivPQYbP
z+eD9G+ZDG=Qy`e8M~FP(X}7YHn0n)n3qef-QW=QKZ2a&nW5IDUosHI6HD4bpq`mKv
zmRLq9WEK~s=0S@Y0?ecuoG4hn@}ghBw(W{BN5ORfxWq8kf8LVweM+hI5cBbI!PgAU
z9%eQ??cfvy{W5o{o%|0@-eT?J(#fn`3^cdf2&p(SX#h{X$0RC~T>_?u@~`LNYxuMl
zmu4;D_h_U`1=l-6zUy5;_i+|0dozOeCdy>*5f0z=S>eyL#}V~!kK^}~p1(KO+_j5`
z^Zk9tMMRgU=N57*GRf;7WRQ420<rQ6x7m-YT%@_WxAe+d>v-K2hv5=1#1=X?lMU05
zx;e7#ae@&2RI5JFKF2_U)F@o@zuc!FKwE^|atUY2OhMJjS%ndN)!2l9TKqW!78`^q
z)uW5ackLGO=_ECNPH7d?;KFu+fYv!gKxJ25cq;)HGx-HoVD3pfoAUoQi-o+dRLkJy
zS?fo)V1vCB{#rvBtD?n1gP#YD?me}GrPgb9QnX1<Q|Nt=xLtE@vfHC(clAOXS#KXE
zA{$r2EF!%;A>P;&)kY`9%*4YO^8=elFKegGtLm>xqNRk_aU<Z>$k53y=<vK=8_)YF
zU{<J#9Mi2qYT?3dx^kls;U^>4=E&&YpKL;rlggDKD#4INE79qNt-Lw(@{RxPIaBs=
zkK8!#*%{>>?2GryJ=8m|7;m{bKB-b;TW4@J>5VL_j>6&|tI<fYtzZa=*jiJY-fFNf
z5Df3+7(X`rNFdjbmz1}qszF$|KDXi<p)A#*SUn2^J5bS7Cw=r{9m}#b>bXy7Q9Gej
zClMgBGA|t*V=!L(p3Vq;p5WP8x6rf-l`aYIi$U|P$xBNl?UKwwxPmn>;luwoMnJDH
zDQR?k1<SId&QI73_N_N-7g?OVBrc~i*c60o<@{*Y`)%G876g~`H0~u6_m+DH2QI;E
zqxJ2zw6s)ZzORmM?biv2r3dg};%9Rh{mKfAU%&ZyRCV8wfA*f&Wj`g8WDwv)mA%ld
z+!{?tC|Os}KY(-d!lF4}e(OIq;9iIjK4(=pWVzY&sO5{v5|!W#eMX+{_x%%OK^s8}
zOv}wVVRIU4qH5ErvFO`w4R511>?1+^A8eL_yp!h@BXKCD8fF9oPnbnZgHt<pF?Yk;
zi$yy;d)(9uG2BhoXv7U7=M`~aq}vTJ`v@t4M=prB>v3=FNP|}>l4B6C%-O3pJV@tS
zoG>U&AT`RA?wdjHB6;$D_Rfq`h^Om%r}~>=W@!egQy)d)@&qFq(;Q=L0IS<|ESb~K
z5-5SCdjSL#(5_y$R)oB6M)6f`S=F{PjP2g1<4WlGCVpK}>=VO3u>h)eCadi7jb-v{
zES6v})CxCXfG%IA5JMQ%WQj$5yi$@5`}HWjxN;x{z-j!4J_&aEd~o{)jiVj{MLR+_
z#UpQ|gNx{^nQ-S-s$alO8-F~}wpfSNWE3;4Xv$?Q%w6SkYut@tx}X%C;K`rz1k{GP
zmX`QSqBX7==Iu4QWnB(xB+f_=pLGK3vgA5kFJV~C{@w95D1T7_M(}X7HUJ6@;Ac(*
z_I&1E*TuTW!SChyN|QIehV&ja$6wn|HVc<~>wu5PZi0ej;bYy~%1%Y6rTr<Q^VEyt
z9(e1DF+pITvd2M(PZ<}qn+bLnOB64%>|RYzX+D!#P#O14ZR3pR1kZN>0M;kG!tl-A
zkHWw|8{v7lDOPSt<CMZsOQ1up7(#(vrxWG`TwM^KT$PH)F2?<P@n0ggGjEHl-`C-W
z8e9B4V|_a<QKu|MKvcF_s|)9(cq)FBnH~KZ2J|;>A@Ss8Hlg7wCQd6aZ%^ZKvjxTI
zqb!ReQ|pW_CufPD&a)luYVi!y^%P8PZeDLj+kCc}gBxP0i(aP@HXH_;iGJn+X1z=&
z82(Qr|2%-npYRA-lt_}az&i7A$gp0S!hmZ<i>x_6dV9f2W5DXxxY1+v@1%<Uh7tCK
ze_XEwLR0!LNFfY#ZOZsRkU=lee~>{#U*G+B*&nzOyiqMJDys4iybx#>_-}ZDxsLe{
zyg;^P{1-DI9Q4Bd8F&O)*uUErjxff*#{ZwF;@|L;v*-Wc*8Z1;{{?#f4Y~h!Iz~ni
zUCKg%0kG5~X8{PJ7qCLk6J1a+5cbCRMVkY@tVK_4<4Of}aS^aZnA(*q3YxR&RHUFR
z-ZXxdnE;c`_lNac^;6l@F51Z6{asblcTjP?V={vUrLIJ4dn&<P-JOQw#j3BLt|hBX
zN};WGEnwe!g@%mP!HG9OJ5zO4f+<Nf)I0o|q$(dnicw$TkQ?)%6|X8RQwOhiwPOx_
zTlpbEnG&j)>9IWQW?j_c!5JcW8O$VWmHyp8Y=KtA{LZ1Tj++B9Pg<tRe^4A$2_zpV
z3zNpcU}bBUTU9`_MRPu}aFX*fFW2~ah+EHj8&!{;&L3Q&p}LEbeaUBeR1^9b5(fFS
z{ArH;>0)30FiTQgmeujZ#V&*A>G3siqjqX~HhA2NoXYONy``JQM<7|>lX)&;Er<zO
z3LSTXkc33-@1xbA9^x6*{_!k~^$LW+%|~x61~~Fyz&8$Rxm2aMmLXaKbVp7B3qcDG
zzSy9y_K$ui{dpqg_*sA&s)>CGwR=u1m-~079jD#ieTb(U*Y`ke4>(_R^`v97TVi<!
zhlvl59dfBWzHf~2Q=BIuQ>Mc9dN41kH{jMag%9~uR~~mZW<);E&V|Y(s84^_vS-Jc
z)JMyQ_C9T&FWtw=Q3O0+XHDT9X?L+L;+*GNxWIf7oYYw(2)g5(z#m9R6n+S)Ckzpb
zs3-$N2&978ep51NOA07LPYu=K8>H3?o>vIe{jrl+2vqzcM1id#8#;pgo}OBI3OJ>P
za^5aP=ah?mxj$_Ll|D>_cXPSihbzi=Eo(s9^u6~je{5>4lev)y0L4v+*o}9T#9xD9
z#H`s58JhMIzQxSosMvW?$h*Q2-IVR70Q{%vA{|i1)hhg7E50GD)3~u+`lx9k+>dr-
ztT^FFnMdWAxjfbu;BzFP7QoK}hB|O6Q0wyR=qXsMvp3%!ubVX|^ChIm`v}f6Ka$zk
zB&2-{(I)ROXo)0Ux~X_EWB*P&geWIVHMEiMbn2@kp%;34nxm6nUg80;RW9yXkWbTh
zZJu@N!I#i+NilEx17kDC-p0_jlKbimrAZ&GC`xy+-4_I_YU>aR(Dbi9y42NAtj@~o
z$}xW@)^z3)h|E!eHuzXXsrayoP)N@@C}njg7W1<CY)H2}@HiH=AxBBRrosO91%sP-
zZZd5=@(7ARLhDx1x;pS?{UxNNjH0>tE9tg^j#h6dQc>)f@iH#2Q_^@ias6o*W)xkJ
zfBwW&gS=s1F152(s~t6bY*r5`(X><D^wj5DIQKW1H(qH+EOC|;T}Y91RM8V0M~?_R
zBi@lznEdiBkCJ7hoYk(EZb6E#ZMkh2m}r|$-xL@MM~@^dd6;g(V8JVF2vlb2sCL9e
zNE+KwNl>GjDYS;Cm$k)JRvz0d8d8d~De2P%8UM_B#xDCb@~f@qaEV?>r(hwdBxEyb
zw5PZC?d@OCzyjT)glKoiCDcx<k?nlww2R^4Rsn6i0WW?OrfE;_3iMuR^`mXRIsHDF
zF*u`Ih++4}elL0kxiH}e8Y%3<O~3hgUgSu&qVIcK*PoOO$jX^$Xl0q*T{j+msKj5i
z@w1ByBH)q}CcC}q=;(6GMuF<8;2S76$4~UYDpj_yirlKHaPB4u2#2Y%cj{$`)p1xo
zc?z&9ISSz((W*u*Gz^`v>2X=yG-&M%(?0Qr4JtIB^80{CgXyN_B_b1^dZjQny@515
zLeXo3-uIn1p4W`aie1BH$5LfdWpHR;PS%D`Kow>GE__c{!j1@wki(526We>9_M)+2
z<)cM%=$FJ!<;p8^q4*RwSg%(9AQ)J->2L48f6l(=`+45DmEpA@{!e<_yXzmjT-`hz
zVHG`?tC)zJ-YaV+X*lVFn#j}Kt4wOw8hxHn{_8@n-25PMUysA?edS6lHGoU>iZI{O
zOY`yVmDiQiTv1_DP2#r!8#p3e{zaz#MsXq0O|9+`Q3vfxtr2mQ_8{x~9fa<clxRtp
z6<8}#rGuaf!ETN$-SjD%DNH=D{QcKKJ=X`+tr>jP$(is8BT-feBIVKK{$A!!bKKXb
z)BQ@~1R5o{Vz-@N=D)_8Z5N#3T6t+A+`G~+N!}4~Nq>lt$Rk{2oUe6-kG9Jjut>it
z#sx!Ze{!ZWTPl_}hmTT^?c^6U`4dq%U^`!mz}1%hljUzz_edQr>5~AI<rc%vul6~m
zAGU8vd!Zw25poPYj(O0xK_Q;Eahp<N2qfj{8lgCrACDABJ*b#P=^87)Uz<NR$fXL=
zee1Gas+Gz!&x5g6!}IY*pFTRIeWM_1mZBsla@-qw>yvR<WV(CtJ>y7d)HhZUK@{0o
zv}0e0Wl^A66rO}Dk!PGi{QLV~msyx~p#5K<&6p<6whPL3uzP_bxbsWN{d-!Q{U}nN
zL|-3q9W1J|Py-W$H;)!zQ|e}Sq?u+Orx8L4Hz%6`{lD%Ej-}a1i=_X|nGol&!#ibC
zJ$0@@(sgp3ck2Opm{;3%-aG@p=#rialL5=07p9MWLt!Nz_$Z&rjv_2RI0-e7LQy;8
z=zUhT;2wtORrI7(+T(gi76$r!9_SesA(9kBLtAuUkuR$AZbKXtRm)|ZYwxLr!b{Cy
zoAFtV#yVkfNEe1PlZelE(J6RGL~YEGe!|aI{M>uD{otlVf2EfwZ{0!Lh2~qKCHC;E
za{kl}<AKbb&MphTexT59tNtp(;>g<(q5a!5)8wM;Jkz8y$c8l(eKr^0>gx;0t{xQN
z4ObWCOQ1W<XEpkMzs8;WZ;mYjwIqKyF3Ri6q2j0Cm**y^n9^DbVx|Cpki&(9iDPw@
z<^-N%VeHN|q2~9|2I)bzK>gra>cna8bsnksgsCjPbRZv(>e>kn4gK3<?Z@Mp>3N0x
z!uJ95EG*^u-S+P(xMNFuEZ5tk?=|2j2I;l7rbenE08-6kMBps1$sA#r%m5{?dJti5
z^#vPsG+6w*S=?vD@lR1$R@bU)^FT8vqD8^R6BeShrEqEaUK(=mCf#EDN^Gi_2i+f-
z76}-{6h0fDOLO$eWlZ!O)+l1!gJa-z82R)JqWkd_-9U-sU`Z2koyEh?>^%jTR=&5D
zr5S(*zilKJDtjZ#0F^)d3}_X)mAs;&=kn;}Qf|h0nt0e?azGuFRd)P$npl)BR{-`N
zM~U`^ow@PAkSL<>Z~l;5S*p|0%exqNU4g*zxmDl4`}p1eumHcYpI63@{}*=b|2t5;
zvt;Dq`=Q-#Lf)vUNV`-JSYR^yt(M(xo~|oVs6`rDwA2<<kNg8+Y_D5gQ=X!7{nerM
zsQeN6*zDWk`Q3BVbFcIK>zzo`2jwa!_+s8w>2ilWJkdjlXX)fFJ2&RH@<qwKg(&u4
z{l)bTgEg#d0{kkMe>lI5>Tan7ofCmo-vgO8es@!c_LFyt<qM)x4vLPLmR`HA2CEZ8
zHG>HQ)_}hIZd{kl`QE7#_jM~Kv*#T#v*>nlLEq6|tK$4}p8JCq(2IEe&R2TdLU$e2
zkDx&wmx<yiLf()o><4;FMAL&JW3y20falfNI#VHmONpVD9G|~A3m>^ck0&UKWI9wN
znAo#9mz0t!3<bG=r&hJ`GafqN>XlzsYnWtt?Cj5yc@94wMUiK=>N&fu@d(1leZ$zQ
z1G79lwTB$;$K5!;b0{%#u_Kg=w-<g&-B8Rb9o|`%Y_lCIY)70HNbxSB>$7AbCnh1T
zLKQT)zbD~qVz5G?Y0obkr(2u#1`Pch@NjXA;_k^F-4*-b7CO=3e2WVl8WH5{vzT-Q
z*Cu~mxF*>HzF#VP7DF>%@%JEi1FsB#@HNT9=QPWOn#ABp&GY8e%c8nal)n^K_{D^H
z##}JtPjo<osnCNtYc|BL&zv30p++@NZtENCN@xB7B@YQxfyt@H&UC-S?s2k{!|EYZ
zM0&@Ig0$Jwqk7E@xmjP!Pn5<xG!|F#o%6R#qL_3dVWsJ(>jgD5nb2MGyQejB3qyTc
zxM~?jE$~ECb#eT{<?6;lJzhnA3(O-~*F*G1-7_8@ByDi%K`_N>h0BW&)DZA-11opw
z*a^;E2kl}jop_+}+3kdb%wlKgJBf$42(b=!!$Sz8G-@P;+aAI_GP~dD^l*4RoZ{bs
z4gP0fz|i4+N++mVTiV0`C+FOx4Ob3lsOf%@(Q1n)6RT}5BSr^-)u&%!ojrwDG<k}E
zkn019uCK=OTpx7hNY!aeJS?_NzNx_tgt3KEDzyN7mv>ys?)q5ocJ2Kj!rI_Rw`akc
z`w;?(!TV)2%BqLU=F^ui0MO}6L!mpCZ@Cmnz0;uU+(g3_>M9$m#r?R4060@A#bQFE
zcQu4aqfD=_1qnVT?9D~tTGuDc>k&U^mPj}9FGXf1d6a|lQN0%vpA-L}P2{aS*G6Af
zNEuM4#~cz}kEL0e#mnfjC&zmMU3Y8qcp#NmtQ}_w%G7*Z)K{TvsB~Z0ck=Gs%<n$w
z#3B>>YzL=l;7WD7?D2N0?|Lpk6NF(Pi!U;IIb1)!#eso~uV9ym+d3u@I>j9GU}<f$
zC9N+UEgHsMSM$rQ(Xobi6F9QnX84%czUGCve#~5h__AW(03`*Il#NpzhrNfRF>|<9
zpS$>8Qg|8t(bEIu1t;GQ_U<oKY4t1#TMGEi7hg2t={^6l`omX?XruVy1l0kAeDOsJ
z{ioZW!Z`Zb=!Qd9zjom!^i7qNh4CWGh09ClEBcbFP+p1WUr{nbBF0uFbnFaOMnsA?
zrOEj-{n?M144b~SGK<`!6N$FWU_^*J`l5)__D?7`B)uiBa~_EwepwL$zwr?y{q|mR
z>(i9)6~a;^n)9y?UpH>IiE>RcM@hzWp9>k_Fg5?km;Nb#Lwqr}EWIsj6cJ72x<rtZ
zipe{sB+PT52D4#r9TDwQNbI{o$AIsbc-2jVL)Y%0ID<hMv${;9i5#T+Yhw9CdQ0#h
zcPYli-h^ZR2_8tjg#l@u`TxJi=>Lb($o~%h(y<1w0OK<wrN`XMK9kHUuamcXFAs{i
zs=A^n$p5XJD2n{9j?7f;Z#UW??1hbc7Dtb49nP(ZpVEm9bbBH|9bDY9(PKL=3}fCl
z9sVE`d3YmX+x6%X>2UTT5SwFT!ENbPA9aeD2;lUM<zjn$eH~dJW>RPERC%6z2D8hN
z{%c=y5oMrcw-q5-g=&>Ag*|yGb-|0}NeWLm0!Ym!rF;2_J4MyodHBj&I+{-o$6ce^
zblYiG!|f}-6P95H7g9p?w^n;r^G3SBkJ#lqeVDE1+{x9}qk=AIjS<B@oR#?YJJH+C
zmN8Z9Rt}sueM^nGin4S{e_TNx5_`i}`@}bVn>c<u#Cq0CY`^23980@!1M?b)WmyPX
zvpdksc|wmYPoULAfYIC!!Q3ZF%~TlGfAR#G;Usc%_}Wr4uaXINKyxhDI3j7qy=aln
z-K@*9c(Z(C#EzfGC)}+TZWsXiwahj6`M$l8Lh8TPXNk+H8;$tU?HKYu9ioseoNm<V
z+OJm)pvk7CiMFlv8u+H9h1r}mI3nF}BWwHYAv~D3_F;+Hx49e>03m*<pL%iC@K21^
zFJ_oTl*+&s!2Mx$UW0z{lL^0LE{Ts;!_Hse+-(ZYdsp+c?l@azddY4Qf=;1)+D#NE
z9?+IKW6$zo&ih>qH|N4Z6jcF;P_CZLY&e3t^pJ~Fh&S^<I9S}wT&4Zab=Gcatl%CP
zQXsCvb}NyoTN&;p$I*&yqxLg()NhA%_d`jR@7;oy3+3v80F4dqMweLt55*qP#c?+q
z$4QS_NcSXI<M%>&&v_*J=2L86?@r@z5!i*Z9_2tnO@j=gZm*ii9+1Pl<Z(2!P`ack
zZx)o<ioAP10-;Jts3u5?dk?u*W;?Yd>htwK4BbkYRPT5+VQmE^;h4o3e{R8ae&&Ot
z>3@?afU0W3s*Kkf7A@1MT>*AdCD@kuWVY;up1{F@$mkK8)V8|pvb~K`7_Z`vg$=ix
zT_1#vi!F5*5j?GU$6-j8frq602bza&=SBDID?pE#ZB{EXgG*+s8*9)?=~2eM@V-3i
zW&)0kKa{I6)Y*KB;|*+XbE2I%#IMS$378BF=4ui;TCPbVB{Xfc?m~ze_4e0p1GPQ%
z4j1X43kaf}n5|cdh5(!6(nEGklU@UVVFaM%%xnqq3H07jFKqD<5w_K0M^Vba0N_bq
zkf|I+^aQBjOzBK}+U9J!)#?KAcaDvxSJu`aR4?{Xf;hd7j6xKf0-8f^(C)4`uEI+%
z2BL5*yk4iEN_II;RoOB>@c!H^h9@^#kJCAZ@)v83UGOk!MjZuC?04)rT0`1Cyo#l;
zOjtVZEkCSNRH_Wdz1BD(nxoyy{*!gJujhsH#lni2paC9MdGGdl+Xro_oPsMjF#PtZ
zYZ7r(SFE{GjU@$gu?GpbQqCIm;DU**4$e#}wZ|Xydu~tqkMrQMFwOIR<b<qH!+Y2c
z;(gwX4;v&MOg<qH+isF*;c_MmM%CA;sndc@=?TezSg@VFa(iydA!_Prn@0A6-RuVF
zOnSiyporj;`PEBv7)>5l)^ItFB=%KoY30Jnn@@Itx)fkgl+VSrm?_#NODTz63w|ws
z%)<z<YsUx{)q)Q(7}_?x=UF4q-R%wRT|B=X_srlmw=tSdZj&`P;R73xt}1E4Q7p>0
zWry(~E8B7mbRns<dc)IlhJJl2OZXGIUjkwaTwGuT(hlZ*^D}-7sSH_L@4IkSpUyPC
zU-LkPMaHkrD*$`A3%WMfD;c(>x1w<tBjPn3q3MYLyy~GPsK4Gw%Z+YNu8K8WhFF0-
zm%ncjHSeLEj$YUM`1|YA&ihp<M}Dh$V=z$b-_2-)kxSjzH{bA;p#r(ypI*=V#_Vy7
zT0`<mF5C5*BSs@hrP-OV`I=rngCnCYMx_oXS-H_wB=RO1qe9Y%&odzHTg-SPoYN(C
z(NcBzP=tybnH{AtAZsK;PlX|ZyIzc&jAl1~yupIr8JR(J7g1oy<LMN=lE)J#uS=k~
zxPFRuLAJAwSxw`_LN39-?Jm5AN6l%=jFgs9yk+!fZje3+3mvThF97H3-^uwF%R>t>
z64%u4T*dCiA!jks*Qb4or`$i{a=QEJ&L)tXkc-B+gXY+>AZ8&$kEppkl=P&EffSS9
zvMQeb*z<j;-7Eh7in7T}(7BGh_v^Q@FB#%QZlxR1qwwJkTV8hLOXzt9v_a`{n1mX@
z*&4^}-q8rtpCcuhvg6oa+RkzGz*6_Sz9JdoQXXqLC^JdbHpgx^Zu1S#F|6@f@q-;M
zq`I1=CKe^Z?56!+6VhY8JMcD-$V3fEPeWq%1XD5!#9C^t0MF~mm*8PZtki{MgXp&{
zjgDCk%>k!T<f6y^sHJwXyH%@$i=JF0#+&DGrMX8)=p?@?Fl^^mIilyg)3qwfquQoU
zH+K9Hacs0kh6Dh{HO^faohcbidq<QdYetiKO;T_E@Li9*dWok!KfMl;M~E+}G6}&%
zPIoB|0`r~?A!|6b6^lkYv4IKD_LetTTh5}r{gQIMEV9>61aV}9PJamOb1P?MalO$A
z=4nZEa}Qay0f~QtR<P)~^4<g^&mX2)>9PEx{S2w_9~U9@?xOwQtu5To+oMb3f%`XU
z-aY>#e>m6fFsTcvTg|GSv3<-d1<wG<*_*y@O601$q}PWKH@0h{P+?JumI<R%Z+Nj)
z?U4XOZ*Hrj94`YOTP*nij}R`E$LGr?dK~<S9{{9Yi{!J4v+>!x1+_T{c})F<Wfq@G
zSE-&EY9Xo*j=MlZc|+;~EcRe5A~M;YaZ!J<FbNoV>)(FXU4CBP4lzsb^nh$;ZH;9M
z_GGG~LZwis)Wb$E8(m-Wf1*EKWA4-wLmXa8pSsdDFK4sJpXZMsYo=bTW|NSgS`D9+
z0oSVSiZAXIj}K;oFGI1W(xPu<j3u#HFBJRu+3DlS&BZU&B)kWHWcK${Zs_%EUiPF9
zTcRGr5AmM&w7+y^k^7{y3tyA-By)?+$!I{lBat)*RC!7JJ+Etb`RDN#UxLmxj*O=c
zZ23eVetLha+&7{wtBMx78aKQ<q(Z;!sAjDy>_me&X|(glI#~={?xG04J$iW>^E`sm
zx}%#hFAmF2DcKRFV>$8H>+;^f++JL+Jq79JzVJ$Evb=x7&s!E5ZZUk~Cx1EgEKmZ?
z@*UkI7;y*PhzP4Fzzt=rjvI_^ntEgqWk2?2oo&~8JzozP5+vY+_&i~QK7FD^e>x*8
zWrp`$kA~HAzqDM<tV}C;xl-)Q;F&yFxgaw1HRDgceM*9-*$vj~JiX1E%PM1k+Q@oF
znc2UE56YS%`s4`wka1ZS$w&JR!ao{m+HXUqv$+M|-j+;IX?S;U=(*yBx+Xslspq}(
zxX|UzD_`xqJmqp2Tggi~AA75Je(T4^!r<|2fvD{QOumFAFATwL9m?9_j!PVu_MzgU
z)`!Hl3!<#$p|e$w=HJm1c+uK#pKeQ~N9mpN5A5It4z$APU4(k4dhLC8Zsslhbxk|x
zAiCw*Jp<SoG<c|e8fqs073%phoy6G>QqOF-Q%ekI{SZI3(v_ysN*kq_B^3571(*wp
zx_a1(bGMy_VD9s;kfmnY_m!JJ8$Ws4de1*2z0A+&20OR8fH^a6Wgg%cJvA1exdqNq
ze#4=szz6;E3?#pteOX`U<`~@A)48tJ!h`MG9^pImsX^Z>a*M>Jeb0xFjze6}d(BgO
zu6wP<?uEBUO_Wc=Qr~t_3XQkDHw3}eQ;dhb!Sl{#RVlx2t#$`4$JG7aPo8pXa#c7f
zbQeEeZZGV+N!JtdzE{1220k*-64W_%2R<GRIE=PMxuRPxwG()J!Jp%{+RY%l$=meH
z`Tlg}JZ);w`@&#chwjV8Z|2O83`ZM}Z;RXr5@0I%yjhzDTqQ{&bK2JiUB&THOwM{q
zok78{3stvYck-vw!(|6)7^wsEpQ&WrUB~Bf-%)mjtX~nYe;__o<by8qo)}5*YaHaK
zmq%hpW^Ts5+zX;V?yAc!E}i52{Iw4M(rHNU5#%1DvFYqq^)hM!-4#PWd%R$FS!ga=
zyrOvlK|hkE@n=bv<4di}X8LV?e7-nh#F=xqnvl7o!R9HsQ|r1mFPX=8hwa*FxDrwc
z9v!5T{5r28)vBu4P_b~;*x+fO@45(pcHb7THMw!y<I%=Dt|d24ZcYfy*->EV8V*3L
zpL<#T+-WsE(avsS7B8Ec(T^?G&zhlkr_axs5M4?sKnz~TfWMe1%c-k(J6pb%_v3&P
z&GR}8^J><S@A0&>tc?%p%&pJ>x!t}T=t<`rir)u0-L@Bu=7^_L#5wQ%vD#z1hwoX)
zh_rjV%bt^?cSk}?AyZE>^>#T+q|bnM;iRo<f#>Q?gNkl<h|}TD5#RSBzLh$`9~u{D
zXvebNSuS90O>=yB2r(r1o1wec+FB+$OXO_{VC{4_XaAstfMdOX(bv7n4X?kQb_}9!
z9!sJ~V{M6L#qB!1PfRcP%IB#z1EW5e^!oaD*rT?aR9wTZ6QcF)m90BKEqtVh`OToQ
zz>#bB)SfJhhAVKH1zw(?EX%e!RBNNmNAjH27iMjRhZ<&kPP)qP;f4=8YjkU<cdQ}_
z!b-(-=zGQoy0Xye4643`J9(H;ygSI(d(92+>2+fV=XWRK>w5c1{Qiim6qJ;zjtROx
z(LFoT8xA=ZOsV#z#l$Y#C>x{-pJ-laG@_^Fl)Q*OWTEDt#EMYble7u|x__<#7H)qb
zOVC!l%-nuF9F&3%uUV`&-{6Jx9|n(-J7!;S29R(QtmwvaiUbQ8I*4!TxjY1##bX87
z#XC2q!=rBY`EYukv9`~OM+!g7+TC>n6vGov`VBfS12T@?+z1Lc?TYZJReQbxp5o!3
zFW^doUX_3T#x1{?ApW`ZEGt7Y#?WOFv59li&8?wo>e~`I56R%&MSl9_f@dA-q@kP&
zQtRp^k7EGdX(KedVeB8*dGJEeSyW}}ANKDY+8jiR9wETfho#HTPv^eZQV|??Vb`Ef
zJ_4tj=2X_`6}8_p6GABDfkHi*8v<$8@dQh>cNxYHtgSlOE)NmtPWkWl6n}5!EO4FQ
z&f0tD23K=cfEj!Poc8v4MU`pS>UJ2>>HPemhh>>Vwe^0%<OTp3MlvCPPU5>dA3?sw
z<$>Yq)r~Mq6ns2zers*QO`;xFDNlTee1UszT%NzyJ++hxkQ@Sqx#P3`Y$fCwl{&03
z@mYZ~XHBW?E=gA!P~l%_=n1ZuYi_tAUfbf>WjF9VR?l43rxOT!2bV`)KKxV`cIkB<
z)@<HBrf4?%p^dGMHM-VKGKwTXnY^Q9&eT&A*7qciRM%lT59pmSJKDJ1EV1;IU|Ou*
z8WHo2d*orNyauAjx&<0M5W_(u^*UgmZ(N3;<*{68$(sP>C*MfiO2<5cg%_PgAZYd3
zdlfeW@-f*1n5pR9|KkYAmYT_7AeG<+`>&>WrB|oj@V(54NRgqba|M2i88Op|s*Y}<
zab(H)V0Q{*ckI+e7l;ESX3X2Hk6zcTEd#uI8SG4vQS!|7(<hX4s#&W4WOg|n3Ejs?
zJF9#o<6JD2KsWM1nt5q*ia;nE&=#OBI!$f;`clvMflz*}GZ!+NHYivyosIFEbti}Q
z{V{atnVlU&orG_-0YcxT3g=TCgsWS0_B@Jh-_Qg+QY-4MMLsdkP8i{L4PcFZUG}{i
zl17)@aGjX=)IaB=dcrrjtWOHsO!nKD13a>$FZ<zJ5#y=iC4GEJ^Eu*I>4>>2r^q^!
zujQ^b@AsAEfviW{!Xpxo$ATz!+8lau%2IhEMDPH|qihcM+)<HERkwTWI>gNbX+qJg
zTZ?r3po|l%$bt<2_f0Wu&cnbMk`+jm3i?y%R?g|?yeSf?(}}6OscY?)=Pr^oJs2To
z*CReP>GO#|9L>au8RuO<Tj&X-U-;0st)=MQR@#RV!CPx8RQm$MUd2AQScaB4eF%Mg
z9+p#?_Q5pcm<Nuftw6`OZ#Z@>E|vq^%XX*uAsJhKh5$!MmT&RhJ{~-N*TVV`#N*7L
zH|VK^?<-LTyz6=ft71UL7^K>k?KZtnc;cg<A5@X_n+QHf@olSPR`YT|2B}3?zBjO!
zzT3lNI$1F~(O0Pn*zdRBx{I=V1kDxQkli4081<g?ZgXG>a-PY8`UgtuolDcL`Hix=
zaa-D1BwsIhy0vj6<oREmTiywlu%nXYMkAS%@pWvhcXRuDlvPkq>N_=c{1$1D`+vzI
z6-2w73bdWSf<Zf>+aX^1eCJUAE6Y!0G7^>ayY9kjW>=D!_gm7mNNwkuU<!K4o0+>t
zn`OF@PO5Q(z8kRAV4Dk(&eEJyhPs4n6dAyuV1X6BiLc5Edv;y(t5#E*CNFvSH|`YT
zvbHE_-|HRLCGk}H%#!jZ|7RH<1|G;K17j-sz<$Ris4>^6UQek{QV$Bj=y7t4zbSD_
zYugtHbamP5T0LL9W$EsL2<;MbflA_#n!>eBM6+GEF4UHKt)Q$YEXlR}%yUz^1bqDU
zv8JUu$eqOK())~N+i7lQF8*;J(k;{*+&1r!Gk^&OjBsYKhwC|s+}>{LVYhg1<e$FK
z9FyZ`nJs6TH$Ce@$^cGgz_u`ld%3rMODXsJiRx27I1OBs>7JACv<z$<>dv0{X&W}~
zjX@L|%V%|U7kWvN&G3DyuKC~EdEpx<7}HqI#Fdnl6@$C`k7xjM+r8|ozkV4dCn0KM
z*39u#a2kF3{Mn4|7w7&yE6;BM-i?t+3FXNV<Qilr3`4ykLYz_lEWJ)61=GCm3wvWi
zCH4Mg8kFS4sGfrXVxokscG$0$?c7_3va#H+&?BJ+_d^%hNpGVfjGrN&3-sd^9_pxs
z$dWo$31NI2nv>u|B`zHN!4`I>!{MLcQ{%wHs<7L)bgRGh!x4(nvATcc+~>-7TH<<|
zumEkPZhU)^k@<n_utO()x_RxMg0tsGkT`*0{gJ7@I8mwsw+k9UU%kpBXmj*QzKJ1g
zPk0;3u|daZwOzmn|J6OS@%XoTQ-oVYx`+RvMbKS3M@dhwv>z>~4kzM;Sp*MrxAL-|
zKh%<FCba)vT)DbEsN5y(uJC&#J_(|bs|*t>6JxgZ2OgRJVQp~y*l;WCvPfYH>xw{x
z75DcjUA68Y8P7)x7bge1Xa3)+we#ZhkAIY55s`zz2z-O^5q$owW#24rxh`{8d$e9Z
zI_R;&=^VAR703JCq397|cN$7kR~Re6jJXCGBO<fC<Ie;{$#?G9nk;hmr#L-GpD2oO
z3%&^dmYzYU|H|UBs6~L7`0qay(thd9-@Q6Ta`Ac;N8oihy9#){D2cKTzmL}yEpX;(
zSyZ}C4zKrkl?Iwz+l_n@*6-1uza{!BgJTg8P$&gI85d=LN!TNdPakM-FjeY6T()I?
zeEJ&6*l*ER{^da^`(N!jSwwJnw^JiiC&41TvmREg-cq_X)=!G$G1h;@u?<BHuO0ey
z4zjSEvLP#hh41PAej~7v%Q5*md-86d)!$`u{nLl}1$1j~w1eIdvM8_0kN?S@v#43F
zdP7#O!OQNY;qBYK@phaBSD4gyGACU?eDusCqnmMY4l2Oj+sH8**`8~oKbpK=i*RII
z$M_XgQXx<k7z|`JZi;-cnW4TP9mJ&ZU11Da-b1dxs}8|(6ejqSf1hh_b|dijN{Nkz
z|EWm*7WEayHIPLy352S~^c26X{|`xUzVJ?nNvP&KG+&vrEOhfy2Bt7V=^ryuQQ*WZ
z<<4dD{!8-rUtRrQ&<7p}{x(+I<-)Xm<AnnMABtQ=KMD@J30Z5rEw_90a+{f?(wp6I
z`TEomd7G1GXhgHhB)pzb?7vfcomYncm`i9g%XW2ttNDrgr&}ASD6UzhYoLy(aexS@
zyIWK=HTnaOwmPIBp1>UGcN$NJITsiwvFkEetE!IqAGzR0wf~IC!w1aUQ6KK*M9a;^
zsFbh6h23IO#Agxh?FZ=uE_=qH8h%HJSIqH(Sb|`~p|w!w#H5N)=L&M4zIy<6?{?9r
z<$qWg=wo%|RCfoRoaO11sY8A$_?QB73ii&Dvh0|yyp<~!n_^~%ReS6(a&8mh#DJ~M
zG~Ls5eHNYh`Omw0CB!5!aq9<1Mkzzgasz6KP53R{Kry$GB-Q^pT2se0VRCC!p%ab~
zs&mV_TU?lBvJ(@ySZ#3-p>;Eq@c8t7j;`o)G7Hy<!H6nr%fJDwdP-hiTw06WB?+0&
zz11wq4-9YM&~2Gf|Bt(og{A~ZlZwU|C`8J9WZmpAG%4cWIt=;mIt-@{LXG<6P*k$V
z!HlM-$$~+IZDm7D>H5B_x_q-2(zokKEhUGHf`lY-)Qpkj%j+Y(x~QhjB~MpRn7jf#
z(W+)JTtZgb@ug?$c>lF#%=Y|{whcpx#X|tEXCrfF_#I)X=QaHfado4oi(i*_g_Fi#
z<zf+t3v<^oTW(;x|Mn?r?QxIx_bxI_VD2`d1&WHF%xh`&5)S?eY-*A0O2{pmulHZj
zji9@7pU~5fp(sN)y}W08oK!|Z=HpjU>6+Z6F4d||`pH7h{FAij=433nye07}pNj^V
z-ZL=t+MHFlzb&or7edw_f^m%c1WnNUP@rfpv7DR^vXd9y@C7|~Dx5R1o~%9)7>e&K
zinGq|x$JoCx_t9}sX;_)ES)o1i5Dbb*jUOtp>M~uKEbzSZRI3TB;*kmSoX?sf<0<v
zzdxE+um7~HJ%o`X&!J(Z)7{_EScYuK)vz&HcdFULZqO@3r!+z_@RfkPIb#UA2kidS
zSJoLKd5ta`<D9JMslcfiV&;^n5Y8v<pNofkUYq;7aDFs_27;{FQ>K+#?1-@ft;#mK
zHO^b?trbf)Lahgf?8xor>(jOgy=EA@gly^2d$rCsg}tUzT{B%AVHLr`7mQ*Yilwtt
zM~DjxU^GJWGm=VDB+cqklA2?X%hHuyLk_f8+dNWX{->a;SYGf;=G9xoFqh2Xwp*#t
zPOK|??)0^5){8j;B)Nh^y*J0-whQMb?~VDB%#C-wf21-Q#@SEm_fc_Nuec0m4XoW#
zPEj5Nt*<-^kY6->+_H7|;E2YLhtsa(!3;Im98kzndURJyPCSp~{{Hx^h3#kH_!VDH
zXU5ePF9d)jx<pQ<2wywnb|Dq>4)W%?%!^0}Gb+`CKeaYArP&w0w~Vb1l}x&=Hu^Zd
zUipv*8#{eud{Fc2R7I!-FIi7{Jw`fbSg|S%hG9z*Zyj0wLVVYr$o~8iaTtV9Hb6VH
z)q#|i)u7wgkn(obg;aZD9e*6rr|tZnrEeu1139-F1?rQ7EbS5^fc{fGso|>18Gl3E
z`Ne@i+~UB7q3~CS9U3V>(zPTqXbZ<iAd6=~jm(`}ePRRW+-=%%uY&~*OjpoG^+8sL
z;khaBXt_B(;dcV9hUdIzN!T|)klS54e`WAPG4WSLkC8K%Lsd@nz@AnRS&z1=Xp+8^
zo*om;1m~d;m`hE~h*ts&k1V7<Cn%mKxoFCOh-j%oJY=(of2b4oflp0GUOxfc(DQzx
zGCf%TdRlGzS8Nn@21^Xta%X0qRB>4`#=avK>2KltXh7=;Uy{DBi3C){@ls{=<eh*J
ziH|1schphJRq43GoG5-|=Bxu*eh&xqx0KHZc<_#c`;;PrwcGvsSZ<-i9OD;EA2b!{
zN9|zODaiwnq~1xywkJ?o%<oe2@a&*qdI+doEil0e$huW}o_^H1=9%2stYI6KB##cQ
ztK3#%XVK*<uAG3jUd-gXV;g_<)HjqV(G5Lz(G_{MKTP>1vHqE$+3h5|W>mt&=|>U1
zZ_7qDFu(WxV&>4j*VU|LuGu^(_t9cAxSLkC_(yT>$9w<<jS52f37_lUwa6kv%oK$a
z%kpOsxwH5a-gRzu=@(&mGzTcuQ9xpGQ^KR^RwmGZMr(R1KFv$Mj;_??_OT5&VvJRC
z6W;IWcK?FsL>i42;+1(?-6#mXyx^Fmx!oM}N7TdJ-vlJFltE&;R>y~yi3HbaupM)w
zKU*K>*A7F5bOhrxIM)r}YxTV<fA&vV6;2YqlY|Q5_mZ-pximF$Gc#;WRzoc*A!$9?
z>>puh+23z*Hn_701g37mP^EGiQznF5VWPGn>h64CNoDh=5R+oJQS!6tV)p%|RS-qi
z+o8Nkkd_q#!I507aMTm<eVuo2p2r&wq*6rUBW&7J;(%jwTz*3nOD5BV<v>LKe#0z_
zN(#p&_u1<)m$P<Z{7$G)WH&duNIMt<8$WQ+tYh~)w|Xd!j?;XfW@wO3eEbCVfkGgO
zuG%2O6oaxjH7T}z<ou`;MJ^J1gYKQpxpf{V2UFl`EP6Et49#n@SUTMj2VNvV&J4A<
zluh*kAI~M`b4zhZDU@x<-QHLsDLoGMAp$sC+PhM5rfoh=9KKqa=x1L}!wiwVhKwG$
zg>v%siA_{;@RS>Lj&KOJQg(&OjJ@Mzf!lq)6XJV$<-^(<R8vNo>2-nHB1Stkw%EZK
zD<Y?zg?LrA+GAiy)ELJsbe;U7#OcP62a7B8Fn&ogOwy;dMv<A>7)qfTm49~LexVf}
zT1p42F33~eA{-?n<7NOlU^g)I{kqIpM%iz(3!M;^)y>GzYfcG`^|+f%VM4>r?9gvY
z1=!pCnhh5#245oFjtcf&9nzT2vq$=smE&A{aVb-ln`I8STt-w?>68+Ta*(5tc-?#?
zTV9d&YDo%t67(pniLCV5Og-Q0CV>!*<<~d}QCiz-0GhKrziJ*?>2dSXs+CodMDMj8
zlK?bahT5c%NkPVo;u|9rfDQa{Lh%+#pfWy+07Ve*sKsnkUaopb{0cGu2d=zoY<g`d
zM>&2C0?d4GXY>+Xq`axa=avR@W}OU4X2>fk1K)4GF=jOA12_-4AFuDZ{mt?A<E>_p
zJ5O*U^kbS9YCM9$Ua&VC3L_cyAv(tCPiG=LNwt&B_5jKrevNhW3i5SU*7A4Ef~iAQ
zNEBfTBmz!RZr;S!YiVO3Ljgmg75vB|u@x&$A|0)ZF{uR%Kp1^176L(FU0M*|RoIOL
z@%qutVTti9a`l4soat3lg#>kcCS}l8aRtgoA-v<$TNDk)vbTN;FxF&#LFIOI=3V*2
z1ITmX*1$o&-WM|R$S~*H>YE~P3EcMt;|b%an2mxX%O-{r=+i9RLC{h_AouStFe)wN
zFx$(nuup3*cf0T;_rZ_G?#P<gvD<q)-H%hB)(a9VlsYUf+L<>*zTD#Fo(Ojx>b-qx
z3x0vY-Smq_$8xONv;ovbK7q|Ia)pnU8sYUbFig8vSY^AJ1P(%;4z(-HIl0NO`3VtS
zNCic=2Pt`MmSq#TLyoktX@^THXw0#!F?Ziy<!)9xyA1nwNh-Ww@=XEL3Jyps7Wk|Q
zw$ysTLsGaVTW5|Ki>X++-|DL(dJpMH%Z8!G#DqEFJaKb3^C<Ce;raSra`kO>mo_f#
z3wyqv6)Q<?Zx7pvkR=J{fA2m$&VTQA(rk=GrMl>0enKX>>LrK`heq4_GbqA$?ktk{
zH=W7xTEE}X!1swXz748g@Lp@Y*DPVFDVATVX>YDAR{dlZ<PPF+e!iv~!<*w2;tZ*x
zQs26gTR$V_EY5UbY;SPESUt!)5;C{wF{5ayEA94~;l1ljO4vJPHMa|oq~DZcr{fLj
z%X7_-CX^^(jv5gWBU}{>N$?(SIIuP}FB%2LNxK6Lm=u=K6Mlb;^R_u?&&txG<5Pm8
zjgF$vtXA1xvh4P(#K=+&eEC3gh66ghZ0tA)`p&yqFGV(Xg69JHaSvIO!$caXf7Kw2
z)sHQP%KIF>C1^s1hhpP3rQ(yC?b^UZKBgWR*Jx@(0%vww)!yAGT)uGa%hb`sy(Ym)
z`8G7XJJDuoWQT^9@LqD3SzqQmg};z4BWrtQK%%#Amp-->J55`v1^$t_Qb8(jGU?8b
z2j8A6%x*#gIy1<mNr<5co?j;sp53y9rbT*@k5|SFE#JiSN3m=610kLZ>{1d&=G>h#
z7>$$pND-EVniK@kb*Of=2R-}}=xS8nXzD0=K>%v*>;9w`f+q9n>F90ZEhbNjwWq}$
z!;hiQeDfO?F75J*I>+yK&`h>|<)Fma6lM<%D7J%;XX~(WGU#@;W@~M1dB<s~Vz7yM
zr<SF{R!1y}+{=wt@4@q%)dRS^)X2%K#!~APNHH@BxW}I)zNaspJ`-uilE~W0Qu>E%
zCaU8&=US3~I(ADF6s#1dHnJ0j#9`OYPkK!V3VxgXA?t;jE}gl@`8$bxWW6|#>RHfs
z&JXnUN#MrB7hfhgVO{qCk)cP)P&U>DTpJL_0R_)tAI^tAI@&C%0+%~*unyDCrHJW;
z76!S+oChmH0{9{`SvEu#Gx&Nf$iS;nqjNnWjn!Ig)^L$%(?(G!{bos*J~jkI5n6tw
zG0#4n^m^?9Gc%)VOj)B;hjN3!FL#`4zmz<wm+Fpl=jq8yA}&kKbI?!;M)6QSHKz(%
zaHC?fyBvekwbL2*!Q^8x!S+@4rBT<&YdaNV()}S4Oe|%2jh3*Ca)-6b1mT@V*^LhP
z-e@N#mqTE26f)7zgR*4$O_2jd4xfoj_$i3q+|m8~{9=BCPik~px0!!^ES52c?u)O_
z!YksPjF-7;U+AzPDztg}i{=!lLGlwPNl)=+rk*`_%l6scfN*XNgsTiEtUM9-zOM(<
zs@e$4lj}B>7TWJ9JO?Bx4&KH-4zUT{`WdR-({9_R`gq>ycXs%RmJndYR5^>Vft?_h
zmk|HTDXQ9OHJwD7v=2AcaojCFxTJ0hcPaFUK(HB|gp!FN6La%HwaOmw5OfwnD)2Ri
zx%_hSM)v-Fnl`@$MKHBg%H74~2!lH&Ic6}(=(yG$Zj)X7D~WaArc3LR(!r{Jon%ab
zM4I6IL*HSkHD}y}T2GdtcRErmC<BA<)0%qfc|&aJW)A*ZE;CPfQ&RbP!a{SH!g#e6
z<nZXnXNr&02{!3GIB0cR8>B2c0y>sxa_=UHKrMC{pIGf^_vn^8B9ZG&fYF5>tA|2O
zWv`fEVt8HSiGG>}7X=C`YE(Ji$O*Ym%4C+O5pwP*>-uE$Rws{tOO35{5U!p*F4X5b
zLPVr|dGCdc$wPs##4vwxAn&#~D$bWyZ0}}j&G_l$8|?h=Rf|UPyxPfaMbtQ9?kHCI
zbq%5&NkI|6amT5pJ((T-N;2Z&^Fr;HIk#z!cf2t^&IZQr)mf!SBqof=o~{d$I@j#^
zTzF?$p)Y-7&*!g@(dUe<m^aoGMfwG#n6#e-GId)0X~5wh?$CCawB&R>-q%g5nM5}s
z`#6;<(Lq8dqE?R0n^(RcH!+q#pCL$1SCWs<zpC?rv6k1Omr6}sysTam1p*T3F1qFf
zu}lJ;tMghRQq~3{$#j^v{Qbv{nCx3#ZSm71u*9;B+lPkl*S91MK#w1vpNDK1M)y&G
zHA<kGl<rYmwOTh59PmVij3(Q`kS-zKVPR1YvYf{oM~Dtj+ciqN_Xfa*0Z(*fZHRHK
ztuMZ)b2%kh_8ihWQv9Q^rX`K^nwuo*U@U2YXUN^gTr53lSPF&GwL`qXj2fXiAj|EW
zTy@P1LS_BwD~Y(kyO|Z<j)~VGAC~oya7~BfY!HVY8AZ|6{2_xj_k-sNU~gO3u+3kq
z9kjn)x~dX3$*VzXGPZs!^mMT#B;@zDKP{*ua>RJ@3(7{-JtrT%-cccYjiCTlzoDdt
z4hL8?WnOA+B*D~nB&8Ya?#WJ!Ztn|@(uNA5$diWe`O^cmn>mnPr%^PF(s6uO__}lG
zOJ`JZb-<_oMFKY8sGAir&+x%yl&kg1D;XK1mnPecD59ZbAMA5`9fcB%H>#7}e3hGQ
z#-?SalS%cC(Tz#D0URj&R1L>X#Dw4^ik=^a*h!u5t{0a}PdvT{i)67$vPz^Gc!yKw
ze2?G8h3i`Z35u2dF95YbO24~?k-ehu1jKP?<th8*#qSg1uPJv3S5CfyoBQUFm)3^~
z)9&HQEH71U4tz4MZlNf)17b5c&n%!l_LLZeyUiG&v8WJt`Uq~GG?l9_9YL0Sgzq&o
zaO|awx$IUZrW!a<(}*!Pn<-PSW8%#>(A!wgk>dp%EGpw@O*w~aTd6FrqDwxmJS|?m
z-b7@pDF5bguDJCkMogbVuLKJ&pI&=Rk4dDaaxcp}B1N6a)lLf#Mslx_jJ@Ow+?Zye
zw5EZ8usJ;7q3XaMmeq*3D{3gND`$^Bg%Lx0(b%r%p6`8~-1J`D{f!^;`yc#(-&~f$
zf;n?J-eDwh=veN)dJ-8K@mPe=l+o%fHX`Ip7BW(=sH<mHNrgi3Uto#iXA|Nm-hP~$
zHl5@LI~y698q1Krspv&papT4lyyT7K*6c{E9v|zr74yT@rF137GF{xLCFMm@)aJyN
zEw0s2ke^4Ci2IzQ7s4XYcAWi9W`-q%vvJQMJn_AmblGHXxNI!CJ&Sm2e>0a%7)72*
zXa(eiZ#R_<jiMK9quuT$+HAz<c4-s;dygK+jh9ZOe_RBuPA?<wxRdJ|cC(_imWb#u
z@)I){HFhjNynZ^@<YX{lP$t{w&7#1NO#hTPZN8+<9PIoh9&wkIG3i=<dha***3H+D
zENlpv40N<NYsc&B>ZlQ&qTA~u>xx_X`ET#%w&+e)6;%*021oM(J|9l)v6UZ3L@xLJ
z`se)W+6j!xOrn2&E=h6{yEtmFMUWq9(N+eLV`i>)2dyrr=y=`ejEUSZ<#I;edNWCd
zD|x9<h*XOXx6hARTqfFM>&O_wY~jRMjJTWHa7c||5Mhg6Tdx<LxIvG*s*rNGg@LIF
zy!#|AK&QdVfQ)d;c5P#O)<BYSk~mNzM29z<91)J3L)PBZApCYw>GTWHY!PX(5*Cnm
zmo6=Szs{hIw)yIgQP`v-F)j?dH$XCNta$1%W|XvuqYld3AT2$Os6ZD@?d{N7PeZE{
zll&}s^`TStN#q@^Tzl6pwp}7DvrZZ<;uBsY!ecNxTiJ55M)TWVSxRei3hBwoBsQO9
zPgT2SPop?)$jBi%&WgRQRTIEXHFdNJ;jQ!ADX*><E}e9?dx*4HF*w>OYi$()Hqq(Q
z5oNPs6L~vi@EEST`bxfd{W$u#T$CO<5}do)P)>6ol7U%Cgt@zDm!BGFsiCgbF5>rV
zWh8FSX+5}~&WIE;!cAIv2SncawL%Dp`XkCn80!@x%O#vlmI$&EvzRb;3}3qW4sMHT
zVeKQ&P&xWW?j4pzpt+ip&Fw_QMiFJTV#O!Y;w3)Pie4He>YSmj5s@SujpdvW;cB&7
z2uc~R!6*!p5h@gl{}LUUee-y5N)Es36VI=w4dkntkwhjY@!Ko&xL@1|KYe)~eZq9K
zizeaPfvMa(ID=;|??saA8brH%T~-|TB%bFv>gNO{;y%ylbeIi3O4qJnSFbC1_@_7H
z-1rVh{0a0OGL}I(IVANTOuDb0x3(U@YK<ULCwe8Lo|fJ3@aVsur8Q#&lX8;@4+|3_
zAdJ-PVT>3&l!TZt;^NX6KXwW?UD2Bz>$Z|S?F-y)u4U%@W$Z0$!z?;W^RTfbxZI+X
zA3~bA9je;1oMp#_KoSB>4(M27V~8~g@g+K2hr^Cj+)*WtzlxD92l?GI&$7#5CRK<P
zTXZy0zAn*8rt`&X22r(U6;)0h0hz|gC{lztlVSu@IB~gs>615rp+kBxu3s)OHj@xk
zqN5KN>5B{#op1o3-$eGv0kp50#kzt@5`{2{@O28I)`zcOH;CeQme3T}pKMC`_oh8W
z#wSp==oS9(?+5t9q7p8<^A56WHuK1{GuhHu#Y-<e#^%~~{2p=V7n@3wNUP8m!RN68
zp@A{v^&_=^FQ%tPKx_sXxjFP2)k~@k@@}}6UM0)<)88MVC}%X6jP5NOB9oBRQe^3g
zj*F&o;{tv!;{V5tZRFngB?c!7@e>wBAUvLNqqC@;_cXu%=hKwtjb+lPG2A(=FQu<O
z#Vd0*(dsp5OUt<IU8n5x%lxv2lPbiw9N9BQMiV1MigdRLvFeY_;-)W7$Fkvd{vqQ1
z;Y;fwJ)byHC%$>haLQ*q#a|!#8}~2XkGJnYvc_D_*g!FVe)<_UmA7k?|HI<biK*Pd
zzyJLh#Ysb$-akVq_jZbxzrtUhU5;hg6b28T!1WW;IkaRU3wIr*!5G2l+wSK2=AHcI
zkq7zt121t%A4`7bAigv)nGOGWh&d|{6CNEe%nu_eHbT48?sSW~la?mxd_WU#hKMMV
zqikBeFh@rbXEqZZErhAbO77I_xt?-fo410!)uMjZ9psH;Ra6$N<1dfC#_=vY%^Mf<
zx4-|LKP@TY>YHyRE5W9{Y@&CIe2eSDJxP9EdhFjUDe59EGa1VEG4t`69IdS3g%_U}
zdC-bk+>j^~ivJ#4bU5RZBgu{sH%1|>5n-BJq9rI{A|fp0#78h9IYOJx;BKzxr>pA8
z7?s8l>*xDsO0?awC0F!BWYIZY&Y*ZX53>4tgdd&gtgYf2aEngdtG9@bF8EmqIbz`L
zYNg%f!xkP*WSE=n4?WJFL09voalNqEBC+Xx*oC+<=ndVPL_>~%$;VSBanX3~4n(ht
z!O=o%rvqa|ED>_<T+=~beQ_Nlzx{uVjM3BC*^WzZC0xF>D(x0w$Va88e{W82G^2C2
zYRkBVg-2=PLyE9&fAXzBw-9`O(HV=VMTaftW}O*^L?_&R!d*VH?cVnXbm-(;g#!8M
z4o7PXK9hW-)+o{<{E7t1FGaZQcJw08^sWv%ym}%nW*qi*ZA4Ih)*?PSQsi5+u+gQB
zqWQgUjJ6oUWgZLhCT-LkMYyHQ`SvS?eDBxyG1x5gQCJ%4*Y!f>`9+)(Sq=evD@`KJ
zQLzcyXI8X47sg2Ibw00%zXO+y-y-6VjTGhT5b=8PYonWbk(MUfJvt)el87?6Xeivt
zNmDA>EeCjEM<aK9>pNr_?byX#tM+E4K#m$ou_^au{>aD1T0V+$@e4z(Rx6$k5w6RF
zzpjKWRX#4cWD-eXdhE>&bc(xO$H_euxDuE&VH}apW?_SumKAR@yCsYN`_4^RyP9a}
zbYhJag3edU1CP8;%60d0LsmFuIoc;m$q?|;*3yJWltol{xb{fc=x(F2!y(F`o`btj
zl6uMI42Uz+)YL@47>>;vtV43}P%BeeA4P6;m#@w*^7pi3eo=q)T0IhiR+MMJ-lExM
zj))WGCT=9eb>enAMSd7WRTgeKH!ZEL_|4J8#YEs2`7QOEe0(ed#f*oRwl)m5XmP#{
zj}Y*7yA!>r5AyN0QPh(#i~RJ9ywVhk{~fFr+o^W<d<@xK&Vs>-<VD*;F8@6~aiPm;
zAKg*<MSI!e(h(o_!8cLMs@iz1rjs{ErH5R47D~kRU}VvKkcgA$M5iN1TI2|eUTg>C
zBec*liJaRc#hG-onA{Z3p3BKTQ<y#?7q?Rgh4Y>latmENa`Z#SWf1#1z35<@4)ey#
z3+TG+Hoi8xHv!Q>iUXpX4ca0(-L}(_VQV%CXDxj)%v1j4H@`$EA$#O^!%h#g8|f}n
z)tx_@Khfg{AF*i;T8Avdk=s(x1cR69(FuS4VBR3afcU>mmqgBy^9$u8(=E>rwHu-#
z35p1Lt_;TJx3hcp)4UxsnO{yHkJ0ZDLBDIaOrzKlc5A0=aRu`+=q3+$+uEJ4l2h@E
zZLJJ6yG6W0tjH8=b{mCY-m`>P))vxXP2}3^Z(vAH0zR)ui3q2AVsJ36p|U$IAGN%b
z;R-LovXJ4MF&X5Dsi<=@ol^LT<5F-Lgb;JMT*6L+_F0*Rjq_RAlFW@aOv2)EY5wKQ
z7Zz6ya~G^4>GGSoG(7@`QydeK$oPVd{<~?DX_k4Z)5%Y-=<&MjLLf_#Ez>N0$g<Uv
z@UH!*m9Mn<)G?Wv-JV0`EYqcxbEpj7ElWAaP}YgFY!ZI8{MF)?K?RSWZi|*z+EE#=
zylDvSC=~xgT!@J4yQ!R&Llen~`sgC=qp+&Fji;+Rm_Irr<kGWHBCZD`i|#^1+=oSu
z{>Y9_-ral@<OF!H=+Z1^171(?O~$iv_8A)5QYb#3SdSeDZ7CH08(fHpyJA}fkM)gX
zP+WM(<<ntqWecktojf}%HRRH>P$I4e^GS)g;Aq9i6Q&#ukzxI>R<ch!{aXBjPvbH_
zUp108sb)u^`22DqB5r{YPqV7KcxqrWN#Vhl)GjvV9S-g)XyB3jI7TH!gj{<TO2qYG
zWYJxyh?8DSwlK{2a5|j$L!JBCXpf!bV?n)%FpC+dvkN(o>_X5UUx~kGKh``K+T%KH
z(!P8IB_A<<c%dWDHOLhrWKbb|UKbv>e3SD7Y!=658`J&hO`%XI6dw;4BI4weo)=4-
zc(SI80=J*A4{EbNM&#T0vICiDG4QMGNUqC>)!cg`O2qYGE?mUvFq?E#?Oeo0!vMZG
zvOhj;p3-}flfjXTmN%EMw77;b!!9At?ESz;t5U%E-FDnQ0~VVlsIcA#Igd-uIWma9
zZXqglLSV|56fV3n>M)5kwH#Q>tW8I8iHp%>h~o0AuVFxHj1Y6@etav@MuI#JTwX9+
zZ6c%#k5!>iC=~C{g^0Lr>|VdN+RUdxm{BkKjf*E9KM777!%%!)k(14ho;D87n#Z5!
zuBXK#beg!p3>Ir>@pC;EYnZqbYG(a&FLR*Ngt6-+Z*1H_yTPQbb!n25*hM&IagN0-
ze-=#)$rT*rXBV`$7%Ph?Dk;Y=-Gm>T5M~yW0lmQ}!Vu?(aO8Pm1|OT|Kh3KZ4y>jw
zPVC!Hv#`k`1eF$c$S%E6ge$g9GAt3kY!l=n<67Gw;+Efdt=_bnZLSz@x$atSO1AUF
zYj08GH4Fd2u;lsjZA-n;60||YZ!(+l)F0)@;p4dF`k9(t!Fc71j0%N9p}06mAr&od
z!at2)PZw~KPju~6#V5}Pt(_{7i_bd`uVk6G7xzXrb1be8Ly}A!U$m6Um@Klbt*m`#
zH76?$^WxGCY^!oGHY0-LB}ZsGUd;S;I|$1kM2@A6eY0QTsbw1|*IOBy5y$SW^VqU&
zH*3loNHcnIy8JX(?BMCQma}^03ijKh7#7pW{8wi(cl~xc<1)x@E8>aQ7qGaro}szv
zP*#mCFAv@R#XLD<A!|?6lGkql#-odQXY(F*tys$Z@-Bw=&&StPgF`1oqFnY%h`9O#
zTREUh<BCDqVyBc6V-lAP%%F1RES`UR8EZ=G=-syu;r08NH}g&A>^ekLR&P?A6&$P$
z&^I@Uk|nS4%);gDsA?oPr?<Gc<r|Bk%u^^73dM)wLe@@Id_1UehtEBFYz8~WwjL&8
z*jPpkjOW1C1KKyh8V?=eWQP!ezBV@QI|5llnVy%=jW=FJR-Boxb|?8)-NYAT+E}%E
z1BX{HVX-}(pMLFj%sZE};&26(+qSSQkja-XortyK04w%Yl0E7ges<$%0=3OVrKR9)
zZY65MbbfSsHj9_9q9t(v69(ikY1)m9iubc?&rxbicJR`&qfGwl*ZE3RB~LEfLS112
zZ<hJE?(Q#;xPKGxl-1BtdYBrAM;l#}m<$FQj_zmnlEuv0TZthll?YEe&4x5?yXOuj
z)R(Y%{~-=6S;3(|7I$AYnT*It+%-qpTT)5G?nTTz=HuRP+{@%xJyk6oXrKO2C=?2X
z;xmrwtv=@jj237rVOvQB+gHu!#SMo!P+UNXJ3zS2LX6cU-+0jGu|-5gh<zKWNr|BI
z(V3D%@61$k`{t0{*+x;N9cTX`B&6ihE8fhpiaOlA26O!-<A{rlz+^I`vxJjmGjnwL
zdd%0}%eO~nqxU$e*u0t-*6!zo-LEZq6doQ%LShm|n-z1Il|W-X$HKB0l$uPoh_9)p
zhDK{RwtfSM7x4{^3&YjsCu`z0434+rmW$sDTpkbkQ*YsC-}*kk{?ToiHoe2HHXo*r
za^^2s$jXy-w0dj|xcL@F8mf3}&H|PnD8y}vBsM}veOWCr*#pQ)%w)pVUtmI3G%oiC
zk8Uay3WY-PX`@8k=NzliPsPR!H0Mv_$zT71-~RSDd_SRsCA$t|Fge({uaLH*dpTCx
ztgS`r_jXZIRs~L%wkm>0=ozoWL4(gguk1){hxSliafFgaH$&3nu{*oyaQn2l<f;Xx
zfQ$X}{=;K65!^bu7ah$N>{z;*#sQb|oht{E;cnO746?Y~G@LBMX?No4au7&LrH{Rg
z{bdyt7oH#~J&j1Oi$;f2`1aB%?C}JAbhS3n;`DK9uuOzgS6WO}eHFC_4$^E(BC32V
zPZqax<E^)IRjL(NYby@7nc>&n%AJEFDcimaVLtXQKZ%)X!j40fRG(zy+jH1Z)`rFW
z?(!}Qg+ifFd{$9&;(9pmJ10&~{ttMluC72gbOJ-;ZMb#eB%3>^_e3&&d=5u8Z{(yq
zg6y1Z1`ZfPes~k>wiJ_+mqTQ9B)v29un1x23QJ<t<Z&dH?&9^$MI=tRh8u=u;}ilf
zB_)Rxn-Q<aPGm$RT^$XSI^0wh9Hh>i%4HMsDA}-y;~oo{DVgN;?@QlkKZm#P!H}Lu
zj@3l+$VrTkYiIG2wHye`=UdlbNwmKeeOwNMlcVr-b`qbLh4=7o>LW8qjWBEPlm`5r
zoIG}%Jx7YzQv=g)y_pex^U16~#-al!h)PPKZ@>N|d+S)VXerxV@!WFTE%Y*WVK>Av
zc+#b0wiWT#njO?erZRcR03r<mxpuNbp-?FP3)Gyri--EeNDt;hJ~1MX$Tvv!0XNRj
zh?zm`n{eX^7_}D!<mW@=TbUlG6Q9Y3Rqw~;@oJ0IJ6(2kMk^+RAGbJPzMU!u!2*7-
z_9)Y2vIr&V#3fXZQG{y@E@Y{NC++fi-S|Xoa@i#LO*ZN77Q)Xj<B{u(y4@H|X8a-@
zK9d!THrGv@=XT;XSg{H_yF|S5&DDU{rLBJ{zhftDmdQ3)L^yICSh*t_4ZrZ?_6D>!
zO?7g4CB2AOxOx5ZGb?88J9b`SuV#~6BUQw2maoIhjKPmr*df=)RLze<p-}vHe3(y+
zC_WlW#Pwig(S0H-HYgMdg+lRPqD0)qLy5Q^j1qC5+}f*Zy-S5cq4@7mBJSd$L|hN%
zf<>GzxWtt9Y*qY~-rsYM@S}No->`%q;i=o7=CeC&iEy}(CATEnstKq32E+ZpbZDIE
zH#qMi_-OTX-s3LzH5cI^k7<Xs{WHS~opr`}-Ff$J+Jfgx=l63vJ)SeqzX0U9;?L=M
zaw<IO6#9F<FwabX@Vv9bdiVJGk^bH<uRrLxM7oC#X-NNPd6AyZs-vfea~}K83g>iN
z<OyQ$R2b*-|Go(S=eH-wxzekpRs20Yjhb69dd*!17~DTIz|(Df?>RwEg&&Gn?w=V>
z$nK!0_pOU(pDXu+yqhM?P3*kuE9fTAJJ<Q$?(#Hw(&=`d9nRUDE4*$_xy!K68%}qg
zoqdg;W<$uHAn*Fu_Cn`$`+pDe_^I>Xd#>D+vpuwE#r6l~{n>7kvu!x#PaY2a)%*&_
z_qI!C5%MDs%kX4a@`P^h!TliJ>G-%%BJSc5oC>7)T;un7a5){gTrNEF%N+88HpqEu
zM)aX;*I+PU6u<Lcb~;0FUYpy2)8oTv4z8e}H3VKSE{6!;7r-o6atNJrKC}i(_%eo;
zM=*%LdcR*pVG(f{giU8QC~{9P!Zm7h--JKCKDe@iY@~z{=UV?%TczT(^vLuXw6AlE
zMp1<5bqRZg&2IVnt!R0r-P+tfms?xiL9Q5~txzG(@rb;W(+OpM$u(b1!bX`7u2XKo
z`E~)16Q|d&%@dT%iD_}jd>5H6EtF}N@mxsTCau(;*2v1U<vc-$%cC{gGHi$2tA%?y
zG7gi;s@Zd@krsapM)Rp}>&f&QjdJCS_cugq__e&2{$yT<<~54+$+A1waou~$LUuwr
zVY^G@t;h?l4!*a%@Vd3RlJdCxdW@_Ba-|Qmuv6N9wy84AQ|S|EoscZYkS&Igtwy<o
zTz9#DKzh$W*wcN@XkWAGwnwX<(t}8^R;Rk_n5fT2W3Ud0@|N*RcP+2*Yjw>pnp=6k
zJaDeO@3!ysb9~+B2u$+Y>aL^WT9Nr4%m?kThEAs6?+ey#aXrd&w7Mwkt4NQW7u&rQ
zvUYB8Q|@T>Qp<Odcc<LMw!B*3MY@IJm48F7-RB3x3~1Mkte^5)GD%O;UHr~Ru>54X
z1^vi+CB19ygs8h(7}8w}NBj-7Us}O*BM!)X4cg$xEz8g8*4h;<TzTz^`V<OE*k(G_
z2Fda=1VlR~{L8!z)}ynKc_YG*$b6Bj*hn;6<zH!7DDQ*qK(K9)KRMS{=D%CiC((jQ
zQ%|)IZgFi$H(6GCpR9K-&1N~**Qb@6`_wfr%U&2Lt_yvzT@rOOm=9;7wSOWF(vMdZ
zxJ>uiWh?VUbCbp>dMxVg)E>_Juh<|vbR%7dmhs5!<!moJ$kN$!Skq?XlDr5S>RT~K
zMG|H;bA0w={B=t$Q^pU&EJT^O!h<ck2*V(k&C)rkTs@DM7O!F5-aXV~qhC%IjZ2^7
z{#TZ=?`Q$Lw(g-hJefWj30h~a2?g0uh;7;7Nl|5x%Ut;zS^E5Q6ebK{SV|17TW0aZ
zt_B8YgwfK{g*7rlL@$I!sDsptUbCyN2B$fe@cL~$K4TrpqsEbHv9tZfr`cl6W^{Iv
z@F@g_T&gQj$IM^+nfdxeruNH5Z!*!o{6Bne&PFDU8%x2$r}^iStsL0Bj~ZVzqxvM#
zw09Y=&RNQ;9eX&@<RvFRpO`=k``><pSKiscw(YxVwItCuBZ{geGkJFDT2>3cj`%DF
zrbJP>buKT?eTS9XchDG_#$a1JOJ941H+LOk-^L|8x~_!DqXy!rslsQA#40*`DF9?&
zAscADXmn-gC&jYOW)*odgQvFFGIZzwtfGlG`@1;2a3;^cvzFOQm$RYZ5PNDI4DHv4
zD64!EOt#CiV+qiBbPF#(@htm2F^ub%gXhp9e(<mPWR4q8W`q?B&CLDN@0ekaW9r~M
z(Rm4}&@DzpK=K31n&@lT%hN9}C2Yu8vLd`3obfcP+zIp#_t7QFKeGK0PrtMn+mLag
z<NsliD}f1l=~`Nhq9d{xTUh(xgFLihH%AKgv3TDh+^KySnjDQ!)-xeetX3n9+m`ao
zoaJmSI>7w5W;4g1#*HZks=B-wk8NW9wkrA#?}tt2$D;SKf5|MCIFp%>ofz!YT8{9_
zi*s=G8%tiao|1Xbv9Q5NuP{HIIwSQ<Ut_&Hh2c3#Lfi@Q8|u(B5qhdK4%ShrnHu*l
z;vrF<dk!67;TyBr9*AdRs)_n$k#bQ#!>l?Ey!a509(FQyRDVo(sNM1w&%d=w)Qhc@
z8KW4QmyMyekd-rMGH=rkc9xV9m(!2rhHd<F)e(jd>@Ui~FGQQHv!cGteTgH<!x-o(
zW%(O3n6qK0xUNnRmz7UOOav|am-E^ii+N|~PWIH>8JZr=5>Y3bl84YI)+U6Anf5KO
z@uO$wbEv40Ej#z(NywsaSQo2ady&_-AEaRG3LbjrFq8U4vv|c?Y&io+6?MXYd^1n1
zI!bu$cIH*-nbao}bD)FOufM{supCCDM&j3*urwF&;H;ITr$w;t)w$UF4<$D;44*jv
z;de?HoaN!wKRnDEM~_gjZ96AB4fN}sP1Re^vf7=@&@542LR3ohBHx4Uf*Gr;j>WIO
zMpfnz`o@N1uG`0p%QxUJE##3!dl)fkEV1Gy^4N+Oc-<b)C6R6_>f5kJMTz<=t{;mP
z@1e!~Zp{hC$F%UzhyTO!!Xxb4wv8P%c1HBc=HL@Q<xdq+TsN$@5H)7}`)2WlCzq2y
zdNP^KyP5mSn=IJ6m3_4x^zPG_NVB}CWc`rK4T`+o_9k!aX<_)VK6LGv$zNBLGJf0;
zOvP(ixb`rS-bx;S_yty%9AWR)U9?AJ&_CJ3!hijXr?wrSaQ|-B9WA3*rpUX;ALCik
zHWcpN$;RSxdJP(h?c{o1ePa>Jw(aClO((r_)2V&uRh|_2uwdy5)*cl8D@3{XPp4wV
zOkP~Nj<q`vVoJ@SS3;z?;^d97Xj9};iLQEf&3%=ZS8rzB?t{eT^~SkzHgDIP8IhkM
zuA?@#%y^R%t#vHjbBz2x1BleLVDJXpAloO=7HGm$>jyp@>h08vM@W_{KA(s?VviTw
zfUEh{kAJ}*?z)l`(P{J=&<|@@9o4l>_=M=ucb;Uo=wK?37qYL}gW2H0*<}}Z?DB3{
zgyHqkxP2ZE9&&Qm4}QsCzIq)EYv1CH5+SS_D=`eZjNktBm;Cz9krci8GCS&A*vtW1
z>&iu^*Dfw-Jzb))sH&-?p|O^ZKn$aEtgKzK2B%##-fN3U9yWsT&PuB4TIH(r7#wZX
z3jdvQP1QgXE1r3p7d9RcozfusbR6Z)y`}g|HZ!+M$JqP?T5FDrb8Bd7Yr^hv<ETB(
ztOYA6aSKu6sOGJu>)Bn_gx}T1c25|0{oil-`)}{(t5=P}eQXWSEG=U6*M7ubfBZG_
zj;`kUZHH;yzl?`Y82Rb_zvceBuOLC^rSr%dUfWsE%|E)I-(8i#x;YD|C_TWND-SdN
z8$aV;ca3HD+*jBV$mYiX`x*cI$+wvr24SM1O}BZesH(y)J42m^=30?I?M~65=x}wk
zi%!xa#DJGBdl$}z8je>r;uj)Aj#9dG;q<-rJN*5t*Api?>?`m6A%DH&N)oIA98EPs
zkT+s?do*Dr?%TCDd26a#G?5Z;bWu~dLkOt?twVAhc!$?_6w@dKiPtAOR96>GwbgXU
zHFaI>)YjF~<qcp;?#FO<88fyOLe(B-A9FFOZvtDNdxHP0*iBb-Uxs-rP92|h#L1Z6
znRL{i6m_eH##T`lj!w!NIv8{35BU8r?&pc0{2w=DSZQx<4b?9pvRXTc7<COl`qgjv
z{cRJ8^60s;cMgHBS}KL8_jNT>Q&~$(b3Kh6ZqY;NX%S_8vZj`%hHBbf9`s51j5IYd
zXU#7BO@*R<G%|c}AKcXy)VV}`5dJIc>Zup`Ds&-c(enA+Uc8-6)YmoQ(+e5aQcGQP
zE8c*f_+dBj`=8#=Z*HGJwCL3O^zVbAql#*A<Kq>gOV?7u&J*QS9^KEO4nIcu_IFqc
z*MH+j{O#V!)Gc1fvHAv9%$m*Nq1W@fU;Tn_<hgis)<SAq+Bhk$J+BnqLYO$3t7&U!
z;$&R|_Vzl~zd47Z{#WzIU;UDA_X+UCs|%=YKEa&V*AR2hFZt^)zr!`DX51og%PXs?
z2$;o9lY<VsgZ7g(_)>=R>tFnm-`+5Q1G8Uce;|WvzWHPR`Sb5{U4ju?VkQ|v+#WkA
z%G@6uZKJD+Bci^<CE2LjwVPUD8x2R;QPMzWN)mdXPwSNR@;j0hHFSzPda|Mpmnlj+
z-==eLyt+x))JTm#ny-KNSN!QmUqZiQB{RxuaEY?3Xm`n?qf69v?PJ|;2W|D$G`4p_
zR02uPRyOZGs)bj7U=L-kaFT@BC|S3hN46Z%M7F)QiX-g~a5RW|Dz0ZC&?T~-)6qy_
zWdp9JS{nTs{Q8%_;?MVgos6PYtSM`uqrILt7cJmmv$(;~x3PKNYL=H(WAHW!vAURJ
z<8R}yKmR6~g==_yZ?PzK9X@+2b)qh}`Sirbg|Vmjkhb=8Q^{`T>@1?o;iKW$adsMG
zv38cxk}!~8iMH@h_l#xN{CO0Jx>eoQ#l*Y6&mVvMV}AFwuhGxY!qGM-*M0RT{6V<=
z=BxLR-@cD$W^N|!mT&X7pM96f?R$7~{#G(>xsM0Fc|9r7(Oh%y{|Uc0U^(zMe<^hE
z&7c07UyqMqrd%%?GiFaa^)=-*w~OoA>A}!{BtQ7sZ}>^S0B<c=ON6-DEZDV=R#~<+
zh0Lq$Bso&Yv5H!J7Nck<+UanK8%C23ds8(H&26|uTdF>{^w~y~rsDICPIOS=qO(6R
z^9_#lyNd6O%*I)9l>J95M1u)!MSJn}y_!Ev&FAp`qvDJXA)5ZfmNqlCrd>Qgdmcq4
zbtDZOLPmrUeL`<0M4C7z?kfFZVMJKOU6;ID?KPY+(SE91nyFm;8c)oa!z<6f$clXh
z952|!YxC#wTiH<y!IOT&-Awl$;lYQVq%3DVclA%9tMn)b<wu7bi<$T0v%L7`8$2fN
z7WW=1WSbBcJJ+pcUx$?&zA_z?xFi4T%$@YV<%{$)wXkLBB4*5Zj<4STXVzA=lRIQE
zUyO2UcbV;n)=?sC{!*_D(Q*5*Rvzb_g|nEud>PeULa+)kV2I0SP+|nwk{R4Lmc2(x
zFvq14SyRB%vlmig$Yk=^!9uK@<WPJjnPEmE)3ZtO$j+=Bw=s^K1kt(2W|ORUP|@kY
zWVYel{WdREM{@sHZp7lQXWQNrbh%n7obw`2&YH^$&pyYFBjub}K9i?+AEI)_E4;97
zKSV?lcGgFS<sG&N6r0IHn9+=0gzqU{$BX}Yjs^4I;*XC$!J9Q+vIkwkm!}LSN{Dzl
z*5&b<xMIW*5{kA`(%j6Bt;ZQYVhrOFt<-OPi~l_GDsL^G&A%Ucm^T(JVaD^%@|QU)
zY0<}W={+}+w)IW^{QN31uD_LhUl~h8$G2<qdiK<Mx%6wdkP$kbCXSDeaj<XsLT0@A
z3g5i{_bjM#k!13*bH!WCT`-eb+l~l<*~+SCpAOZpo&4w3w`n%oh%h_Y`1)L0$9{pY
z4oId;)X|Nlbr`~}v{W5q(OWb4<KxeWj?qn$%}4dY^}O-gGyLtP*;Kj082P1J=zDZ2
ze|vmBmP@Z?TuK<n4;E4&gt8^fLiMgKyz$C2{O+X%wE3Ovd+t9xJNIqj_7YD#`W#C|
z9eU#7$9QA^Nleyo!YvLqzc!D$@wf8Te!`y8BkUJ9E>@k;HwX6;G45u5J~Ej@2TSmq
zqsbjLm4V3-7(}P%3yUP&RZF$U!~}8EBuAT4<Z35ERF=DZqHIk<z=>;b&r+Uz_C;na
zS;f8<9SNO{?DpyzIbeV`suDM7Af}cwPWWu(iR!s-=F6--P($9NsU*kSM7%bV0xj%&
zP1t`}bmbzitQPsH9zE6wn>LE#l_NAFJru6s=^{Tr{@SfrjY5<ejM^wxsB&QxoqNiF
z@uUg6cQ^QHKUP3>`cOtE2*D^sy@v23KZb2In=y%a=gphJyoGalWzkOT0RtvE?ZP6C
zi5n9{+aRm3e0;9AT1gDoQMu|>p4(nX*O84p`;Y%Hcf}$eeBwz~Re2bDX&;;=1+;tJ
z96DA-%$Nzp*o2_Jd@PY0=CiZjgDuh~(r3ooP|ALB-FV~(cK3jfZ0AI#8b$j3;>PsV
z1@o9I>Qk+_@w+71LR<O(zMgC5oozeu9NWcCT`FH5m5r{gp0dsWdD$uGEy?r|`P%Mi
zrs$<-dF-XPm_O?!{_(<m+A~HlL5SFsl_zL&WblK08z-u(sIP7$WoUmQ{c@U#NV{xQ
ztv1oQ`VqN|*=8kNl($ZfZfVm4g3~u_@^Pzl6Wgx3GLBhu7@rf1&Kygh!I?NpkJBN;
zl72<FHgWySCloD}^>oB#l43OyosmJ9+eKURN!Gvm3NOF4kcAt!(-x7#m@$({wiv_>
zib32AhLJL89KG5rC=n{O@jwCkj6w8Hix&1pVyWK8OE1o#*zTia_Y$6b?ltDWHIs**
zeug6s6E<0%iq9lU#QhIow2DSz-`hNK+`#wlxE_me^LDk-P~U-^E_8hBURL?6gmu-j
zcjp#b&FS<{F|z$=5zU87FeYS>8fnEW8hmX!Q^1F4pR~DaK5>3<j+=DyYu}W!mha)Y
z-5q@KC%@*m-?^RK#6-qiaTmXw+MoEee%w2$ukatww99kYSK7qnY10th4W8C!8eN^7
zT(g9IN#ptBFMh*!r;Z_`_Xr{K`g8l;cQG+70$t`ru8(eIi8qy-MPuhSr*Z8!e$1D$
z!pR#wl}pp3Y4(S6^$nA7EqRWAEG%WzwO7#_2TjHpt{*mx;YqQWEBEvC%QLC<h7)1X
ziv~A{TO`uqa$@T{jR$^k3t0_^dEws=aQ}i$*hQ!53&_S<W<zkUn;h}<iS6Lrso<kJ
z`7J(N<vjDoW>Rmvi{YXJ#^a#Ay_2?Mq64ci@!enC&u_nSJxQ^#47&C@q82{J*9#2X
ze))LOFgt^JeL6DW(4#0hzY03pymSYRlkedBKe&rbvy&#Llx+d*b~pY|yX*IQ2=6nT
zFXjb!{GSi-j<FXvPwYd$?Zw?vLuqs_Klt8{8Rn~IW5#6e|K;8EDmp-kTvs=JBDZCD
zc&9Cb8%OoVm^_HD4D8R%cizdAym&|$#Vw)Zw~p>BI@K61{pt_-dY?!#2VcU~y^?T>
z%(8|@kr*38yy#T)ktyUS=}*-!b5c5KRs)@zXYopXJU_f;s_6PeIkdM@-qIx#Kp-KH
zuYT(%d?mSs8AnbaLcu!ZD!%{I?=Y}zKbu8eCPAdJkBQX{MsB=pj0nL=b3+qVT~1Lx
z0gS_@@WY>cll0~i_SU!2-qng}+->~)TT>~mI7Z6NKj8P*^rd8Lf#~#fbZvT*7aL;v
z$rq-Gu!I<DZKAHZ3%$<A{;dbuKp3{pDz@#|L7TV`d|ugQx3gv5I^3f!CqF`#kq*7+
z+%<fnlNW`m)f&B#2yYuJ*Y3k~-FNuEZ{9>NtFTzuDIf0!PCLght~a|ejjMj~Q@)<9
zW9M71^3%UP%Fz}->H0PnKKdZD_5HbRR30XSm*a=l@cX~~hOa!jngKW8#n4zG9Gum>
z`r1mY)9+wXtjJxLM_ju)as3D9+esx9@OkltXE7ztK>d*&6cjX&IeIv<>Y8jetxRNk
z<n`_sqE0@(kBEvOK0cQCNQ>5%=uB2zH6=Xx*kAbGkN-yb;AwodS2})ieU!|3o<Hui
zbN97Vh;USJLfj<W_4WJsex8BXR~^JObRrq{dX5(D=3sjS)B2`~Jhv0*dkObmn!=m&
z7E`Yi?UaZpAj+=3u1z#<Iw9(0izbs0oF5yUt7#@SHk!o5B*Frn)QIcOqqi{msw;`z
zGoSljUr*lDYZw<JZ*t@VL~)+TYq6(^&VY!crKyH4QOADx%Wsiz@&GHlA{m`)qG<P4
zwnmTOnoCmId~g?)?a@rhP9&f+(OkHhzy0mEeB*EP=yS{Mj7*Hg)zZYAXCLMF|N0lt
z?L36e5(TXdy!7;g{Qkj*cum|i=ta9J=T^w8S0cZI>5<pJ_6yCamDhjhuTC7)u5^*F
zI#HMOLg;TOYp3_<F^nIaC)#+IcHIfJ#+$pE898kd#)vc_W&><5*iX@kCZdOr6nQD?
zY*V4Q0ep?l$+s~f*~zTche-R<kNCmemlNsfMCiIu*(*MaC=vHLM|)YI<0NmswUZ%t
zf0uFb!A4tqb4c7B2ii`st|36*_LHo(TZyVK6L;ZmhE5zx_?EYM{)m(Qqs9;sa8TOZ
zq0QlvcaqJbV==}?ViJvr!5SvIGg+BjG>Fc@ECfiKIf7WTa7@UhcSa_Dai{m<!h=lx
z{`VP{7=ha(8lTiWF3HX!K1ND7+3<=xd}DwvyNjskSm6e#IsHfyfwww6a-xOi=Eq1}
z{t#}-&n8UNU^(}$dD|>zRHgF!Z(L8L(TiP*uz^#!BD{t5hHR$yPocx<7Tvm)+$+Dx
z9XCwp#@nV~IeCI|hnJ4d_ERD*(B&p0Hk`Ja<8&oW<c{zEibsAt9qX1=6gsSA`#hQu
z))@lY%N#aKnCQSfLcj_~vr%h2V~jp3=gp+B&(-{8LcSKR>?q9!BR-b{yDbXYmm1Ui
zkeL*ZDJ+~gx0@Ef5t~g;LKY3S$wIX7V-opm3w2ay;-$?cjz@`}h)7bB!bKTq1w>ew
z8H+ei7J*)rRiiJQu~$sSTU&v3!j(cW$VOhoVK9)MEb}^mH6@MSks`B&0L`>nh2YRs
zsStpJxjrv9G-t-6J+=*qyL*W*pnLbYNlv9S({W%vFBDn%<#+ES-sGg+7|x~F-pXZ{
zUCY&@24dA)88mj#sruD#(nL{5kMaDnBTV|%_ZTQugFtr5M!gg?dXl0ewX~QcZ9)`@
zj@BGbT1=#H(GzVGc_Zqf#GF5f>3Mm?YgI}}U6DSc2uCkE<+P+|QF-*(BCP1VUeWnS
zkR2_~4H$^XO(9yOPZtqSudpcmU8TIbsE8}R(QS{&S7D1@<f*6W5Ifq8^lCoFMt39;
zRmUl4abYogIXd?>*2j(IPuGsr^0u|BlUk1~6M?sjmIxaW!XB^4C$kVBokB!~$A}1w
z(IiC(14JCAjxHLzdvhuIOkqU0YN%?{G2x5f<X3<HGgEa{%-L6gO@xmS$W|f78%13R
zICW%-djGSpT~BXO9+sq3QC9<$FPX)rqzU}>>d+^7M13-LcG4WGG4heRL%skd<Z=H=
z{W!UFJ}-4eaDD#_+?Bi8ux<+h`7Bfvdz`S*W)Y&*6vs7FZ{V^?Q@MW1aH2$f@&yWW
zaxd=t`q#NG#Y#tXyr?$@Je@9@{5FyUb}E{kBAF)Q<6@9C*A@|u(Jj(p%w}p1yf$kt
z)p<i0D8h4#I@sxOlQsEPu5R1SL+eU#$PbQ-w!$1~rtQ#XHVY9XuMYWQLXz2_&BwJR
z_U0>>P35v{?_@O9%-(lW)B``Bys=!HrDtzj7*~z#i&NO86W6S)&0Ru-iAIrtM}7)i
z)FshArX@-X<*2MkgU>{Y$d64c*Wt}gB1g1A5i3{ltPn@}Ha%{;lbHS!`PEl%qi>jy
zg^9_c4twz1BDv~IU*{L!{Wf17(p%g-b)buk<JK>Kn_qtCTin_|6J5ZCzOz~6e+au>
z#2FTRp(Ci>1i=l9u*Dw`?X1|=>3ujwdlJZ;z>mLu18KEI%zE}!R#kLib=R`+l_kVn
z_f_u97dKoYm-5F9!1eZQ-s(u;rv3@q@`_ze?S#ih&{<V3s+&*LNj;I_;@XNxAT8Rg
zy$!7R?4m^6=NcUrlYz>&pXK?=E+RUPuw=<wY$z_lWw41xB0$CZHPrT-%<sPQO}=;U
z_xZsH8#9+~f<BYTXsuvZla67jVcLrX*=5^#e(@4ky!A3WjOpAptRILw++(}evv}<?
zmOb+ZMTvtMJ!u?MOtri*cLDQXdYrenZD!#M&oj5xgy+asb{`gZo<a=<d~V!bF6|Ag
zAmZ-RZ6tU25IhB|S+smE5B%qO_BIB{ObD=h`3jEKw~17VJ8t>rS(jW_RaD}do&5c=
zw<(FRaB%BJPBw`~QZ#H$9s^_U`zMQkdOP8+PHl}>le>=1&;Oez7cF7VYpZY#8p-&H
z6Y1qY!K-h+#p=Z~nO9-u%hM*p$?d%S)FUifwUh;`_n{jwf)S%eFsADyFD!VQ`3poo
z4I06q{=?{NYv-+*^I7`VV!ZvwGqQabf1kS#OJsoctKVkc+MRTYgz7~{W6d7I74{R%
zT(E#Qo_d_M`wG}KX9g$6-^H^j^*pw46E3rvro(%AW9<qSEt<=wqGHkUixyo7lTMF(
z!&7Ej7-I$};eKZ>o0l(O^RafK^<L_VHt^=wL+stViFHLqB3_YS?X5VHNAu5rKg`dE
z3qjk`iPPi7?{?8C1+vI{hv<Y_MF)lm+aUyHP)7vtJDk`>M;a8lvh&qbux1qpYMP}k
zB@j9;Ez-9h=Fx{{v(I9qc*i<Q8|+xRT6kyvEY_@E#H<y|*j?L(sqX~RME%;?WMV>A
z1Sej7fjPCJ^KID2;>GjXc&rk?$O9R^d{b18EXw%ZLYzB=V3Tj^w#hg3M63=W`rV;d
zE@gUL!XBBTZsdrhS9De#!bX{YPATR^$0Xl8?Ub);`@J~29C(8fp!c~bTKFt8Tl|=X
zJxdq8#pbdyye9d`*F(uW>uDc*9l!qC*ZJ-@f5cb&_?fqP9}OE{;zw^Ez#OAv-O2^x
zW=PM}!RhRL>qVBovzXTx?I!oq%juVvfT46B8_HT3mlI3%qFHQTy@ZV?nrRX@Jzp4*
z#*sH)V%6%UJo)5&%!4msq@{~>GhXD;xo@*h<j+w{I@jjKa?+H*4L|rLcSl$7<ce+B
zMY_DA3}e#A@!jb;EPQ<ywPkyFa`p~<krsBZU(8#}*HLTC<<7oQY!vyvY~>>6Y${{Y
z<>QDI0?68bEa4?bDUQx!K$KbJM;E&mE#N6}&CHv(f!G0KgxJ^7*4ag~qeIJMM|%f$
zQIF)Pp?oXV7oEoRuiZk#syA3$+bC}S{Pex^+x+(OBxcQ=L#-~1<|Bp7UbB?f3+ov;
zSl;O9$QzNvvHcaK4H>2hDUYa!+8dnuD5l+U8J4<Q_S@x~m7*vO;zp&jj^%I8VD^ed
z%-CGXc+vL6h%#!ZDB$T;%UQGFWtMeCbJNglI@{Z+==70u*DqQ0r~8P}IkYs?hNW@&
zup~|_c!L$oUT3X4k!gd3JuW+kmM&(a5Iu*@(F}`@B0en@L!AqAd<NF!6j2ZBaV4Z_
zV$>_HOP8obVQEA8-p#|<^U8~qw}?6?ZWt^=6h%Zu6DGv7PS!V%2dlVQ2#<;qH=;hw
zy+(6mOdGRa5;m-u!>fBb89DtjM6)OArx0qQUTROYMft{$7|X==B3@mxkU7f=NEtJM
zEPEM;imEWAW|9_V#U|wWh9~~ULuDS~?8jKRaxq1XUBnF>tIc&>7CV4p^4`Z`$Coyo
zU;p?!<n3F`!lQPs$qnb={8!nscqzN;J>o_xcx@>@o2a)_dpPg^cB;JQefUI&nv;==
zSu}=r(Qz4*Gs$*UvG2H(ewR&Ve10!%R-*{Zhcz{w{MZ;$#T~ri*iI@2Ud|2qskoza
z8QV9Jj>>YH!qU0nx*Nz37kBaEZZpm7r&$O9U&cUgzxGNJBV)<yn?|6jjP{fPOdZmX
z@VF?l;v=xPcM+M8PHJ43=<&lz&(0({KAv!K2kkkzi|sXLF1_(4hDW(LQq#e}v6C2<
znMQnOk~VT+7WTziO&DV1$jQkjF4Cqw4oOT%AUQ%utIJPvT0R4N=a8Hbhb=4&tGJ!@
z2F#>qq>-G_i?mc5ZPnFyGKX@<m6M5%jAwx8M63-JlzPIr^!l3^mJ*FIwKoIB&1z{?
zJ-Up++&t}a;-ix2-7g7eMJ0}$5#szy3AaViXFwjNx-#lx^7+#AYlt)WNlZ>8A<R#^
z$QzF?ih&v7Y}-~y#*`blW>5n4<yCm|MsUTzOgxq-MvT3L{{3@^(ff(b8$@2Xjt(hM
zJZ{XfNu-PP81*Ky($mR{i^pQn5t)=iqBZ!2V_QQVNrOg<2EBp`(J>9njS=C7lihnT
zeR9)8ClV#{BOIO2gDxhPoa_t|Gc(B(e<Q<eBqSv=FeRBNi<$V86k-!%MMvsK7Zpox
zZZ@$|qRf1H;&Rf7aJ8e47jcJM(2L_a;&{9`E?=yOiH#>C#z<S2huHMq49!c$8nDyp
z^3dhek&u!tj>mzhU)7?1UDrDSr#YNnsqsP$2!C!5w&Y%<J5R8p*39*nj3Xy2ohT80
zgh+S)v`kVn(ixbVB5VyKNp!5aDM=zfL@#HHB{MgRxaerCMjfTwwo#hgk88#ZpjUD-
zkyb0IsY&FBd`rzrB}<f1gvg_;^b9iM5->+Zi8><kASs?);ZKf;*oBY?Ps=5}rG!1T
zFl4g0X7Vzzn)Ud^^%s$mLGP#tjNvwt#C8HM+Jz`I#b+~a@>Kd7nklJkBX#8E+&pR!
z)`(aJgnMZ=BrtN^Xi{9Y)LAmQ`jU|hOiCwv$Z-0Zx+rexz$iL=w-D<CMviA}|8#V9
z6_k4;m^}RkhNZ`fGD{*eUYsN9d%Vd=Lhs%T>6JsY$g9ZoeELTVDHI-0ugnyZA_8=X
z8y~ONL`qgJ{YH<Xm%fQ(4PE3;xSAV=_Yr#8h2IcH-~M@AF=D88tr4BUuz@MqMV)u&
z4(F!JFCjv7?5VQuh&;9E0|czm^byx`VnPbN<uxtx(h{94>U<<Z!H|}hOKxHkiM{&J
zKOq8teHqnlB8==rQU{FXrr~`>-SS`vPhr%+L5#}J#w@M_b9@4MqHaZoTScAC<kA7X
znVQ#&*rr2lKI&n@9d|N5MO>rRO(c)Lf~!aL5jU=)T}iQOk77H7Se$Upjf}~RCni3L
z!NP`c(I$jh3{uaNo|Z<AXpeFR4<y^)L~*-`OK!N8(J5h+Z{9?w$ivw12rjwm8V1Fg
z2^d8>M-E`5I8VM|o}J%^D+lx?Qce?yj;D8?$orURB2#ndA8QiVMhbm<=Zd<QgjEPn
zpAcjLk-wQ)*`f|6Vin@nD{h+n=2-d;A3#ET6~{aE48QU^E)(VLm7kN*i?&N#^VuRV
z%tG)5VtO&IR}2lMRrm&s<4aQ~5Gm@qzoVLiRh<l&c0E%vBWc$gwQ{Gc1BYlM6Vh^s
z6Kz0_DBD{`3?fF@>@!D^C)(G<<ZOE9#G$vw&`a1GCrA23ed=g#C1b=Tq+5K!=^_`1
zdOP*vp+5H8gONq|forFVV+L!u)_|PCUCkR0KS@RQmHg<=DVV)3ai=Hlp2Z=(=uB<K
zE{@K5jd`U3ZvFOG$O+Tq@%hDtX%!7*Fd&cHiCf%t8bl{5zh~5q_AMj%h*hqQ8uIHB
zHk#xk5N%K3bJHa{bUCrwYBu8$ccsS8QeJ%OW!%HRz&EZPgM7VR-ihP)Xd@?t!t;8Z
zxU}!o$#q)2ctkh>g9)1u9^H6EM--6XNfWl5S_f5Uz#{zkgpduc+Zwd_l)Z8;pIl5;
zy2-UxMSjS2TIJfTmXP5tac3?^YvecbEb`Hkz~i)QbLh0sM1;QQCH=|IG1$yn3QkeG
z=->S6U<AMa@z=<<$w|u6Rg|IACGy8Y!0ixXPkxp|C-OU>jiR0+ln-)}vdwG}S?IuL
zvfw_jjJI}_i#vKNPERCLZ@ratZ7x;_QT}eP=o}3~Bs-nLE}eAJ(ja8J_-7RPD8hCH
z*QeEcoj61qO;$^AJzLRm%kP#+Q?#{pMUZm-j!op1PxzJJ9g}JAKJFJCN0>Ob8^5S0
zUJ=*3r6cgQb9CO!Q2n}B)GyJY%DQ!$*>qGe=i$fLJ?<|4b=7eEqVsc$@DcUR;&<Z`
z9h=4P!tM!Rwb?}8*|kU8vK-}PdfDN4j;-L&uWx7g*YD$w{KR105uKTw_#g1d=g`7V
zk0}3ufiPJQMY;J5W|0;-*HeUlx;<SddG6t-aSXqO`>q><Ka_S^yR^I%bx}wTEgw!H
z>bYI`k@>1!B0@DdWFCntA<QO3i8$^M_S-`FCCkMx(&3cr{E9RM>%WWE79p5z;i6Nu
zoT_75-pg}E{gmg(`Cb++-SQE%5Pou0Ow<)QU(74YUw$|6bi5+1F8OF#*ddcC=ioWS
z4W2}{CT3e0CUG5fiR(ZPhsrsg-PgHR=Vcm%AohuEm#F`Gqgh;2dU0)fwd>3y#JDG*
z(;n#yPk4oWMv)eoW%9h1_0RJ7o(O*W)4PZeG0JZQdPD}uHbIV7Y4*wTG|NYd9_>2!
ziR;lO@<s2c;PuCzre3sP-@0RpHkISu{B;lzH#%XbwFiEg&mtXGQFr`a(I&__aKgWw
z38&?sN5mBfrbh-NZ$xy)PB#4Y9~55uW4=FJ2%%6LDf84O)2-Pj-(LvRt{Ho%O)|?V
z77lTpi1x-R{fT-euOF>`iaIH-KJh=%?ujy&dDq=O$!`w^#5F3*OYTdXWqcC(7Pp*E
z;Stw-w~*4>SFH_`?T2U!L|%8-nSi)H93nDVw$ev8^4peD%t@OKqD<tP)beFqePvu6
z&9iP25+t|=CwOqT#exKf#a)8CJ1mgk1X<kO-Ccvb!{YAlzQE=EpYz^x@A)zxW_qe?
z>epRe)7AAnG$m-34k(qn^*bJ1DrX}bCl07AR8a|0UQM@;H1qyG3L{^_9_P>gb8L6y
zjkE-4AxZlWbSBi+fm9lU7TxvYpDL#-A+pofffiBw0$Op&?Uhqc@wOdmgwjo$(Xwz4
z9jxub-*1IV<XoHaXICx{!x*fgyv|<hhGR<h2{!TMLYu0(PqZNLKnrTQ-l7Fww!lEh
zrNi|`cfO>SN~e(!O8HQeElE?<Q|jD!Xb9&ag_<-P!6k1zNiwQchX7zotVt?NTSzFP
z_7zBa*!&}R<(J-(-b>0h-M`A|i>88>^*QnDvRoRLLbZ8>m>PPqEwGm0?KiNIv#+VC
z*WjEw8}=x?JM^^hcf-_k-Ix#SP~Q(zS~gR6c(mD!%3^5e572)&x43GqH4gG$XWsWE
z9i*&Xwm}tJ_~~En3Kn;YPA0m%kUw{i2hD6bwCu2bL<j5LM{OK2hsa^`3<`b~{T(b$
za&AU~KKt=kr6kE8aXD@j0hIdSO6?UU*3VB!$qeZeY@bi)cE}hj_9?cx(rZyS{tyc@
z8dAzefi+s5)6+T4Q*K8Y80a6K88E5RBvO`f>IZhZME4iTF&+-y;eq9Hb-bg$YpF_Y
zm##5cec2%+NlO$p(w%H_-g9L}N<vwqX_&qeC$qkK*g3>!MIFZxW3AYZmc69JK<|1x
zW6M`JfEsUZY<~)?6<@K>;<uBXH(k+7sWx@)BDjYB@k%GwuX2jvQak@f$4KB$gxdCR
zkRhNEOBL-Q+E*2|uD==ps@}pfpV-9M`8q5|mQWX+anzV8rvd?@XMp_iWgM7MjaNUC
zGz}Ry`Of*q8abF#N0DnLNotMaXaN0$+O&M+z<T-pU#)IJ`M5SP-RaVdbqBw=Od!6;
zYxbsCxp@So76ad-w>LsW-)9s97cVB9X<~beTCWE4hI;JX%T)tOo3GAR@@`fcz&1~E
zOau>&<Mgx<^aKywwY-dFFF}#cs&3rQ>8&o?H<ZJAfd{C0uc`irDIl3Q{B9dwxsol@
zX|M2sX0nndm*o3F%8zXZ;^mE*{K+%RjGLqRo4)_|l)A8JDxU#bm*kq}U{o}##9*F}
z2gch`oBM8z;A&huC-x22ADD(58#qfu07QjV&Y?pBy8#~li=^wZp`QJyD^<~7!t?ul
zI<?N+2%!;uE6TDeBIJx=6sC9N{C$5wl6rHhy^~wi7rps088LpnvoeO(JhLalXhX1z
zSmL@aZ;2AxVglYslH8G@BXM6@a9dvdpJu=@BWnIV(xZv7kQOq74gX{ni$4Mjb%)$(
z=+IZ5DH&5kA|hA<1oVw{tDO4!=sreL!XKu|t0jU(oMu+$!lvPrQ)I?s=a$FT0_65l
z=mz89oHp5Q5pMleIYJLQ1$1=bZx7~t3Ii9MBzR3Q5}|c}#$@3?cru7b5cT6F4E{>B
z0*$KFhBR(=lb?s&YXxL*SCu)sPA)Fc03h!m^H^lt+SRvW_S!&yv@sP96{p~_srXot
zj4)-Wj%;lRw5qqyFrG{qg^ion><s}09P;3EI|fsEczFDp(PDeMis0|xb{Ajt;j~Rn
ztIoo*M0IKLqG8%Xt3mZh6desqD7KBuAN>Qu$LPq&Hdlwcw%0wVjc+jbYJ*qV{F62L
zUHa2g+6CV@&z>j5k$tb!qPw!DEWY{>-?{<}D8!GN3N?y)12qs=H}Wr@PkvFEGmUi8
zOipJ0L4{$3)%DH8%C<&7Lh7$U#m?K&_Y-}|>$BO=ucS@M5iOZE%4S6+0p}mHeZ!&!
zC$n^>F!2DnNTg)E3i;Q=9#vo$T12pdad0m1tbI{(!KN!`Co2zI#E!y4iz813nR|yn
zWBj`TxSgUmU|PY$e~Y6`^o^O5pH$H*Gv37uezMb`!+^=!TGmZ=!~au~KT>M^AlsyM
z21DA%UP-(ior;_^la!#~d38SL0Ib+K^yrzO>s;<|q(XvEi)~_L<X!#)yyoRanNmi(
ze`Ta9-ctk-m|GS0&&9RlzvHNPF<?2W3`q-+1eipX=^Rg(L{Q9V07GU-oWaHF%#!9_
zl3?)p8MTtd$xtzE0RH^FCM`{5^AsM&8x)U>j5SB?PfDpKkOE|3QKAHiQARQ1kEW!E
z5lPBo5K@$qWnFB6;$=SDXN?97JZy1oVKP-Mq930=vEz3g#4G@vcC+f*bq~GRNsCb=
zHer9{AIdqDW~cv*^33Q_KdFyIF@)bBjb?I}h~n^+#$=TKn59bU_`%hajWZ*pvhu5y
zZ1}x!HUf@DYB|o0LQ_ABGpGED0XYS&Dl8X9#*$bL2sI+&4c99D_7Cjr-I8XCJwntC
zBthO_8a)f7v$$BRRDq|DgI_#shVh|jYPw&NC=47IEI^s|9%_pI)qaieLxIw`J!tko
znL{M6WYFY5OM1Y<d~1Hpnq7iix8+0x$8#zv4sWRc^{k<FS7x(Vziq(h4o~2g0<HDb
z*gHlA7+DaL!`t96V6HD=0t^$tyGZs$C|(?_(0xjLe>wK2<2ju2X6jc%s?pq-mG2`G
zdD|7Y^e&UWo-}XoldIhT!QeL$mX4Pvg6)>F+BsGEDI4R$ys$O?8_p(S!WH58dLqXB
zvrHjnCMYke4WCfqnA~av16GQm1jFjUnredmORa*_X?lN-^c|bkvRhco+8*k7M<?Pc
z)+zBMffl3%x?LAnt2x3>!aEX}Y5;o&G~I#vRC3u+#Ke#rQ`lyE5AzWZ*V|9-zyF9w
zc<lAWu*%jux%U@iS1o|eTK>a><!+5xzr6*4C3o%f*LLFP!3ni$w^P3ALrt31wis>0
z4_-%ah#b3`<w?x3i>T>)1=3(P&oLt;&$YdWvVg>h)1SIt+>WrlmCysz`KUy>i7763
z2Vj%aWEz&$+8eha5cbi*{qi9$H=QdSt4924;B4eMSS@~+#c7e7EKc0RFKC(TWvDwP
z6oIRm+ddn^Q3^-~E?uuEkxFFtLfU}Ms7ET|d`_{#=6i0@yV5qrZvYScRriVH($kTJ
zp0_L0`=sPiYtbxqq`{1uh!rX|!@er!YfLGQ8G@O-lfFbeG&(ui-nK$1q#5|}JRH~@
zQJq-5WPD_3f$5wPplg&j&@Xwl*wOe+6IfI{iNZ+39i_3u(oKy?1=DevKYIehR{<v<
zd9=RKmQhpHpl0=RvD)?$)20y2cUZz*<I;Pi_1glIn^Z52&g-flPv$fX54yvyxnGZC
zwkI=9OnNC8Eb5ipOYms?_95CaZ_GY7a4z|Bo7uWmjo|WKHEA$QR!5SoV?yN0RM+n^
zUUTU~V8x{h^r1-2y@WQ_k{Y#dF?HC{2b5k%gmdlu$!ZiJJTA~S@Nmwcn*7A9GsWeE
za|I2RhCfXaz2&WliQ|qy=rrbgn&I;e49~Lf+=9C3wV~ahL@0A$5}?b7+mqVhP55h#
zP7P|XHx<$4^Tj>6zot<h+a6@Tn4v7uYD!p-?1Ya7AZ0Ko!^fnR&b`%#$)|7Lt!<ZK
z5CA-pJsZwM-dL?dP6FuH;>4}B_)GTMhJ$WJZH_Isx8~MNES;&-@|vs`w50kb(zoB3
z=btdenE{ki(raq%Z#(p=cBOeqZCb8dgU6xfD@*i+VExBTVoiRQ!<2=WDS~70{^)+X
z{Y!JrA<?S9_Rp?FH`Ui?ce(47f%9*qbFiT<0}>B5>~7Yv!~*o&Eq@-)7&~WukYKV!
zs)*D_##OOcEf3X&K{j~o`&G%a7QZfe@F-xYVc=GMlJ1uLL7a3CrWaE~$gzu*9a;M7
z4NN;BKnFX`)>J+XF<HA0<i<aXVGZ7cc+t4i9!EE(ZxY|N`%Rcj1F#7o7xn``iJv#T
z_}KXaR#IHhGh&7JLkyO00TIpsgfhm=(b=vLeB6vAnVR9Q0cqRae%IyRaoZHJ4Tv+L
zm4o>(nfLwq0JA!Sty@=i<LTJb{Y4t8otGk9#mQJ6jV-TM%9i^!oZ$9G#<TwsZ2pD{
ziZdqM`IYBctf@~A%-q;le1gZyb||!*w`uPsD2bM6|Iqg{$Oe&otV4CGBSpM|L~=F0
z4yzsy9<gd7y&+<cQ^kHu=Z@vu$S?bK<?^&hxv)smPtLZPb!Qabo=>QaXD<Yj<==91
zM*}ohrr_X2yxxmT(dKotm`V4p$k(7)7*&i4?8~|pS8LRlMVq?{_5e>GSzNCjtM+3?
zQ<pme?)ZwJm+2%Ip(SuJZ4TJhgI;)=T2f^>eozwvp)zb`p5+-V2->9M$1kgPJS=c(
zHFoW2kW7JPRtK~+Ig*@mD6wD^>&tN$G3fGw3ZGJ^8}CTbB4qa1Y-6Il%xW<uT*<VD
zl4$W9v0|rP%jd6%U~_`TGuvO2X}JoI;y*l^y5g0CA`em8ivS&evA~IDV;ak0-ie}T
zQQ;Tf04$@C_9VR(Pt=Z9Z$jf1SEb1bnV86fV<I|@1m|Baw#?)ejel0DU8~>tz)PL-
z?Dldu_6c>J!m+KEnj(mr0-~uA5%zQjMNn79{Tk%D(|p1_Xx0w=?4!!Br{%PT_bXbr
z1Wwyd7`<=1&)7J7g&~*7%BYE>;2#AYjZdnu;{ImRAqC^CbXB+k%EeD?bl@}NtwSKU
z_N-{-s?d)c1UcgQk^U4;#o4TMNDk_3)a!=ut#e^ayT`H(myIQc66J}wXof2?XXVc$
zff0UchpQPOQQTQ`o!`R<Q5Vql^p-|(Cm#g~4%<^e;3O@@rqgUAQLXsx&S9uH0$%#?
z6Jo*^K3^J*xq>opSs3=ps^`)Q^zo^IrAiHp$oix)pfquDXi)Q+w8Z74lQCdO=MI5j
zI{z}X#e2X@uqmy*cH?M4ye7++s%kvY(8^+#C07qXoD(2@=JxC9?4HH-_UdxEnBV_4
zV-T2Uv&QE2H7W#;&!N|S#tItD5!enrZf|+$1bdG>To@pZGHBM%dW+)!;dU#9*D|AW
z^ghS*rn+oo>=cJwusRI|098nN>&q#n4?~#gXd2X($agJicJ2o;xv#~pb%whSxnvo|
z=+cw<IK5i^`2%)vd&c;Ptl7oyHhkUYQ}t+3-MOm^{M(;d5BL-$(nR1Jk!Iv@ND4*|
za%oJ-wHmB<{cAahAh?fX?Qu^XuAls#jO_Mw6ypcCn0bgOfNj1(J-0r$-6R(|7chBw
zSLSTVI5(zML+?bbmEgbrIurOnaoU2C5p>JRyJ3-};1w4*PbsS_EXH(jJ<Oftl^AB<
z9THlpXzwKGNrthHhxuCz-^4V59N2{+fy6SsVVBO?Je9TltI*ODNsf2HJ*e>8_?|>r
zkbvZcKQa+8@EJ|;@oH;C%MmTx5aDzDq)V^9_w!xB!%7VB;$?%im9-kegFo+F8hMz#
zLU<K0NzJGz5gXK;P0l*Sxc*%gos{N)LR8D1Xl2w8*fCu7o-HXIE24XYl&=a7k7n|t
z^G)U9X<tN6%EJTV_+^V=tMJ3G3nW?iE`4T9&6NJ)0BN4Z%}yguGd9u{d1IwsrB{4^
zuSP9i=1<g7$6ts#L#mXQ4vR```*E=%oNm6&QD@maU@fJLM5;QVl60aGcb{K)edCKA
zeqZoK+5;7-s=LuJF^=oYnemJ)7Y5izvI%O&Nlhok<4_vdqig<A8qdj;UZn6@$QipX
zmV?XQZU?Tl`Q%&Hg$D`<%IV|1dj@?OZJ>!Bo3LWBc&d@Pb%3<CL^2G2x#}yXKd{T=
z3lVWQv!FV{X#=J$Nfln(3m7shTnsKot2(dR10Ju*%RzKL?l$QCfK<YVZLjpTXc&8u
zMn|c)<nYR1B%LjphBcVA@mqOmW>H><EaK{B8dPjkX}a)fo5=fR&KQ?Uj+A`<d?8Qc
zMzAds*Ngn>^}?0-^$8Q|d_arOCluChM{#1Qw>LM=H@=H`A}adHa@ef^ygM6h9os8D
z`BZV$Bfj9KMeBA|_6bWhp~merv^7N!INW~IT4_XtLfX8WwRh3|VzT=BlOH9f`9es-
zSe?D9Y7#?>w;xe!zXBT7n>$&fMyA@9o%DgU>k!tjba_iTj%d@Y<hOoNm9QpXvX_&{
z!QhS^8vCIXqXW@i5sZsXlS{J;UYpQfKI`jOO6n^b+KN7if-D3=kFQz003FkYeD*97
zs7*t?CCt)*S5OwCb%NMuXGT=9?M^hjGUsam7L*j__AYXS>pdp9NHHo_Bww=VhiF3w
ziYli&OsjWqKbdk|>1lr-cAsNr6!1@m#k0GKtRDP(ynR82VWK@!n9EH1U?O}7z8LK4
zB{XyS`A3qhQ*9K^$34uncto4k;Hy|lOmvr&W(u7;bXVI&trnA*tbR&!r1=x#f}ZJ@
zE~D>rbzDH5jsQydp&Io@H=<E0@+P|Y%ACyTXc!IpqH9(&kPkj8N#CjhtsgIcO#e;J
zb~l%MO(lZimO?y(9_6+T@|D0~c2Q9}d2ij~R7qfji#FNQn2U;Hg~?v;(dyRS_)A*G
z>z2-E0!{NF-R|L6P|_Ep%!_5q3TB@b@1ip*XlTd#kLN2te)T-7eV+kIO;4RSFRM>I
z#+=%0ZxQWKAgA^9PU#aaHU_1K6!pNurB%`Bv>m^eLqD4nB{>!T@&Bf0!F`Nnt<_87
zefLGRM|L->DhZA4jll2x^?o6Y^!~PDw^QxQaG@3e(wM&Ny&}8pdgLq<6`{oBZqI$V
zP-Vb^`h4JQVY=ECTZ>C7!6=1@Qf=02Q6Js8GN&ioS`luDEN8L|qI^cFFqU>MaQPH|
zId*os_^v$Dh7Ded=r5{GW71QH4^ejsYE?yU9J?BWw4Qg8G32*4KfNqKHf8rt(sDnK
z&;m8cq17EQ^W)u1xs<c&qR+FB;_;~+C7f{1phSfJT|EDcKk~-od&$Oz(t=*Rq3v33
z_d>rv9t68zi6}XoFXPc;oH}O3QO_UQd^V$m5m8sTW6&DPj`ID18_rGevg6yyJPD2o
zXjO(m;OWh}3D<4q)7BfD)8_pT(J}%D`~Lpl`fJ<9wjvY&FRZTAF=zM0RYC%q078lk
zAAYW6>7*71RN~Ot4qG{fy*R6lvNseg*99kE9TYO9C%fJNHM{<>bV7RN8fx7`x+QpI
zHbq^foE^!N6(BKt;P9??|E!<zAnmsVd6<xx-Sdf)nvlVTf%Zj|6RfO0$sc1D)Y-`)
zR}aET+<S_r?a!(<DSQ|;(?5>4m)tfR1UH&jqmFgYQN3GsD(hMFDu|%+XGe8O%Ff6!
z;}pgjp!a)vK5*S4L`Df5`gK&y-eVlg4&6><ayV1#Gls4Qc;vZ`G7Bg;r{72ivQg{`
zOZN*kxH7;8qitKT=4_w>5(;!k*!XH^RQT}y%~|^9_Y59w-r_gh&FrL8D6Z_{i>Na^
zY}Fb@LWG1Kb)Kw?<X?%x@lHuntx!ST(PEwc{n*Qt5h}u+paC0{9f+3gwx=NImlmb2
zc)>uA(cd}szTZ1%j%S$TmF<wOOv$#wrG`+iekqm+V)C9Pn)>zJZ<d(AmknTRue>+E
zW$k<v_z<{i+*Hog(Q4OdBzLTdEw(M{N%>UoGqU9arK6M5LbzH`znmH#G5zWqMi4Bt
zIUP{IdIcxAE{+G_Je!vc?MVc<(>gLf5wpG3^wCvBwJvGgj{95|v!xM;BTi!SKGpX9
zb|_r&Z~`OsS@;us7GZ8C$9Q6Zk(Ol)I^w-^a82n<hHvQs-HN!8k$)p4pY4g~hc7Ux
z5zaW^XQuWW>6)O`M~NKFC_8KCS7^KmUA?Hp<2nt?UBHS|$>{mKw!FB$J`;R`WOFmC
ztgPAm732~q87$ggSG<De+js3bk#bagT~gA9CAYKFt7Jr3#3Je+VwR-uD>HF*9?=5x
z>Y0H60$V8`dcdoss9)X@#&9#{Op~l=`h3sT6%MHvc`e7J4f6D9iqoe6huOA{^#@Nz
zimc*bkD#DF7`l1;+PD#f1cxP56Z9!N-(=N;hqA2e<0uJ`13p65)HAmgu88N=gh<C`
zMGfpEh@K?K>APG?dM8`?=HA`PIE?V3B7=vOH77<;#Lgj}n%&+z#Ix2b;#u|DB#M&7
z!ZHBEZy*5KH~Rqdi?|F}V4o;l_(jv6#|bHkCukBGPD2YKrtXBbx+#p67mY<zVM#$j
zuPsn4H|xtm8ygX*_$Rp*&aA|WjEyQFw?}@t4EaS)Z+qdCEt5?XH<D25p!~#2mOx6=
zgI*kLT-CW6BcMM~btJM{7`m6Fr!BIx*}yYJlPhFvFrc!w2L`WpyR*lr+0Ma(lWCAY
zLvq;QLKt(S4_j*+>ZSMKT~d(SG$aDMr6sgKBUFV@P*Y*jGd(Wbq)wT;^Q941)JMf)
zbXEBZhbw=B%!+Z7S9E+l8*>Ix5P8T~N|Zmot6-d$+6}*B;n8KKC90Hl%ErlGAv=p)
zw<Dxhy;9U?uHbW{JINR^1#h#>@6V#pe&e>X5x&m8s@|Fs>W`YQVA`;rii#&T8mxI;
zZ=8xOz|NW186QBi60VF^nhJ@7Quk4!<y#uBCFjLHM&r30STFN3#O3sdBK$$>X1pyL
z3fF>H^rDM8MEm1(YE48N<PBHadAOZJwsp9j9VwsYLLI}JEe8<6Y}zi4BGhft9Ebs<
zMVVSc40Pvhx5l2%C@4h-TKqL+$dqCvDJbj~E&_TT`kw{&nwF?AL6^9r0*K~fsM!6|
zGnf;Kl6BM44uw%usJm4qcfHW9A*9umC*m@joPoum0lL%mJwfkZBznAY5`!rsquU3g
ztm}3YMSY*kIFvaWV!nPXJg^gJo{7@FnqI;q*vwNH!ez1h&~~MI*(KEIAkmC9_glou
z;8q9qs>@Gpvg3ea$0ei?M8{-Xvf+8REb_-if+P5znZ#NgbsC4`S4oEt37f$Tf+ACy
z0hbqJ;^-&qAPv>2V4)!e#U){75bC2SzIkbJFO_JM#${f-0I#tf7JY8L2<-ciX;b^6
zoXDMC=VZw&Hc1*4=ZpJ0AZ<1ghM1-%l@e3Rs4=GJmbIf9bp^s{r##*;UyB*h7(z@W
z*#C}5+GA8scUhg@-<chK=%N~_RJl2Pbm(^(XeRU4^|6Qb`TX-neP4bweSJoBtY|P2
zRu?Or{YIGNND^z5bUx51d0==u4glfcCHektP30pBXX@5{u^;kb_5FZ9{Bn?Mwb`q{
zZH5!e%hWJ#($|mqlo_LCoy+W|Wa#a%@r1>*<*A3%MBjBF`0>Q_xzKx3PC|P9`v*0)
z99w#7F5B%G{spV?3e(Miw`gaf|F;fLVxWxC{;&7y4s%td46%}u0M!cZPAW;qr{4}@
zG9A%0k}jO3OC$BZ4k)J9F+N%cDL*L+GSgQvsiq3_@Kugf<*^eawNDgK;O@4e@6GY;
zStO{J6jDXx4AHv#Q7K8;()wgexXIF-oW@{vbsNB2tkD%5qAcvW;j*lo<FpK<p3^24
z7(sSR?jk(ek-*JfR|lni1l=`-KL3T9eWlc1Uu52e6z6xQk9Ia`eDT4zTlCARBFE==
zsb4gPlU0rus(k3qteG<Be$262n!%E~FFn{j3DAhJk?(5v-Oq5B_HlA<<FHA#qlR!*
zF<FwxVlr(dQ@|nOl#)G0YbEi6aH9g2+$ttTG9VtbIi4);=gc0w5!H5j*yN9WF>M}f
z1i<v|f%Gyf+x<*ew{O@_m)!C$Vb;AT+77)xden{$SJSnNr6Q`$hf(kYoO16E2P_fw
zE2%T?=(g@hb*6bLov^d;4rXFwqb7X5wP8#jobV48E5aq{a{um{OW!`gKt*WBuRj^<
zTV3e9z}!iVtaZWW@n;5S8}(Y?=WF-p8Hz_Mwxv)~G6qs7a)ZvlHBrKGPvDM~eUbfJ
zXN^!%zSy~{180Yv-o=3lyEU*h=&5z<@bguHOkD48fJiiVvBY+kVeFo1jlL-gBv!YF
zlf*PC`l{W_h%2%2VUq{xFh$a76~$dJw9OM0lkX?1S~!8kR=TVex2o_?Cw+0(qr-_m
z63QNSG`AI@`50?8q7@Q;;=u1s+CXGtaRUngLLA&+eZSqqyxFSzX2vn|k8HY8{hJN4
zZ`?i6L{HpK*|Ei(Ffbkg4%a`?6}k&pGJRlAb?6@av1ovLiw&i_B2@>asjRSL?a_Gg
zin^L=e~r0(fKyUA_E#2{-JX%!F+g)+pZwdf&a8+WfW_c2WB%Mj!ej|e&>iH|NF3r_
zZ1`lq;s3IKYh^O{(q^@mEW3SPB)rIq@EJMp;#^DsiJ;qW54G>uiptfNvwYPMcfsc!
z3#FEZwlzhY9Rm}QW#@LG{@yM!VRYxv8)|0=Z+$4`(ru0B5sIcq_|9d>vl+KtWaF^U
z-@GX7ku{aE0b(l7F}(rmr|JcjjomJSa<aV3k33EN1H9EKTS7F;oYqJuL6^Zz=VFX<
z)+QIb!hy(AQEm-N83M6c3~=r{Kk3-=BdD_<J}yuf7am+QyG^{qM<vc=ZxWpLpg=p|
z8-%o}Xgf}aU$eW{B0`Y+xoWPBkX&{6!{6{{0tg_{<Tv%TwZAhv4Y`>ZV0E-8moA6#
z_&{Wmoq$EKNtJ^dr#Ri``DSZ^mSuezBF@z7TBj*RkI4LMB1~Gp<mtW7F!xmG-1Fz7
zr0WLTgn^1HYR$M&8L><6bxet{XY2NJrX(T|=F0OGYuH>8P)by2Q!jT+T+Qa5zP&21
zj^QLPYVJD?6mpUM&Yj1_Q)ro7(tP6?>%znbDuM_-OyN#gJvh~8>b{FPmAh!3=yv58
zmonr)ix**?EL^Ba-}~hRKp<4fOIE^+aiLLm2HE7bNo+CAyW$Unhh|gS{OZ@l%ZYWZ
zMVCdeLOM*_c1M*TKbe=KgNVusu^H3a;&8ykC1bJ$q_NxQUjYGM>zueR5=$v4uD|x|
z=eD&GrSXKxAAC>NT4D+6$H=cy(s7Pf)ng8k<cI(9FyWx6xArwHES6<TMoEQ6R*uU$
z0FK9EY<pAE5WZ$kNmnC)i$1EyEh;>^U_3`B+*mQfD(_h_LE3Y)Q+-A!ne$7hK6>&v
zV_Qp%NsIJQ;T&hU7QL7Z06dUSBx3h%6#|<K0MzE`h}dyYZcM7TaVBfw+i4j}goSra
zu6|w9stoatjquCfto39}BgXEC6&k`rr|)TKLT{KPJMfrD@ngoj7CvgL4H=7NVmI~7
zajA>GL=S@6a5u*VJf&%SJXvLj3sH!|n%A&Gf+ZNv4tw-d24*Q9IUASEvAhn+6(!(N
zJNK*#+KW>;Cxr|QiuXmPV)u?{ht08d3Mle_Ud$h05pi)fSe%N-p8Xw2RNl<?H7jDw
zs-G1y6UGnG$I;e>!EvRV#m25p+<D$6_Q%s&cxc$0pR)z1MaYnUBTN5QqvmAYUAU}q
z-;+;7JeYx3(EVGZ3(3P-aY`;ohkmFurzQ_MsGqdjag!}57&&;Ag2VzfzT5JxUJD~b
zN4S(Uaptn9CY)2j)-5(NA_BjR7#&~SL6NLIUNf1Wimb~QjqV3o!HVJEV!6>jHnTTI
zQi4)1E-5{D_;Q5}F^5B+k0EB!TLzOy;kd`h%E~HRNPnmpSR`9;Bp(EoInR`DzOPVH
z*>eMU6<nh<*)yEIbqaaKmU<z_(WVV^emoS(^ZpdRD-7NXc-<1RQr)z9wRLq{b^cOB
zXar{F{kSy77G)5W+K;_|mUD#dYwIj*%nnnQ;3K3dsph|%YNePA4}}LuXON1fTNZWN
zL{N^AITsei1mCj@6W)+z0IEVnJ$mreFMAvb6CKEX(wD_ASA_~@P#x_mC8UBD$vn+Y
z5v{^g`g9V)Ajc3@y&{GHasPlUHmN3ASf@j@h<(K-I)#^SZMP_co-o#O;CV1wU?px*
z!NyA;<1gD!9~i~jc|J-k^MqB1Y&K`5I^yTmoYPRJAI@a>7lm*Bv2x<A<B)<oJ9w0B
zvSXIoE3kXyP4?5Si+7-v*`rn_HkaRdzoV>TEukhSFPM-oCE{3o7z8v+USjC^&U#_q
z9G$;tm_HqAPg_t;I|ClyR?AF3S)I#6QU7)iVti<`q$mt<qhRu;&O3aO-{DqAhnvMK
zM0}miw|cD+#^3od`kLr(USPK}^!$6MhBgLTbeDIfhN9rC$e1&*uf+4M&{QxkE9=O0
z2Ujh?6BrXE7Q6GHWE{&rtN+<q6Jpo=mRy&LR}`CFD7j}3>cR+;?5)WBT%1Zj3^!}@
zNHLBvZEhSNyY1!tT4+LBJfg!ohlsZypGIr?lodxmf3#jqqAgjf6&xXbpm1HXoo_td
z0WI9lO>k3A2kBBeN^a3tD~}V*3P>@GoE@tS{y;CWxmRAL)Q+j~w?xrtae^k@QI1%-
zNc9VXeLEc+U1VTUf@Ft^Hm`@((zaDfigYC<24xVZH!p^@tuZGEMJ%i6?uYZPOYE9k
zTh>(E599attTivGKPYhK^Or2-I&6dTpQZQ@hH^v;;|`pbE_lgRAFqccr(?eN7TjVy
z?rea!WONDvg_kqP8A$arLceMTb$h9kCJuj9bH&+~l}o!dEZ4c!HO8IXcMEs{i5?Z|
zw;Pn+%-)-a;%6b3pGP>vh@3qPDZO(8iF}#^z1oQNB^te>0;sxB11fQk2_NhPt}MEn
z_96)O&Fu{n=4L&Uy^2QCiwTNBiWSX9r3>v20;TO{JI<2s&$k$V8(`jJ+>Mfc-yGA2
z0wuKHz5j^zmkS}IIZyZ@95Zl_Ix9oC>7)Ik_5MuWk;Shq)u7yFZ>059@n1b&j_{F<
zj<|Y1Ha~n>heP}R?mc|bJ$^zx-1(Wv|M&E5uld~v`1KUAf9~EpSxWrV$y@V(E_+BH
zC>Z~F{9kPdMSt?#ye&;>qc({21+f2VbzUYE$-!Nj`iT4=Ex*k+Eg$0Nl>htEJ!-cV
zt7SVs%zek3QlI`6{65tW{x}5jKVtv6aKpXj%m1H#zy7a&|JSRLjsNQO^_L^sdyFst
zt?&Dfb|_@uH~(ATH^E~<AE7;ITkwTU|D}*EW_x*#-mK>ir_;p#<+*GNtg3l|diZq&
z(k)zS&VMW><?Ir~|9$(vWZXmkS|B_QSvF`A5)<<%id5;qr$!1~agA)IPFZ`j2~de8
zKKQ_FvZUwC`G5My2fX|5k6K>}d~*ls0=nWk!^0V{luiMlD?4}4a-7a!TnMRlI{pH-
zht0-X4fWX8Uy}w`FZ4!h_PKZkO&8y(VvAPI%$TuTm+)tA99@7l(c;W5*N29*F}bCp
zYrY5+D^@ajcbig%o!srF?EJCUoU_nN!ha0_wY`u_3txKe?in<iurEVvM70342#@hY
zwIsBU^7k5#_r?`zwIw>^o&``}UhG#jUJyc8z2XW47UevhQJDB|2*rV09{59?j;}DN
z=ZAxAKKC8J`CS=oTQ69wb=EA^+WWK!uFUx>6Q5r1xmM%&I_}0wT3ff6Pa!$2m-mj_
z&QARQqs;L6XFcY9s1o0+WTCNg(A{!c(Zif%YDHW&`3Vw-YqXAh-X|Vj-U}1CO)kMl
z1Tde&7ZzRteOG<V#<WHOayk<11?u1i|7p-qy}7Wo%(~QL{**zwvRj`!XS>UF&RaqO
zxu6!h!u(*bmIkFst1GzLxyXdNfa7d~S~MW9@#WZQx42n-hRHXZFPuRoN1=aDV_$jg
z=a1C`Q^zYP#|1sl@mn)M-(Au$(~d^?d~i5|s%e<4PakpqH7AJD-wQ<G^1+<~b#LE=
z8~GIwLbo^=pL+m(pk||4$|z${!bkGBCURDuQJa)cl-99BLWsh#zS=Z3GNv<C%lZA}
z^Zd>)87#jaTbaKFIv-lHV&v|uN5!drHX;o;YwP6oj8JGiAYWZ^OpJ(uQ$O#-FD{n5
z+;}39ry4JH+f#`rF3GLl|A=A=_vx&yXNecApr9%v{Zyco2bhf4eKoK0y3{CJIl6)6
z8?Bpx%uRY!``4dyZ~7wLJHaC9jHjbi<oNY1N=Ze0vCD4se{6<59>V{h>CyfkI!sY+
zriQa1j#9nzT|nIBWIK|eR7lLqxT*Di45X{2@^|}eZ7}j9W_`Ivt&JO^YmK>&fM@kx
zjq|HMXR1|~yAzkCU*P3B!`fatoc92Q2uH<sbK^#ktHTwLcy|{akKN`mF+2{X3&Wsj
zoOdWa=EiLVjm)2po?baP;Zw$RxOf3I8Q(|01NN!ii_bA^KaU^ZLfqNTcR32;;`W?O
z9Z+_zXKNV4v-Z$yd8P=auO_F5-L0>ud^koYdw$5n?mK>UGk}*XrS5;d$6p_~7Y>X$
z-J#Xb)PDWQeYguTokb=tgoQmjY-o$FpMBi-^}XF+y<`s2KcP?)SKQUYAj!!c^GRJc
zviNJ3jS$ZHL090+&^_|*oTEq!h=N+l*-MW2;TQ{~Hz%_i600;tl3WHqg%NT3OWQt@
zav{ZVLl}0!DVO`6-CoOFo)nL%H+;2bb-BAiG^~kZeTvNyjPiPOf4I1jDk9qp(QDj}
z=fDoY=D4XqRSxSQ@d|48+M|u>pQk+OBm&on-Yyqb-cHY6(A`yn19VV5PmAL_i@<Bk
z#~XzI_LjCEP9b7AR)eNJi)5#(4!+S4HWS|u_j3~3;x8x>f#K^>3tyNW7p+cP%)Y94
zHYjaP7*4pGoq5RlMSiRcbN@rjPQ2mwC|};OfzKG}YP#aaPcC<wO<|72^>}%|WXW_f
zBW+uwH|Ix!+)#PnlyKkAHh#Vu_1S>2G4Y^^@$+TqH%E_<>&0*LmA*So{q|yc_TFGL
z{A$SM;3*+3NMQsw(%xcsbi(pO!Y$YNEgRG2wH8yA=33Bj|4rYz!@51UDA|U#L$~su
zRXrK~lHZy6th#Ow&bl63#=1~94i(eX4*21LuT-m3Hz$MvK#5D9_57a39b4#S#!-=g
zH4oHE|1D$Uj9!`X?!$e2m-Sv=9rZjKdUxQJV$+({)*{i)3;)@a9>)TIf$V1lkZv-t
zEYPc7@G2eVdFd7BH9CV^O^b-3S>8az5Bi>%;D&+7UlYj*;4J#%hqu(?a#}6>8)Iig
zck!aMC!#Ya6N`dEL86hk60$!v+GZi;t0)a*US<k2XZs6*N<Vnw=bt>F2aq14s3j}b
zFz&{m+Bh1A;CD@XSaz|dFXqz(8zZ5uCvq>fwEd6VDM60GjK4H)g@RGi0i)l?1^hzT
zr9ni<wap`<;(_MC+Bvl?<d9$aQnV>r7anbw{C}=%k%U|DHhgfUob~#Fsd9jCZMb#)
zN7J`22a(kh!HXm2ELvvE5AR8EKH1MQd_h014Cx$}E>?<R&4^ehx4oLjfZ5}B;l-St
z%(g}IKyh4uZR_@x_8HUb@A1-C=Tg@7>B#*ZmcchNi@vsMe7YX!-1@vpdX36=X*;^-
z(+qu;)Ou*XXMOr-=)K(C1H3l_ZJ3M?BDq<~oA0}m_DlCVDR;DedYSuzB(<l;RT>r%
z=9bhObN&>7#HfM-&I_t82-o!fM$2JRpD-G1<vduY#&8Xd@^SKnT*3tKS%z#E303K!
z`{2;gX}T2@r`?GaI0d9?-6sTQ<X1KV5mJ3ggXj0vONCvsfz)=N`+kxcw7{qOa`-k*
z!>0;M#G-N6k>L>nUpsT&ZVRJHdWo|%CcK##*U*F6Y(OIXFHNH1G%mAItk^o%brymV
z3ce%Ghk~D9ISp~UVISVavrz0}{Z@hxm!;tQ7JR-f^N32=`L~ny*%tNpQ?q<Yt}dww
zXNr;*tMh`U`4^G9W-H+?f}--0Y$XW`Ssg^;hZO^42x#wKprnl{;1CJ*r9<4UeE+E9
zN-*GN;5{TU(7v~^r#!MI$T`Px{e<swDX4w+<LN7gUIBE?f3<z|&9o0>(1v09U+>y^
z?)_0E^k!E4C0}E|`Bxm;;d%OQ@~{?gVQN|=sx5Yfm=MS!NP^siP>aDT(Pa%2%1Yzt
z2T!*N4Qv#T)9ueKfq%o1_n6zqWKw%A^7XG+A+f!7!`9P-8s}f)bF~L#DW%<N0Li4?
zaBPcO<3nVKuFv;Uny%LQ<X-G}_N0wE1x*I%PUELN{SYNBROAabxAWBvw{)-Q2L`H>
zr0#B;ZNF7Gx1T9d(mFx&t44o^zgvs#LYKM5iFF&2-I;9G{dIvW$8hc}TbZ|Q(0J+x
z^ZX90`a6=1p!g-Xy=u}$*MRBnnJ`F_eX2lrUb+{{>olLmnS{ICIGA=^hvn$uyzm9_
z>egvb`=z>0GITF=$Qk0+o_nm9G|o1ZZxSx&GX|R0bDLqgQ-+cxF|N<e9jHG;g&0<~
z=vE)K7nO)xg44%ecGx_4b?Wuv@@cnV?sO%@PWQG>8PAgHv(tgs-t}Pxn?+hzP1kb$
zNjoYo7tWWCoH|b9NX2*KCW4<27kJo?)N49BJa31MTs#Dn=UWme<zJv{_r}eFHg!f%
zb}#S@K1C_%GXk$5c@$eKi-}bp{!>%xd(%%XYYHCPPtfM^nSeL1RKK;xifL-Op59B{
zbomE;<WFQHU{PbvtXq?wg0WN(6%0>h`ShMMATJUk|KligV>xDh=QLm;tl0@I1|{xX
zs0KA?vZwpYEmc0<BHM)?KjxReP46qZ14efsyAY5ZoLqumzAD_QeS+Om=>kRaN+Z9(
zfsB*7fdK-?QHMV+WE!-g=XTtF5LTo+?)k|+_hp-t5v{8LFlR%CrjjBKN$t1{U0WTX
zS3?=Tz4v-aV^~h|j0B4<kC1nGK}&}<EpE5w^>I1O%+v<<y4&eden8U4N&0g8(`Tl<
z%+`1dOcb*%EDKw2Z24TA1r02?E(e3D>#A>VcdHxzJ~g?mD3MGGxbErkUpa4H2s*kX
zIc<erx|<No`N#!0yPmFG2wrqwNpc&~Ku2m5PA^hbY*)D1WPi}gjV~c%Te^7w!*7qj
zBplV$R~P=h3%CI3JUb`c4PRZ&{^N=s?0vo<*O;<6ZTc<VojMp}_kiR~Os5yvejr@q
z;s6~~kU1Vb<aWOc+Hz3mde_ZDHi>w`_6G%@w3iRl5@#*vi?~ufPG$Jt@^wDQ^c&jI
z`CD;q)DMNZLa_Y(?q!RzVg^VLy*n7H-A5d-u#{RXyeq9KIz#n2#<2zlse?o7t65Ni
zg7{rxdp(KucEq<|hBLlcL~K%f!0Vt!f%HJ~w78izVGJA86~Ys+uFq=N`yI5lkt>$S
zq3Ft4sNu)rbv<v0F?bES&@DLK`}+HSx}GeRVVTd3JHd2(&(;STC#DH7WL!V&Pv`z2
z*PPG>J$tY>nSYx#D5g4PxR2;A(3dZK5B&k9Y)OS?rL*2w7(m5XzKlqjW;MWp`ikk0
zi%Dzov}(p{!NoUFluYx*j|V<B)WfFydr{W0`Bua#&1TbXwLCAXF&U+(Kfr0IMH;PB
zPzGZV)1SSPYgZHZ4n9G>vQVZPk{?4e7)M_Y9-Tl*V`3_Ml{H227~S&uJv-GMnSp)9
zZhbeh+?LC$MKv742|9Mc(C(MLu~Njh#aR!gEkrsWd3~IQN_B4j;^t_u#V}gpAY~{=
zL|8-RWOES#PaDIu_hg!dOrn2?ll=7zx{9P`ifky-$jcKJ8a=kDyUF{}2l2KeASXS#
zJIL%%)A@=$UQt_f$n?ubJN{|2q7+b7VvFE!2LWS6L}hxF6QR~PRE17mXX4i=orNo4
z-{~G~3HOF?VMmq%mZmG@Y4pQHMzPjg?)WfU^<c_xQM*%XlgiNAlH=hdg{5-zR#{*B
zo3i6I50Z3LlxOF~=-wTerU}cd^=9}PCx%d(#H~#Z;Yt3OoR_iGlLxX?yt55*@j6O2
z4!>*@qZjIXvVRBpF@mJ%?4#)$>F;`eS2=w9N4>au-wbuW(P*6Ky{TGC%5<q3-iX+J
zx0ALCOjoY1&8>0#@uY*Mt2O?(FO&&v!%sghKt!pd-uRs5#^XO$Y7869Hjv$$^oov{
zrjqzgaAUHI?RV8`=qQs&Vc^zzTID2ke8rf@aT*dxuL;OF8-5B{%1SOe7PqcAlfJFm
zN0|+*cHciUfu%Rb1X%7HDhURTV@Bw<l$yRvBm)ZP*Dt4}yIxp1148UO8y8dDT}3`+
zJ!2%{*+(?LJSP7WRXPe(bX*dDLU~m?ySQn6nS^~sUw?hi_mGl!_fr4L@_@KrvVmP~
za>^f0vg{-f)w!YVvxoZdkcbp*s@;!-*U6pg;tM;r{xl~;wQ$m9%5EsHYHz`HpqA5e
zWzXmqyA)4y`Z=7^;Us5KrrVRI#?36%2Xbb$VF8Rvj+6HsjUMY*XOotI1QNQiQ#w4%
z=<AT0qCQn~&rrQ)Tqn4CzapL_**Kg#+r15YHsa_S`OA)oREk%D!U`}`bO?!F>^R%i
z&r=`L2C@4L&tnn}^+)eCvBN9#3>{nV)FhMRZ7pD4(WaZnwROQLikEwnT#)PGiD~%W
z$aPoCK%B4Fdg^%GUFhZmfIH>62MJ$h`Ovg^`-RTCy+IC<S82|4=s46V-vnm%((GXI
zCNU6c*5uQ)gTuXB4}AF7bOxJG*yVPBPNcU0svSwSJZT1;LMBMGzwhLc?MZcU6(#x6
zHNZ>lqJqe(aA|bQ=f!`p<M9)@$ltnG{`6tgojKRFU<Oy1vol5thi!Lleuu9!B&OZT
z420)_b_XNF2N{IIN@IX{6SZiAl8s1vc<?eu(Bq1<M(ol+WYHIvJRo~qkgLM<yi^rO
z(n1o#@k(Q0cRMa)3V#qWI;1=d>biMEXmu_UG>Px8VYPg8vvI?HaVWFTk3vYy1ZeyH
zwFEn@c}ca)*`~!sDd5zH=U$BsVCu+p@nb_TaGEQiMD{`t>(;veHUIdP5vrH}oIyYL
zietJ6PEJySLzfd&KHn>oe8tn@fUY&Bz6FuC7<xxPyCI4K_&DMfOn~`wWPR%&h!tw}
zHEtt5Tb-~m*tU+JY};>u>7FMX>6-0eGE1!VY=+j>tVD#E{w<A;Fl={fvv2fWku1@c
ziYv$3O}>ZGUad8Jp#p|tXp58I>lVaES9eB+t5^)D&>RGl#>b{K>zUGrOX50_fYLv^
zm%nIiOB&p+JC(lrC1t+@HJ+q7Edm0r7wnq(8+BY#h4*Vy@I~V}AIhe8`gUU1>dwp6
zUj5|LEX^Z){9L&-c(v5uy$9*MP0wc2(Pq=l8LP~je63gVTxEu%Q=qbRmCpM&|ECjB
z3APnMEa$}b`m_dB-O@`9S?bkGf1?ju6YLw1w>wT7ub~!hqG^m?t6(x&KbHYqN=vk#
z1})=jjf)@E6c$!wvXl9>zy?)OiI2kwHp9-fqpE}EzgHLiS|f3B@X9cAQQ@+CE2~3K
zzG8t4`wYfP6t1)+Qff(6YINbU>^bD$$U$6spbeWx<Nxlt{pIqjV8guY&#C)3$cB3N
z<na{qT4AT>f*oT>zdS?UOt-z<)giWN;d=fgSZ*}7<zr%%7}>bu=nhrqzPq*ALv7)8
zyY34$x3;3<q5QM+>K0dzc)IR!r>eWUwZ2QkuhDu+A?UHqsJSaRCTI=Q2&hVL7&dgf
zFJ`IbVvkBD9F9j_qk2qUV<w#vGL>aWGeKmq)ZN=NHgA0zD1(|(8@$%sH&e(lBxo|k
zGj<(yGn^GJ)Z6SMiy;A=b70h)Gh(=PPzY?&6jnJb*_>CH32wNxb**v6=^xLVjvI~C
zjX9I-N{)sph;s&gh5EQHAV47=RMqjrWebG4piZ+M3UZc$rBKODC2AuT0eTZ3%}ya9
z?lg=F57jPNF&M@IL7SR|Khjgm@b$18c2WYA+ACuEocpznAOH+bjKZef`s~3@ji7A-
z_7j^tnX)?|t{taBhd0kM`r1jLpr>T0bck$+?QwX|#ht?2htOMsC-1!@0DAcu!+ntm
z<s^;CPiT`Z1<9gKOL{H?NCX>-4c-@e-i@stgO&C1n9R5uX$5gK8<(3H#+A;L5oZVo
z4d#}!*{>fDfh|&r^b|QM``Mgdf5@LD$*5YZs&`u8c=0UjX~4#r#_SJKIw%Gej^8#`
zb2$@)47G@i(z^!upgVblOs_u)<M|L|E)>rDsVvnNE4wt8z3m`3!083`%(^x=F;(E_
z%*gG`+?Axix(ch{&DuhE+H%#Apw@ODI;T+6LjUpq)1<p?O)*t>t0Emg?T9oweLv7O
zj1c!`86#@ASAP;YMDupqaU#@^cBd?fPDdc+zOmQ#9{n-H=oJufBZR~`Z+6C$v{aB+
zW7`Q*<!X^U5RB(FLD~45zvD0aObjEE#(oM7o^!$8`25G<@pw2fG3q)l{K^&YO~nJ{
z-hHdA?E8;(F6QT>QP&58k+`9eJPD{7%EUk|Olx8oeJT<a>d!^?fV`jx<B3dC|Jrnl
zGq)(tC%kOexBbBAi5jMZDs*9JE4ymKCW18i*o2sIP1=CJGQHb*t+Mndmgv}I-@&b!
zU_&L5x7t}Z17VSgIyHsmO;R4(M2HJ@R29p;<`K7sqHxSo_!yShngC45=c@HntIYDE
zn8-voUrMm7@dIIr%_Mw5C%&Yn1t27<voX22u+lvk9MXMkkyEU5iHRp3IW88C^qC$V
z!9U5_^yFF@X49r<Z(CAQFAWFjkN*0vPJhWHts}b1B(h*+)X7_{VpAg7y0^+WMq1$`
z84h?2b`Pr=9HL#(6t#g=w3-34DNIiZm<?XbX4(NV<n)62V38lx7ovGAjX>KGfiGgD
z*f#+@+jC37XB?63AyvYeqH8Z|9N(U4pX+#?{d+~T5?Vo393UJqCA7f$&k=-!1soLV
zzn|gIvs?|PZ$%E7J<{0OISk;XDH!SD)7pM-1w1G>09X(P>->A7qT>B)f8%$`%U4%%
z%}&TMvnXt24DC9~hu2^3xkp2%XhnDY`*Nq%4zCm9gwVOu%0eFFIZG#L{8LrRg$106
z50CQv;DL|AY2>177T8Z1WZPDjxe7+O1lSMe`t2VN(QD9X_2;?cTARDZVQ(xWk)%Mv
zeMACy@@7UV2Nyn59yIRm2eFT;+A4msMn+*W#`0%KGT8++@fC<3aT=t<RB2kUdTYAT
z_<vph8Rs<f#>(vl<!LdjZfxFuX-&nSiZ!nhSy>ogmfJ@+Ua$LLXYG$hR1c1y*Ji`Q
z`+x2@b(M&{S_JMY-RI^w{EUXZv}#okZ*LQ$i+7A+f7QBhmPq{pSgN<KxQKBN!ech1
zXQ|u4B2a2Nt0#~^W;0)rxY})S&*P3JVAZ;xUV7U1c`-Af9WIi^>m|aB8C<ObAGdmy
z){8ry1iwcj=1D4o@mL4chKUQ%ZhNBg4cGxm$N4S*`mWGu-X|^fhn|eVG!WaJD7zBw
zVnS4#uiH@rSkb+=;^D>)X87fjz9mR|G$WAR?kpPP<$7SH5$7cYuAz>_`0ytgt(*e|
z2n}`Yw7=b*>AWE3g72nZk5!;gdL#X&l-`20nif2Vc*FP9l3`F*_7$Sld!~wWe$GTp
z!Eej5=IKIx*M3fqnNokg*HG`+`3z>|9J1xsJpjF>K%EK=OuML*J(U2jV5pTi+;lz?
zMPspVbtckj+m=N{$2H>Wkux%rHV1Las9dB9a4ZFQ>3IgfyXJggYU*cwvu&l@8G%Di
z#G|EtdNl6o;}(onGZhtG4@~i5CzvfwLBxaK{I<}$nb%T9*>7M~npM~T&D-tZfxXN-
z=*K7Po}R!74Gmz$!W@g|Pg>nHg__q>+#^Wqm>~Ga`BjE?sD`k$3jwTQWaRgQ`<?e?
zrBf34x#SJS3j%R)321qb+VO1-$%p%HZ~5UF&FRLS;u1*=--^+{JhbkYO$i5{y(`ys
zDrjkoe$g;m12%Tk?mr2nZ$vbp1tc+-NhSNKgdPXut@=rSV+0e!?QCAnO&k1B8o+2r
z=0Q<>$Rj>S#;UbF4*I1@mAc)HKc^&wXRn0GyokZ`^;mxm`!{AWF^qau()zR2^tQI7
zm|R~E@Jz(G4`ST}VH}w|ojo5Ga(wbG0|l$?RP_KSa$z_%qQ)^uNma?cx4gvzt3JU!
zG&RBV53qMe;up972d6+-zmKjGnTmXDowzUv`SQ0z9=9F440^PgY9Z?eos;riTc}SP
z#qiYAmSLovGLFz@DHU8UA-uXy_HWro=-6rWbC<C9XbnAwk0V;xuhNm)8KmsWDEcvo
zu)1~Tbeul3stzBuv-}soWl=~b7xasxuBZ_2@Jo4M&M3^1C#}!)d9X`dK4~L^%>Gl$
zZW%<i6iXd;#ByHWOwp~Ot4t0db!tb@sYC(@;NOC;OX33f*J1dbpzHI$9eShjGaCkV
zGKxM^uWG66v(RCb_r6H|>iKVyv47j)_V|6heG!aC6ZYe~*hL19-*p?K#%Hqs{pFPR
zAIFf6Jl5>oM^kwv^~N|dLtDw$_2;oWZ)C*SWH!9D4CmA<xOBo82I`909y6XNZ@846
zu@UHO<t%#ZBa$w@o%4Hy;<m;!z*E4YtV%|j%a~ti;=YRpvGBPUn1862LA{fyK6V&u
z#sEy~-eYadBz}F}WFcQi`1n{mGbW9~mA#SN)ag8S^OX$i;bq14TzZe2&gk@T3d?Fp
zA2yowU=tBN2Qz8tP<%%Y5Ips2uI?8`K}iKs8JVzW54!#%(N!E|^ZsIbO`b?n*#WW|
zV!3qM5Lynb<HPL-aD^w39%-hes))woW8_xW;jTPRS&u3F=H{yyF`+M2OWva_bp)|x
zSsaQOz?=c8xZQ3{Vt_R{JK07WH;+uEXxk@jJz7S)qXTD99Q}ukWz3)iYO)JC@5b*l
z!rV&D@dEPmcC)+IL7JhN?d#T4Vv3@7Y!JKNd7a%OuIJa6U%=@8(X3yxT3CROk9Qwo
z#`hlK^6?`W<UPipRvl;B^s(rUZDrZE96CE&XxCc^ZY||-Q9X8V9Yr<m^hk=QUC2&l
zaUr{Q@1{9CnVwPM&{)LIHEY=40)2WWadO#fEDW2#pKiU9kt6$X{G&x|iX6)M$!_*-
zT0=>3HM!MwWDXckNOKLIxZVsOJd!a3;wj56X4>tyGs@6FX=x!R_U&SOO((s2q|uta
zm25)~E*_al)8UOQ-L?;VR0_SUcCxmvVDq7)<ejV{&SE61vYM$^-ph59Mli5vGTz2Y
z(MJiT$8xCXbPLgL!lsWPQs2tS`~uujJ?Yasf~LH3V#iG-GuVgl(bJ$4f~Kc@_a=%O
z48#ff>OFcm;r0e<j+H`eJm!`%jy5!-%iqQmZ!9H8bT+`)!NJl-!X4!t6dk1`r4Vcs
zqPBYtpJe4>j!7j^2JH36im5L@LT+h228o-fDBQU_Sh@Eg#|ralwnmX`=p<*;O4c7Q
zBRVCMu<Gsn=J|!J>C`heE`*L&JCPZ^&{rN{_1aC8In1Od$52;QKvhvbd$RV>7M4h2
zxN?pljh!|~(+lD2BzN0hVz0iRyJt>dko^erk9nCbw%W9R10QYQLkkh4B}8Ftt7PBC
zRctA)ks_yI?kJ<s9?YP`5K4Bg=97K77$Red3k~_wL0|v@{BNN89qrIu0RQJu1F`_V
z<Iq{mIIBw8eEcx^n>NxA+k>&TeCEyjgeskZy3!I(czsxfJa?2AvZLr2Wjpssr=3i{
zApdCI*6G6M=+yS4d3|=uSAN9F@t1Omu7rI;mQ-I8GxHiQZQsQ`FK=P=m6wxX(xJBo
z5gHtXNpB=XXJg;HFYvP+Rm_|<73D`;?Pcq(?8YD~rCXNro2Q=S(HB+_HhesN;vxu2
z>_Lol%>E@Kbpr*s4lZF?Z4g&X9t<5-tlzYQd|xuddYagGET7gY8x!Y@qd2#a;_6zO
zMh(Na{{!AybBJ(@kIhRKkW<~rz6CGx|27=e_GTINdR$V*7A>7%(jtTDbhu>XpjQ(^
zTH4+1l1`ot3NcW=eF^iol@Kok>Xp~tVQG!uX=3^ECF}|v%&flgIE%LP%!}_+U<{(-
zqu2T6f=wb1Cm+w9&;HsLbUq^kq~q0K4kuX(T3cB~ePjfQRy9u}!BG(yeH}EN*v-3(
zHsBF5d-#KS{AyJWrVu@)HA3Pf-$zz_!2AOR9DDy&{=Tz>C~p%VzV!~rD~s5&a5-gB
z37E6jFn7;EoGu-iX>tB3J+GBiwJ)!woSfwgS(Y#PvNdp|-b1vjk<Ht)DDLzx#Z@g^
z$o}{t%<dJ3>*zZE`p@}P>&zTqzL<CNN-zeinJx=0xhr{XYY7?g7IrM0&w;v5Lc(K-
zXei*#_m+|G3L>+rkR>ntiQhl@1n(UzLf=uq^H06Z+6Fg~COb>luVh2B*oL!|Wpm%>
zm@b029zBTuf~(=wESavOhC>B)od46Ga6xb_S;Z|FT~%yayoMU-T=XY*^5oL3bXr0P
z6PpVWGHJz4b8Q(-BKyN1zRU8$YMQsd&)lqXl7v7mn!l9N##&ar{tD0UC?h0D1_0Z(
zu&bgIQ*Z>yG_zvyhpen>pgLz4M_m#0=qP5{2Wx0IhY~L7L<Nh*Hx-F2bLp(gW9h;b
z)CUD|a?=Wy?>ow&kKg9;9VLXz0BPP^3#e)D<lwHA<hOdXeW*H-vDMYdnm3>3_kaHj
zzt~jAoQuxGSdq=ngEge4MN;t5Lh@?r$eI5t%gbGU`|;`MEIh!%<Hc02o6qa}t4T1n
z@X^XmRM}<F+`Uv1KmY-pa|n>Q{{pBPP-jym8#nJ_Wto>-@4SOvO@}En_vOyn7jxmX
z5hVM(c!ki}o2%I-o!C9^>|x6HZf9Vq4`)|A3W~%S8uNH@{eDgyJH*THEacf`A9Jj+
z6HEz=pU|I(gmfnNO@z=y&d*F|!sPSlla_|AuAZXQi99|losSlNfVxKh^rdx=Q#zd?
z6Zz4dKjhaxyaemPozn3ODe`$fv**X+?c~6&BRGanq?ek=^{UxhJqC;<_UnUf?+$jh
zCveHQVf4z~PIjq>>-xlTY{xOG#$LkZmtDt%@J`kpD#n+P!FiWl!-OG&2-8VAYNxyg
zl`)^TccL5W7ex}}zuFRPoU55#2dXh#cpVcjx|(Uj<IyX|<*j9RZaL{wCZQJ9++G*K
zLOd>-GMj71_M|OoC{wSzog2dSwAHoX)eABGlpU(ATK>f3uRB;RO_=4cKJPfWabvk@
z)*P;wK9G3nq}>iLDVamLY}&<KH#UL%qEf1btR+vL!=$UPXS}C{V+Z#0?(uR;8|o=;
zu4U1Q3Os75Qn7FCA3b^@s}ZgBY$~%e{HoiTaOp*ijW=Q!nHY=)$(Ko6V*TVu6N4s>
z*Sx2DMCuJahA`*COSye$5^a*ULubTn@=>#U4+pDiDXD9suJ{CpIzkyVW|9y^Co^xl
zlc||$Ou6w#{QllMx&NYp9A5Y?2Ws5(>N|uhuegYe^kgBsLYCEftllhx0d-(P;BsmQ
z8oFUJ1!<f8HBM);;H^B!>VwBvv1U0-_sYN7`M3>1+F=!Sm_}!@NSr~$^c&2G-sxN}
zWr;QW(4~&#(ivBAV@5dDWd$6`Dk65;b<Di-R;IZsIapXpL`)AZzvgO24i$S*he3Qn
z#ETuK(@LZaVjdYgjF{wPLTz>AS2s~sT7@}f2%~#saOw0Z^h^jvFPUgOc91etCf~p0
zDy|<BPu;Hl)LP@{Kk)+2yWs|gch+#Y)56G6Q^^Q5;F8gfx<1b-1A)=Aui?SFe#md;
z^ycV_HME9g&@Wzyd}$3OEtTXuj3lHbVri@8SXDiZPN%5XOo*X{!~06;d(rh=c-i;)
z<!x6IXLNnx6?*{$5Wu$|r*)wLd{^P^>>#+$C?2`{ZXUYrHipE6YNK<v!$!OO-XR@r
zgU74wVT|ZEfnPrITYfb-nk|Qp;ntai8VR3pO9!I)=JVmO^x*D?AL4<TBN-4MPv7KJ
zVy$NBSbg|{V;K|{C8R^8?53@wlXkmW^0m`yiDdeW3m9|lO^m7D!#}dhq|-HMvvG<L
zs5A`nZc;=fp)oNS>KdtZ3&RKs(s+j2C#g<x(oxCbvR3-_>#Y(w1$BZlI=wfR{hN6!
zB$d>(Omt1zyigp>fVgnA6$)LmqK-b=I^9GBo3IC23Ag%LliMRC&S)Y+CDvL_cB7lL
zh+sS}FX4J8dlx>(bJ>*=iAl(pgXq{qVvSBZTbt#DcIp~z_|!?ynxh<S4Ps)Nf3K99
zF;bHqYL3n!gfm2AB0_qFt?AYNEu)*gN4xIMYA&bJ975mTy-2K<ayGSTm9(Y2o}kzs
zBunNzwl?k2rn+X-K6Rat&)Sw|O_!Z5omk94gxN*6?drJ>nne7jFe_n}F!~P~!qjPV
zczW7cLV_SqbgYqddp#$7M$&sF6X~?kY?Ij9o2YDaXtMW+Z1e`nc+C+?9To;9`LDS0
zO4&R@F4g%`huf!-E}z$fQ%%_h8L`GCF=oh6F1q<TE=n<RXx`JTiW$StFBqoH^tHCz
z2~SQWIz9@6q|xCv5oZoVyTick#@N_Oz1s8ESx1Sj6Q7cuvIF_YsP@ttbu?DwaiZCV
zQSxUs*eKePL+a!UxqResZohsC=Hoe(w%M?Ew)poTHrCSIA?0#9Xty~u8LDz9sQ=nk
zdU}(#cdV&H$*_$Ym$E-0r@Ao0jjA3v#BRNaxzMz8J}(r6^6(v365*}jou#Wenmmvx
zy`nVIs7^(<h(21?-K}1?{9oQvC#)Uq60>Nixl^-4rDvVm9-*D~)(N?n^unSEkqW3%
z^xLS9u((9RBch3oGNNy(rf~ZTUMqAmVfX;z3_k2q5fUa}%@1$AmQgLa{QkoY*hIHp
z5uVCVO>2irmEsdcv`e}4-6Mqn0tn!ogVxms@ZE(X5ISox;TAn@(mA;uo!W-}@F6oe
zFSv}qy!Z-hPqY#l7J}ItM7Y62lTfNj*Ir1(zI9~Pb*R%X=z~Lvw_3E*nI2OZJu?O~
zXuxR34eZ010sV;ymQF&QL^Mdp6J$mw&v|_&dXDT#<;D+Lx4(dpgm}WW?mnJtubD{Q
znhz<qW-#7X$lM)!ATEW@1M7M0xu^K!^B-cGc^NYthj{O~H`sTwgm+$km7OOWrAKSW
zW(lWvM2HXu>2ReJ>Lwb*r4rM(2QxAf)fyzRJ=2LD&<m^H%z%q#Fs5KFk3I1uhoS~^
z)v$C-J~LLGkWYywC@Pxv0~@sT|ML72m~sUZdc~l#1Yrz~pzok`d~4?Nhrd3-W@{!l
zPaezonPW-V^*%4XxR9gG>cE2Z>OvIT!sCbzR!hJle<7Y>!G0pDw}uiS<VK}uk}#ja
z%80A4Wm3f!{`~Ay{Orj$$Tq~$Z}52Toi&2O`TyYYXP@Bbi?c`?Jd_^8&tsP7D3AT)
zbv6{XYNs{zAu+^umhtMVPcg4NjN2v;#^UUxY4alf@wYdr={KHnqbKvD(TU`(S<UL~
z<9Iy=dd<0sD@{fG<(a4X-JhT0!{%Uy4H(2FW7Da6_c`ADU?ZJEsH_$fVWGhUDI(h3
zh%qdVcp-pV*@Q60gb10E&xYU-!li7+pb$c(TxsWD!AyM(OIL1WU#*wWmZL1*kxN-w
zuH^qs_Eogfyk`Y}`OB01?$wRNUVa&4l1zAIK%m%^&l1fged0Ox=2N`6DhFe99M+2c
zy!6sLY^tf@?YCZHPgNTQ8y55T{A&N9gXRi0H5(Z-^CE^18bSXlmvWW4hJ#HZjL7ux
z^50(I<Nb|9hJ;{<NMU%mmv`P?z)?pqN#RzlOoq@Pf(+pdz2ZW`cg*9@PrSs5zT=tD
zCl#|gj3Aj)`U?t+Ako*r=8t!9sIH2)#cn>zt6^+LGHrWyk=@`T!m6Xq7|!{<Ev$R@
z9kMFjL<xJ29Wspz<D2>0laKRifsSdHP9s%FW2i~95|MW}ao$$;Z~KVcW)Bv%5m;v-
zHpsx<#jo<GXP)ATWd-yT+Zo(DnfUfnmgf{;4T&a9Ee#)B%i9Z=u&F(YTPBQ<agfAq
zO<?S0Gw`i_lRrNBH1F&!ltGI+s3A!P5I_LuB>qoNrv~tU3#GcR<?Pqv)MguuW+7Md
zRj(d5nK9U#sA=vXI4n}z52qFnm1{4f*`zH`x;xr%7^Fj!&pvgMO-Az;?R4X(P_t*!
z?V;~l7u9)OT3QBm`cM96(0gfbtjBE%C0IH@pU$LRuCJEv9BnQ5g2FM`nrT(14}*ho
zDt8&m#fPLD8=r`&v!1$^4vEh!#c*Q^lTON_!|8BJm=&EVh>(VT{N~lwOuh2~W+a%j
z{d*V;7*y}1t{9X2=_Ebnzs%iMOI@3Tu$V;6rHak&kl)POvaV0^-YI$Nko0wu--Nh0
z^y*Zi!-hw1B{bNi&EnMAT!cj@NoQ=JqvR0B8r-CYdRV?}13hkeklFFjB6%<>QlVtx
z6`8pGa#g1notUIk)=SnLcqMIfP%s9Ya--4?wi@>2Rx#+j^XVHGOnXfw&2BfglEdWK
zW0^U90-^1-G}wH!?^(<r>U#0Y9T%Z%Z=$uW6;DV!$>BccJ^x3JjJlbh4Tup^5+kHa
zFZpm#Usr=mNO)9)$Xz;cgQtzU`X-T6D~ApoBVzOn#;1nTSY3r(A53V7$XKWJ??$g|
zMxChj_)gi9(zo5K(|q#z+)kknLgJK<IG;iEDI~kKhU#`3Rv~^7!u4!oQ_8oT!>1!O
zBA!UIN6VAb7)q?j+vx1jPJwFnBk7uTURoMzaax4@ioQLbPMX_0we-DCCm|6rH0ONG
zp4gdO-#Y@k-HA<%*le}>U2BL9c!kiq^kOFlDSv$nrjQ6Rf3@T*`f#?>+}epbG!m0M
zYZUudr|8`}v)@-?Qx)}g4^gp+LhRJZPq7!}2Tz%n@;j(E;FUV)5F4?pLoXV^)zctl
zatDPGE@`MifW>R0p|MTU4o4jtRb<}eYNfuRQS=i}Ot?j4(;@a?(SCQUB~Yo8_RcnW
zHi95Eg(fx4Ywx73UFxNp1q_ZNUb#dO8@D&t(d^O@77~g<^kno3iEnDcV~r#sIvS6?
zRrF-kmZa^CHPk!3#Ka^JERDhGJ|hDN;NOA3>C|ry0TOo(<Li<*)fuYgO^;gQIt|JR
zu-a~<-uM6cT~c_|jGA=OifE~&F%`WQhvpFYvuUXf{>mkTnxWIat64GCacXgB0opQ`
z7LS_v?cU!e;Rbov>+uMQ5|Sl}sBq<C!C&<yE%{B|Y-v0drpn-!=j2@pQ)w8DUQWLM
zPu{Zk<R{l(L8QScL{ZX_^i+JRjOse_?tH5yK}GJo^1BLCd)s_Iwcp5J7L_NJmPkWO
zUxh0t!fHWFn`o5xm5ltejzT0(?qKoKO%!@V7&CDOGsg`@FP*Atz)s0q@}qV7@{USF
zQv6)nDh>6HPNy8%>Tua@LWGp;BtJ@4MzfF-4-O%nilC}lr~2KC_-9QD4_`J3ol81>
zc}~GBL}$a&xs;B$k?-}7*K9=TN9j<>O_Qw<9VL-dW!4!qhstV+T`f6kd*CEv$}Y4S
zH;G&Md{eSjQG8L^lr6~9pO*1-c}s$t{InOl<SXA!<w^UlZ18mZ@$3In8&z?9Y7bHn
z?Cs6Cg{)YO5{qUV^1kFxl}|y_pUBRicfZV4L@IyXbwHDk%7Yf>FNX^A>s#qk*^?@d
zyx$eK(w~Y)(`lFNRXMxuQ~jp?r)1@qvnrQASE_v7vKPV1;7KgK>$7^qU-y)AX@7oI
zxfQzQsi5T1Ei;u*UDu4V%7Z+4Di7)zNvx~>cIiOrtgB1`1n}=hfW&=s2#~mQ7)o_t
zYbNeH4e7X~XHqkD-Nfyigz8jvZYK^mSb~GK8Ov`f4_`#A6;3Av-*u=ZWo@t7e{(em
zAb@WX0wnI6Lx9Ac!w8T#Ke}h2{!?;L>8l*5^uO60sF^$e?8}+ZWb%#YCx8F~2p~Y>
zzDWc~+&K)Ty00Q}>NkTq80+aCl6@XJ)m|{^=+*D)b)z*Hi{6X9(}uT;6rBm>@n7xb
zQcx%E+-jqjH3X|aNQ1gj!==`2z7%@R6TZ)B!{%1AXp%pJ+Mi}u?BlHE>CUUpV9`9$
zJ8d1fe0r=wL8z;b>`u3zxCqn|o$~Il_6l_<KW_rPB?RU2PI=-tNLkeqpa!24yG?Ca
zvtaG=aPO7(91@=@h0&tqq6JIYY}$S>gIT$>@JFD9xqX_qeT%klNy$dtO{*ig%WHo(
zT=q^RmuD^C=}^CG`BnO``Sqce%*;|&?bPNesG9|B66a^peOE4Cr|8)wdXxN0-c<T(
zsZ_~W?e|i9_0%4+v+G+e6PgIJm`}ZD3JS*PRkHSIq!qpKtiP+<Ax`PSrz0p>8g%WO
zA8OB8XV*Qn+IJC$(#h#|q~%@3BOmo5TeH}Q!)EW2g}SOtrDdl><;DMy$lHut^5T%Z
zD0?;|x|KN8^D2I$$L`PjS<Cw=wERf?+M(rch^&;)z|-rDDz6#;4GBsj{u?p;g;2L4
zxRecvE=*Qym)@kl+HLssV#6k#cC&`ktN#~~lT~clWy9{#N!*`(N6oexj1qsBjVjyj
zl(MLI)Sf@PT0xa(^=7dfb)38l%069QJ;Bz`+M+|<lw%TkY0KyGp1R>d^5m8}Wt2Lh
z)f=5&vpM4_eMzB3=gO|N_stfmdLnPB6WaS`RVJ6@>C?1ST~hbq>XdDKnfxU!tH?=R
zO{T75QtoVm%qFy@X}z=!Qg78vt5Mn;i`ZC)%cCt}ch@EV)ndxd(b@v5nwjrLS9@ob
zJg6-RetoI-OmwWuEM-u8I90w?&eYbA&)*5`Z$~W#uV#npRuHREbR+Ghx*fx!;t@G$
zH?ed<wF7E~K3H^ldWk=OOHo(bp!3%!1(gSz!zo4je4V#Ro!4n?ra#1~bS!Pq>0(v(
zWK?@GyXutMv#I1`^7-qhNX*}MdZqo9XH?sJdU^j<1W4RBhX9E?hoMyWRV2<RjY?bo
z7Uu6Nz$=ZfUK-i>fn%66b|41TDVa>tI9X`R*~AWe9J9s^7GC3bSbI9uCGhT(S$wi-
zA7$1kX3m(+kc2224sBxTu6){rBw9k^nRVeTdPSPFYn{#pZSR%4k?b9N2^lqmzEQ#0
z%l5Ie%*)78L$Ip7L8mo@rywnq+RNjqI>feO8zU!9BHG}fV)q74Mh|6N?<73xK!kJ#
zMp`(ybR)LWlbP5nLGxwiKCzt-3tE^x{X$xER`GsLrF2#XGKNg#qKQK=)*WTj+N~V4
zTbOv>`HbqDqTL<ZoVT52d-8FHCo*&DOfupluovxO`PKu}grso!g%^+>6@pFjwQk)m
z3iM%IH2ZP}8ERR(VhuSi6QM>g?bcLonmv^$y$7FkP+!)*DV=o`?IF7*lu;vwV)3~#
zcseN9@G&c^Y|;TpFYR*TiXXr&GbbS8KDDH(mQmepb)49}i?+1kj2W1YtMVWp?rmV^
z?3u)x)!r*NMXNs|KY0|hhV+&`&Z&`-)1fU<HXLVrUL6A`PbJ>$q<;Tq^38piFeqL1
z&iKCY_nyLeoSH5SdI!a8SF)m_NjuQeYzSuj^f^pRiI9#*b)`aBR8j{v^U>ZyY+;JX
zxCkCLgWHCr2~n4%s*ZB3!ASq%gD`tsm~>uB^Y&5|*_SbCF`B<SeRByr50=n-;!F~Q
zeKa51LXJC;u~L398(MO9Q4u?kA?o=ryO>|>%p}Tb%w5O)y`@6_q+_?cNf|zg*~2oW
zZm0tuMyU@5>i4c^zcGW^BQmvpZ;tZAY}m4w<N8o$s?)K_(HNaA6mD6?CnuVS9W;WA
zCyXbwE|*PZF2)WUEV}jYS2KG%Ih>P)FJm$zV!RyRx`LI*8;R*Vj7#L5aI@&Ov5?(s
zHj!mBFnru}resEP_|SfWdrzcKgh2?dLA%0j!PY#KUuKio?3~$i=uI74R;*-qr=Cc&
zk0x_6w@n>FX;~Sm14a=qtj|+hKvtQZWK#=OVZE7{ktihJN#WkzG^Gq;R7$kw3dq=A
z#n#+n1`Oy;<)NcQjhaZ0P$7fz{?1Y-qXxus=%ZEa5jh!jR>n=ekntJu)b8IR@*i|o
z`Kv*P(b2%+>_dbMokB*a5kp5cJC7AheSza0!CZLWD3Oti+PrNPg!N}qN|biW-l&X6
zpf?Jg7CT>8sbfa3P}XhO#0llaN9uT=(bKtjXbQ#a7jZP{Jmw5a6GCV}Uw4o<ca<|;
zbk*0~K+ft_tgEpzc;fj?8JwZHpz&7=b>Kx$+p*mgNE<m~SYMo_dpT5NX6Tq<m}~RN
zD{Ut+KA4?rw@@qwX9|jzw(w&5M>#n7$tpJ0wrPi_+@UdCK7A4`J2tSnp;Ou_FYbsq
zF2DF1GQH*OSiO#&O<o3#oz8`l=M(GR<HJ%1!D4S7sZ-{N-duad`2-bh<%2DUX^ZZ~
zRZ_1LWCV0-@GLfL*14(6-oo;OMK}`saO3$?aU9txZDoJPq$di6b5JR|Z48N^&7ot!
zpuvO)S^js?fdGm7=Fr8{1Ng2&ZKO8F_F(*|(bC!UqH51p)>Jt#HXi42UI7j@dZmdi
zA1&hPcb8J`R=&3MSkz30vJPorgJlHkDcQtx3%3wFcpNj+3@n@b8oL@gXxh1o^>sR?
zPZ-N2V;yh2{3ZqMYE~h*>rdU`DUGyAM(Wyki{`GwmA8`@*6f$xVE>{ISl3~Y#xRdV
z`Ng<}Fj~9bSN{eFxjDY@ZFZD*5F8#t_Oc~>RMv)}<rr^$xRpk0nC99eNb(t^W<3lx
zHqLv8Ij?_Alff*bXB*qzc!eL%Urnd8lTQxi<Ly0)izkm}aIZwn^@o@{_XEnMv$|wx
zGC7Opvf@}R?xM{+`^h2tPoBb9Llf(F9-^ZzoA=&c4MWB<&Rxih^FE@j@g$4hUQA``
zFlI%x^Xi*(DfC7$XxK2$pE!n8>D(9ZK91QZ9rb~1&F@)v`TX+H3n>WFM)B%Wdb7zw
zXZB|1ZOq0lgiXyo`DBzH-G4Y2^@(Kf!E8Fxhcl~xn!F?BlLk{Yno3VrgNu^9jl8n>
zW0qtUXm_A`OAqqu^DpsKUX>6)E5@olJofzCytb!M(vs1?<iTo@yvY0NclEED$xt&R
z$5t<8!LfSjWGi{+{SCB={HvF}&AQ|DSR*4o`}^Xxlo~^^7>(Mjhth@F(8|UY8>xus
z$Lz`Dm_2e3y+XtWq>SD6rEbfxCiP^r*wCDTi4<<%#?A&89wFBIOKWfyX0u}R5v{|v
zN?r{nA4j)u<h|l{c~{M#nlT3lQ@&*duO2Lwj<Jr#i&s#tGt+z|n`6!GRBl_(>f&ZB
z^1Qm&R4srTwQ>jf%d7ILWGG>Z#F^uJF>%ZoW)DiHXxkPxwR-W@=8}7?MC?<Z@ig+u
z;>A3*=wt1+3X9K1k?5tl$53X)*?I4+d6YX{9RBbv7M1FmHfby|$2Rhp729a9%4hE8
zY#e$SK&kvl+6I%CZCf_5y``PPkKSQ%k&kH;$I<incAi?Y5r<O-1+Txu{<tArIXs1;
ztgTcxG_ZctI<~j_H2blLt{Zo565DNO>V$EO(^s%??gA=^p!eV*%$ziiep2s0*l|<_
z1@$alyNwcu5J-8C%3R*waER9GBP^6W+QhC5ouz#E@fwbLRGm_)GGXc{X5R8mRMc0p
z=A$*_x|IIRm_%1|H{{USTENmRhlm(9fs6V_vVHzMwl}m>vwZ_A#ZHv`)k$VGNKiJS
zY**>SBt)`c^F|isR%-Ftj%;Pc4jCNg@8$W&pJj1bi>B*R8MOW5L>>BuW8~!?!zuM!
zQ3ajE=_%RAi|h7dD?7|b+l%Nkc`{dwOeI(Bb!T}i$5t)o@)zb);}m_#z~|(G*SP2H
z<y1O5IQrh(EN%&B)~FsFc<&9CAFt`M3$YRTGaJQTCC%5@E7=&S-|+#H-&#ex-blyM
zT`b8ir?Y4`s}46ZcKmqG4{2lGTOUx>T+4=ao2X72!t^mCm^5SvF|HDpiR?QvM=)db
zFwPr1kT`oepS&*lv}Q7AOmAw}F61>Sf7HNHT-`5{LkDuP_mnt>_Y(rQfyY1CM)K%!
zjA%T>lXI8TDuh{UQ?z;~b)>nJUB}AlJ!S&E%d+^#%3X9+9bvxwYnQgt*mi=~SMQ>>
zx`1~!?516<aH#jBPU@wsTG^FuRDBQu|9hxi0RI;Vkht$S)G0ViOdrOM8b?x7A@w~c
z@TbcrLURKREuB(nbvUJyw8ahPw&AgC&8tA~t7qq;`4rlvQ<Fw}?b;3O-@b?1{u8)(
z+!%&Uxt8gsRzA+ohlp@`_8-Q`!J`>*-L;H%mXcl5j`R3NUVP>+{Q0H16jfJoXw$p=
z_L;x)>)-!@SGJck@dr24w`e=-mcPqJ(s^+D7<|ojG<CQzdpgKl@+yD$>tCdy*-T~r
z9$wzMji+CFon5w6?!9&xh0EV(%hEMCCSS#6@tv%E<*)qinZNPilTWjwtd$|ddT~Wl
zG3$#PrM2G4)($H-_v(e--ho;v>KU6zd~!N{Q{rhkvR68Md49%u3>Y_yEBY8&zB5O2
z#gHp93W@H)$ZPN7M^{h9ox6wa5gA-LZXA<lO(LeMgd_QfsBlJe@%a-OcEN?jHy4rB
zX(V;nBu2*j$ZZVb!3VxayxC4=O$%x*w`JeQ{Ozg7`O|CjsjRQ(_=@>#uI|K>znW!R
z_sHlxlCU6kB2_A>jE>!yiRm+(fg?xJJ2jb!BPTJqUmqen3t9b-zw-R6Z}86#mawDF
z%iyWE@$0K56DRsti^*<%I8*y1P`zn`cCFO$^*abnO=nts7`3@sY=7@PUU}v3ys%^i
zN4I{!UmkygH})RI8`YaTt{qFm>JQld!ACR?pTh+q6+E?SBhSC`23u-E`TnhwPW|36
zYz{Z|*0WVz3njXK=<z4nP})p<WH@mNu|!43k&@PzbZd*G*==7%Ec@^i+7kvaN^CT;
z;uwy;GkIplAY3ht)QJ4`VM5YdPDrQt0*}4DlxCZr*hmZRoHe}i!jrrxols|JD%amM
z4eyp^Y+L*RB|Ro{&BzRz>gs8Ad$5Lw;@!7}=b!y6FK*l?q{&V3C(Bs7^lhH_`}1tr
zwu7t%FY?=`{=webb|O*+Gk)Y)A}jOh7;*u>n>Gx0Lml<)c8%n9=IzGRdo0&w1hXx_
z2FxM!zxa0Um^qo@LROP(%`{aNvaPs@F;`s6@S$UvGkYSoeS0`A#3?%1in_T$F9VlF
zqQ8I6{fHt@D7{)sS$?9Pp_iz4Ml(g~YF%CyM_O8_E^nkgIGUspv$*HZ@6j{DjL#UN
z&7{?DeV>)tMd&S|r1u}is3D^mJ9{d@)rAzeLrD=^9Nkj}Kvh0|aR2v72s5A)qGnPj
zUsXdP9lKe`aK_k4q_&oDs12=Ms8Qs*R}^k%*X)^EVh<HkrwFwLDoP8fC@-O;qFH-i
z5vr)93@#lzLIyuq&`;OK#;Q6@BLCRP5IRq6W8tP<G@i_3_xuISpZmPjfd!O#W4Lf!
zI-Q3PXwIjP<`rX>yksVXG9@FLeKOFivO{o~l^BbfmFl3ORqBgQ?F-d%rfs!|P&22J
z$I#G75@X_tiV7noB$x<;8&B{4T&}BR$&oT>%wbt6j2YUKkoHQp6*QB6!7Le@UChiF
z54j~Jlx<zhn)m1P?BAadLX}JC;IU+MHd0bsPqV|!eIa@psv9URug5WJ6mdp3F@1+H
zb;w8tUw%HO`Z5Yz?1aY0bHSAJ7&3eU<Akt98o?@gn>BengGWwg%%H(oD)zCWC6*g5
zn<in?xng`A1)H)!1_gb_jHXXoDw9S|WMJQP+KwFLU{rr*35h%Jf)RL57E<kOrDEd(
zp8V?*yu4xyjbZ(`^ya&mIch9Zgvi=XR+BPr3bBpFoOD3vkpncu_GWZuGM1n)!ki7#
z=D$r=om&Wb4)dRVg6H3v$C8yxD6@;M1G8%1S_DYke*x6K9BTLR*Y^)I`r4aFvFfmw
z9c8yP`Z}?IlLvAr7&@DqhDB4ee-{pO46P@R@Igr(zQQc_Rx}V|wvuQy`L8?jI#CxO
z>4Xirq;mV5c6I*%Ug;1*f<g(d&1LR;J4m_cM(!9M$+3!BdXBq{`)Bl{t*lx)<zOLy
zL%4OMnWq<Qq2HV<NtO<wy+9iF6P48LSi*t|6L;KtH9cHS)CZ?AJEIpfW=v&3R1gv4
zFXR0B9Xx!{%l9rAEv<J56R)|I>yxEpu6Ga{5`--xjVq`0<=E22e7s^mQB!9zH4IvG
z!HjWtkiB{d|9I(Ho>{#OySyJFooe?2u*+<quDy-0F<0@+p;qQS^(P+q{Sz`euf(Sa
znDiQI!P%!d#M9wY{?R-l2gR5icJv}tf0Jip(<^f+95#y^dq%3OG1zvnfT|NhN>}AE
z?y8%)sh5f38VB)dkz~F748L2JLwFDASUz{!(x=@Vfy1UPo7kPItFx1{^h34<_2<?(
zLpYkXiye(B6VkD1ZYKQj$g{mhOy+{1YUaQ9E^8V?xqQY%qLgFjqq~@w*TyARUV?Ai
zhdf)K$enWrP`LCHj<$<F$6d))o<lsmqk(HLnoLk+Dl>bfGiAyY2FJ^&f7m6be!u?W
zDHwG@4881TZtr8Fw5EgTh&Zv64i2pUgx41?;?1oGahk(FV_ye^0EDPLn`N7Ma@|R0
z-*OF6W*zPF%*y;q^wI%WyR1x~brBimJ9#a)j8M0YhVV45x@a7&E0?je(uQf!9BvLf
z$uHKGaPd{M2+?(rzdwh~wZcebFjE_n$_<x{;l#$ZWY@QFbk{a^Sq5_Vlmr&dTS&#I
z%egk9mG_qKL|qi3^7HtbQZBsd8e&bNzQR0q9xhRrM3A3-jOwwMamxS;#RvA&?o$qm
z{X5*sH*BCFZ6y7|b(jn$LQYwho-l_Sr_znsNT|1itsgGsVA2Gxp4k_BhaHdGi`QZ#
zSl9KAPc_j}zf2k2@clXHR=>rgzx)-Cf4Gr0uTe;gkHXdO^5(&I24zTxZ1GT>vw^o3
z&EvJXt1yia@(`i6C)hdg>Z@c4xxJ%btb7#<mdu{s0eF<3ySTm#vp6XzDdoiBVi-1x
zBzeeZR5QYUs3kX_5GAjxh0SYMv+$FTS-3q{yZu4kL}9Ng;DvefdGD<k$&c*KO&O{3
zlGKx&O}zeL7O4XV5nQ#OcXkvpY|hn;X*t3ZD-RPjevC$ZN-K-Vt8z1Oa9_Nw?IfIk
zIXB1E^Usa@@u@v}LO4C;N7=K#2#?8twQHZQf_B-4QC%Nc!u&;xc<uf56a^=d9Bic3
z9LvQs$70|30q-x{hI!Ofu1^ofZc}vzf}|cRIk`nQzF;2(Th{YQM<TagH;%%Omax&C
z#D&pbP9EJ)u5L89Op9hyaW0)TK4$e!M&~h5pSy$S7td$GKi(&3_*jO<MdE61Wbr$1
zFz?;B_)zS}XAYHysE&DWzN3Y$DXbI=G2ylb<6j(BZMGSw$Av?+0aEAHZ8F-vHi6oz
zV)Cd3Q4y=OK_*i$`jfkP;o~C=n0X=R4@#EUJYw>qF;4^Qw-pmKZY-gRy_sZbCcChl
zA|bNYA!CUa`!Ty4S+!s;>q%o|jGI*pS5P)^rnJxD?Aa;<T$kFHs3jf1w-5o<eAgij
zQm~<eJ?|{0X85JtHBcIG1+zt4GSz!p*mba&6PuRs?E1sx96n5uBZwL24J3HaCoIpm
z(|_D~MCqM0`Z<eOjTx`>WNv9d4bsT?^hRy-tzKu+8hCeA8AnVhjO(9H>f|fAV!~MB
zg1sEtw3pax@8<4dsoG(Hh~cA|kdeW_%p`eRZOXP1CXHuRaWyghM$t35FS9SZlA%2k
zi8NVBN=+rwDh;eYihd)8Fk{dl8D$%BS|W+`RInz`!H<9X6Z%CNXtg=$IrDM`m#ybF
zxh8I&HVAh|C(S}or{Dko`1>z^#&7Sskk<9<IMARSH#oI{Soi~BIv;jVFyn7|n5TdL
zD}FjIhRtu!Bflevc<D6Mv&tE(UYM35Z6*nmeogga@*jyy@@vmp%$u$8JbLZ<T@}qJ
z<qN@GQ%YfUFGgkbB=dsnnLZ+uxDnGCQJcqKb?MAVPsA%7Dtf&}7*waEW=v0q|E^UV
z`PFW$!^RNPa|9DdBxCl^t7!X-)O%W)gj_cU$8*I6gV?xWF-QB)WJ0o@Hm6r)t|wzq
zKYAqfBcp!?y)*j}KV0InNJr>Yom&VQqen2M|3K0srEKP4l0xJ!EtQyHi*!Dp{@yFf
zBBVZ)NMi%*_SJFyj~-w|wDeb|P%iu4{rvK$5A&NVrVu3hnmDoFDf=2Qewq-<Hdem#
zA<ik+b9Ijhm1}KTC&X+Na-pYZ&tCLN&SZG6FlyVIa7Y~e`VS*Ma|r!HpkDM1R#L}~
zVsf8B^o^H5pIh^%7p!C_hTCVvV0nHJJ!34iw%Z7eh-K8!fy89=A)<dOeS7wx-^d|k
zdey$l4%W|IhWos0xh^f-pC73+!PYP##g*(hR80Pwg*><A7>5t$P-XLK%c5;LAMr*W
z+;`)pLd4uOJC%PrMWR#$dTn`JqeEgW7EdRIHa)#W-mw{@n3xibOYJpuNC&Jo@+p{%
z7^M6TA+4dKF6Fm>{v&_B_i}W5Kjy96N)p;C*tlgkRbdIFMFdISd<09m(o8LE$!}rO
zMHdkxMqoei5igZmc<7cZ2vYH?da4Mc$v=CheCw$_SDm8INn%IU8$aa3Dl-=k&&1tY
zO<iq+5IM18vH4JWLAlk@S(3Q-o(FmOp8NUj?H3Ybl>t!KL8SqSL1gdA!FAq6^a~5Y
zB?NWf=51{2w9+>vR_ct8^dbEimXyk{zG>L%Y9Mk5v%>AH_;?xl(R~>w_T~`M+vE;r
z+|}0*y+_KN*P<QnP__{qB1EUDhT7&%?T%tq2P1|2DyQHf$-{W;ezCb<{*GDh<GjB6
zxVD!vYV2&za~<K)EhSuX!FgDe^Jb|_ihlc)^Jl3+s{R`sUaa9^j1qf_le(1|YM{bq
zB58Os8`iDoq!82og9hVSy^aNzGzLbC?Mt0ChQ`p}(#e{`RSdsqHjx%LE~)*|iOFQ9
zCzBE;IaMTH$bD?Gg!N1&KEx{Rh!da3eX2uNq7IUF<rH&14LZ@4S2C%}tP@$d#WuVt
zWBA_ry(!tag1O7LQr0TAZ}ySDXfAu>#`2R%edXye1`g}N$<@o)*kI!Pp_%IR1#KsC
zcuxp%NS}UE-#R(u(9wVBC}IXqU{aq5X+AzPnhfAuhHje);5!MOw#TV?%Uu3`+{q0W
z45z8Koci_-X|xO&gG{vUUCsWq@jUhLLp=1zulYqU7q4wROpuJ=EyuE0SlrI={z=59
zCeV0r2M4R_Xe`>!)^;6JWu$CqX{DjQmd1u!>UXVYhbw|XLwl2ID<ik0lFEIn*qFVK
zgY*8u+_ofc8QqhnrbbC$`8Sh}Pa3{Y+X&^D)J%LrG?fL1sHrPu^C!zWQrn5q;G(Ro
zf;PJvEz1jT=}bJ*V9Pg4TM4f|`5MK8r!z9#Lx+ss9qpYonPQlI_kBEl-?hZc`;F2e
zs14JH*L<Xvqb&b8%~44V8q^C{<sr5oFQvKaDBJVexM0!<Y+3X9+dCgo>Ch7%8%C%#
zh?rhI=u=h9!O9xS^Nvsx7E2!?0U?em_UBj7Sa6V<kR%2=kMaELTS%I55pkW>RMx8N
z!W856V2MqpSK~>JR8&#C^&_?(Dx_lDGLEE7<XP`==I4}1&GgaHSWj(3Jq@+hG>gvE
z(vc!$?JkFO_DX10dPeDJJA9Cq$~<z8H)@9j?ClLy)iqFGD>`Xw$17y4y|E3WjIRIR
zBR}Mq(+1*dXrj~QlHZ(k*py5i*rcOvQ!{)nH=Xj1SL;EPqhteN!soi@_B=i(HKpY=
zsZ)BQ3vbu&YVOD+a#-}_i|p$$k!cAAIy-E*I)$v9ETO5cg7T_z>N;FR4V~C!U!6=C
zo<{S>ukmt4I5$u2M`Lvv^{wg@XV+4h5Qa`6T`DzahXaR{-Rrc|Y*RB64#~gBqpP>`
z2muTC$nV-WKU5rUd8V~fVi2ODZs|~4)*TK9ZR(_+%Z^QcSDe)&zo`SJrQ6=%A5~Uv
zp3;xHnlc*IZ3^nH+aNu)JJ(V$_(Gm}=qLRA=fC3a*k<0AfsnmqJ&(P%k)#VQCe>3%
zn>U;^vxAk}cT!(pL*9-(*!m8ncc=xMkdJz?s~*zHSLNl=Qm*W;9$RDzV@)o$ZQY^0
zb9Ccw^cf=<#YyHp|2$hu8Zd-K6B`*pyp*y+7sV|P|AN`|J9+&;sWw|19MhZgulg~+
z9v{LxOV?m)F6E!EuEIQV7MZ>}DywVpg!f>KuZ30HcT4@P;_&`_B6_9}Eb@vPJ)XvG
zn^|N|U|do--m+c1{M0M#sjjC=26>?oDfAM8)h05jx2rjL8BU0uwcA}{-klo3o_N7k
zJpRMkG<@<N#hnh#2K(OfW1i?^<C!H}uv<c?$}i$bO(l7yRfNVUqHJZr*cg^C+m2<#
za3Uo{o#eE2w4#sb!}q2qb71EovRvxM3>|tQKOMV1=I{UffU^2(jvXo^vsZ6IO>Wv6
z>L{$OqopE;L+w6NqJqU1+c=>HX1CqNi$D4S8R0$}q^)QTi(^2vk-YtfX{yO%Z@rI<
zv;?V0Hj&FAn#&JUEaW&jD3qig@l@?SfhjJHsI&|`#}2R|B8e20SCI#?J-G1lyZF=0
zR6coc8SOS@iv~tcp2bA@8=Ibl&e=hSkoZYc&S&CzvlyNjjWHpOeys(p*jGqnZ81Bu
zN{JgXj2I<cX(w%Bt8O9Q3bE;FB-9=wPxM%pQ-Cuji5QO!Ywz*gB!h>vilf>RcKOHu
z;PD(6m(QMnw?Wz_n}?K<W6|wi#mn?%stmAv?QOVXhw|Jbx8Yhom!q{l2AP~3IeM7p
zf^4!YRDJN*tpL8AF#Jx?^*MlZ5N>s0_7_1KI^_|*A#V@+rG05DKE|%BERI=28Eop{
zSa~NganYn?45ojN1gWfMLW1qoH+UE+4M_0OEgXm&&+Vf!F(&q5n5B;8D}|^PHZpF`
zwVa=sBpq}eM~~*SKQC8^4P1D`wG8jwhXJ8&tp8*UJ8C?P9^9MS;(Q8(EEFHep&=-q
z!KrGQt({Kkhtv8GAkwVIQMi{q^&!l><}wmXcJuD0z0`*#Gk(xOQo}phwe<jop1tW2
z5sIgy5qCr)y?Z3$Ybap%ff8EXP3${TKxBGv(u6F9_3B5D^uA;yMB?sj#nIuW=itGZ
z$`0`U+O6!bGjZt+S2HA|9|Ph%>|eW<mDwjqnmmWg#ttMnJQ7Rs0hVms#=Zt47hiWh
zLwaS9X>DNTiuLSm599h9uO%}nnLbf2_N-pZ#!4?&-E=Dhy_IC;RtOoY<-q=Z>^k1U
zuzs-|*jGUMg;z2=w3ZJ)mN;6iOqS7cdHzXKF1wAZ`WeV6s3pBu3Kc>!_vPo2wSPY+
zOyLZbPS)yi&?00cQ_2==wUCq^kLSo9b`}Jso`wJbEr>}(K~&UHFX6oh4kI-0W8OI0
zjMvq~3Ac~FGUB(Y4k)t^y?XT}!t9Yww*_5PB5BcPbm2+#PL09Q+CWrlU;0Mqu{YU?
z>6b~kkV2QO6{j_d^o&$YK0T2U4zhRb#}=PX@7QoWwiX=nd#3zuY$;{;-U3>DZ5+rw
zLP*d4WOmfBH~$ES#75R1DTKsK2B!4Da&#-%aTB<GbUMY^*&Oe5ik%!`>)wN$uqH6r
zSi`2qU@jPtfLk9yMrNw$u?|ygCYd2#j4>JXkG0^cZy~1dAd-TOLe^Tb>BC9y-IEZ5
zhoW73DNpUs<QN&Y$a{TaEVQ?Fk}7(Pa&{7)(U%k<Qccpq_3J%=P;WbWV<_JCQu5oN
z?nEBD_w3_jxODWMdX6=CiH!&+v;PSCCPiy*KSC`XV#hjyn+n)m<Hpol#`c}NDUIsI
zwHHi5e|Q5+w(O-WqBr+kHk+hqAuM@W>^3EG`NRR#Z&}UGS`Ue-iS!>lmh(o-;3#J+
zAMQE8)|^6&Jq9sz%m{kw>e#q;18WWzku>QNt`+jz)X`4b;Au=w@sL~AMz3ViM{ped
zMHfju6R;JXz!++#y0}8CA2|p1lXa+^xWS{CHYStK-5Yp+XErS<Bf0z1=}66jpm3sF
zYUnj~I%86zg+L|J%h14zRh!r&Hh=l`*U&3O21N}{dP&_(uo#6rw$bVhV_>gXoI;vX
z`wS#HEuF-=LW)8YNDp=ql0KAC!_(<Jc~WSNld8fRAz!5&5AMl*7f&J7s3*i~#nEEm
zycyF-3^Hi?_C}}CLk5wdX+21GiSGK1V1%QPZ3P~tUUvmOs<W9dWcOt30B*l@Cb9Z<
zju#iQ|8O4ra*h)=ZZ@}!>rZEM1Boep$?Vaa-YM}y(mH4nVi((Mtkl5-TCz6rK~@2Y
z)34x$Q5n?i*g{FOonyy}h@Uo#i~6KsF{pcwjSL?(n&dDOdPgfmhEHNpT$r?lO*l=_
z^yrsPLa#J9k&iE_2jMaZiOm!{GkbBk_2`9gwYRxQ={<;eqYJw_RUeVch|FM0)~{vh
z{-fvzPUXf~;|cPrlj$z0^A37Q-HkQNKq<Zt!>QoIm7CaSNaFi9UPFe}E`)yt3%2JI
zI(`<n4~=2>*6kEYo8DZI!={6Ig!CFfdSX0IM;(2}O=n_)<k{6uy&;OR<0jF^ev-r9
zWG<Z0liIDD$gAqWCIg(FGNA8a^~%7pt6%vVP)putbtMzPza0S=Bj+%b>b}}foG^9e
z*Uad@ItZOX8qjtQ%zcJWI{NXz{nruN<!4R1vPhkB(>rN7mL((Nt)$%iL#8E%N#o<w
zPO+(l2W{t%&n*pr8+CW7y6#9_8>B5usJk_#wyUKlZ7EM4^-3e8HXR#vKHM^@RNvL}
zDlZm`NxLV~=xb-!>(8+{WFilIZw?`napg8cExS17cXf%pIw9whk-756q)s;)^&VUf
z7hb(OVX2lW)U1(Pi(CD!{Lsk&+CN95(@R=rdESBY=cTUVQen!yhSTlEB>7d-(n^xb
zAC^i-od{L;YpQFHwCj($o;6skl3x|ElvfM$Xf9Z~2dwH2R@LCCQ+Hl<O_;>2u0V2T
zFXH}%CEWF^2N)A+(cDs~%z4z(ltEf&iOZ`qiJUw#>K55ZfxE9&Qt4<e1SB6;$*V`o
z=97lfc4RX<t9=ZJ*0FKZVTRuEV@Agsw9&uHk4xR}DetT08BJCy&ysZ|AA`<~M>-_+
zufyrlPG{n=qxP_?Wk|QvF7i|>KO*}sSu1~NYTuJtbfIQRlrB#HUG2YA%Zh$os3kiW
zdXbmfK<|-+)u~Xgq|tt2KOZms)V^FgGs^d#TV$#3xittW$ol8s`A770-nx0ZU(OQ0
z-mH9mNtxt%z0Zlm<wN;Y(~CU({>sdlrLf9<iMctSXP;Y$`^tOy`RE>9e!F}qA9`-(
z0!8fEpu&Wh28m3Szc7#J!Dvv|T&Z}J?=R)oOzMocksbedhD~9Uc;tJtvA7*{iv6n+
zsikuRV$(j8=uCe~XUa#K(!I&3I(`We*(?8XZm;N2%Y)S2uDgVltkfxPj}S}cFU+Jm
zK~bQusf@gmIuiR0Bu3e|$k8uFu~8|5vOBMo-D40L>m(0S>rA3gB`f91M%j>4@~QNx
z=|m}Cw5a)bl(L#c*4=sYiLEG~aVmc0AI>1{g7WdEbgKNC=_GAse_jb!uUjQQ9!IyI
zIWrccPt%9REOpwh{1?i5DqSh3Tga}#>o2?Vh1R&{1)e<+#!nx;gBVF)*_uO)O`U*M
zzbpTB>bp_eBcsT++vlFLEuFWG{ck_ZiuQioFYQ;Pysur;)?EfkSNRO=)<bt2qE5)`
z)LqDuUsYArf30Ghs-194`(#$jlv=e`gWp!xJoY<|T>LX09Gj}uV~50{mc~_Eqxr}4
z%KKJ-ol*Ypls`u0&(LYN;}x=Jk+!2-M?TT3@?Yq0g`HJUTwV9(--HB6f;+*22e$;5
z;O-V6K#<@P+~LLDT{}44xND<98i&T+odz0cwBgV9&D2cI)tsxdYg?V0vumyWtltxz
zLM01%sm)PP4SlEeG_%H2Oaloz7|LG^ZDUu-?bfNE7^W(0s~W4uejXVfpF#X^1L^kf
zI(8LxD7bq+*R|e@C&xBih!+@u7fiy3wC=X+qhk5VRe+__2(v=d2SKdEZTXwr6!DPQ
zMX{D#0`PRb7{D0q<-hRa!A%GIkDJDSKp)!HW0j$-Kfv*w`-a^SDW9#a+K7j>P<|%J
z)Tie3Q)y&yg^e&`B(L4q$8kKbs=-jNFlF^>sMDuj91A(vzb_kH8V1t*JA7f+6NbG&
zA(C}0i<yw7E4Ub-UY50z6420SyEuzG`nI0k)YGP6&N|?Q6>_48`}zp3*X~aRAvWr%
zu{xgr{Ryc@QjBuS-w}o#1^(gv6#7^H>4q5m%y_EFu_J*i>6Q*_)-8YLDf@7L%2+>C
z$<1wbB3EHV-EOS;)p*t)>GS8Yx0PwVHZ$zX2}2R<20#C$l2j;JBsE;G(H$)`&9h1?
zJhFgoY2!K|=s(gMoKH^soKJjoDzRdTiJkBbn0lcGsS!|p-IAJC>8pNn;!W3b^35VO
z(?Pp1tUMEUei82KAPJc?*QR^|yDEfNm_JtcF%~-S9*N(HBqz4VROLP+uuh*}8#@>e
z7e{4DPg|J(;I(((53s?`LJJrx?^HogfDb)a%RRO`0@mrYe2Oh9S!FiQc(Vhl_vgbj
zc61w!p9NFyGJ=Aqp3@HvTEFy~Pg(2}bgp3v1O6|%{+S2w1}H{<-O=Pbjm-1a(Y$<e
zd@BCvc7Jij?Ai3CZCmZx|Gn4EOd&v7bF+TJKPz1`;j9#Xk+}i8X_Rdf4bVqri_<*I
zOH|RlJ)H266mesg^1m6$S41rhYTr((QKiy}w>=;9+7r^RGXx;9{j=QX>zTn-IHAxH
zc&l$75r7I%QZ4SUB^K}`AT}Ozd36SuShvhat`T<mUhW%yc=pvdCeroDTAj#|&|Lw9
zjd+}1PYhpGyz_t820b1C&hPdCQ`!RNd)uJbT|V#e%H9H^y5pfEP>KoQ1pLgJ%lG3T
zu|(dP_a?MOMO6iPEA4g)eW9}Y3aD`GTPNOAn;5G4eFWTBgubXQ&)m>*jh;AqGbeKB
z+jur6f)N{*f8e+MyO<lx|5aH1X?pecoFd$r&xH5z!rFml#-A+sOOSUAY5+Yndz56h
zgekCXN#SeDQkUmfU1A%m2>8h}snr<(Q87<D0TN*w#_#&;qn~ACoZxL-3`B%&URe3W
z&H%(H2}=-lcQ?A$)nv*f#ZEAlbvjx}@L%Axh8jC+4E&Ex$1EjZqpVc4?4RNCAI@bB
zt7|ZRx21>S2T#6+{kAoAweW9ReTC^YFjP6ONL}4+&sEBRECq`!VLGZL%SK~qzqy@B
zddWuevYdQot13|~EqG2+yYJ+1!Hf9>(mU}*ldp0KDgJ}#c1>?5vso-O5LJk?Ig9BM
z2KbF*=N{;?jkqC84wb5R7t5xPmYQz_C_H)?yMX201T&TI;8|j9koi(IMKv1BS`_s{
z<8{NX+s$TtWo+hn(JrONj%Ym0B(dW6FCVE2@-sbpUpsL$SUq3;R$lg08)^>nyB;jI
z`*x_NC@WenVxmy3Q?GpjWMMnin~JqaHX8HSYSVvFsjkyYUISTFuGcJ&)YBcb^^NXI
zPTPeQ5wmt65X*30%1O%U?MT(uWZvY?I-3yvw(4#XqTz10tanGc)+xYf=Gso5^e=A;
zMfnX<aFS+rBV9aQxB>Yu4fg3-J*oCtF8c%Yx_bApKHgTXV>o~(JW6#|<XKW*1m=Ac
z{byH`M*Cq&>nT;ZZ5chl8_<Y+LC`u%Z@3-_#Bqq^GONW__OFgk{kpu{AC9#XaE;k9
zdP#uXH68hIGYdq39YrSabZIob8Pw`5*jWsM-mQzI%ck4yPWGUjECgiyNpYPnkWicV
zq|P-{JM}mE-Vpb~1YSf;LpxgRsTLnRTxtqJ*Zl7BD{ZMg?j+W}gA-4EZnh&1rNtay
zNJdDEGfOIZpEDJAO50ynrb5*nx7^VPDjLfhhbVg)RLc@gBt%iT<0ob~_OE)kb#WSQ
zR6KuQOh*UyUkeA~AzG)KhkRmmo*SRHhHuXI$X>uignjgW8cw_H`?cw7rkXHZ_tOP&
zhtkMIk-~+RD|<NY1J7p$Ia<syv^0493f91l>Y&Z<q-NiD$B~~l4{YYNGD)X}LgThh
zS-m{C&dx>){uIPEjCTG7C4<Y?w;SW<YW-E&O-O_39a%h&)W~?yET-GcUa2}TnQa~P
zki<D|owE4=m%CC~%~S`9q?4NuzRtA;y<5G172xa0=7UZ3(@_Pt)(<Ud(mjE1eNF1|
zT>bAy@U7GwEJ&GEFI#qLC_m(|Lqf?l=f@Lwe1xxaJh|y5V)ctOLy~@S|8lk}=kJA|
zK^OS1gSjF;SrT3v-;!lZqH-3?Vzh-7vKlu;mc8<`TDxNB@NY<L^g(RKDl_tMDP+fL
z<(Ay@kgbv%T``Xc7G&gPN-Pe~XBs>HaqOekp|mSl-%wJLP@kbrZp)=QKYA$t4rYuN
zRK!3+@xJ!vBYNJp+vstgi3s9D%k<&GT?UQeh2e;LCtY4~FzRHV0VM0rvEJ&Ey$=3C
ze)J^%Yy;1zYLcr`m)XKts6Cy-G+s0l7m}Do0eWOI`V-Ny_ft>MFE)ZjLnpoOa-u`Z
zuj>LM5^EMV?&oj+D%d;R`8;>t%NFY1L?tS3^V}oFdusM%>sVVfJvw7T`lcE1^GS08
zev}tXzS17ucg-Glqr%|PFX4WaM4Cqsx~L8bdTYxyK)TTQ6IVGC{{Vk(G%8@cShN<q
zvytQcAbfcUf3<38xDSU^F{K?do}N7VKoyr%T7y7b_xf^37F1=I)|M1ZOB0xpyj-L*
zGac}oN<zs<K}^3Jrc*i-efMa8%8sB|>3iDpzDJw}cm8Ax06cREVN;m*C%p(r2}V!y
zAvpwOe%sracB}32g1R`F-~xU)jEq3)rZj%$6~IW&Kr!E4dbK^fx&GRU6dZmv*lHrm
zax6*0e6Q1lV}7zR>2v0^k|kjwQIw#LqAVn4s_nptM3bq#iET|O#mx7}5Vxy}W{ozD
z@wBP{_AGuM-TGC|Wr;;Cz>4m8$oupJ5l6))_91!=;{C^pPI)mGr{NRNPL&^^at!Ww
zBiqs8jB-|OIFg1UKo0wo@S`ENtMh_dD2~G7cs%z6A<aoIqFe@Rtx4VJLJ5Qd*U3A5
z`3brOuyz^8rB(;9J)c5CsgNhQFa-y*9yHtY7IJb3OX5INsQq%CK$aU$^P0S#JML6Z
z4*{_@t{@E0|8gT(n3Ffg>vE0Wc-4`aA|Y#baxrU&Ls&k$Fn4Q-L1y(g)$>`P59w45
zz!E`GY`@Of;iEJWPl?3DHs(Tgk!3*)*u=FLc%26tpN9jUqh!z8k`|g2qK;Ts{3n86
zoDh!DS1-B9qROoW)I&|WUHxC|O@%p`BW~6L0KIVUD9|!zb86l1HCcWc6-&>QP(%|}
zPUY7fty!Dgz`~}K>4eTl#D3S##Eo&F$0|40tgD)?Q<53hY@qjJXYWT)s4H(7rPR||
zVP`{3M;ewOiy{-q<ENF#xX|UCY3ISi<6#dKckAXq&p#5SHP;05hO9SVNNuAWGFe`J
zFf`ZiAq0Em`G)(22jAEi4Lmd$W4|A7l4tq8i+Kr{p9rbcQ<@XwvA=Q_8FSdE=Fs^*
z77H`{>L{0G<Y50HTi%{qP>}q^haNDE3Q}2H)={*Ue>=uD*5J<HsFwtKd|%PWv4#DT
zHy#Xl;^d1ti7&56=t$B(EdnUt^L!=Sb6#qI1~Mwb?=B6_G)y&fZPDnZf6XkPc+&Vd
zjl@%K>h9Cm?1785+A%Xa*afqW>Ddwkxnf=gYcT1zN72f<a|U?4EkwgmyJ2%G=m<;O
zV_2e~j1eVfyO*<AfA|~#wkBDmVlAA+BC5oRvR-5oR#(zC;3;O*Cv`eqeS{?%!w19t
zM;j=05a2tk2Te<Osj=AbSa5+=vU8J8YHf8}|9Z~{FE$RAUC(mE3jOejMR83t6qUqe
zX@B<@x`|*G(9yo9(4udJB555(_-1@Ci!z4dnw+q`P9W#ai*sV1m`}z?W$~k*HW92z
zWu-}G%wL%KMWLc6Da6xx^G`f-2knY=ZFmKI_hm-gxoCECBEC5o|E;uE_?5YNPVg@l
z9gR+V`s{2;k`z2Pw?5+lO5~yH-8OhVnHyD|eWKa6^mjfOm{#JR?LOUNbuDZJ!q|lY
zM0*{pNg;WufZx-WJ5v6<#qPDrKJ-)+>^&cel&pV!MY2D?>hd{f9CfDLR5gvym)t);
zM~ZDXH~;vSv&{at0lNwO+y&+dj4N-OzSea~1!-l0il&7X)9k%c>=y^#*rD(ayjYv{
zCj7(j?e!ZuiR3F<`EY-EKI_--B+>BDUk#E7QC{GXP1Ntc3br&z+7*Y>8Pt895iYxF
zg?IZnR^E7nXQSf|A8f7V-Hz8>##b!?_0K$~;D7nVj`yk<^S1Y)4kh+|+(#<SQ|#Qr
zG|VPn7|`D!LxNtNNDf4;7;nV=L^*R@RJ8PAVPl+_qK0D*>=;VtS;q51H;C)le_@9P
zg{T11#Fg6*EOXKdWs7qn*YI~lG#u?K<*wf?^8Bv7Yr*m6v#wOGz?%ljAt1^IRx0RI
zL^PDMGku=~$p|&9X>gBHd^vu@7r5Nr7t1;yocz7kuSqD}VL1p^v8?ZkJ60%(pxO?)
zw&&?}vBAqmZHbjxpgN)D9lV+%+4M%x)wiFTO>0n>RK~O+k00Ah+FXGAHp(U97G)<T
zWg`_Aen*S>-Mrz<MV5crIYYTb>7LL_K7*C6RqJ0Hp+gjzMB6xLiI~;YsnnQ;3T|_q
z52DPso>4rc(IUaF;h7Er=!Ja23lNmiA5Br0z+h6b3Mv&Y^1X4*QRAkJx6z^&6Nm0G
z`jZxD4utVsV~QXq6%Q@Bz<!yik<c-l!9!Q;&ZGn%p8h}JOAe0ug5R&jTAd=``Qm%$
zkt+c%0q`BYN-KA?J(pP4Tl04xh^u;xxia9cEb4^z-FTZr6=K{zy7(5Bcn}+pYx>W<
z<w4KcJF6$oBHnv%{LMrQAI!~CJ&yS*A`02Ut!#vY*A0~NgaJAlavJ*ruUnBM<9c!A
zV#A9muJ_u%em{DC@L4Wg7-2rgYRwJj;W%Gmae*M)(MZz@3dp|yE~c|R%gBPw@ZvJg
zl-OtMD|EguTva(y`VhVEJ5;^qnHxLEk&tAvd(u<MdcR{v<ghl>8iHfzHJ-T>GH~5-
zxgYw2|AOfZERvhtdmx<J=QU2ea~gUaX|T#)$*_fR9hO~}YE9{958+5S8JKAZY&N>%
zd#dxq>he0pO#7PCBVhi1y*lQ+-Z<c2mtJHHf&oe^Q;$3_+8g(cHwGhoj+QXBVl$;+
z7i^<HI?z0n*`#?<Hd(@E%38B)%68oiQYPm8dXs*+=rvkWQ5R;qR_7)g=+sy}sQi#D
z<?N{8tBbgt=B^6TkGtacvC2ZSJ9a!!*Nb_k2V{0eRE_Ic1l)c+8_%3DaO@bSY9dFS
zT5s5FT*0f{KUKcY(0bH9JdIh?u#uThVrVOp@XM5%tm@qM+L%k+S@520`dwZuNBx=<
zZtHF_1V$Z8taOHMavHM7>sNhw7uldLxN9OqY22TDncZ@k=(wS6bU&s8TqXb-KnCgE
zat^i*o@n3Ti^n0aQH%mC1syvtd80k}oE}a25V*7#^m<%G@tb$0l)ugsa4}LXMTKT%
zRG~)f-|I<#WU;(iQ_`=~oOVk-s*`K&y~;S5)~O)RxFN<$TkpNGeJ|j>@kMJ^ZdG62
z6BT~C-!*ZdM21_KYiFBr?{x-W+XJg{rc`V1U)}{_>k%nh`gS?9X>{LB9KF=l-8@2t
zc=%@*gIOTrRU$Ib0*?&!=6Fi$Y^+@axuq_>or0h<e5+rBD~BC?W(;S({MmbPIEKpC
zb{|Td%<QRs5ac*;pSZ7M?-=4>eR*P?!_z#}<oSi%H92GX_o{kVb7UO?wxVQYLcay=
zrm@jUlM#umMWYTb!=E&+WUC&qVF?H%SN)tllqTMlVy(B1{)1kdGw@)RW^UvgH=Uas
zuz5Ovo8?39UnJkZ+{zY>#xh8bfM8RghQdQsWm|Vitnv&-dmOIB&yT$JeJKFNw0e)l
zD}|O+PbC=`1M74k^L~l`V42M1l3?0f$^ExPok*5E<OOyHF7w{ty!Q49PvAZvLkhkr
z=>HrIxPTHaqc4WWSSuRAeIhYF+UrOVlX>pWckKYFI)@NZ1}&AsvKX2X6S~My;s7K!
zN2Tc4smH1^kfj%9=wt2fEhp#_l2(Jmn=JkzgW~;<IL_as@Gf7=##Xs_SA2AOIi9zR
zkFfF%XdYy>@WC|ZbAZ`^V(hmuPLPPZuI$;7kp09|vGzwodg?Ow`?BH=tN66)q*Cg{
z?oC8u>ai)3ftoswrUavW=dmp|hiIF(=CdrUA?dVs(rHdrp-EMQDNJOz^n>VzEXNbd
zy7BVBHntL-a@9LSq%m&vriWL{LoK6MQ&+M8OA~(6hrl#=)@(&t(r$5^26gxk<N)W?
z+TY8roWO^@<smmR>v(-qk9DvXUzNqh8ni_UCNq|vEleN?NlJYn@r3eo2V3&vIdk46
zTHYBoree>*Qpl7%>rcqrNa$!4Qw_~=qj4rcJ3^|D2~5_+UR_m2RRdq2J&CyL(xMry
z<4GD86W30)X$-DuceSV*MKVDr8n!(Vsh|hI2Jk{U=hmG1`6?MuS96#{@_VXs#HW6T
zV%8bB^kH_^JF00*UHGz)@jO@T?|q4;YwjV<=^WbKort8hL4Dd>#Jd0uBJ340(tXgK
zoe*I!eUaj9H9VDAtTs*{Rz&!!F<&44>NMq~xT9zsk9ho|C;NF68t`nE#)!Fhq3-wY
z4Gp;d_j?WZx4ZZ_J|Fc4I2n=e>V(;WALNeT)%dMFblk$LJ?{!<U9Y69ZEXvW5B6CX
zyy75YzJUM{U&d62T@w{tYMzTd!8K&R82pOL0!lJsuGN_B2RPk6&u8e}l?>@tn0_TT
zvhEXW=?^FG63B&!sZbW*nPHsi4IMw=3;VBA6ik?Gp;8|<(OE4Ij;=rD?E7EJV!8j7
zufM7}e2JAVT|cgW<a=M<5UBQ9LIT|xL|q|m{4UDjMhjyfVhPAEDU1}rWaD48aDTe<
z=vXn|t~!=A)$Lq=A<*0ZL$J~qLh92-B6iJNH$iCuTUu?9U!R<zr19Ipxd#Y-Lk5C#
zzS3zLs*8IyB~l1sO*?g{o1gu$pLZAK$Q=5hs%)kf78>CkRQ}1Wq;Vv~CIXykW3Qd~
z1&AGtfz_@`@#|s#0k{l~XQQb<l^q}YB!9Zzp;h{Ff=lNow>+cPd>?bQ)x>~z&9unN
zoV`<}#$U?Lyk6vby<12E@CuW*^+-%L3Q|N}sHLR-CeilgD&*qD+$85#NpN_g1_(iy
zXZ(~~7L}JN=j?KfgnE|IWtR0x`bXs=(#$fV2H@xQVw=UK15*uNnBfL}3%-QHu7ma~
z{txq{iRsjlx3zS{7pviCmK6!Ho;soqOx0rM1$KXxeb1Jmp7)Vw+$Eo)t-`51*7c1%
zHv`VU73Arr+c8+Up^LoE?hAsHNQcfu#1wm?W5)shR^BKT7Chj5IG)%#Jo-e=V|HP@
z5yZ)vjRWltty+`$$%&6~-xw!GJvwk8*XzJHwdfbvO)vBlkJMbBoImMrcUemgI373c
znA(Rs7|cZeauZ(c)%Zfv_zi=ml3R`Bcj=DWjSxN6@Qq7)U|AfG>bVX<hht@~$27g3
z2DrJDiJZALx!yCW4L~yK2IK{d(mH1IaXq}5jUW^B0m`*y30ORSvMM`s*^E59VYRmv
z5*Ga+5Ze`lCLS<TN5$jsx#x_gMyRPP5+=IB<At+q@f^x#W37Zy4cw<$wiw?S>K5{}
zQF|4c@yZw^J2G-8KSxdm^~<>7^Eih>Xct917%WW-WZ_#z)v~lWFxMA&NpnQt3H7|o
z4eff-#(@Jb<<dwX=5ec4>PI}iHgCM5kq^@N4h~sx52Xyw)X2WD#3`u!NTv#CV0BPa
z3~8BHT?>EEHVEz3L-)7}bCW<f{L{{NmAaTDm8qJ_nK@&=i=YjIoE8t6l*+nJ+4I`G
z=_7zK7=4Lx#PGPBx+>0zGLXuXcr$Uj502+myW2>Pxw<}TaW1hTGA);uC%nr_;<+7=
z#CGv$!V$D2I;=7ev7fGz@L(b-8t=oklUI>g-me{+lSOZe_1JezYBC|tt%W`hEPL)v
zS^N5Iq366KMb8Ya32igqNmNQJ1AVOzilU)PtNMrHl!E(T&~EKuNy3`GYAy~S$Ap$?
zp)p0T9T@|xe7$?39kCdDBRu2*nwHN<f{gz*LC^WQmNS;J^1yE<Y~wx}1!k1`1IFaO
zzZ^SLG5c=$;bGhj-Q>d*CEpf?>lA66Eta1d<Sj<7E4C_@@~{0cLH4W)^IdZVL6zwo
zEa3c`&2MO95;4hr{(=(I#6!(C#y~5y;m{1I12wz7o-}fy#+HwwQ^Dcj7>X*o7xINy
z)flAtx`W%6&=47}$r?Luz>~B!;HLDFozgkAnnn@tEznGmikpe1K|V8je;I7*T)I%A
z2q0T0;R`z<Kr1QIa)$d6?A(7IPVQPWAER!5VFrfBRdc%H-K2&^CH!Qlw!o2Q6S}iP
zGVj?5hgoj?<nBkew4k>_M`MC0^d=?`gdsj%L^*q@2(GH3`S4YmZkNoC=Dx6^<uN5!
z#nVP}AXnPu-y2-fypS@<jKO|gVsf7aqQ$XAh7;1<9vx(9Bk_f9SC<`YB=U^Gt%-F}
zuLvT*CpMx(;ed)?t8HC%&JX@vbhxI8Z*){~HK}r=Ocnu)OU{(_f<Q~B#JsG)<*IR$
z;dUw7jFVw#R%qglKgD3%;;6t%K`5a?(=JZ9Shd+@{`TLOt0AieNQJWPV%@o_ow7Ms
z)#qH);OxZp2i$dt=pb3Wt_cNySasvsUS+7_Vuvex`xcW@B`bq;1|**%+q#K}XJxs+
zBhzKE#)PtZbX{>ag6oP@I3b@HaWQp7$ZFIX{t|erQ9nXQxUEiwRTbRRzGq5g1sPUM
zu=J4~|Gc;gb;Zc(ZZ1(aJLorjv>3snkr=1hqvNg$h#2G+x;;I)ezW7Ual*A%tv6EQ
zruf}w;~#&nRN^CSPLIBiduROOhyQYG^irIx)CI*F%+=WSb0cyE3&(WI)Se6<bm0gG
z9<hh<>lyG3nu^;%18L#-Pn^p?2CXdXe-Yb^waec8@Y3|#@HQ8MHd?!tj=(UN+%J4o
z7E@uftc$)`>hwTgQ8UyB#R2DuzIaa2weD<yUEimo3hQ~DIfpcFI}Dyq{?I-ua8LFN
zRNQHfJWDur<)FUC1@d|=uQ})Xk_i7?n~QUKtiMVpjV+VomvKKgHJFXK-O5NPJizZ+
za;jO|j(@f<<mp#IGcAd4QQS>h<xlA29Xa1FSN>nd`)LTmjb*XZ7Yox63-vDP5O&0n
zAvalwK#5Yhj<7??M>p(kb#~}XR&R2^%I%QTC`#4q^2}`QG3Vx>{JFcwM!wV-n`&_5
z<oRsrTX+0P+@#QCmu)?DEW=Susb?+T>v=<OAO<+l>Q3oWOi`KBMXtHtgAq-+>ER+;
z>^uC0($kY0(e{?rR=9HPBWZ|QNr|_-ywf|qI4HgOSk`K~uOeAJF~|P);q!oj!ADZ(
z!i2`kfYf`#vHRI<PRO_YHdhlb=W0IRkmtoi6Ro&}q3<zjoKg#k3bTIk&YCyuMynlw
zx!r)R)4fk#7Z!8X`lBTS3~<@m>6;;$5)R|OreYQW2B}I0zTkgx&JFUs^GYu{;738T
zu7H)XlV<;s>1&pZ+FiO|eQ4WpAwc5QwFU=vH*s287qG+@MvUJH+T$P9lzB@I`V%LY
zrVCB?MwxSc6xOvXQjt49Qmsr$KnKlz`u)%_+%y_=KpZ7U&(p9VjVz7T!Y2ESf=@lX
zh*IX7V+N_hY1Ee9As+ej^HQV95gGCo&}4;+`z7M!5d@gL&3F|&<D|K2qvN1A5|yf`
z=XXn>N6UC|5FCGg0LF$dG?zF{EPS*pxO~1bGZu9H@i3`cYP5YDkgK8`Azo*h&b45<
zHMD6a@uO;gjV#R8XEdfYbmofU8;}t*xNjsPiaU&e*o2Snd<cC#58X)xqoTGV?7{qR
zc2??0LI;8V$1HRr?9I;F`OPl_jr2|L4{HqLT!*8k>Fmk+gJm=h-#gcIX2LpbU|?%<
zQf|<MvxKZHvEk~ft1KIV)>VGp=lGK=j1%iSEz70Ig(L{aaB)Y=w-<Iiac~(%;M8eJ
zSxrLB7rwm|JCKV;?NV}0(~H?m7Q}54lEYW3Hd`8GDvModPtm}b)bfOAC;1#ED!>*?
z<4E04*x#b;w9=14y2zK^J%##l8=}-<#*BoXeD@Qr=)vMDK(<`m_Y^fy?y6<utXM@*
zs<H>8&2iUt_e=%LzDvR0&&GG?W|E1d!>0EGkr-x#_HF%96@S%?aS%RF@<*|g%vgw^
z6e8|q%}_<j@+);Wg?KL^ZHKPB;u|b_6P~J(W&WrBp&)@mEZ0J)zkfESVu;53=}Y4D
zM_3i1<gwF6gsc^@p1UjB?;^`&T@9(wAvTEJr)F=uzHlt+2_i-qA~ME>2_6xn%<Jpd
zzo0{)k&wq=PX8^71Fin~_5LF+wZJQC9|rsQtV&lB4=ko0$KOtU2PQ3}I&kKq4hCAF
zGzy8)!3!}?XWDkaWn@EPg;YgiFn-z`Vm?ig%yhM<rkAU_^&Mr9+{+h<Fu34nHJ4i|
z`4@mi=-a^}=PXVrX^Wb)v^d(COgu#C#N&Yl3tr3}tf?aypXHlowO$jwKGvUvZ@U4e
zH^;keYSmq!m0J5H$!Uq=`Gdi$u)pcak}?*&#R8(vQ0|(HWF|7T;hHEKVJ2pRtjv`Y
zf=7G%hJK}@P!8w0H0HKknNOz0e~Lm1R>-5c!E^#VKvtaBgdS>wRs<*_Tt~<8+Y@Bn
z;A97e*>we)YV2*$d#+`kgY0b@6BkV*{cm3WqKDl7L@JVLGm3-tGR+CEe|-y0uNv@P
znvTxocl{?X$R8sWvFO?o$pbTmwZ9;X;zAOLK6EBYz{*G^)IpLFK=J8>wo$}pU8#l^
zgT2ZceSdP?e0E@dd2mylO0PR#F-kRlu9Hh=XJFp|hC{pUdqO7n9Bbfh-6e#BgL)Z<
zQQNh=dkONy036)h&iLZ{4+MCKG34RAW6p@;koCC@)}NOoQN@vc0(Y*96)8%`rW>3Q
zPj3&wMX5UwUYA~*B-<6iJ6VSQyRO+iIqa+7<ghE}PBlQJAX4N7gstli{ScLDJaI^E
z^0DJ6)hH)5)>NrW=rWZgLldfu>8wgKDZVQLiIk(Z@0{WzuT4`sAuxIRVn&JbD{2aV
zu~#0v+J}&(PaGekjqYa;mjmdppg?0v3{&#!yFFV1(9sj^xc_Xkg+Y>gl&YUb=}3wr
z{qEOQ2XUE2W`t?AtoK+uxT#uRaDk(tXJmd%BFh`v>Z;tIt2Od{^B?NnedS%V2t16z
z1|N>nd|0eaHez;bU%SjR#70c{3ke<bTkShgi@(z@N;zXiv5QxAR@7Uoui|RM)#Uyl
zA7u&iEeZCjl8=l<O-zP}NCveFW=VDGdJRe~3`sjW`5vu?e}WU}+V#zduDrK(pEgeT
z>1YYrKH;U`)ZfTReR55_G*l;N*L4(LQq;Q|mbtS&zNVu}p0FY6N!;oFWc_9fwbkJ)
zw%Jo!=EyuxeR!SBLw(n}nM8_GUF%I)`2jV}0OV7MG@Bvwo8VU%%r8_wT`k+8q*Bso
z`LRwA*qMvXkdTy`QoU5El1}RiCACX>_ZOZB`cJ&fA1b=kHGaI+RqrmZ;=4i(poCsJ
z{SvVetfue09JQY{7^oSTb<C<2fS(ES70=G4^+5Cn)WPY#rNHDmX7+NTcJ=n@4{nZ9
z=C0D?NqHbLT<hwb&=h7Xr_XHSywAtBCzO6-sxj=TH#%IOd>SmZSrrI9W-Pwq;|eTQ
z==3sEf(|Ox&0#o;ZzOSBb=h7Uh1yW*Y8!&<4~mM?Cy#1%_h*44Kc!sn6@-o|Z!)H6
z+Gy_NbET>e%)iTJcSK_ZRY?(WW;A>+<Z9($fUCCA;cJUFk^^_VTSaMUN)L)LE%kk9
zL8<bmE}Hhr{bOK#;;0iQW5=aaFwPy2RH*Y)`^a^Es;VuDMdb=Lq2dC=DM<Icz(Cwf
z<w&XZ1(9U_8!rj9xQY0)VVr`IyBGUMZ8)JwY$*DBh_l?20-)xHU;JeLua4VNWi2r{
z#?5<D?0&608+pBZR<o3Pw}9PvGF2W}4;pD|F5Rx?^+Nl;j*kzM%eSS%o}#?tSo`v&
zOdB!gaTuW-DT+y><n@Pn*T-}T55&W+IHS`%=Tjk_%3uK241>+Dg)Qa<gf5PL_jQ%~
z63ROb9&kno#$%;*n)BOjF`q0o4Z%Z*jl04;vP=4Nc+Vyj%^IC<s<Z_?8KbJoUGwO-
zX3QK)yR{qfWcBCtyk|E5syJIR!N>>rpX3%>62VC51pw16<J;JtG;M8{d?857kfKSA
zr{-CVi^9!U;2`$J2i;^ABlk)joL>Dc_f1n|zU~e?36^miXuJG%?q5HzN%@tp7%yax
z$$ZK1xUR1Ubg+>=;^vZr|Fp3v1YHkWWd0=c|L5huBW!VA_WVCxsQG9APix|Tt@EFG
vKY}OabN;))%e=v_=>L0*|6iBOzX50@I_zJFB$a#qd3ofeRivsUeg^#yzKH)}


From a77917bcf9409901a0649f3c1cbad46e85fb1f6c Mon Sep 17 00:00:00 2001
From: Manuel Abascal <mjabascal10@gmail.com>
Date: Tue, 4 Mar 2025 17:08:16 -0600
Subject: [PATCH 12/13] fix: update sophos guide

---
 .../app-module/guides/guide-sophos/guide-sophos.component.html  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frontend/src/app/app-module/guides/guide-sophos/guide-sophos.component.html b/frontend/src/app/app-module/guides/guide-sophos/guide-sophos.component.html
index 93f4da64c..58fc7a022 100644
--- a/frontend/src/app/app-module/guides/guide-sophos/guide-sophos.component.html
+++ b/frontend/src/app/app-module/guides/guide-sophos/guide-sophos.component.html
@@ -36,7 +36,7 @@ <h6 class="font-weight-semibold mt-3 mb-3">
                                                 [serverId]="serverId"></app-int-generic-group-config>
                 </ng-template>
 
-                <ng-template [ngIf]="step.content.id === 'stepContent3'">
+                <ng-template [ngIf]="step.content.id === 'stepContent6'">
                   <div  class="mt-3">
                     <app-app-module-activate-button [module]="module.SOPHOS" [type]="'integration'"
                                                     [disabled]="configValidity"

From b21529c6b61ec0037a6e03712af9a793c77acfdf Mon Sep 17 00:00:00 2001
From: Manuel Abascal <mjabascal10@gmail.com>
Date: Tue, 4 Mar 2025 17:18:24 -0600
Subject: [PATCH 13/13] fix: update sophos guide

---
 .../guide-sophos/guide-sophos.component.html  | 77 -------------------
 1 file changed, 77 deletions(-)

diff --git a/frontend/src/app/app-module/guides/guide-sophos/guide-sophos.component.html b/frontend/src/app/app-module/guides/guide-sophos/guide-sophos.component.html
index 58fc7a022..ecd35f17a 100644
--- a/frontend/src/app/app-module/guides/guide-sophos/guide-sophos.component.html
+++ b/frontend/src/app/app-module/guides/guide-sophos/guide-sophos.component.html
@@ -53,80 +53,3 @@ <h6 class="font-weight-semibold mt-3 mb-3">
     </ol>
   </div>
 </div>
-
-
-<!--<div class="w-100 h-100">
-  <div class="card-header d-flex justify-content-between align-items-center">
-    <h4 class="card-title mb-0 text-primary">
-      Sophos Central
-    </h4>
-  </div>
-
-  <div class="card-body">
-    <p class="font-size-base">
-      Sophos Central has secured APIs available for customers. These allow the retrieval of event and alert data from
-      Sophos Central, for use in other systems.<br><br>
-
-    <h6 class="font-weight-semibold mt-3 mb-3">
-      How to send alert and event data to UTMStack:
-    </h6>
-    <ol class="setup_list">
-      <li>
-        <p class="step-guide">
-          <span class="step_number">1</span>
-          You require a token to access event data via the API. In Sophos Central Admin, go to <strong>Global&nbsp;Settings</strong>
-          &gt; <strong>API Token Management</strong>.
-        </p>
-      </li>
-      <li>
-        <p class="step-guide">
-          <span class="step_number">2</span>
-          To create a new token, click <strong>Add token</strong> from the top-right corner of the screen.
-        </p>
-      </li>
-      <li>
-        <p class="step-guide">
-          <span class="step_number">3</span>
-          Select a <strong>token name</strong> and click <strong>Save</strong>. The <strong>API Token Summary</strong>
-          for this token is displayed.
-        </p>
-      </li>
-      <li>
-        <p class="step-guide">
-          <span class="step_number">4</span>
-          Click ont the <strong>Copy</strong> button to copy your <strong>API Access URL + Headers</strong> from the <strong>API Token
-          Summary</strong> section into your clipboard.
-          <img alt=""
-               class="step-img"
-               src="../../../../assets/img/guides/sophos/sophos-step-5.png"
-               style="height: 400px!important; width: auto">
-        </p>
-      </li>
-      <li>
-        <p class="step-guide">
-          <span class="step_number">5</span>
-          Insert information in the following inputs.You can add more than one Sophos
-          configuration by clicking on Add tenant button.
-        </p>
-        <div class="row mt-3">
-          <div class="col-lg-12 col-md-12 col-sm-12">
-            <app-int-generic-group-config [moduleId]="integrationId"
-                                          (configValidChange)="configValidChange($event)"
-                                          [serverId]="serverId"></app-int-generic-group-config>
-          </div>
-        </div>
-      </li>
-      <li>
-        <p class="step-guide mb-3">
-          <span class="step_number">6</span>
-          Click on the button shown below, to activate the UTMStack features related to this integration
-        </p>
-        <app-app-module-activate-button [module]="module.SOPHOS" [type]="'integration'"
-                                        [disabled]="configValidity"
-                                        [serverId]="serverId"
-                                        class="mt-3">
-        </app-app-module-activate-button>
-      </li>
-    </ol>
-  </div>
-</div>-->