From f370c51729ad6cc6dcb99a92af197b29a2a6b2ae Mon Sep 17 00:00:00 2001 From: tmartin-s1 <121066578+tmartin-s1@users.noreply.github.com> Date: Tue, 19 Sep 2023 18:52:15 -0400 Subject: [PATCH 1/5] Added/updated dashboards and updated the readme --- README.md | 6 +- Splunk Dashboards/dataset_by_example.xml | 47 +- Splunk Dashboards/ingestion_summary.xml | 25 +- .../sentinelone_use_case_query_examples.xml | 27 +- Splunk Dashboards/soc_search_examples.xml | 131 +++++ Splunk Dashboards/splunk_app_usage.xml | 34 +- TA_dataset/default/data/ui/nav/default.xml | 8 + .../data/ui/views/dataset_by_example.xml | 551 +++++++++--------- .../data/ui/views/ingestion_summary.xml | 79 +++ .../sentinelone_use_case_query_examples.xml | 88 +++ .../data/ui/views/soc_search_examples.xml | 131 +++++ .../data/ui/views/splunk_app_usage.xml | 350 +++++++++++ 12 files changed, 1135 insertions(+), 342 deletions(-) create mode 100644 Splunk Dashboards/soc_search_examples.xml create mode 100644 TA_dataset/default/data/ui/views/ingestion_summary.xml create mode 100644 TA_dataset/default/data/ui/views/sentinelone_use_case_query_examples.xml create mode 100644 TA_dataset/default/data/ui/views/soc_search_examples.xml create mode 100644 TA_dataset/default/data/ui/views/splunk_app_usage.xml diff --git a/README.md b/README.md index 90452c00..5e278458 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ -# Security Data Lake Add-On for Splunk -The Security Data Lake Add-On for Splunk provides integration with [Singularity DataLake](https://www.sentinelone.com/platform/xdr-ingestion/) and [DataSet](https://www.dataset.com) by [SentinelOne](https://sentinelone.com). The key functions allow two-way integration: +# Singularity Data Lake Add-On for Splunk +The Singularity Data Lake Add-On for Splunk provides integration with [Singularity DataLake](https://www.sentinelone.com/platform/xdr-ingestion/) and [DataSet](https://www.dataset.com) by [SentinelOne](https://sentinelone.com). The key functions allow two-way integration: - SPL custom command to query directly from the Splunk UI. - Inputs to index alerts as CIM-compliant, or any user-defined query results. - Alert action to send events from Splunk. @@ -60,7 +60,7 @@ The add-on uses Splunk encrypted secrets storage, so admins require `admin_all_o 3. Optionally, configure logging level and proxy information on the associated tabs. 4. Click Save. -5. The included Security Data Lake by Example dashboard can be used to confirm connectivity and also shows example searches to get started. +5. The included Singularity Data Lake by Example dashboard can be used to confirm connectivity and also shows example searches to get started. ## SPL Command The `| dataset` command allows queries against the [DataSet APIs](https://app.scalyr.com/help/api) directly from Splunk's search bar. diff --git a/Splunk Dashboards/dataset_by_example.xml b/Splunk Dashboards/dataset_by_example.xml index 1d4c2eb8..c5343bb8 100644 --- a/Splunk Dashboards/dataset_by_example.xml +++ b/Splunk Dashboards/dataset_by_example.xml @@ -1,5 +1,5 @@
- + maxcount=10 @@ -12,7 +12,6 @@ Show Connection Test Results - 1 "1" @@ -24,6 +23,26 @@ + + + + + + + Searching Your Data in DataSet @@ -71,7 +90,7 @@
  • Timeseries Query - This will calculate numeric values over time. For repeated queries, summaries allow precomputed results (fastest).
    • - Depending on your use case, you may have a need for any or all of these. + Depending on your use case, you may have a need for any or all of these.

    Let's get started searching!

    @@ -101,7 +120,7 @@ serverHost serverHost - | dataset method=facet field=serverHost search="serverHost=* " + | dataset method=facet field=serverHost search="serverHost=* " | spath | rename value as serverHost | table serverHost count @@ -126,22 +145,6 @@ $baseQuery$ - - -     @@ -149,7 +152,7 @@ SPL: | dataset method=query search="$baseQuery$" $myMaxCount$ | spath - | dataset method=query search="$baseQuery$" $myMaxCount$ + | dataset method=query search="$baseQuery$" $myMaxCount$ | spath $myTime.earliest$ $myTime.latest$ @@ -260,4 +263,4 @@ - + \ No newline at end of file diff --git a/Splunk Dashboards/ingestion_summary.xml b/Splunk Dashboards/ingestion_summary.xml index 39784b1e..e70e3339 100644 --- a/Splunk Dashboards/ingestion_summary.xml +++ b/Splunk Dashboards/ingestion_summary.xml @@ -2,10 +2,10 @@ This dashboard is provided to estimate daily ingestion for various sources of data in Splunk. - index="_internal" source="*metrics.log" group="per_sourcetype_thruput" + index="_internal" source="*metrics.log" group="per_sourcetype_thruput" | bucket _time span=1d | eval GB=kb/1024/1024 -| stats sum(GB) as "GB Ingest" avg(GB) as "Average GB" max(GB) as "Max GB" avg(eps) as "Events per Second" by _time, series +| stats sum(GB) as "GB Ingest" avg(GB) as "Average GB" max(GB) as "Max GB" avg(eps) as "Events per Second" by _time, series | stats sum("GB Ingest") as "Total Ingest(GB)", avg("GB Ingest") as "Daily Avg Ingest(GB)", max("GB Ingest") as "Daily Max Ingest(GB)" by series | eval "Total Ingest(GB)"=round('Total Ingest(GB)',4), "Daily Avg Ingest(GB)"=round('Daily Avg Ingest(GB)',4), "Daily Max Ingest(GB)"=round('Daily Max Ingest(GB)',4), "Events per Second"=round('Events per Second',4) | rename series as sourcetype @@ -23,7 +23,24 @@ - + + + + + + + + Ingestion by sourcetype @@ -59,4 +76,4 @@
    - + \ No newline at end of file diff --git a/Splunk Dashboards/sentinelone_use_case_query_examples.xml b/Splunk Dashboards/sentinelone_use_case_query_examples.xml index c740650c..71232311 100644 --- a/Splunk Dashboards/sentinelone_use_case_query_examples.xml +++ b/Splunk Dashboards/sentinelone_use_case_query_examples.xml @@ -23,26 +23,29 @@ A non-Windows process writes files to the temp directory Rundll or Regsvr executes a script - Bat or cmd files are dropped directly to a temp folder + Bat or cmd files are dropped directly to a temp folder A non-Windows process injects to a Windows process LOLBins command processors masquerade under a different name and path Rundll or Regsvr run content from a remote server - Suspicious Powershell with base64 in the commandline + Suspicious Powershell with base64 in the commandline New unsigned DLL is dropped in the Windows directory (possible DLL hijack attempt) NTDS Copy Removal of indicators on Host Suspicious data compression - Allow SMB and RDP on Defender Firewall + Allow SMB and RDP on Defender Firewall Unmanaged Powershell Signed Binary Proxy Execution: mshta - Signed Binary Proxy Execution: regsvr32 + Signed Binary Proxy Execution: regsvr32 Signed Binary Proxy Execution: Rundll32 Powershell Unnecessary Escaping Signed Binary Proxy Execution: CMSTP DHCP CalloutDLL os.name matches '^Windows' AND event.category = 'file' AND tgt.file.path contains 'temp' AND tgt.file.isExecutable = 'true' AND src.process.verifiedStatus != 'verified' AND src.process.publisher != 'MICROSOFT WINDOWS' os.name matches '^Windows' AND event.category = 'file' AND tgt.file.path contains 'temp' AND tgt.file.isExecutable = 'true' AND src.process.verifiedStatus != 'verified' AND src.process.publisher != 'MICROSOFT WINDOWS' + + $label$ + + + + + + + + Network Recon + + + | dataset account=xdr method=powerquery search="src.process.user = * (net_ipsubnet(dst.ip.address, '172.0.0.0/16') OR net_ipsubnet(dst.ip.address, '10.0.0.0/8')) NOT (net_ipsubnet(src.ip.address, '10.0.0.0/24')) +| group uniqueDestinations = estimate_distinct(dst.ip.address), uniquePorts = estimate_distinct(dst.port.number), fullPortList = array_sort(array_agg_distinct(dst.port.number)), dstList = array_sort(array_agg_distinct(dst.ip.address)) by src.ip.address, src.process.user +| filter (uniqueDestinations > 5) AND (uniquePorts > 5) +| let topPortList = array_slice(fullPortList, 0, 20) +| columns src.ip.address, src.process.user, uniqueDestinations, uniquePorts, dstList, fullPortList, topPortList" +| spath +| table src.ip.address, src.process.user, uniqueDestinations, uniquePorts, dstList, fullPortList, topPortList + -15m + now + + + + https://xdr.us1.sentinelone.net/query?filter=src.process.user+%3D+*+%28net_ipsubnet%28dst.ip.address%2C+%27172.0.0.0%2F16%27%29+OR+net_ipsubnet%28dst.ip.address%2C+%2710.0.0.0%2F8%27%29%29+NOT+%28net_ipsubnet%28src.ip.address%2C+%2710.0.0.0%2F24%27%29%29%0A%7C+group+uniqueDestinations+%3D+estimate_distinct%28dst.ip.address%29%2C+uniquePorts+%3D+estimate_distinct%28dst.port.number%29%2C+fullPortList+%3D+array_sort%28array_agg_distinct%28dst.port.number%29%29%2C+dstList+%3D+array_sort%28array_agg_distinct%28dst.ip.address%29%29+by+src.ip.address%2C+src.process.user%0A%7C+filter+%28uniqueDestinations+%3E+1%29+AND+%28uniquePorts+%3E+1%29%0A%7C+let+topPortList+%3D+array_slice%28fullPortList%2C+0%2C+20%29%0A%7C+columns+src.ip.address%2C+src.process.user%2C+uniqueDestinations%2C+uniquePorts%2C+dstList%2C+fullPortList%2C+topPortList%0A%2F%2F+src+user+is+not+null%2C+src+and+dst+IPs+are+within+defined+subnets%0A%2F%2F+get+distinct+count+of+dst+IPs+and+ports%2C+plus+arrays+of+dst+IPs+%28sorted%29+and+ports+for+each+src+IP+and+user%0A%2F%2F+filter+unique+destinations+and+ports+to+a+high+number%2C+in+this+case+a+static+number+of+1+for+testing%0A%2F%2F+create+a+2nd+shorter+array+of+ports+only+showing+the+first+20%0A%2F%2F+order+columns&teamEmails=-&view=xdr&startTime=10+min + +
    +     +     + + + Impossible Traveler + + + | dataset account=xdr method=powerquery search="//src.process.user = * src.ip.address = * +//| group first_ip = oldest(src.ip.address), last_ip = newest(src.ip.address) by src.process.user +| limit 1 +| let src.process.user = 'Matt Balcer', first_ip='87.203.45.78', last_ip='98.24.6.8' +| let first_location = geo_ip_location(first_ip), last_location = geo_ip_location(last_ip), first_country=geo_ip_country(first_ip), last_country=geo_ip_country(last_ip) +| let kilometers = geo_distance(first_location, last_location) +| let hours=(queryend() - querystart())/1000000000/60/60 +| let speed = kilometers / hours" +| spath +| table src.process.user, first_ip, last_ip, first_country, first_location, last_country, last_location, kilometers, speed + -24h@h + now + + + + + + + + + + + + + https://xdr.us1.sentinelone.net/query?view=edr&filter=%2F%2Fsrc.process.user+%3D+*+src.ip.address+%3D+*%0A%2F%2F%7C+group+first_ip+%3D+oldest%28src.ip.address%29%2C+last_ip+%3D+newest%28src.ip.address%29+by+src.process.user%0A%7C+limit+1%0A%7C+let+src.process.user+%3D+%27Matt+Balcer%27%2C+first_ip%3D%2787.203.45.78%27%2C+last_ip%3D%2798.24.6.8%27%0A%7C+let+first_location+%3D+geo_ip_location%28first_ip%29%2C+last_location+%3D+geo_ip_location%28last_ip%29%0A%7C+let+kilometers+%3D+geo_distance%28first_location%2C+last_location%29%0A%7C+let+hours%3D%28queryend%28%29+-+querystart%28%29%29%2F1000000000%2F60%2F60%0A%7C+let+speed+%3D+kilometers+%2F+hours%0A%7C+filter+speed+%3E+500%0A%2F%2F+logic%3A+get+IP+addresses%2C+get+geo+locations%2C+determine+distance%2C+convert+timestamps+from+nano+epoch+to+delta+in+hours%2C+then+filter+to+speed+%3E+500km%0A%2F%2F+usage%3A+for+real+use%2C+uncomment+lines+1%2C2+and+remove+lines+3%2C4&startTime=4+hours + +
    +     +     + + + Network Traffic Off-Hours + + + | dataset account=xdr method=powerquery search="bytes.sent = * +| let time_hour = number(strftime(timestamp, '%H')) +| group bytes=sum(bytes.sent), hour = oldest(time_hour) by timebucket('1h') +| let gb = (bytes/1024/1024/1024) +| filter gb > 0 AND (hour <= 9 OR hour >= 18) +// logic: get numeric 2-digit hour from timestamp, group bytes per hour, convert to gb, then filter to volume and hours of day +// usage: change the last filter line to anomalous gb traffic and adjust to business hours" +| spath +| table hour, gb + -24h@h + now + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + https://xdr.us1.sentinelone.net/query?filter=bytes.sent+%3D+*%0A%7C+let+time_hour+%3D+number%28strftime%28timestamp%2C+%27%25H%27%29%29%0A%7C+group+bytes%3Dsum%28bytes.sent%29%2C+hour+%3D+oldest%28time_hour%29+by+timebucket%28%271h%27%29%0A%7C+let+gb+%3D+%28bytes%2F1024%2F1024%2F1024%29%0A%7C+filter+gb+%3E+0+AND+%28hour+%3C%3D+9+OR+hour+%3E%3D+18%29%0A%2F%2F+logic%3A+get+numeric+2-digit+hour+from+timestamp%2C+group+bytes+per+hour%2C+convert+to+gb%2C+then+filter+to+volume+and+hours+of+day%0A%2F%2F+usage%3A+change+the+last+filter+line+to+anomalous+gb+traffic+and+adjust+to+business+hours&startTime=24+hours&view=xdr + + + + + \ No newline at end of file diff --git a/Splunk Dashboards/splunk_app_usage.xml b/Splunk Dashboards/splunk_app_usage.xml index 221ff218..347e9088 100644 --- a/Splunk Dashboards/splunk_app_usage.xml +++ b/Splunk Dashboards/splunk_app_usage.xml @@ -6,11 +6,11 @@ index=_internal sourcetype=splunk_web_access host=* user=* -| rex field=uri_path ".*/(?<title>[^/]*)$" +| rex field=uri_path ".*/(?<title>[^/]*)$" | join title [| rest /servicesNS/-/-/data/ui/views splunk_server=* -| search isDashboard=1 isVisible=1 -| rename eai:acl.app as app +| search isDashboard=1 isVisible=1 +| rename eai:acl.app as app | fields title app ] | rename title as dashboard | search NOT app IN($myExcludedApps$) @@ -20,14 +20,14 @@ index=_internal sourcetype=splunk_web_access host=* user=* $myTime.latest$ - | rest /servicesNS/-/-/data/ui/views + | rest /servicesNS/-/-/data/ui/views ``` get fields we want from all the dashboards for all the apps ``` -| fields eai:acl.app label id eai:data +| fields eai:acl.app label id eai:data | rename eai:acl.app as app_name, eai:data as xml_source, label as dashboard_title ``` now separate all the panels to individual events (rows) ``` -| rex field=id "http(s)?://([^/]+/)+(?<file_name>[^/]+)" +| rex field=id "http(s)?://([^/]+/)+(?<file_name>[^/]+)" | spath input=xml_source output=panel path=form.row.panel | mvexpand panel | fields app_name dashboard_title file_name panel xml_source @@ -37,14 +37,14 @@ index=_internal sourcetype=splunk_web_access host=* user=* | spath input=panel output=panel_title path=title | xpath field=panel outfield=query "//*/search/query" | xpath field=panel outfield=drilldown "//*/drilldown/*/link" -| rex field=panel "\s+\<(?<panel_type>[^\<]+)\>" +| rex field=panel "\s+\<(?<panel_type>[^\<]+)\>" ``` filter for the types of panels that typically have searches ``` | search panel_type IN ("chart","single","table","event","search","viz","map") | search NOT app_name IN($myExcludedApps$) ``` total, sort and print the results ``` -| eventstats count as total_panels, dc(dashboard_title) as total_dashboards +| eventstats count as total_panels, dc(dashboard_title) as total_dashboards | eventstats dc(dashboard_title) as dashboards_in_app by app_name | eventstats count as panels_on_dashboard by app_name, dashboard_title | sort app_name file_name dashboard_title panel_title @@ -209,7 +209,7 @@ index=_internal sourcetype=splunk_web_access host=* user=* Splunk Usage - What are you're users accessing most often? + What are you're users accessing most oftern? @@ -218,12 +218,12 @@ index=_internal sourcetype=splunk_web_access host=* user=* Most Used SPL Commands - index=_audit action=search info=completed search=* NOT "search_id='scheduler" NOT "search=|history" NOT "user=splunk-system-user" NOT "search='typeahead" NOT "search='| metadata type=* | search totalCount>0" app="*" -| fields search -| rex field=search "\|\s*(?<command>\w+)\s(?<attributes>[^|]*)" max_match=1000 -| mvexpand command + index=_audit action=search info=completed search=* NOT "search_id='scheduler" NOT "search=|history" NOT "user=splunk-system-user" NOT "search='typeahead" NOT "search='| metadata type=* | search totalCount>0" app="*" +| fields search +| rex field=search "\|\s*(?<command>\w+)\s(?<attributes>[^|]*)" max_match=1000 +| mvexpand command | search command!="" -| stats count as "execution", distinct_count(search) as "distinct_searches" by command +| stats count as "execution", distinct_count(search) as "distinct_searches" by command | sort -distinct_search, -execution | rename command as "SPL Command" $myTime.earliest$ @@ -332,9 +332,9 @@ index=_internal sourcetype=splunk_web_access host=* user=* | search NOT app_name IN(Splunk_Security_Essentials,lookup_editor,splunk_monitoring_console,splunk_secure_gateway,splunk_instrumentation,Splunk_SA_CIM) ``` total, sort and print the results ``` -| eventstats count as total_searches +| eventstats count as total_searches | eventstats dc(searches) as searches_in_app by app_name -| sort app_name title +| sort app_name title | table app_name title search viz cron_schedule alert_type alert_comparator alert_threshold alert_condition | search app_name = "*" search="*" | dedup app_name, title, search @@ -347,4 +347,4 @@ index=_internal sourcetype=splunk_web_access host=* user=*
    - + \ No newline at end of file diff --git a/TA_dataset/default/data/ui/nav/default.xml b/TA_dataset/default/data/ui/nav/default.xml index 35cfb780..21af67a7 100644 --- a/TA_dataset/default/data/ui/nav/default.xml +++ b/TA_dataset/default/data/ui/nav/default.xml @@ -19,4 +19,12 @@ + + + + + + + + diff --git a/TA_dataset/default/data/ui/views/dataset_by_example.xml b/TA_dataset/default/data/ui/views/dataset_by_example.xml index 057416ed..c5343bb8 100644 --- a/TA_dataset/default/data/ui/views/dataset_by_example.xml +++ b/TA_dataset/default/data/ui/views/dataset_by_example.xml @@ -1,287 +1,266 @@
    - - - maxcount=10 - - | group count=count() by tag" | spath | table tag count - | spath | rename value as tag | table tag count - | spath | timechart values(rate) as rate - | spath | stats count by attributes.status - -
    - - - Show Connection Test Results - 1 - - - "1" - - - - - - - -
    - - - Searching Your Data in DataSet - - This dashboard will help get you started on your journey. The first thing you'll want to do after - configuring your DataSet Read API Key is to run a simple test to make sure you can access Dataset. - - - - - - - API Connection Test - - SPL: | dataset maxcount=5 - - | dataset maxcount=6 - | spath - - $myTime.earliest$ - $myTime.latest$ - - - - -
    -     -     - - - - If you see data, your API Keys are working! - - - - - - -

    Now let's talk about executing queries against DataSet.

    - The first thing you need to know is that this Add-On provides four methods to query DataSet: -
      -
    1. - Base Data Query - - This will return the raw event data (fast, but very verbose). This type of query returns all - evetn data so be mindful of the amount of data pushed across the wire and held in memory. -
      2. -
    2. - PowerQuery - - This will aggregrate data by any supported operator (sum, count, average, etc.) and return the - summary level statistics (faster). -
      3. -
    3. - Facet Query - - This will summarize data by a specific field and return the summary level statistics for the - most common values of the field (fastest). -
      4. -
    4. - Timeseries Query - - This will calculate numeric values over time. For repeated queries, summaries allow - precomputed results (fastest). -
      5. -
    - Depending on your use case, you may have a need for any or all of these. -

    Let's get started searching!

    - -     -     - - - 1. Base Data Query: Get the raw events - - - - -4h@m - now - - - - - 10 - 50 - 1000 - 5000 - maxcount=10 - maxcount=10 - - - - All - serverHost - serverHost - - | dataset method=facet field=serverHost search="serverHost=* " - | spath - | rename value as serverHost - | table serverHost count - | sort serverHost - - $myTime.earliest$ - $myTime.latest$ - - - - serverHost=* - tag - - - serverHost='$value$' - tag - - - All - All - - - - $baseQuery$ - - - - - - - - - - SPL: | dataset method=query search="$baseQuery$" $myMaxCount$ | spath - - | dataset method=query search="$baseQuery$" $myMaxCount$ - | spath - - $myTime.earliest$ - $myTime.latest$ - 1 - - - - -
    -     -     - - - Now let's select a field to aggregate statistics on in DataSet. (This is exponentially better - performance than returning all data and using SPL to summarize.) - - - - tag - status - severity - description - Application - tag - tag - - - | group count=count() by $value$" | spath | table $value$ count - - | spath | rename value as $value$ | table $value$ count - - - - - - - - 2. PowerQuery: Aggregate in DataSet and display in Splunk! - - - $basePowerQuery$ - - - - - - - SPL: | dataset method=powerquery search="$baseQuery$ $basePowerQuery$ - - | dataset method=powerquery search="$baseQuery$ $basePowerQuery$ - - $myTime.earliest$ - $myTime.latest$ - - - - - - - - - - 3. Facet Query: Aggregate in DataSet, Facet by a specific field and display in Splunk! - - - $baseFacetQuery$ - - - - - - - - SPL: | dataset method=facet field=$myTag$ search="$baseQuery$" $baseFacetQuery$ - - | dataset method=facet field=$myTag$ search="$baseQuery$" $baseFacetQuery$ - - $myTime.earliest$ - $myTime.latest$ - - - - - - - - - - 4. Timeseries Query: This will calculate numeric values over time. - - - $baseTimeseriesQuery$ - - - - - - - - SPL: | dataset method=timeseries search="$baseQuery$" function="rate" buckets=24 - createsummaries=false onlyusesummaries=false $baseTimeseriesQuery$ - - - | dataset method=timeseries search="$baseQuery$" function="rate" buckets=24 - createsummaries=false onlyusesummaries=false $baseTimeseriesQuery$ - - $myTime.earliest$ - $myTime.latest$ - - - - - - - - - -
    + + + maxcount=10 + + | group count=count() by tag" | spath | table tag count + | spath | rename value as tag | table tag count + | spath | timechart values(rate) as rate + | spath | stats count by attributes.status + +
    + + + Show Connection Test Results + + + "1" + + + + + + + +
    + + + + + + + + + + Searching Your Data in DataSet + + This dashboard will help get you started on your journey. The first thing you'll want to do after configuring your DataSet Read API Key is to run a simple test to make sure you can access Dataset. + + + + + + API Connection Test + + SPL: | dataset maxcount=5 + + | dataset maxcount=6 +| spath + $myTime.earliest$ + $myTime.latest$ + + + + +
    +     +     + + + + If you see data, your API Keys are working! + + + + + + +

    Now let's talk about executing queries against DataSet.

    + The first thing you need to know is that this Add-On provides four methods to query DataSet: +
      +
    1. + Base Data Query - This will return the raw event data (fast, but very verbose). This type of query returns all evetn data so be mindful of the amount of data pushed across the wire and held in memory.
      2. +
    2. + PowerQuery - This will aggregrate data by any supported operator (sum, count, average, etc.) and return the summary level statistics (faster).
      3. +
    3. + Facet Query - This will summarize data by a specific field and return the summary level statistics for the most common values of the field (fastest).
      4. +
    4. + Timeseries Query - This will calculate numeric values over time. For repeated queries, summaries allow precomputed results (fastest).
      5. +
    + Depending on your use case, you may have a need for any or all of these. +

    Let's get started searching!

    + +     +     + + + 1. Base Data Query: Get the raw events + + + + -4h@m + now + + + + + 10 + 50 + 1000 + 5000 + maxcount=10 + maxcount=10 + + + + All + serverHost + serverHost + + | dataset method=facet field=serverHost search="serverHost=* " +| spath +| rename value as serverHost +| table serverHost count +| sort serverHost + $myTime.earliest$ + $myTime.latest$ + + + + serverHost=* + tag + + + serverHost='$value$' + tag + + + All + All + + + + $baseQuery$ + + + + + + + SPL: | dataset method=query search="$baseQuery$" $myMaxCount$ | spath + + | dataset method=query search="$baseQuery$" $myMaxCount$ +| spath + $myTime.earliest$ + $myTime.latest$ + 1 + + + + +
    +     +     + + + Now let's select a field to aggregate statistics on in DataSet. (This is exponentially better performance than returning all data and using SPL to summarize.) + + + tag + status + severity + description + Application + tag + tag + + + | group count=count() by $value$" | spath | table $value$ count + | spath | rename value as $value$ | table $value$ count + + + + + + + + 2. PowerQuery: Aggregate in DataSet and display in Splunk! + + + $basePowerQuery$ + + + + + + + SPL: | dataset method=powerquery search="$baseQuery$ $basePowerQuery$ + + | dataset method=powerquery search="$baseQuery$ $basePowerQuery$ + + $myTime.earliest$ + $myTime.latest$ + + + + + + + + + + 3. Facet Query: Aggregate in DataSet, Facet by a specific field and display in Splunk! + + + $baseFacetQuery$ + + + + + + + + SPL: | dataset method=facet field=$myTag$ search="$baseQuery$" $baseFacetQuery$ + + | dataset method=facet field=$myTag$ search="$baseQuery$" $baseFacetQuery$ + + $myTime.earliest$ + $myTime.latest$ + + + + + + + + + + 4. Timeseries Query: This will calculate numeric values over time. + + + $baseTimeseriesQuery$ + + + + + + + + SPL: | dataset method=timeseries search="$baseQuery$" function="rate" buckets=24 createsummaries=false onlyusesummaries=false $baseTimeseriesQuery$ + + | dataset method=timeseries search="$baseQuery$" function="rate" buckets=24 createsummaries=false onlyusesummaries=false $baseTimeseriesQuery$ + $myTime.earliest$ + $myTime.latest$ + + + + + + + + + + \ No newline at end of file diff --git a/TA_dataset/default/data/ui/views/ingestion_summary.xml b/TA_dataset/default/data/ui/views/ingestion_summary.xml new file mode 100644 index 00000000..e70e3339 --- /dev/null +++ b/TA_dataset/default/data/ui/views/ingestion_summary.xml @@ -0,0 +1,79 @@ +
    + + This dashboard is provided to estimate daily ingestion for various sources of data in Splunk. + + index="_internal" source="*metrics.log" group="per_sourcetype_thruput" +| bucket _time span=1d +| eval GB=kb/1024/1024 +| stats sum(GB) as "GB Ingest" avg(GB) as "Average GB" max(GB) as "Max GB" avg(eps) as "Events per Second" by _time, series +| stats sum("GB Ingest") as "Total Ingest(GB)", avg("GB Ingest") as "Daily Avg Ingest(GB)", max("GB Ingest") as "Daily Max Ingest(GB)" by series +| eval "Total Ingest(GB)"=round('Total Ingest(GB)',4), "Daily Avg Ingest(GB)"=round('Daily Avg Ingest(GB)',4), "Daily Max Ingest(GB)"=round('Daily Max Ingest(GB)',4), "Events per Second"=round('Events per Second',4) +| rename series as sourcetype +| sort -"Total Ingest(GB)" + $myTime.earliest$ + $myTime.latest$ + 1 + +
    + + + + -7d@h + now + + +
    + + + + + + + + + + Ingestion by sourcetype + + + + $myTime.earliest$ + $myTime.latest$ + 1 + + + + + + + + + + + + + $myTime.earliest$ + $myTime.latest$ + 1 + + + + + + + + + +
    +     +     +
    \ No newline at end of file diff --git a/TA_dataset/default/data/ui/views/sentinelone_use_case_query_examples.xml b/TA_dataset/default/data/ui/views/sentinelone_use_case_query_examples.xml new file mode 100644 index 00000000..71232311 --- /dev/null +++ b/TA_dataset/default/data/ui/views/sentinelone_use_case_query_examples.xml @@ -0,0 +1,88 @@ +
    + +
    + + + Notes + + This dashboard uses example searches from SentinelOne at https://support.sentinelone.com/hc/en-us/articles/360057861574-Use-Case-Query-Example + + + + + + Queries + + + + -4h@m + now + + + + + A non-Windows process writes files to the temp directory + Rundll or Regsvr executes a script + Bat or cmd files are dropped directly to a temp folder + A non-Windows process injects to a Windows process + LOLBins command processors masquerade under a different name and path + Rundll or Regsvr run content from a remote server + Suspicious Powershell with base64 in the commandline + New unsigned DLL is dropped in the Windows directory (possible DLL hijack attempt) + NTDS Copy + Removal of indicators on Host + Suspicious data compression + Allow SMB and RDP on Defender Firewall + Unmanaged Powershell + Signed Binary Proxy Execution: mshta + Signed Binary Proxy Execution: regsvr32 + Signed Binary Proxy Execution: Rundll32 + Powershell Unnecessary Escaping + Signed Binary Proxy Execution: CMSTP + DHCP CalloutDLL + os.name matches '^Windows' AND event.category = 'file' AND tgt.file.path contains 'temp' AND tgt.file.isExecutable = 'true' AND src.process.verifiedStatus != 'verified' AND src.process.publisher != 'MICROSOFT WINDOWS' + os.name matches '^Windows' AND event.category = 'file' AND tgt.file.path contains 'temp' AND tgt.file.isExecutable = 'true' AND src.process.verifiedStatus != 'verified' AND src.process.publisher != 'MICROSOFT WINDOWS' + + $label$ + + + + + + + + + + + + Use Case: $useCase$
    + SentinelOne Search: $baseQuery$ + +     +     + + + + SPL: | dataset method=powerquery search="$baseQuery$ | columns endpoint.name | group count=count() by endpoint.name" | spath | table endpoint.name, count + + | dataset account=xdr method=powerquery search="$baseQuery$ | columns endpoint.name | group count=count() by endpoint.name" | spath | table endpoint.name, count + $myTime.earliest$ + $myTime.latest$ + 1 + + + +
    +     +     +
    \ No newline at end of file diff --git a/TA_dataset/default/data/ui/views/soc_search_examples.xml b/TA_dataset/default/data/ui/views/soc_search_examples.xml new file mode 100644 index 00000000..f8891e4b --- /dev/null +++ b/TA_dataset/default/data/ui/views/soc_search_examples.xml @@ -0,0 +1,131 @@ + + + + + + + + + + + + Network Recon + + + | dataset account=xdr method=powerquery search="src.process.user = * (net_ipsubnet(dst.ip.address, '172.0.0.0/16') OR net_ipsubnet(dst.ip.address, '10.0.0.0/8')) NOT (net_ipsubnet(src.ip.address, '10.0.0.0/24')) +| group uniqueDestinations = estimate_distinct(dst.ip.address), uniquePorts = estimate_distinct(dst.port.number), fullPortList = array_sort(array_agg_distinct(dst.port.number)), dstList = array_sort(array_agg_distinct(dst.ip.address)) by src.ip.address, src.process.user +| filter (uniqueDestinations > 5) AND (uniquePorts > 5) +| let topPortList = array_slice(fullPortList, 0, 20) +| columns src.ip.address, src.process.user, uniqueDestinations, uniquePorts, dstList, fullPortList, topPortList" +| spath +| table src.ip.address, src.process.user, uniqueDestinations, uniquePorts, dstList, fullPortList, topPortList + -15m + now + + + + https://xdr.us1.sentinelone.net/query?filter=src.process.user+%3D+*+%28net_ipsubnet%28dst.ip.address%2C+%27172.0.0.0%2F16%27%29+OR+net_ipsubnet%28dst.ip.address%2C+%2710.0.0.0%2F8%27%29%29+NOT+%28net_ipsubnet%28src.ip.address%2C+%2710.0.0.0%2F24%27%29%29%0A%7C+group+uniqueDestinations+%3D+estimate_distinct%28dst.ip.address%29%2C+uniquePorts+%3D+estimate_distinct%28dst.port.number%29%2C+fullPortList+%3D+array_sort%28array_agg_distinct%28dst.port.number%29%29%2C+dstList+%3D+array_sort%28array_agg_distinct%28dst.ip.address%29%29+by+src.ip.address%2C+src.process.user%0A%7C+filter+%28uniqueDestinations+%3E+1%29+AND+%28uniquePorts+%3E+1%29%0A%7C+let+topPortList+%3D+array_slice%28fullPortList%2C+0%2C+20%29%0A%7C+columns+src.ip.address%2C+src.process.user%2C+uniqueDestinations%2C+uniquePorts%2C+dstList%2C+fullPortList%2C+topPortList%0A%2F%2F+src+user+is+not+null%2C+src+and+dst+IPs+are+within+defined+subnets%0A%2F%2F+get+distinct+count+of+dst+IPs+and+ports%2C+plus+arrays+of+dst+IPs+%28sorted%29+and+ports+for+each+src+IP+and+user%0A%2F%2F+filter+unique+destinations+and+ports+to+a+high+number%2C+in+this+case+a+static+number+of+1+for+testing%0A%2F%2F+create+a+2nd+shorter+array+of+ports+only+showing+the+first+20%0A%2F%2F+order+columns&teamEmails=-&view=xdr&startTime=10+min + +
    +     +     + + + Impossible Traveler + + + | dataset account=xdr method=powerquery search="//src.process.user = * src.ip.address = * +//| group first_ip = oldest(src.ip.address), last_ip = newest(src.ip.address) by src.process.user +| limit 1 +| let src.process.user = 'Matt Balcer', first_ip='87.203.45.78', last_ip='98.24.6.8' +| let first_location = geo_ip_location(first_ip), last_location = geo_ip_location(last_ip), first_country=geo_ip_country(first_ip), last_country=geo_ip_country(last_ip) +| let kilometers = geo_distance(first_location, last_location) +| let hours=(queryend() - querystart())/1000000000/60/60 +| let speed = kilometers / hours" +| spath +| table src.process.user, first_ip, last_ip, first_country, first_location, last_country, last_location, kilometers, speed + -24h@h + now + + + + + + + + + + + + + https://xdr.us1.sentinelone.net/query?view=edr&filter=%2F%2Fsrc.process.user+%3D+*+src.ip.address+%3D+*%0A%2F%2F%7C+group+first_ip+%3D+oldest%28src.ip.address%29%2C+last_ip+%3D+newest%28src.ip.address%29+by+src.process.user%0A%7C+limit+1%0A%7C+let+src.process.user+%3D+%27Matt+Balcer%27%2C+first_ip%3D%2787.203.45.78%27%2C+last_ip%3D%2798.24.6.8%27%0A%7C+let+first_location+%3D+geo_ip_location%28first_ip%29%2C+last_location+%3D+geo_ip_location%28last_ip%29%0A%7C+let+kilometers+%3D+geo_distance%28first_location%2C+last_location%29%0A%7C+let+hours%3D%28queryend%28%29+-+querystart%28%29%29%2F1000000000%2F60%2F60%0A%7C+let+speed+%3D+kilometers+%2F+hours%0A%7C+filter+speed+%3E+500%0A%2F%2F+logic%3A+get+IP+addresses%2C+get+geo+locations%2C+determine+distance%2C+convert+timestamps+from+nano+epoch+to+delta+in+hours%2C+then+filter+to+speed+%3E+500km%0A%2F%2F+usage%3A+for+real+use%2C+uncomment+lines+1%2C2+and+remove+lines+3%2C4&startTime=4+hours + +
    +     +     + + + Network Traffic Off-Hours + + + | dataset account=xdr method=powerquery search="bytes.sent = * +| let time_hour = number(strftime(timestamp, '%H')) +| group bytes=sum(bytes.sent), hour = oldest(time_hour) by timebucket('1h') +| let gb = (bytes/1024/1024/1024) +| filter gb > 0 AND (hour <= 9 OR hour >= 18) +// logic: get numeric 2-digit hour from timestamp, group bytes per hour, convert to gb, then filter to volume and hours of day +// usage: change the last filter line to anomalous gb traffic and adjust to business hours" +| spath +| table hour, gb + -24h@h + now + 1 + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + https://xdr.us1.sentinelone.net/query?filter=bytes.sent+%3D+*%0A%7C+let+time_hour+%3D+number%28strftime%28timestamp%2C+%27%25H%27%29%29%0A%7C+group+bytes%3Dsum%28bytes.sent%29%2C+hour+%3D+oldest%28time_hour%29+by+timebucket%28%271h%27%29%0A%7C+let+gb+%3D+%28bytes%2F1024%2F1024%2F1024%29%0A%7C+filter+gb+%3E+0+AND+%28hour+%3C%3D+9+OR+hour+%3E%3D+18%29%0A%2F%2F+logic%3A+get+numeric+2-digit+hour+from+timestamp%2C+group+bytes+per+hour%2C+convert+to+gb%2C+then+filter+to+volume+and+hours+of+day%0A%2F%2F+usage%3A+change+the+last+filter+line+to+anomalous+gb+traffic+and+adjust+to+business+hours&startTime=24+hours&view=xdr + + + + +     \ No newline at end of file diff --git a/TA_dataset/default/data/ui/views/splunk_app_usage.xml b/TA_dataset/default/data/ui/views/splunk_app_usage.xml new file mode 100644 index 00000000..347e9088 --- /dev/null +++ b/TA_dataset/default/data/ui/views/splunk_app_usage.xml @@ -0,0 +1,350 @@ +
    + + + InfoSec_App_for_Splunk,Splunk_Security_Essentials,lookup_editor,splunk_monitoring_console,splunk_secure_gateway,splunk_instrumentation,Splunk_SA_CIM + + + +index=_internal sourcetype=splunk_web_access host=* user=* +| rex field=uri_path ".*/(?<title>[^/]*)$" +| join title +[| rest /servicesNS/-/-/data/ui/views splunk_server=* +| search isDashboard=1 isVisible=1 +| rename eai:acl.app as app +| fields title app ] +| rename title as dashboard +| search NOT app IN($myExcludedApps$) +| stats count by _time user app dashboard host + + $myTime.earliest$ + $myTime.latest$ + + + | rest /servicesNS/-/-/data/ui/views + +``` get fields we want from all the dashboards for all the apps ``` +| fields eai:acl.app label id eai:data +| rename eai:acl.app as app_name, eai:data as xml_source, label as dashboard_title + +``` now separate all the panels to individual events (rows) ``` +| rex field=id "http(s)?://([^/]+/)+(?<file_name>[^/]+)" +| spath input=xml_source output=panel path=form.row.panel +| mvexpand panel +| fields app_name dashboard_title file_name panel xml_source +| search panel != "" + +``` now identify the chart types, searches and drilldown searches for each panel ``` +| spath input=panel output=panel_title path=title +| xpath field=panel outfield=query "//*/search/query" +| xpath field=panel outfield=drilldown "//*/drilldown/*/link" +| rex field=panel "\s+\<(?<panel_type>[^\<]+)\>" + +``` filter for the types of panels that typically have searches ``` +| search panel_type IN ("chart","single","table","event","search","viz","map") +| search NOT app_name IN($myExcludedApps$) + +``` total, sort and print the results ``` +| eventstats count as total_panels, dc(dashboard_title) as total_dashboards +| eventstats dc(dashboard_title) as dashboards_in_app by app_name +| eventstats count as panels_on_dashboard by app_name, dashboard_title +| sort app_name file_name dashboard_title panel_title +| table app_name dashboards_in_app file_name dashboard_title panels_on_dashboard panel_title panel_type query drilldown + $myTime.earliest$ + $myTime.latest$ + +
    + + + + -24h@h + now + + + + + All + app_name + app_name + + | stats count by app_name + + * + * + + + * + + + + + + app_name + app_name + + | stats count by app_name + + InfoSec_App_for_Splunk,Splunk_Security_Essentials,lookup_editor,splunk_monitoring_console,splunk_secure_gateway,splunk_instrumentation,Splunk_SA_CIM + InfoSec_App_for_Splunk,Splunk_Security_Essentials,lookup_editor,splunk_monitoring_console,splunk_secure_gateway,splunk_instrumentation,Splunk_SA_CIM + Splunk_SA_CIM + splunk_instrumentation + , + + + + All + dashboard_title + file_name + + | search app_name = "$myApp$" | stats count by file_name, dashboard_title + + * + * + +
    + + + + + + + + + + Applications + + + | search app_name = "$myApp$" file_name="$myDashboard$" +| stats dc(app_name) + + + + + + + + Interesting Dashboards + + + | search app_name = "$myApp$" file_name="$myDashboard$" +| stats dc(dashboard_title) + + + + + + + + Interesting Panels + + + | search app_name = "$myApp$" file_name="$myDashboard$" +| stats count + + + + + + + + + + Applications + + + | search app_name = "$myApp$" +| dedup app_name +| table app_name + + + + + * + $row.app_name$ + +
    +     + + Interesting Dashboards + + + | search app_name = "$myApp$" file_name="$myDashboard$" +| dedup app_name, file_name dashboard_title +| table app_name file_name dashboard_title + + + + + $row.file_name$ + $row.app_name$ + +
    +     + + Interesting Panels + + + | search app_name = "$myApp$" file_name="$myDashboard$" +| dedup panel_title +| table panel_title + + + +
    +     +     + + + Splunk Usage + + What are you're users accessing most oftern? + + + + + + Most Used SPL Commands + + + index=_audit action=search info=completed search=* NOT "search_id='scheduler" NOT "search=|history" NOT "user=splunk-system-user" NOT "search='typeahead" NOT "search='| metadata type=* | search totalCount>0" app="*" +| fields search +| rex field=search "\|\s*(?<command>\w+)\s(?<attributes>[^|]*)" max_match=1000 +| mvexpand command +| search command!="" +| stats count as "execution", distinct_count(search) as "distinct_searches" by command +| sort -distinct_search, -execution +| rename command as "SPL Command" + $myTime.earliest$ + $myTime.latest$ + + +
    +     + + Most Viewed Dashboards + + + | search app = "$myApp$" dashboard = "$myDashboard$" +| stats count as Views dc(user) as Users by app, dashboard +| sort -Views + + + + $row.dashboard$ + $row.app$ + +
    +     + + Most Active Users + + + | stats count by user +| sort -count + $myTime.earliest$ + $myTime.latest$ + + +
    +     +     + + + Individual Usage by User + + + | search app = "$myApp$" dashboard = "$myDashboard$" + + + + + + + + + +
    +     +     + + + Splunk Searches + + What are the underlying Splunk Searches for the panels on the selected dashboards? + + + + + + Dashboard Panels and Searches + + + | search app_name = "$myApp$" file_name="$myDashboard$" + + + +
    +     +     + + + Macros + + + | rest /servicesNS/-/-/data/macros +| fields eai:acl.app title definition args +| rename eai:acl.app as app_name, title as macro_name +| search definition != "()" +| search app_name = "$myApp$" (NOT app_name IN ($myExcludedApps$)) +| table app_name macro_name args definition + $myTime.earliest$ + $myTime.latest$ + + + +
    +     +     + + + Saved Searches and Alerts + + + +| rest /servicesNS/-/-/saved/searches + +``` get fields we want from all the dashboards for all the apps ``` +| fields eai:acl.app eai:data title search display.visualizations.type cron_schedule alert_type alert_comparator alert_threshold alert_condition +| rename eai:acl.app as app_name, display.visualizations.type as viz + +| search NOT app_name IN(Splunk_Security_Essentials,lookup_editor,splunk_monitoring_console,splunk_secure_gateway,splunk_instrumentation,Splunk_SA_CIM) + +``` total, sort and print the results ``` +| eventstats count as total_searches +| eventstats dc(searches) as searches_in_app by app_name +| sort app_name title +| table app_name title search viz cron_schedule alert_type alert_comparator alert_threshold alert_condition +| search app_name = "*" search="*" +| dedup app_name, title, search + + $myTime.earliest$ + $myTime.latest$ + + + +
    +     +     +
    \ No newline at end of file From 7aab32d39e486c6d4b67759f2d2ea6fa21846599 Mon Sep 17 00:00:00 2001 From: tmartin-s1 <121066578+tmartin-s1@users.noreply.github.com> Date: Tue, 19 Sep 2023 19:26:00 -0400 Subject: [PATCH 2/5] removed drilldowns --- Splunk Dashboards/soc_search_examples.xml | 11 ----------- .../default/data/ui/views/soc_search_examples.xml | 11 ----------- 2 files changed, 22 deletions(-) diff --git a/Splunk Dashboards/soc_search_examples.xml b/Splunk Dashboards/soc_search_examples.xml index f8891e4b..1224d624 100644 --- a/Splunk Dashboards/soc_search_examples.xml +++ b/Splunk Dashboards/soc_search_examples.xml @@ -32,10 +32,6 @@ -15m now     - - - https://xdr.us1.sentinelone.net/query?filter=src.process.user+%3D+*+%28net_ipsubnet%28dst.ip.address%2C+%27172.0.0.0%2F16%27%29+OR+net_ipsubnet%28dst.ip.address%2C+%2710.0.0.0%2F8%27%29%29+NOT+%28net_ipsubnet%28src.ip.address%2C+%2710.0.0.0%2F24%27%29%29%0A%7C+group+uniqueDestinations+%3D+estimate_distinct%28dst.ip.address%29%2C+uniquePorts+%3D+estimate_distinct%28dst.port.number%29%2C+fullPortList+%3D+array_sort%28array_agg_distinct%28dst.port.number%29%29%2C+dstList+%3D+array_sort%28array_agg_distinct%28dst.ip.address%29%29+by+src.ip.address%2C+src.process.user%0A%7C+filter+%28uniqueDestinations+%3E+1%29+AND+%28uniquePorts+%3E+1%29%0A%7C+let+topPortList+%3D+array_slice%28fullPortList%2C+0%2C+20%29%0A%7C+columns+src.ip.address%2C+src.process.user%2C+uniqueDestinations%2C+uniquePorts%2C+dstList%2C+fullPortList%2C+topPortList%0A%2F%2F+src+user+is+not+null%2C+src+and+dst+IPs+are+within+defined+subnets%0A%2F%2F+get+distinct+count+of+dst+IPs+and+ports%2C+plus+arrays+of+dst+IPs+%28sorted%29+and+ports+for+each+src+IP+and+user%0A%2F%2F+filter+unique+destinations+and+ports+to+a+high+number%2C+in+this+case+a+static+number+of+1+for+testing%0A%2F%2F+create+a+2nd+shorter+array+of+ports+only+showing+the+first+20%0A%2F%2F+order+columns&teamEmails=-&view=xdr&startTime=10+min - @@ -57,7 +53,6 @@ -24h@h now - @@ -67,9 +62,6 @@ - - https://xdr.us1.sentinelone.net/query?view=edr&filter=%2F%2Fsrc.process.user+%3D+*+src.ip.address+%3D+*%0A%2F%2F%7C+group+first_ip+%3D+oldest%28src.ip.address%29%2C+last_ip+%3D+newest%28src.ip.address%29+by+src.process.user%0A%7C+limit+1%0A%7C+let+src.process.user+%3D+%27Matt+Balcer%27%2C+first_ip%3D%2787.203.45.78%27%2C+last_ip%3D%2798.24.6.8%27%0A%7C+let+first_location+%3D+geo_ip_location%28first_ip%29%2C+last_location+%3D+geo_ip_location%28last_ip%29%0A%7C+let+kilometers+%3D+geo_distance%28first_location%2C+last_location%29%0A%7C+let+hours%3D%28queryend%28%29+-+querystart%28%29%29%2F1000000000%2F60%2F60%0A%7C+let+speed+%3D+kilometers+%2F+hours%0A%7C+filter+speed+%3E+500%0A%2F%2F+logic%3A+get+IP+addresses%2C+get+geo+locations%2C+determine+distance%2C+convert+timestamps+from+nano+epoch+to+delta+in+hours%2C+then+filter+to+speed+%3E+500km%0A%2F%2F+usage%3A+for+real+use%2C+uncomment+lines+1%2C2+and+remove+lines+3%2C4&startTime=4+hours - @@ -122,9 +114,6 @@ - - https://xdr.us1.sentinelone.net/query?filter=bytes.sent+%3D+*%0A%7C+let+time_hour+%3D+number%28strftime%28timestamp%2C+%27%25H%27%29%29%0A%7C+group+bytes%3Dsum%28bytes.sent%29%2C+hour+%3D+oldest%28time_hour%29+by+timebucket%28%271h%27%29%0A%7C+let+gb+%3D+%28bytes%2F1024%2F1024%2F1024%29%0A%7C+filter+gb+%3E+0+AND+%28hour+%3C%3D+9+OR+hour+%3E%3D+18%29%0A%2F%2F+logic%3A+get+numeric+2-digit+hour+from+timestamp%2C+group+bytes+per+hour%2C+convert+to+gb%2C+then+filter+to+volume+and+hours+of+day%0A%2F%2F+usage%3A+change+the+last+filter+line+to+anomalous+gb+traffic+and+adjust+to+business+hours&startTime=24+hours&view=xdr - diff --git a/TA_dataset/default/data/ui/views/soc_search_examples.xml b/TA_dataset/default/data/ui/views/soc_search_examples.xml index f8891e4b..1224d624 100644 --- a/TA_dataset/default/data/ui/views/soc_search_examples.xml +++ b/TA_dataset/default/data/ui/views/soc_search_examples.xml @@ -32,10 +32,6 @@ -15m now - - - https://xdr.us1.sentinelone.net/query?filter=src.process.user+%3D+*+%28net_ipsubnet%28dst.ip.address%2C+%27172.0.0.0%2F16%27%29+OR+net_ipsubnet%28dst.ip.address%2C+%2710.0.0.0%2F8%27%29%29+NOT+%28net_ipsubnet%28src.ip.address%2C+%2710.0.0.0%2F24%27%29%29%0A%7C+group+uniqueDestinations+%3D+estimate_distinct%28dst.ip.address%29%2C+uniquePorts+%3D+estimate_distinct%28dst.port.number%29%2C+fullPortList+%3D+array_sort%28array_agg_distinct%28dst.port.number%29%29%2C+dstList+%3D+array_sort%28array_agg_distinct%28dst.ip.address%29%29+by+src.ip.address%2C+src.process.user%0A%7C+filter+%28uniqueDestinations+%3E+1%29+AND+%28uniquePorts+%3E+1%29%0A%7C+let+topPortList+%3D+array_slice%28fullPortList%2C+0%2C+20%29%0A%7C+columns+src.ip.address%2C+src.process.user%2C+uniqueDestinations%2C+uniquePorts%2C+dstList%2C+fullPortList%2C+topPortList%0A%2F%2F+src+user+is+not+null%2C+src+and+dst+IPs+are+within+defined+subnets%0A%2F%2F+get+distinct+count+of+dst+IPs+and+ports%2C+plus+arrays+of+dst+IPs+%28sorted%29+and+ports+for+each+src+IP+and+user%0A%2F%2F+filter+unique+destinations+and+ports+to+a+high+number%2C+in+this+case+a+static+number+of+1+for+testing%0A%2F%2F+create+a+2nd+shorter+array+of+ports+only+showing+the+first+20%0A%2F%2F+order+columns&teamEmails=-&view=xdr&startTime=10+min - @@ -57,7 +53,6 @@ -24h@h now - @@ -67,9 +62,6 @@ - - https://xdr.us1.sentinelone.net/query?view=edr&filter=%2F%2Fsrc.process.user+%3D+*+src.ip.address+%3D+*%0A%2F%2F%7C+group+first_ip+%3D+oldest%28src.ip.address%29%2C+last_ip+%3D+newest%28src.ip.address%29+by+src.process.user%0A%7C+limit+1%0A%7C+let+src.process.user+%3D+%27Matt+Balcer%27%2C+first_ip%3D%2787.203.45.78%27%2C+last_ip%3D%2798.24.6.8%27%0A%7C+let+first_location+%3D+geo_ip_location%28first_ip%29%2C+last_location+%3D+geo_ip_location%28last_ip%29%0A%7C+let+kilometers+%3D+geo_distance%28first_location%2C+last_location%29%0A%7C+let+hours%3D%28queryend%28%29+-+querystart%28%29%29%2F1000000000%2F60%2F60%0A%7C+let+speed+%3D+kilometers+%2F+hours%0A%7C+filter+speed+%3E+500%0A%2F%2F+logic%3A+get+IP+addresses%2C+get+geo+locations%2C+determine+distance%2C+convert+timestamps+from+nano+epoch+to+delta+in+hours%2C+then+filter+to+speed+%3E+500km%0A%2F%2F+usage%3A+for+real+use%2C+uncomment+lines+1%2C2+and+remove+lines+3%2C4&startTime=4+hours - @@ -122,9 +114,6 @@ - - https://xdr.us1.sentinelone.net/query?filter=bytes.sent+%3D+*%0A%7C+let+time_hour+%3D+number%28strftime%28timestamp%2C+%27%25H%27%29%29%0A%7C+group+bytes%3Dsum%28bytes.sent%29%2C+hour+%3D+oldest%28time_hour%29+by+timebucket%28%271h%27%29%0A%7C+let+gb+%3D+%28bytes%2F1024%2F1024%2F1024%29%0A%7C+filter+gb+%3E+0+AND+%28hour+%3C%3D+9+OR+hour+%3E%3D+18%29%0A%2F%2F+logic%3A+get+numeric+2-digit+hour+from+timestamp%2C+group+bytes+per+hour%2C+convert+to+gb%2C+then+filter+to+volume+and+hours+of+day%0A%2F%2F+usage%3A+change+the+last+filter+line+to+anomalous+gb+traffic+and+adjust+to+business+hours&startTime=24+hours&view=xdr - From 43a17a73d7f9e04914d0377c02de79d11dcce9e0 Mon Sep 17 00:00:00 2001 From: Mike <32044603+mike-mcgrail@users.noreply.github.com> Date: Tue, 19 Sep 2023 19:29:04 -0400 Subject: [PATCH 3/5] Update soc_search_examples.xml remove hard coded fields from impossible taveler --- Splunk Dashboards/soc_search_examples.xml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/Splunk Dashboards/soc_search_examples.xml b/Splunk Dashboards/soc_search_examples.xml index 1224d624..ab8166c5 100644 --- a/Splunk Dashboards/soc_search_examples.xml +++ b/Splunk Dashboards/soc_search_examples.xml @@ -40,10 +40,8 @@ Impossible Traveler - | dataset account=xdr method=powerquery search="//src.process.user = * src.ip.address = * -//| group first_ip = oldest(src.ip.address), last_ip = newest(src.ip.address) by src.process.user -| limit 1 -| let src.process.user = 'Matt Balcer', first_ip='87.203.45.78', last_ip='98.24.6.8' + | dataset account=xdr method=powerquery search="src.process.user = * src.ip.address = * +| group first_ip = oldest(src.ip.address), last_ip = newest(src.ip.address) by src.process.user | let first_location = geo_ip_location(first_ip), last_location = geo_ip_location(last_ip), first_country=geo_ip_country(first_ip), last_country=geo_ip_country(last_ip) | let kilometers = geo_distance(first_location, last_location) | let hours=(queryend() - querystart())/1000000000/60/60 @@ -117,4 +115,4 @@ - \ No newline at end of file + From af53b7e4371b82708995e52126d720ba268d67af Mon Sep 17 00:00:00 2001 From: tmartin-s1 <121066578+tmartin-s1@users.noreply.github.com> Date: Wed, 20 Sep 2023 14:59:31 -0400 Subject: [PATCH 4/5] Updated Label and icons to S1 branding --- TA_dataset/default/app.conf | 4 ++-- TA_dataset/static/AppLogo.png | Bin 9976 -> 5045 bytes TA_dataset/static/AppLogo_2x.png | Bin 12855 -> 8483 bytes TA_dataset/static/appIcon.png | Bin 8716 -> 2903 bytes TA_dataset/static/appIconAlt.png | Bin 8716 -> 1042 bytes TA_dataset/static/appIconAlt_2x.png | Bin 10066 -> 1632 bytes TA_dataset/static/appIcon_2x.png | Bin 10066 -> 3361 bytes 7 files changed, 2 insertions(+), 2 deletions(-) diff --git a/TA_dataset/default/app.conf b/TA_dataset/default/app.conf index 68daf01c..4e96740f 100644 --- a/TA_dataset/default/app.conf +++ b/TA_dataset/default/app.conf @@ -7,11 +7,11 @@ build = 1 [launcher] author = DataSet by SentinelOne version = 2.0.41-SNAPSHOT -description = The Security Data Lake Add-On for Splunk integrates with DataSet by SentinelOne +description = The S1 Singularity Data Lake Add-On enables users to Search SentinelOne Data Lake directly from the Splunk console [ui] is_visible = 1 -label = Security Data Lake Add-On for Splunk +label = S1 Singularity Data Lake Add-On [package] id = TA_dataset diff --git a/TA_dataset/static/AppLogo.png b/TA_dataset/static/AppLogo.png index 61d20dac697f180d664b3b5a0297b4405012b437..1aef7de0fdcac3cc588262620b5601c83cd16bdb 100644 GIT binary patch literal 5045 zcmV;m6H4rfP)001Zm1^@s6c`Wgm000N6dQ@0+Qek%> zaB^>EX>4U6ba`-PAZ2)IW&i+q+O3ysb{r`Th5xgPSpp!0U^zU`nH|jX=cBsXu{%zj zOs31O2StInSGp2z{qy&BfANb+qf2Tf*PK1SR8x(Oo8lk8dYyw$*ZKOj`xVb0+Fg8p z6loH!@_4lSi_mD-Zy!9nhyJnMmHQ0?J_fp9JO`9BbL3{eH}jNf3XX)58Ke|3Mnp$2rGyckYv9$0bO< zEdh`Z%X?nEe-F?Hke_$%75(Q*Ucry;?jbK&<{Kk!K7A4NbMP;S-%TuU7R8S*biFbB z9mspnviEwduB8m3`SvL9p6Hx!=-64DT%TnQ<6pVA>!=(Bj~q}w{qUV*gc>5OY!_0P zp@kjRbsb?~Vu~vo*BA#xowgztYaAD2=^SB4lPXgRT#mS$2+i@$mT=8mulYtO%sc~K zV_>krCqF#g&tCq{;r1Q}qHw@W53H~&9>2zn!`wO3>%81IZ+ZdzJZ}2^JIBIR8BH&k z3kz(%KZfWUzWJ71JPZAl>%;Mavw07ILCmcfgWIRza}W(Vc#F|O0LKDB4a=jX*kK^3 z#)*+J3DM##mU!mo8w*$8s4>UWj5a}pN*05gDh;wyQvAnK!H1fPCRNR9TAWsGS#rvn zbGCd$u9;XewQOd^sck^w_1Ru040_ zrPtmD?laQRk%x^k>S!}gnaIS<(`K1mqt%%`hX_Yb^l%1aF$Ea6!vGE)4`;rFl;UCTaOP_yC^TZE z9&X$WhcPHjD@5Jljk|Bm{St3Z%P;X3zhcfE>i!Sr9MpZ!+b68eljp|8*dq!Lre26X z-mlW!&Sm2X5!bg3%v~3`F{^e>G8n3^KKmYVwzf)NaZYJUQ|#a!%ZfFPn35y*V>&Vl zxMhJ{I{r!k!|eTJxLHe(s@{6o z)^>tl3;_xoGPAUrdbW@(>KG})pN{3Tb>}g-?Gny6XnC7S*BTuNM_Za2xYAy?$_lH+ zzGmJYUUm~Jy(ci;dGzFV&EYJxoQ1AyotQ&fO@xZ*fjjF-9%J{Y22(5@{~;H&j#u?G zrHd@*`|ho&bF*+i6jP1=JIX)>E(624ZcF(w+B zvQV`2lCZ+u9#&F6GwUQCW6&gdi1^ zR~rJ^&ztB6AyS9+Q&+t8{mB&w3Q|0;XNLNAbt(bf+?zIEXhZ7H6;MAw5xHOeLismuNg9S%M68D;&vMtZNaw=FT z4!@R8iIj&P?FFvZb(4I_StMlu!u&PbU|{5t^hUzX?EpuFtl)RSdn#b>DKYm&GQ|5m z!xJGS(7+z>Qe8nOJIv$o*oL&PMiNY9!?mQd=0;A<(>0xbvEtClEEU3|?A3`CkXeKr zPSDf_LF!M!Jq|uhSR^5WsS%#W7GVcTY-(&2D!bN`wiMqXRfdlG!$xmNfM)gpac<^2 zG=+8IeNkj+m?WXI3w4|uY0=~6dUh7Ke_Stre65~gB$SQA#(CVsJ^UkP*49b>b)59q zzjKpQqnsgr=o0SLCqDNYHoSdPqUa*+S3-iAML>`U@iU*-F0b>c5UYvzoju43Vd_By z{UPr*o8(T4Cs8)iU?_!or`8yX6? zfdC8`&hu1HhA^HT&)ICKCYOaJAQYuf5^u1K{%IxAYNrZC8uC1|j=HI1WNjo9HaGei z&;dUNPri=jEZ}`(({3AYq^!xc=eo$%Q*v)$Tqz8xRvO1(o53Gan@$-*RnmN`z-LYp z&R?%Rrc#w87+zS>%}zx*=Rt6Gd>4P+ry3xz_Dh4YbcZ)$F^Hq*ERL#SlVm3Jy);0= zaim9Qy#A%T`)U8*7~Fj}`hOYR{i^9-4etH~m-pS>pWyO-aQ7#;yzlIOVtQZ31=Zbg zuFV#La{4$tTa4H!GCaj;M@MwAD{-e(A;7Eq7uB8u`5QO0ga7~mglR)VP)S2WAaHVT zW@&6?004NLeUUv#!%!53PgAub6$LwpIAo|!7DPoHwF*V35Nd^19ZX*O2TdB16c<1NmzidDj02i(o2f)x z%w$)^&?^GyLO-Gi%FHt6Bq<5s`nsoXs=FA^^6&ezdexl8fPhFm%M8;d-XNadv<=St z#1U4MRpN8vF_SJx{K$31<2TL)mj#{~G1IAe;s~)=Xk(>~S<%#pr--Afrc=I<@mS@& z#aSy?S@WL!h2fmOvdnc_!$@EeOOPN!K@}yGVIxMnPKt#ToyUFrL#|&UmqM-*7&#VD zfd<+2ga5(r*;@I@2`?!e2RdII=VJs2?E;OO<9r`GPU8d!J_A>J%U`JjGoPf_T3Yl7 z=-UP^u3MV22VCv|gHMKR%B~coCFJwK`x$*x78tk%de*$THP3PS0HkSF$s6F{5Ev~` z_PWozyW8jXZ%=c6KL?<4e3BQdbpQYW24YJ`L;(K)0RRb0Ij&#;000SaNLh0L02U0k1zUd9)Q~yMq#7Vg0~lNhIE$MK+rS81`Wr z(|eTUs`yUI60zApS!YNckSrt1g}`XwrT4UU8C+kHyaiaCX>(W4cZYaaMw8(R;GRfr zdJGpijx!V31x)%-dcd+oYz**ui_e`ymREt_0AC1bUk+RatcoSfs``rL2-}$!;{{Wx z6hIs}78nBza$UFAO9p)iHvyk2bVDYS@nkp(I02|?Yis*Jh2YD5$5VkrL-utB@LB8l z5Hg`H^~iWU{us~-ya@agXg0=d0;cqWA`St*Q&m+p`Gep^B%gC)vDgYA2|Ntk4?Lep zB(?zG1uFWq0@fv(0LJ%l|Kmd3^D$sOaDlSwcch2_#{mx+V`dycnH&!M2lydy@CQKu zV#b&Szm<{|b zgi#IB)}1j29v6yWeg!l=tbhgkOC%C8;A|Z}3@ig&ZNCQ=0K0*Vc%j|zrLkCS9nb;% z59n|l=ULGRdt8%%m$i)rrU9=4Z;Q}x2d*QyCVIWq_9C5IuH!p&Jl48r5-`OW^O8LI zPQBYr1k_A{k-)EYU$fpP2`rQ+F6=!V=WH46g_2Y7Bp5>`lerIA49u0`qH$lVWb`^E znNI=F1KTwIARb=|Tn+pkXabsyF|WxO4%0I$fu+Fh#+dVgXG4`?4lv3sCCvm_RlU67 zK-YCwT7!QK_$A=4H=YFiTuM@|a|1=nM*%lza*y(P=^p_P=HY@~ThBWkp<~aJB&>U8 z0uT8@-7w%*;I}@5JVz7#b)TmkEF*cL5G9fleH)l1hlpfknRe9t5nBL->m8xyfYoaxMP66MM2LhM^ zOtizOF(&Bm+kr3Y?>uj;bRn?Zb=}K=*R6Tk4a^glUnE2Nl_J}8;L0G1)Y}S(yo2XS zmOGBKPMmMN&f)V8)AjdiP3jup4eigBfC0W)Sy@@_Yri~|N==bvZU!Du2=hqFCBFOL z0REwEXNa*pqX~FM{V&!eW-TN0Jl6pIU8{_B3-CH{H}ECPdta01S;xq`G!!ZC^)e0* zX?f>-4q|~J){_ zKWWk*P-ch9JYHzM! zUoMkXJgRM!Jl~nx4-|j+q{5)ht!4o?26SoHyQ*b<9vXuPy1dB9ea(J>xAJhWt(uS$ zV@%xQk4Kl3l&s71PBl6l5#%`(PAgp3C7(CSgMLbOY=ta@jOC~f)0}*@i#EsTIelLN zeRxINJ>o#~HP}(wm-q&mFTYP~zt`_vdTCr~Uk2}KOr^>vh1#{|QLXYO4E%w#f!zQAr3A@{89c%}UwJ_D=^VZ9gkB@1(1cds#~S>AcM zl~Cnv66E2s+3aq|aXij>f5^vIh?d;g&DYLZC(9t<2G{N2=r|QbX|9^YGD9l9ml!Ux;)Tl*^i~u>1|fop)MYe zU&p&&?j+*z_?;@9+yETX(9qDGkZW_s(}9odhoR3=!qi`c{TOSt;L{3UHvluNGF6cL zmMW`VWXT~AH8nLC0ChlJk(|+f-gBC-8w;#DjaD^bes>gbXAcWH8NwS}Bd%jq5dAN( zQHtP&r@Jzl%o_b(f*bh=rS3b_@A7J2B)dr&Ux z<&7X$z};+&*{ZQW4ICo+FiqzQ$#1IOZ;d>vvBET}BmNZlnaWgK_R)J!18N<|SpbZ* z6mft`FMpM+wicy;OWLMEZuzULLgq$on+m1l!V@9h;VBh6y|8q!tf*YsX+1F0;)*-S zeU`L9Nk%^ZhQ$X=X40O}G=LuH-A#V=~etq=fgPPb)`z0V!md4GLHa=7p1rpXH(4=ghk zruOcp!J)!nDwQH0k5{T3QVull*|X=R^78UR&H77O%cOiSYVR*Q47LQmH=v(tJu~G^ zh!P~bZLUE3EPX zs6gBz>j$6<I!kwLLqW{A>P=N zC|3DGm0{++Q{8Z-X_{P8VFu&!y<#{jumi)Sd9Bquh!CN>S@6B?5azX3?=Tf+25?!3 ziNqP9=*-%m2t@yy zBf|bf!6anKk|mUsL_g<^u>Y`Y*RDti5h6s05FtW@2oWMg=so-&KE3}b8i=BP00000 LNkvXXu0mjf@uPIy literal 9976 zcmeHrcTiJZ*Kg`_0^WXYTjkb28`ToK=2%t>0RE&)FwZUr(Kif{g+I08nXasNBN; z=i*O(a#H-&M{qX{0HEgcH8R27f_nj7u`ae~ClnCpXa zjtsKI^jFBSka^70Y(<(D`DFGS$b?A4l+`PSvVNYBpQKCBpI_$=k42ibIM&J>nqo%j z?|KY#zfa1RyL)!_zO1<=$Zze(VcZzk@i+B1+TmS$$967v$A0?C28rzWxMr`pP=5RN zt@HG_v-Ix9p*&OKfN~^9$JZY$uHdv3pW_n|?2Q2Ef|n6r$MXRCKoo@@7VsXEWa{XF`f^es-R_wdJ3SJugx*zs|FYPFp7_k!=c z?q9YKWyMN%Ciy*1V8hROn+NKgu@CD!g2v6XJL4+Dn&v{kP=_(=k59YoHSKjPH8?-> zu^W)eIdog*7g6aCwl|0!Noh-Fd zG|4KWcqbY7%Sxr&gqZ(ciCp!JQq^k1k*n5&~L)&zZ zb+M`HiIueG;DK^&WAj(v+4^cXD+l9dUTrmZ9VF4{!@jMeyY%EgACWlJ%G6plZB1@@ zS^V6dG&cYF{fybN@2+K1t)W|9fLDz1yFj4?Wj%3Uwf4ob^jPz1fP(hE;5UmWDl7SR zXz~hucoLiJ6cnaLw$YO>^>clOHz!tYNU&YyK#_3(@LzRs))XLfRl)MM#0oBu5 z1Q(N!} zyH#0Ue&lPk;@_hN>)6Zv`VN)$LcHV4#*R{t+R4=W^~#xSR8=+xGxO@zq`f11*$Gd3 z56+Ed*e^xemohs|-C_45-d2dU;x5^&WnV##jvm4;m*`jZO|TTGV9?o0THvvtsNI455wNaxV&M95Z9} zZmxW6Zv6VuDX0DY?2iE3zS0zBSxeq0BVwa&-uyi@JAR-c*}3=eT#l(`E4kg)T4JS$ z9P4}c(OXrsrVNGEZPz=KLpY;-Ay87&y}A*vaNAZcTeiMs61xGgfa~(+7So5+bsd7u zz$aOrP1EMv7L>z%jRO_|e9vzwzw3P!E2mg@zawU7h2t`glU9Q{l8i5=skSPx$Gxuj zcKlu1Q@~mWB~v_^UTv}pGr#wca?IMM9C*nZ20CVsvY2a55c(p@9GLKeU{M&YKgcGF zEd!NN?W|zJNeM^Q%w)_|josK1z`B{9mIUP&~?_Cb!z=Q=`wvs&;?qNY444O4xU zX}GI`&SQ0+^r!bl=LuIx`|`T&7c&CAp?8P$LXp0 zJ;hcDS=Alv+;U>#W-$76X$F@4POzUFE*P`KoSS6h4{-hA?L5p>ux`lZDNoSg!e(~>kCa_)Sl!j%d)CqTaMS4woZRrOY-@`bbAG* z!Lclda1Pw99)`qYWOncD08wq|bm?&i)lNoCa{Q#h^VGI3DVg|Uw46IfRkZ@^UYCVJ z*d~Xo{JVTf_U{_<-81`PUmi&81x$@xfHmnOIw^ zF(4nH(*SozM2rmjM%@J&va?JOT{f|P_paS8x)d54s|Do}sL z=XGeP!V8um>NYx}yk^g#a61Br*-?tnH$HRq!=vB@Io)xGeCbo9F=7fVQqvyGDqQouJBd(zO|5PJ1h zRW%Wc?huU{Q3!1^d8b5H-Q$8hZDgbtk(hsBTE@Hh#~NPJlNfs;dSP!++P%yC%e*W^ zi)N7_&Rxzg1pAKiZk^E&bNCtQc)sh)(SSsyTboo&r`K2Cb-u%CqpqI!rh@f}0qvDq zLnKal*UR-IulMZ3FJVpkbc=L+b)pW|ZWM1Nwn}0v>-iy;pK6S`=aG7*Z;725+SvwU zf)uFP?w>563!~?)hbjA?^fTeKx%r7GUnHLDq!d|>{*L_qU0nU=`r^3hsqq|T>IrHJ6vAYmR^tj z1-*?YUOF!g`dD%+2K#9F9qxO*5#_m@UJz#aMk=Vg$7G`HQda&P5i=~P2WFbLcgvMLw7ONj;cZwpkax?o?cQT~ee5J9R zYokY-;mfz)=eb#ZWc6&{F_W5vB1wZf-3K9dWnAs(9<@NZ32*>^GXE)D>}G==XRi80E-_i(z0Q zx^bX-R!zpLwny7Ms~1Ba!b07dd!aU=r`t`B)OpNgIU}CxrWL68UgCXb}TfmiEG}4DgyoBh7 z8tns{OR?Oz%1w58dP+AOcL>o^T|Z0zHx>p1mY=U%(CwU5TSTWS#1>BS378A2ybG*d z?ZT`b=G9vv>l7V#39qmJFn})3rkSn_#WbbZcv*lVny1Yf|&)VEP>X{fv;4(7L?G zYWWW%KH3^$l{@;K`_c^f;Pkahd{Q<1-JM9L*3}Q1l9iV%-}>%VrGASYjUQ(iDexMn zY;U0VOWV>`Tb5UTmYqB(K%vXFy_+{wb|mDF5KJ;Yl`rq#Y#$DF@gzNbSThKw&_3oN zxV>yOEY)~5x@n-9_Zirvl4tqrTXAAXYd~j>%}%$d0giNv-gW56HAIa5O;4eY^X?jG zv@an-!CS;u-iAT>c}Tgp2q6ay z(R!<6XE34ih>0Qm*}G0F=%vLX3Er)-1UmXJr}%}WypZj3;vBc--50zR z8~TT*1#AxtmMrR$9uY5?7GGxCCEeXGE^?pcqpnIUq|Lb$cNwR+ zp#H2+xW!Evwz-lH=S|AyqrODhL7gg{mU1!0I|@=>%C>Y;C43{Z7V;#8&2c8F1(ZB? zC-t?SJBy~E%>^Ff?$W$y3cuF8g5E)R}vdB3&RN1;(V`78z%l6vl)|}YW zvp~Q{O6)tvdU;p;-rg6D-@}{e>c9{#7-2Zl#RetpjlnDMhm5?pD;(j7!U1hic4%i= zo-Yk8JU}#3md98^7o_W|jIu{-_+n9pzIsLoUq=KK$s;dEA>$3h17J`%IM5s8Vzf5qBvOFfb`aoqDED9(tEG`TZQuRiAf_da9fHGL5E$o(x+8+@3 zCs`hQ9L^OcBI4!cCF~_8?1Hru5rsmbA|S8`7%YUh5OVi%#=*UXoZWfPA%0`1pxhBy zv?~tn;tV{;gxk1y;ADAt@Ot2X;={P=>i!Au?EVJ}cs@kD;jSX0!XOb0M&$1v?l@IX zJjfpb{f{2*M)*%5BDYZPE*@9}O4SqPjN|<~1QPM5zpDq<=~p^Pgb2zBg~6M;<3|3S!jt_EOB~wvFS7m-+qvdfI)4uY@BSz5Kdk?g`!8d>m98#K z#RcJU9-gL(EYJD)Fr*6tjfDNWg(6VmP+M`3keE0GB_u9pYa;|fAmKt%5?~|>EP<2+ zi%R_sO4HdL2X{uG&Y|$&!e~4W-d)003JDbwhf9bFiQ9lsLJ(UJL`WQhkN_bewg@SZ zljQONm? z1VjiV4g>wo-UW%a_4$8UpU)nk%GP=x8F~{ADz&@<`NM2YgWME zh~Fu=!#z>RUvc8Geyb4naA!Lde);&LU;iUV{|~(Y5rs&Kf>B5zlq4MAPPS4IAt)Fw zDkLT<0TDxrK}E$uzYF*$y1R=l&I^u3Dca$A#B+u3&tF^t`F~gH`ags5vPYel0neBa zNJ{80#-M*NCh|wdBIm2de^Qna`M*e!`DO68Wd`r}TZUi0@T;N7pUdGNq~Qbp-#q>( z#{cFJK;XZF{8#+`OV_`2{Z|b9SH}N#*S~cAR}B1D#{YKL|2MiQ{@PHXobj(gUij^j z5hEc6zttkO(N-UQ@49+I>3?dMLdz?e{*Nj1`q^p!U~AqA>U9ZaS$9X|zZ8 zcCa-EaX`nT+kkSaqZbA5=&Y&29)NG#B?m7$&@#5ugov8}Du~wN&|gytJk?lJ^ewfH zMF12?s<40yQ#xeXB&HWXO{M78(kg(2)f5Ow$oFVV-Cdx!sfVvv6UGyL4^E=Zl+oT7 ztsr5aCsP>Vs}3eQCG8GpeD88igZuu8;vUcv*g|Sb@X?>z`&lGVD)_W3&x^o^da?Z0 z7mou%{g7#zTRDWmL_nu9+F*gJ4+G%>BtiMd??_(ry!q+~T2@zxy*k{%89yp8uo9X| zE&P-Tz^HM#dz=Aa1msvUFRBDUS_6P%>&k{B$v>GL`-6;pUNRRBHxVAYcr@LULC4fe z>A|YaOW3za=P#(syNO@&rd~Y7NbEOGHs_mlH65Yo30?M#{BH zE-Wmjl|&&!E{$=pMA1^xjH`lRu?T0|8RnKO~;EyDhy{)0H z952XOh#D(uFP>5l{{-6krCo@9u)V|onRDKJv|i^BP)eOfRUtY1lyOzuYKdU}Hu={( z85z+v93L>rj}zBgF&7T6)dq(qO{9IGzcWF|RMXHkxE)s%^@!@ia==|Th%$BIK2yRY zGpw)M{gJUd0pm9we;H%P$`h5%FFl$7K6sGccOky-sppB|Iw`v|@2d+;Pvy^;-S05kRn} zqDk6k@7$b=VhQFBWD3s{`>$C!yT7Hr87xDwXB=;(KJ~?zyj29cokQruUdU0{<@VF~ zy3hbY{Fh({HeYyVefm0!h>Og8JMcO5jcjLkBh2fEnD_;&OPj7iryo{<+rP39D6o7>!rGF=PWCmCKg%TGp-I%Iz%&u z2^X52=4{jmvaZ0jw}JdqOH!eYh@Kxk^StGu2e7_thX ztm{I&t9P&?xRI}Rv-RNir9#g6GTJ)Ay(*5eYbnr2wH2Zz-cckL=)TBN`faJPI{@`d z(OE>2Q z+WbG&a;3L0n;e=certFrYa|7lP0YEg3MePlZwT?ZZn<=A{uQ{AZ3H{RoX*^>wL$V+ z6&XmuPWVh}6dP^YPw?!G|B`Sng%mjxJ9BZgtt!@c>{dtvS4G{=V6Hc|8y#w_qHec--|G~#aH7^T zXdZgmNJ0*aNs+dhsURyRkS!9q7I6It$p|QA)46t~$R~xWRZ5-t2r0Tl)fIzTHr)u8 zuJH5Qw~F8GWRoP+R`<5?>?|d+ET!WZN~)rs6;FL~{ml)V)Yr^ju`Qh5GxeS<_teNc zuPuJLv#_Q_bCiAa(S4#UN=_kkT^sZ%X?DK&(sco&5ODEI&x%@I!zM0^_^DfR?m&^M*4mGdEK^v8rI>@ zbj>{uIU-vkYzlF6Uq?b4_0^uv+_+w_+FRF@K;ABcurYe)`<$;&hrq$EKl544{_9q^ zpjW)QhxN+a1*y|B)ae*tQjPQNtm}z&Z@FvVuHX3Jvq}FtC42rg_(9q?;I%uYgkSy1 zI4V1NmH_ddxH1c=hW|T0|u3v1VBr3m{gE%l|df z*Tc!69DgiTdK>u&4<}XLIxUo_mUMRE!0%^+qhNZSO7_> z%R#Cu0ovbZw##zmSbM}7=m8+R<`#{_D8ILE@;TQ15g94r)Ih#ZT{?=6!;{V$6Y5rW zHd?rJqGR*)vN|Kcbj4uKdPaO~Z*N;4>AYAG-AR7nT#2FM%K#^K&fwe@*@PfIfOXZx zwYM=oUNQiJMet{E()xl_QHlg0JhLoE=VRCP__&VMs*Wm@n-OseS?eosbJPY)-t&dT z=Bx%>*5iJxxvZVi>}@)C@Y1j&;_&Mq6MT7W(G>b1F0I_8| z|C4uP!NLIy3V~1L6WN|wXfNM8ZTnn5u)08+o~V!$102inI9vzvlK_J_i&unNW0X}R z%c+e9K)V&x)-UBu?+~}f=Ple^xlUmjIGeQ4uvE%O4z!mnSzvdy$VqE&oY*iygJvZr zF3#bUl8P(hR=ZuK4E?J w%+grHhZd@@p2h3Y;9mZMe_U3li+>Vfs-%u#WvO}iH!Faqs-DU-CF^_t2c{trfdBvi diff --git a/TA_dataset/static/AppLogo_2x.png b/TA_dataset/static/AppLogo_2x.png index 8524000a17b7cdec47e42c905cf60647d3e80995..8e32ff4de79dedc0d1db3e1418e5ce265a5f7bbc 100644 GIT binary patch literal 8483 zcmai&Wl$V2w}uy&B1IQ>w-$GYmc^~O6?ZLGycBoW;!vPifrW)4i!2U{6ew;*T40w# z@uhs+xpRNqUtcE4WKK?!GfC#mGjD>f_G?0X8hii%KnPM((FXv~6rRSqxY$pbDHLM)INFt3@$l%vyS-vz_t`pc0b?;edn0E-jMcc zo`La{c?&}{WIfyHva*gpO!+=5sFw(Yum?z~>7c|2kw?0I*Fn#h; z`*gf#vD+nmEt&95;Iac#L5?38eEE-6p;RG!v#a^&kP({pfXL{xG4)J_++HcBBM17K z{=M{h-^LXl{5uI4(6BR(%W}EDwzd=}jHcD{$OB z-~Y@=C*1!0&qM%o9L4(|15L*SWMqErwH9{862IFQtJns6WOCso0pGvRt5aCdI18{B z?iKOx6n0u(OzRc|V|9-}ZK90BW!AT3QJ;oRWrLsuTRCh z0O1Us_YZMU7DH++fqdR)C*d-&RHU1Byq4kGf61ECpwG0IWdYcNoi+q-OQT;fgSZCV zl4;N-jOf09m8qe_VZdead22tF;O;}?CgXRJ8vDg7+ho@zwn&?@I+J{>{kxCRj1tPZ zX;?Rp%~U0^){s-{J%}C1UF|H%wk+ymG*?mors%5BwMk!N(ah~jFD!Rk!KK>eOCxx* z@>ugb^_PYI1)*IvR$^+0quR<8IlR(>&r?GFODm4nKGj%S4Xy7M7mYf%32Iv0ZDHT* zMURV2)?5zxzqxPtcW!L;1cY4X?TPnLdN#u*4L+Cl1*aH&zN2HIlgii=mZ9{6?!A{$ zP#E14wpO0`6NI>#>QvKL8&;F-^WmjS+Zl9co*?q-3%OqJKQGFCFqPHTBFwPWZ4Mt6fFJ z1lKkZ{1>UBy_a;a#Cy#+Dl&a$SXLryrycqpSL3D(XZ2Zod>gSm4XIL?T5nsV_QF> zyar8jbN_hfBcta;{$f9Chs2&Nu?19A9D>A;n|oU5)%1@%?o)Fo~*Nk@&0p!#9bGq|NN$=A_Y59S66 zQik&{$93vdonJnV&LWn-BFocKgh?UYOKAb?VRZp)9@F)br3a}mosDrOfOCouEIUzZ z9h9x&HFK4o68;tsuW6=Yd0JmHhS;0Q z>^0JB5!gLr@-2>g$t=Y9Yp~Lu73=^nC4{1gQv~tm{~PaR-2;kT@(OX%uzzc66cJW1 zx-&CT9Z6jmC{?Rd_pDKch&5)n39jPvf}$S^#c5kWTphOjXPtQ@i?5_XYr(>w>2oi! z2Nd|d6HUI1k;Z>ldf`x}K(6$wx3c0xFd#oJ07s>tuVwq7T^<_C$ssymK;}69>`u+) zE;!#Dr<8wIvN)$+DZrh?KE_v(IXs!Y$vv9z?Uqzt&5s_FSXj-cPq5k`tT`pT6|(la z0e_bA$f7{5oDb=R8>1ZB!u-dCly_1X1 z@*R(ZJfj}JpM178C+R8#-dPV?R>2>y)(GO#h ziJ#KC%;U{{kZfMUfx_K9Qbc}lw8>j|VDtK`UF!0G`OZ2`5S1IBigbeSvDGi3+p z>$hutk*dVx3NV5Ne|4_;4HFijDD|{714Rt--1QT+$oc2AEeb75W8n8JG^n1j)VGcx z|JHg+|KV!fOfn5`AEyriLqxR5AT zq6o6IMR05GK3Pf9_Sy;IAN65A<@Q~#dFk|f^#)s?;T!)dYtGxr1Px7g*PIl_iBPb8 z_@Lj;N6rlCcdA@L2j8(AiZ0rd#TF%8X~z6m70O%(6F&G2=eJmnh9Bn@HvW)fQtkCH zBLxA)2x^Y}^SwU9u!mM1)-y7n9mIT2e{Vzn1Dh#G@PlEDFkZRRdU6NefhVRXQ`HD{ zemihrNmm2kX^8xEHNc~Gf!>E|t*^CM-$=|vUynA1;Jo%jtvI(^Z7!Xdgf2%~S?`@P z`qInDOy%(!x?cHSp4&a{R2hRGAlL25MWheK@n}z+6(U#%&;PW(d`CHrk^iFf_1!w$ zl0KsNP;$DHHSG8CrgXn!);H-s_pJLLw-iO|=A%Fl-%{zvE-i%eXr8;Twe(}17Q$c@ z=ic9NpLN(K9OR3N8bM#1I- z@he{}`jZ-S;1k_^bWv8;1t}~4AIv-JCSXCX*cadH}q=4Yyq!fSDTO7%M(Uq51gv>A%Y$MQY&l+xDCVF&=LC z1tH}WYV!&l{gW{YJ&Wp8ET-&@VY9sGM@sS)xD!)C2W;GUTX)@`J?p86Jb_KHp)KFvous!h^tURm|YQcrN;9cCWCeC)% zDW-GZ<3Gn&*4G&HrT;P6?}3@}8k=5}pkj84`&y^`&4$!$NHo%!loTo0v){75`lg*2 zL;h(r45i#;&620oL`o$|sT+m8avA+NfLt-V9mjjYO@||8O?POAiF=BkQn(k&D6PGR zi7SU;{C?894nw%KYT3-}FYeJAwm_44VJnUW0uZee>psy$Ud8_N0(ws!Wc z((0zZ$GEv*S+e7fBUv}c;%(z7cP%e<{O#`{Nn$_nAo-&uT=n#05kxe zhGdh?lLgOP&D0M7pk)7_h6d7SJ9{$XyaQ>e;_RbgKj#;G{Mc;rG-m)(Q8Wx%J^d6? zZ0N87?T1exTBW~PSeSr>*(j9Bqf{pZ49o2ExsCcZVdk4ZjLBHXr})}*Nm_wpZjO|{ zY0F(~^<#~!tklriHgWYtx=vYePr?EZex)6Xp9Wn`Jxp0`Uq6H%w7vA3DG-M5U!y$X z$jAz=#Q$37rC*NANgU+c;l>TEDkWC@b^U#OyaMsD3qWt_>nk}w_w|rf)q5}c#kkq= z@6lXeX-wuP@+4UMKDp|z%c@KVW)B8cy({BHeE*%v>3~Gm^5aMnkS4O|K-93e(z1+e zLXH!lJkxs$mUc)Rj=Cu@DJr!TUT3z zX)&jD9Sk^27i?=EeTvNt4H6n)iRB$3zIB|iz>=r=>3-4ZRP<@dD}a@Q>%cj^jT$jz zOOlpxB`h+aXg-OGFjTXs+$mG6kTx+t4X|7#jgV=J!MFp)xzi3sMH9&6A&Q>@9Z(RB zl|OZN_Aqgl&qrjd^KJExx%b{FhNNGW%1CMoQ5b6@ueOm;5j#zeEqP3n4-QTaRX_hcosiY+yH$|LJHe`| z3_i{-QS>Ia5@9-tWn>$NRe4QCQ-mp7C{7FB4M+MH8y>V8fKD9C z!Q#^%Iy%DspiwGsgG4w*wR8byZSee>*7mOlnqOpiS~^#^$>&3HdsFLW3kLO34jhBi z#s#b9N+i}==X_*4@5`9$6nk->N8;^n=^YAO5r)yJ5Pbft7;nxtI!NNAf@DhB@pnw(p5 z7ePLNK%0X#MbHaPBl24m7?Nzs?nUjA~yJ{NJ+q@p4U zWej2^P0-xX8JRSN>bq3(`rlzT|4G2>#lNX+zqZ+CgxcE3dGnr;ZG&uhXHMTyv|tBe zQ?0Dl*VzWUL@uy^0i2g-A&hqFRDd2J6s#WgSrfG7FNuQ;r#7ztthzM|`uc=w&l<)!D`=Bo3>exNt5J1N&pXl4 z(b3S{=DR;}BY&?RlKiWBkKG9k0yi);{769gLY@ii^_A$x2tP$=5r9R7YvGX`Y=n6t zP`noc&R^jl$(P@)Xowchk6hlP+fHb{AmdnhzD;Ctr!6dC8b;BAQ%fu2Jc|M4Y<2Gw zviLi9-|HuPeIHh8Hxkn1-v<|5#t;z|jna6$X<85b24VZhgGlHNyT7uGf5z~WB@!D$ zI9U*$aPU{4g%oJ`14{%XZ~4sdRplIXq*U+#(*nvLJK6d0dXr3we9-JZIe!k&2?PS~ z9o)z#(I3sFyxvLlb$8!|+Y}{d7?gy`+r=ETg4inE$*URT;R!nL$cYsMVlH zVBY}G#F~zL{XVc<&~IM~%#~fC@u2mia@eVhzo~I_8cV%VshqPgTSbSfj11Z`9E*;gr1X{G6&mR4@nMZogPrL)hwt&l?u`csadcx(o|oYs<##HcSrBX>XCd}pSADm^ZB)inKzg} zs{iz<$NZcMS6D^RNujdL?cciP$jLpIFtEC?U*BRc9nFacDwWS#&d2r-RaY;XxFLl{ zEDD1fTqEm1SL^V0!XK-vtLULrhoRb`(`qcJ`beOvvtyR5CCln8e(So6UGgo%OYxYq z3+*w#D4>2rk7WW@(}?7SuvTj^0Ur(#$Zwr_zGO?C6@_ZwM54XOh#)$_vo-3#uzsO% z48!|$m(U51{ zaZ?uyg(o497DA8Klbkf>ILNjxhj6FnUG)e|OUZzKk}M9a&G%>L{+AuMzF<4;z@9tl?Ga z@O$yeZ9JCISwMeg)NVDy4ZFaoXHo4rW9FNn`h4qzP=%?~v~e3P)!kPp`U+4l%YnN5 zEs73B*2jtF1W2ofgeMV5AgNY4Y6735zw{}8uhO1!TG5pTW5;JK8D`g2KCBJRz`a(^ z;)|6BX4Q)g82cwW>sm!g8QxtA+n0JRzZOx59DUZ4avI?vql5O3b6oIn0!dByy~ccf zKin9@diYHj^$YZXa`=w2szPpjfs}mK7VoJ0VD;w*hQrE#?DW4};T*W#zaTQ3FOn(* z4Md>?>CQ{dVRBOHQdbLTq0`kupdLP)*iqZByj2%Q+jP_Y8P`O4i||RR?PJp_aX!r0 z_RdagUUU!cmfEMQJ+^I?&;Hp%yI|2tm=_pOdU$CF4f*&82$i5ovBHz#yMDYuY<%+? zR*jCxe{v%QldjPF@c#qfS^-kyUsW3Kq530omTlcmVXZ-pSCU>b-l}0?VIBQ0&Vv>A z-_VIKcACKq zA_UedVcOApc1~HD<{JWP>}Jap{}7!o)TCx7{AqQTijLAH;wBNl?dhb<$92CVqdecF z{N>#*<+~iCRIZ7#)rh=^k3kmh=EHlDef6>zdb1QbC- zBBasU+rk?%_Q0a@dcMo~-1!d~f`eGzNkc<}ULYOAd%D524c(yN`remeY4uXVDTK$s zH!8o@i^h&}{Lhdu1XXt<{qu9CX%!e0sw!AI9;Q_2XJ<=OmGy)2Fx~UIfNH}Mj-aK^ zzl+D-<5VLJYqB0t?di2pbJQD>h2VCT!UfmJD}vr!EO*;%A&h*CsWOqL5y|VF(~T6T zd><$6uq?KtiR2G4zMAkk1?rc|g*_*1eIv306>~YcM%OjE`37UmZR#F;{zrH{CP}Q9 zo7W&mT+%SJ;lX#IB;r?fo{^(ZlH0Jw)p-oTjCtu!U{6%iY%ukDie($`K&Zwjf^9T4 zT~(luD)`o)kMiD$^7?NcW*cwDLMzI{r{66kcc9%OL1RS`Bo`qGKWU-qVrOHg|{SwmG$@FU>xBK5`5&tSqjI5s0^zt(+Qh zx6*P**af2o%wu~$NfNhN4>Yyy9uHhRs<*}Z96hbP^*F@-vvwE?i&Gqa} z&jvd0!e{i^Xv3fmiMVSii*z==)%65hL?|EV@Ug14)>%@(mTFL5@g2HL$E3q=nsM(% z_>YMrm(2vam_){~EX~3)^*#r;QN)-x$+Hjtd?UmZ6!Y+KIGuOkGeqPm*B#pzEiVCqxAx{)yQA`NF( zEVVyw(*7Eow`o}ZRw@r^EVL&pn9<7(I!q6)l2jvXDM>{QEmY1O&9mK)MsI7JUw2xr zA9#&zVMJBva*;og@VTP>y+64`q?FfW=B+%ND|q0rE#ryJ2_Z7jP%Bq-r#NftWZW`F znz4#IHFWu;XFJ{!7PU^uWOO-hGX(2Kng3{G_TG7K{?un~2t99H9e@B}H^ppQKO)mS zdEWD`SEcda&rX)SoE(QersUTz$*gn!rhWj+;>l|v8~B=cmVp?4J*A`GGpKMVAr??)OdMY9J^*w3*91{U#p@pVSzf&c zm$;<}vSN_SZ6}gxQW}pZH+i}X{zB$GTG=F1rysJzp$>BHu+s%2G%A1~iY&GtH?*gm zdEXNp4)u^jzDR-DdQ@~Q@8V+zbq!JZsTckp#5OK?k3M5ubkqHUCM96Mjrc)q{JPxl z&qB#m(G4=V#M;nMggLq|KCkKe3f3zfh?u$?pxqlu!7yImadDaCjGlF`(J9rIpp$zg z!XCLY=lsr69DJ*O8}<;j5^TX~6-TmN@1 zao;ImI1o6tRdm#&1I7&Ep(BESzQFeNj=`nev0ggVvI#)@bP#@1paYu^umhE5{V>Q^ zblP&kG@&7ibINKN{kswPm}O+bZx)mSzqG;#*EcmSfXiBP)tu?haa{1UOF7LH``Es} z8oI6R-+s$b4&3uk_GMiE)O zO$xNvY-G9bh5hM5iLQ5y^H@-nFZ}xF9;GGZxEA#-MX=MM)h5w=m&u~5MOc+V3(riT znl$qGXk{38)$#5N*ZT-f&CTdCR9UXa+L|;veE5N z>!U*xsyebpRss8z9@SC{&534rd z&*Q~hx;{JEGat88;p*yY%gtFbPVK7R-Uq>TjLr~$g<+~_@Rjx)hi`D-9?v$!S>&!F z+hwANg!L8E>R}KG!6ggyA5-DZo?vc}uh#1^+<(gJS z_~mImvnU$ufm8+etg~ zcB|vzTaY|spKoSj9MTFC;k~Trci1HJdp`HS(=x?cA)}UkOs#eq-~bKg(Xe^m(m@WQ z6qTC!jFtkfKJ^429)anhv{8@BhxyPVvw)@S9W~hO_HCo?+67ZJx5lh($v10=~t`dSCwC7=%*@wO2@{xh@R8a4##D=G;`;kLSQkIH_TdZ5F@ z=o3v*Zdtmxr1S9jR3856im-mogS8FR-7bGCpLi+sIW_Chub{+o7#8KyHfrwMQOpy` z?ll?`wfG%spA+!)ru9FZdKnrUJ2j!9^Q{|ZEpjqftET0Tig*-Ci*ka3>A z2H^g_24D`ncq8w|VlL*u&4>DtSr=T=!g7!AtdlK3#@r{W@%D67J56^w_r_1*y^=NC zc}LHcB1BhkpiX+t+Wsyy;Na%M^r=G>=gZJ{;d?(K%DEEt)zEOy_V}Yu zQb%%26S*(E#WxPupyX>~zb<}%acvAU57E}k9(<+{`TCT3%B^;l!L1z#;C$OHvbgh> zfKk#zaWU({Bj+l=f@`2)XN9f@$`CIoZ@ucu>FW_(`sV3_&tXBDDYv<4+xVQK2EV0ZGl8{`R~$aCsC`?Pb#P;8r7kdbbc`58!s5msSD)ijyo$k zB?M=vrLte@4EX!dfV}z(ZUbB21#xPGt=a8vwTbqWcfTRMH)`DPOKxdsK|pK;SFa%e z-Q?cMyXZ<-DDF_y(1Ybim7c0zc9U=v#gl3(N$7olby`&y-@uhPzqj($E>7&je-&*1 e*J0lLR($NGKDhy3V9S%@3;?NWt28OueE1J&@sf}L literal 12855 zcmeHtXH=8hwsxqYcaS1Qs`StyfOP4-7l9BGdQFg~bOn@-AkvX8U8)obC?HA`X-Y3b z=)FkuM)yAZ>@)5i@o;oQJBM|@qAl1}RH39&z z6ftcB0({KfS)}q206^vxWMY9dg7~v}`+C7$++l3UKyMfuEWia000ew1eqnuorIu9n z=bI-2;lfGpeKjKFcw|2uAPPKXLv-$N`y{r(8s7sA%J`hSe@rTPodFfpe2GoZoxfSF zl)8?~$INvAL_i2CBbpS_C6}dX!YV2aIx>?t)qwSh&hc>_5xi4zl*)_j$_IArI z)c>VZw;b1+u~BUM^AtPc+t*ntFK!~|5H2S&zpB~7BUP~SZuzufN3r@Ufe98LxbUxT)#%XxV zVd8Gtbg(h2^@D^KPmxFZ^4QvLb%*>UpYxs{Fy;s0;6dN^xbf(|K+c+^7QgTW53lKE zaZNl>-nqHbjtJCC7_DEuCl@+yx4vrIK>u|Brr=V;6RnP)g~~_^m){{nH_XJ zlj&@$71lg^I@MYVR6lm?0ZS#%%jVXWllRkKU$-Yt>+GYX1-Y{zxXt8H8h>~8ZM-A(LYr|Bwto% z@bE!suMIf3^UHZhN7c6pC9Vlgh|j6!H(!yvlGXwROwgBHuG;~s_c=I3wRd$V1>ZDv z`|62EHd`@P#4{zBg>T~r+pF{2_P>rD$kfrG_mmxozq?($9XIP_%RJyN+nI}oAx3TZx7Mq0Vxzg#uGAdmctD`L8_mM+3GR|^|jv9 zKJ%@*z4FsLIi&gBTYd92*)ZCsDz|J>E7V|z=$SGY5vySx5xOZdN1U+bHlp1 zB#WFRxOTp!5IJpV*;ge4v~M50lH4RZ%$Iw!&FQygx{0qmoJs7y1Dv9~b6leP>^URo z>pggN;dtHX>)dB8QRA_+Ain4ESmAF`AFZ}UNeCd6oP|cr-#^vXle>OzXqcd&(=^1L zf9Q7Ysa9sA*uBrm=H06ne%{Y;pq)NOk4N-282vp8^$Pu1dwjQf& zWp-j+KF0f|Pv+UyV@reHnP*W6rZh42u{Z}>qt>O#2qN2sM4fQX534~j4pKxo=mu*= z6>t||JI9nxS*enH(ywjIkFh)bVmnE<93HJ&jNA*4EJ6}-8x;f(-SR)C7FrGGUlI#R z*7Yup(_`jwo3?O;k*v5L8Ko!6@Qr=UU}VC|f#=w0Bqh7ogFOqSEtfm^a7lv3h_rHs zxsTJ&8;zRp-=;)28S&^4e&#|%XGIDf@I@XvJ&#ts_3@G03;!Buyt3^Wb#lwV^7wslUvQzaNdPPDBe7XhEzTFr zTV|!=&X1nhZ&8z(!H43{R}6`XBjysf93o9gOk54_1KRkctwHJ04^svc%8;W(c0=I1 z-tft|-1ZFuqdQM^%xcs$GM;>|v^{KHn0H~y2zZz)*WknM@ygMC1r6A!yE)7dp=LUP z#{oE@3!D@3c~|B^LGrY|@~a|T8L*Fsoi$c2IMeP^PaXIu0)-UrC$Kl;)e36@6Pv6Q zzbx=vD!B1Jf=W@xP-$K38`mSHM(kp|$ZW(7Ul?^*I95s`otV7p?Ty!A+4e`Hqv2FE zO@yALw7%7ZEI(Em;D{YJ1`*5g9PT48ZwkLB1R!nPrEK7SUq1X0)odM0dD;~AjLP+d zJ3`lW4y?>w$l!rnX}GK;0+4cp+zl^vz+d@M(Cm&_4mhyopb3B{6M&!Uy6;n1Haz{b z8_{DK95GAS#9VNkpIK~6-vAc6eHn09O%V}BT1N=dToDh<)>DKfT4?g`4KTcW^kj9K zaJ-lP9zjHy)EVI%?-&+G6H0)MMl~G)x2`h8NZIY(7rY#pi5jG!MA6|72|VelbE1t40Gx&N@9M%k&An1-^cf1 zM^-Q+84b}p^LLeKSy3dNOENHAG}naO>CCsAk$OWyRi(bNn5(zYlpb+T$9SwqgH|)> z3g8g1Su8I1XUP2=6MT$q-Ti@Snecrw5BO4){g`CyR*B{wbDqfp;S<8Lz2UhwvOYW8 zv=o`Wov0vCRhv9~EQW9qXwuh++8&Nt7OU(}d7w64>-$VDsp5u}`awUlDb*KZzqF}w z5_j4f99uCJV{vWo!7rw?IFU>RD^hR5%`SRxhU@5vZj5;GIg_dJxmfpyQ1LS=wda2% zz_nx6eYaRH!?_S2=Wfnt_MY32VD6KCgnT;qOu9l@Q-3-C);>#)d@ROuS71YVe-@m_p9)Nqp7hr38qv)fZYQZ0$=<(lPz&xIY4 zvdLC~E^ksQ?+*F$P(S1FMbE~|$>^etkn@#2x1jK?o>Chp!ZH9B0#^5&QK z>dAjMBE(k4d@H=CHaIHkJk!y4`HiId5dr$q=KdhKZ3SV}lWn1SE&V>~`Ev#(lEhK}MxbMc2Xtbuz>Z4%1r} z|7WCny5p?xB!#;??$4?wtxaN+3y~hbtOP5^@34W7if-_Hp560_C=;HcefHM3AlCBL zz6*bh;VpJh#~uBz`3XA4H4Q%pAI0Nq^ID>T$n7Dwo!Pu6vHo{TBuvp!)nRG3My{ubjM`M96&x)Au4?hOd9QcLP$Won zJ%Q?Gz%*8&k=v1bhi2h!f5+z&kbwIX(YR8c#)Jhy6uE^rvtAo*hhl9{+UKl{r)s6| z%j)C$k$s|yhk-E`Nfk?=ULGKu+J4t!01AsCRr25|$JZlg9kn!7b?mf6TG%zQk3(*@ zuOzllDzQFI=vJhWevpvDT zQ!6(MpAwLny5b1JY_b9(9+AEbOSe8&>Y?C1m#al5niLdmys|ED|LFQo8#1=9E^~>`yRYjmt+IpPZb#8R&wi*N(jo)7E^U6SeKEL2`}{8A@%QL< zO5tzjXIKSQk~Qj*5CJ~DxS_Hi9JT>$3!i&O+GnS~M41KC7`9#j0g2|_P@S+Q5Bh|{ zuGtiQPtyf%@!YeK`{RHIAd@n+QhS}W&DmFtw1X^DNmh%E=@ zlAuX6$VQ_GtuKNGBR$)tTS4&`clUWJEWq5|L$}~N%p`t&ET6>;9wP}&CP@ae^LdLb z3a1YAX#AhXHM}OQjwS|itKmp~yeDVzEbXWL+goD(7iD(#g@a0OJ4_4KPbCSSf99A- zU>Q$>I6rM!?H%G6ne1MnXK3LGUe8pZb1raTbV+4lJ=2?iz7p6LA$uIOaFndbN8*)fjU8K7O&Ma z*JV*9A-0vbDu5fGkMBNnHX#3I)9zh!xbA!Sa?`_ek#At;N+DS?tmtb#e~veuX^dDY zBKl*~G(c;$a+`TPIl>hh3no71Nsfa32+d_X5qTVnW0j+E{F5#j2eSu#{jA>tc3VAisvs2ZNq2WkX8!DrHK(D60ZfV5)X!zNSjb($eh~ zx|^34mEacX&5Z>ZKf_(JEMcPC$KO9HDMrlk zkkzLYQRGo4G9i_g)T=)Ub@~W_x7J=jI8t+Y$f${X$kJsq(n!(*o=CqcWBh(mFT|hS zEM1Yt=r)_$33@hZmi|T$L9Z#`K*)~!p{yW|NZ`HmxQ0k_$yHRe!qSkBf_`rYs)C1%{TWM^}6lxH`W&;{vwtH7LHG=h9##zA@}&>%Ocj3c|k9U{2^ zFb2Q_hJ>&Mc({8azyb2?zj48s_Ajw8JKJv)q?b$$LQJq5ub;*uI^v(o`^qL!0;g) z0Pz+U5dsN&cnJU91A$b#j{*5Jp#RYWVS+hI5jKJ$y!?EjFtz(IPbA0RAsnH9`Fs2M zy8lkc5h@IGhk0O35tv>@{-sNGO6%}+4k%0?} zOG$_eN<*X|f)Htlql_a|R8$h?@HYs3Ul&YOLfroz)h{SV3=~L0L;*UQ%ff*DR14~P>?*xS?Tx8fJ!U?l@hd3I4D z&_5*x?hqs#;~>wj3xTrf8~;;d;^F}_MnZnkDIzH$EiEM`DlRE5E(sD7`=^l^%ol+v z#b2NzAR#f)-)&6VHWbMP%!|%<(Oo^D!woX(#zMx%gbG!{Z~wEzdZj^>tg1U zBLoRig&<)VP>`r77$gN2l{68N{@sue1c`$|f3x>;bb$x{zpQ`F9yYl@#$3Y%f$2Z+ zx9E>4WeoHAT1`*h>jQWW=Qe#l<8<1tF3SQi3v~GL9k+Fo>j-!ymN%g^uuoBmE)1FeN7p zj~K2n_4%7Cw%dP<6z{(Vs_~DM<%ItmDRRFJ z{I+)%+hF+YR+G25kQZ^)luwp#cO+Ulx+pTA!D9i^!l38A-! zB?15-rvCND0%T^>V}wAYrmh-r705^jWaRIOtpEUMz?!N`CIR2Ja{?Pod(wJC{pJ>M zSP1wiBOfc7+%)hBE3IOVr)E=)z!}PM9-Fw2rZ?yL6zkYi&N`Gj)dm0EXGN!U6&f{TJ6g^l2cb#s*836>b?(NOO2B#x%0yLiS03Yk`p z@pPfG=R)Jikp(%E&3oU@XzLRHge1a^uwp|UbDj~PXMN8SMC`eV2r)A0vf-9%!JC8$ z5%%|cJ(%%V$v}M(R)$vvf=ImaJOdSDdL8~UiF`9GOjN1gTW@t8VTsXCecLX~RW!FJ zt-X0haz>Fs>?%~&C<-rE{wY}id1+#4Vawy3saT^~R~7B{4)pRAZ`Ml55*Sp)ltr7r z7WS6%h}Wz!Uv2m6kCPdAzCPf}Tx$0lw4>STUEy2CBM`_>G@(&F4F9Oq{(gTrfE2A> z;YI)XqU2Jyr+9(xiZuVUHXW%1oO7F1v?B=ed9>+}!!b+;(&}w&BB&)Hge!+hC`P=X zvJWP-r$e(w5Q6)^RRCvc3>m@w%{%z#gU=@4GhQrDeZKd;eL@MU&W<|nTfB$(#m!Vz zDz$x`$r%lrSr&`eW~Jyw?LnX3UJg_#G;J|6gK$-rIpD$2kpcnKviO6OFAi zW=1lF{q&GJiPy8b5(3dXV?73RP>qF(f|$+<1x_>BP}K6FdlDeh48TBm{)ad7;?m2# zv8X^4H_NdHDI9mt=>^Wu{tc|4pcA@*Zt2bU=8BS^eqe zrRO_nkUtaZcaCrqz0UIz-jueVq&B7RMMOu~kptwX=lNf%#E*YvnMdlIsoN_)#B&t@ z$uA4v!|5VMY1r3Y?mf$X#YG`Upqe0z%LU?;}PJ3vLB4j(JxyJrX9v7t`sjdBwwr=f1kX zP*2g&J0*1(_DPOqW~$s2mn?U}yz%A$rTtDb6R$BkJ54EP9lYHQ|o)fOU$nB6SORggUpcLh-H7)O&h&f?*i zfK^R`x!Cxi$cQw&oq^a~n=SZ+uQzyRJVKuk%VRg6F>XD!z{&0a|k--hzm*qAK# z1F(PBv?L2{FQe(D-Pjm^22^<^)XQ7RR2418=uGob} z7YA?RmyGt3c8=r{&(p(LEM}=6vk;wsrzC^{zaqJ>4Iw>xXB*Hm+PXV7HKbV`Y7}kFti5{gLBF8UtuF5w z^pS`mJtT3EOLI}DveQ13to|4!++|}bYv%kg=8K3|=7BAkGJ~EncZ+NIya~q^@Q@iD z@*~G)pa;dOky~0i!zfKYFxYsaV$qeq>dG9#u*rV-V$a61JtmJ|l{#ZvJE@zzw%PY} z3%E2)tSj5(3Nkv4b6TWx&_fSgy-ezyXDzH|L9Ls)nusac;hpDiEh%h>g%S4)jlB11 zJXW!&L)Vx|YkIrt^(~5^O1u5I`kWrgHl5jT-Y4$l_s&_Xxi+8Tw>)(aOgxmEuEY_l zH%zR+qn2Lp?YrUG$TWNr7G0NatY5)>qk;6t1U%Qau5a4H8Sofu%_{uegLUk@YnCGs zd!rWfN`EY&zG1Bn?2N@C^hMp|(F0@2Y%DmEXZk@2!x5DBHm`bbMj0KGg@mE?uAd&q zhe;1x^w-s|+jFvmURy_+#fif~W%Z!*hO4ZXr@oRA=+7*>f=%hOMs)7=5@|0S!4N+|;zX5leeJGpt7__ zgSuUA-65^zBw23y&X=bX_QRr^3)qQ4EKfSgUQZu|A76a#aCjC4=DFu3=;@=CduzEu zDGVOvlx0qLjL0I0g)^fc%1wJ6SzK;zaT7APk?de+agTiB*pQRxy}YyWxo`j0m0|v{ zz9p5r-LAoOD)!ee6hk6a+dnN>++w8B)zsYjL+)~J5Sid*X zM&QbL`E?kR^@)6|Twmct%bxT+-wLMol+Pu5MNvp@7a&(3NZY#_OgS&ZvHHzobzdjS zRh_|2V?-=Fd|6=BPr&VT|kgKIQcyr)pMLk0}RE7sFXe0tFlBxt+ z_?Ki8<17mjkCw_KiSImGxS=O{Cwj`?kHZjXgT7>)=J?2d!BU3Xr8x#vZL8Xz*W^_E zLb7^it17;Q-Z`F8Zb>slFu{3QixSH_Da|Nyh!5}N^ns_#z>jULAZvpx=+&CmmG^xh zf_~y2hp+!w8BqaohR61PoF|O4klQ_Jf#Zvp!WltJ@7;Y#m0HN~2|gKW*pG)K9@S_- zPvrM$_Ea+HrpiS`V0W)myhM6*AlBXyYd&P{6c&mZlod99SY@qbL&ptW9 z?L-|)_W+knUwOX2dPXscJ=_}6n49U7&_W(pa1N0E&V*eV+c8#{iE9x~Hi85m+Uu<} z%bqmFCfWV?G4&PkfGGbXI^*aXb(oWPc|?|Pi`tmpkhT3e&RF_I?&g@iyS>dkbVcEY z%&ke~l%iK9n>x}zO4?E{$v(thvhd74-OQm}-fw&NBU{&Rugb?0i-mn!b+%D4Br>d% z!lgjBW41bAeLn(Eq~AN7IPQY)gwL9Wv9@)o^UDNNzLkabU@tWVCPy(|o`Y%X;CYh| z!a>G)+dsTxEA3l>-fQ@ZA;&0>AE~SsJbr#PeTWXF9&saH(p7)^gdR9~TuRHt=Ey^v zKq5uA$2f;DAUn#YzXq@3kotf)j~d3|9-!vqQrs{uy+B{OHm+!|ARQO8wc;r`Ieh+lgU( zV`%)cPY}u%s}HEy!w2!$36te|HQ(gp-?(@SusQI^;}@eqGwtt?7&xh>vhGzGSod4Z zF2BgoT+;P_$?P@X_<1NTk;U_A#(cvQgUyRcX(A%c$+tC3&%R*sFDo@gdeCHVT(*{W zk~vV@S5M4AVk({vOM67d8=mrC<~*^(Hs$L)WJ^p%jfZ?4*1`EKMf{-l+wzNh%W5|y zRpiESQ$6B7ne@Z2%-ni}8IRy6dao18b4PK)3guY@?8RDWHQNiEu|rrCV#)~>=U3Rj zMA3Yy>GrG5N$ss?Q~dHS*=_>d$*mrexcFSkPepD+GK>ZL+;u_1-{gtPZKnt;^PqQX zOE|-KcGhm`o-e2*I^jqBIHhO$qV5npnd;uuJy#Gai?s=^T@8n zMK-MQ&Q(Sb)9Kw1wd2Nsu|qO+Qj%o}%aIop_bSI?sZCE86rI-^GkDsTUrinvLVGlt zaa@TAY23aTo2;*L)zm)?jXOf>g z@vgv*dCAkszTfl19(X+vr5weSJU1cs{(|QA5r4s&OgC4TBro;C?kH)jS8EID7PW5R z8r9WT@*`uBLTP;gm6!UaF7i4;HB#ei@5`KunM&K-?X4bWeWJbAj01Zf%Qgk6F$}YF zhOFYA5u#^pismF3nk5KznzKo1$GK6ZiorMU>EfU#L@X3DQ}=gI7mBmS+Dpq$<^V=q!z^& z6lw13ym`x@udjB;59z$1pWizrjYtkE_e0U1@mfoEKW<~h*;03Ld#KfnAK_n_AZ$8= z{$ax`sdeC7IlpPP9^$lzKfxPps^{iVJkI;-ROP&ZZtSzg+HU2AuN*FGaKgCU!UIvF zWfM|t8-h4*NPT@TjX|HM;>zjU#&*2Y_ZM(K@{n6|g|&>q;{t-qQ=!=UB`q_h)XcAD zZzP&eJ$IRM7Sa~8rM9y?AT9}rJ9PjRhRHA-!|=Q_FHWR47sxsN$!d5p*f(*z++-S# zL1p{-W}ble%_CObV+j;9Oh5e^>BbCE3Vi5Dtm^LGTJ5KRNvl3b?ouACvOEaKoJqv= zy*$3zki>{@QnMm%ky7C*Y%SA2(^|=G@99gP$H7Y3ok!@uoc8@WR+a>v#G=r!jrglHEi-Jy9fy`e;;pbhs{yt z%6S6k12kLka!V-ZLTB%tk-t>=aN!^_Q3cZ{pi1hnB61Ztc{LwFGqJ9VG9chfS{>Ii z=xaH?qY!vAz87jkG9(%(P$%0DkBfwE{N!xQ^Fz$wFmc3Ws{j$rihrwye-|(gVXV^WYGMIPDxk>r@k_^ zr9st^ukTXO>V*{yCBHqxr8m8va?3y?x0rM%d`HHJ-KfT)Na9Z|c(_f0w}H z1+lfQENY^AO55=gL0eD!x;=5zTMEbBQ1kBIj~sZ6$F@B)w@7DeIurH_HeH9TT+`GQKcMlg^N&Rm6B5DmMT6xcvY+i(LES4#zONEVM zOd4wlNcPxXk8FOAqHG!b=9kbh48-p}dU%0t;Pas-ZH26W+;UC#mO{891uNuk(jCT^n@@|F=hQ|NWE>y>}M6`SxSxqemenn1e-t Nrkb8=wX%K0e*u--X2t*j diff --git a/TA_dataset/static/appIcon.png b/TA_dataset/static/appIcon.png index 839942905f4fc282c6d8372613e87b071f51dce1..e185545967ebf465efe9cad08a81f06bdb867b5d 100644 GIT binary patch delta 2877 zcmV-D3&Qk_MAsIOBYy`pdQ@0+Qek%>aB^>EX>4U6ba`-PAZ2)IW&i+q+Pzq9k|U`O z{Ld-&2q2II#{mQp?*{Mqn<|&x-EQ}+J)T`xxWE(zLaC3G!}|aKcK8b)YDA&1R%s#; zpVCUBj!uo2Pdn}@mg9bWsGQHz*YR+BKp4ts^W~@ZbAHD-e}BAi-6M^!QE15+8)c%E zQ;x^ITqMZ;O}V4J+=aa7{gNr5$yrWGppY-eyS6cYR?rtEUwh$R`?ubm@~NNW`A(N| z>Ij{O4-!9C{(qt3PaEf(M0EEc$Nud&=XY+mkaWz~O+e|=iamImbrj`h(?2t;b)YDGuXlI%bvCtw#OEdwLkJYSjgn1xV{7RcN zw`{or%SkH$Gk|xKB^~>=W51aycD976l(1OBD?eW0SAP#*xx(JlRg_}A=?Zd@+cm^+ zBF}2fpf+@MtgCg6x7ZIpd#$e z5C&#nQk0ZANs3CODM61F0Ch-CxzGRtiJ1&SQh{qwP^#p6;~h=MTw)UPVZ89M4{qfeO6ER&~9oprX^jVv3&go&wDYt~l^ z3z1@##Y>j1y4va+wzl&wo40J;b+_GbsGX>OyMJClEuE;*ft1hF8)_I0s@ElwhZA

    SU-NOo+3B}WVpmX(Nix?%T$+*7y(u211c|Abs{ z=>7z90nmNN?Ez}$;cgy?UA)kB8Z*2Pb2`<4Z;ZIT+y3!|2H_Yy_8_(~(-yToH0>;V zihly>1xR2vZDH0_&v(NL;6#ihECCYnrZgTb0AUOgH_XZkLYcu#WUV%L=?&e2Hb#DK z#c&(Qez;QhV8h||7GOFC{BF&;Jm{}+98Ookb4{XoBxDIqrbwU1(H`y6yDgr>#+nA- zSZglL*rveOVUuHER)tj|HKlB+1a@A6+ke?2eA-+VOL1mFWk_yaxEa=*vTdaz=wyFi zy6@VZ5+NRWCl98`6T+8K*g21{{8}3>o!PkdSqeM~^7n#xk*cQ|TL1=en&EYn>MD|r z`t*&Nvj-XkeSn2{RFn|Np@^Lmd>o(|;poV=1Lxuykx@MDpc zbsD_GaEAa5iLAqdJaR4v&~?-o0)JToUK!yh4guomf_&RD%NV2zR*Cltt{4|GW@(68 zch(nvY5X~()2VfY*C{JQEF|OsJP^^5d}%Bd9GW_Z)1K^Y`uviNLRRL=;;faQS<9e=KkHLTUG zePlRRmu zIN<<2ss{xf$op9CsvK}*nstF5tgRx`SzB3ZSV8_B!oF0&!b$~UM=}8&fi%M1Qz^I- zm}5g-(kz0iBeM$d1FZOs$_^semUocxMI(s|3i>f~M9w7v*~@dYA*G3K`c6V_ZFolT zLM1LR67YIKJJji`|9{)qoWF9$?$slt<$>G>%d5Ri|95Pizh23~;m?qo|9T;iYg7>+ z;yh3X#Hb&Y!ma&QLR4KuCMZkY7&54nk&`D?z?i-6$jMOkYd6r>w5==w4Vob>Z3beF zdc!TcqPhoZ0r72{@!OuPvYgdEH_`v8f)vO9s06Ch{hzcFJ5ZmK!rg3(=d9j9)gk5r zH{|Vqqg=S*vfZk4Ls)!8q0YHaRPz=_*%bx7pv1!pj5;!!Nplu2UkH5`~h)ub5eAX67Ne2En>XzcpvB8b9nDQK&Y3QW_64M znr@q^L|n{dSH;jP0_Z|Nq6o^&GUg;H3E%pL;hes*%ynABNMI35kRU=q6(y8mBSyPUiiH%N$9?=mu3sXT zLaq`RITlcX2HEw4|G|In*;@I@2`?!e2RdII=VJs2?E;OO<9r`GPU8d!J_A>J%U`Jj zGoPf_T3Yl7=-UP^u3MV22VCv|gHMKR%B~coCFJwK`x$*x78tk%de*$THP3PS0HkSF z$s6F{5Ev~`_PWozyW8jXZ%=c6KL?<4e3BQdbpQYW24YJ`L;!#P0096AOF6D!00009 za7bBm000&x000&x0ZCFM@Bjb+2XskIMF-^p1`sMGsvqs*0006MNklCOyPA8}Zm7`Gcu!!j3prQya4(ckRlaq@$h_^WDAtBxCU%3 zl}e-jOTa?ltdjhiA?dyT+D%DwlI~0T?e*0q9nognE$N%Lzb@&vBwNzMp)sog^9HVn zW5B+VzB|CJF*UOdxC^Y0^q&Iu0G}csS+CavIPVkON+D*;N1qpBX~@&b;VHb77izUy zG?3#s0Qr9@0BtE03bX$$%YZVV3@8K2fHI)}3CQnL4N@sMlP@)6X>~RS+O(MC%_fpP*}uHr}HkC%WX&^O*57XUIMSj(NGUK3A_r6 z>NpOjX>Mo{Cg3S>F-dO!12_$w1#&RJ2!iw$njn}ELVzTK^b)Dkn@UJRFChs{1e6XcNbglail_)8h$vM= zs#Fn?CcTLiY03@y*16xzopn1sGtu+V0{{Rfl#Yfm z`M2oNMMp#ao&=<&0RYSsS4}NR#%Nz4p5W==?1lr9{P8#-&d=Ea0Py=zpW#XnMZ|_3 zZk!6BN&xP_PvklfLzR96*@X>=C0{M7YjaC3yk&|N4Gp7QJ>gLM{na6IHFyVAVxC$x z@R6{6a4*Gr`9<-M-Gy(69a8R^q25}+jPWJq?#LdB9QC>6A5f$0 zHQwnZ-j#aQ2jes`J*sY6+gIx;pZWr$dw3`L^OQTj)((DMVtpMHyEc~#`LeWpX7Ew} zkCipG%@l%Qw3jYRPo>Va)4*-sY|`aZId`#O#&1twI=(%}MX`IvAXoV|H-Dzf-g<#_ z@wJ!q%DKMd?=Gy@YrLdJ1PcT!u7v~zsGnbB3$7=Yu9fXS~6S zreV6#obN?J-P%Vr9(aa2Z*M)&e$ykUMs3{dy9tAdrj|i_jhF}yVSM(TCVHi;$7@~@ z?WasWf;ld?!0&!cG`ryD6*HN-eA3`-9~MR3>W?;LRi0yAbg=}X)6e%z!au$TiU6|ZI2Cfm~c zg_i9NwRMdV;=CN!+pDxdjgQvpdMqq}r$8RU7qQo@$8J0TXb=V@&YWPOEA^6TPYaWj ztk9~H6Ff6{nMaQB!Ak&2c|2J!+>B-MdU8U7vX~j6xXj6T@PTHT{E8LfZ3YoMqEo?n zrkx#Bn`EpjRewR>%=Ka6&<7XKisSc6K+pPIT+4k|N4RS@7P_hH__Sn`Hb0vfD6MQ74qUbj z4me;MXu4_rLT4m=hE1+J<*SSa1bMNUv7tbhqUENlikfzF=kOh4*k?xBabdIkcvLC6 zIz)&j#5uB9{F>d|RA{l#w=0vg7xqGI4(`7}gsyrDe>>-)oL{XMF{`;;qQ+3lS-KWB zf?4s(V#OK+A6}=)y}J>dRqQXFnQLm~V&ejT+v%EnErBH&+&69gz;rX|`~mBeioxei zc$P`X<5)F!=dD7_Q1#Q(wheCA+?d@N(snF{1-x^rHsD@8)C*hY>T6Q9D(`E8xv6gK zM{Peg|G>{@apq#qpkDIleHXLtl&3R~P3@2sJqKAnYrAvH+~|GWaOtJR{d8h#IyCVG z#XN1vrv;m9%k!%@dna<-Lb$C5G`38;J}11koU`NWVGTJkn8#M?`EV5{y~W6)+Pv!D^Dgkkj?aMNYl*__EY5VjRn$^wD~ILR zi5vq7RH`Ewo;_HZ8DOIy|FEvRZ`(R7fYCU(T+9@vzG!>*Y{a>ZTTOW)b3*rOlux!f zKI;VI7D+B6yH&~U+HWpfVcjaT3Y3cESfvd{4$8#JG{v_3fxA~&o4)6qyuv2T-jcfa zj&OSLMpZZ@t<44mG2hr`-Kh^&+uN^r&GZeH(i>3lC89G~7wIpUJDicR{Rz@?49@9$ zSwrfUn($*wtLf8zqvzO}nICtKCB&ZBiBWvwGveAnT{oAEEPS=peyrl;aG-Xj4wR=^ zhUaB;LnFpLru2JCl8`{@f*t}zbCnCRE2`ylnJOjVNpO)!@bm8RSbo^kM4@6tGeZfQZ&OBlIjnU;$3jOKX0T+^DHb=+pp)W!d`^79ay-bFZevfQv zosWA?%_BWME}?s}=p3ms`7k!usx;T004%Vrj!kz>BWOhFglsY?xLWb2qd#zQ&Z&iS z)Xd^Sd+zQBP2~z4y5(sI+1*|m8oG5nzj{c#O!wsW%CWK`m#lPrgKVLe1Ey1A4F_Py zgk-48U1+SD&WJ}(-THDex67|rJyMwVVt58dRdcQQAzc>3cCUEOje~^+k~CgyGK{1H zXV&~ml=B+r3Trf_Pz!w0#@_pq3oAzSo}_dW)p3t3WHDKzcI7CRTZQt7IS-Sc{ULKL9noB0^IVlUt5DQ z$?N#-*F0q`{CddzBK=GcHSaINiFR)|8|9VnGXZcTpV&bYln1`OQN{RG+VOhdk&> zelU=*9%U6Yee$jNQ=*)Zk}hY*}N>*CzzkU zGjOOW^2T_+`JiL8|ADu#`IJbv#{|lYFQk%>j`Gu~bDSv2x8u!zt`kA8FR+gUl1uS)XPGp6@kcwcmLClUE z*H-@eiEI7rGd{@T2|rfrPmfhPVD#EepOro!DHTo4?m&$LR!3q;DRIFJ^?6S|@^~l^ zBab0E$0nAmeJDBly|}4Nl4$g)4IBbCtfHKrg)K!7vB!A_rhG_Rw~A~b@E%5e_-@R^ z%k?8Mwrl4DkI`lO3h!6XZCyC&R~$;t*+!|hiV3&D#NW_h-#;u!pR$Sm#1Ho~r%Qvk zmddNLqqv`No^UdM93L@1u@(z-)uM9IFlxUwY{y@+HS8ZGW6fRzaisP*&Dm3>*9cDO zpc^+3tn_(z0r6FSo6C#aWkaYA9b`b$LGeDN-qSG}vcCho z<9CYo`Yii6Xat*_aVud~kJrvuZO%?Jxb8hKN600C6{WcCKA>%Fl#7cq;T`O4GQ&nB za;nxPUJt~W{2D|Ok^Lx7PSE`!6gDUbe z*9_NWb3V1{ope9tUMZ3vWj@_przk)upYKwS1)Oe`Kv&&~R%8NScy;mQLXC?AS2N#a zl)L|cew}Az$IcLQdE$D3!ke;H9RJ!~-Y8G`+`vqM(X=O(0CnFRW^K18U^&!D%5uzy zLmCZZlQ8X@gZT&5aa(JeO72lIf;S$?oQR%(;5f;ywwU!zXF1)e957@-_n_mvb zX_K2k0Hfjb_Kn!VRkc0;PR-2+9KM-C2@nRSt=sxHbVQIgGF{cL?x=6{g1_4mXfH=v zB+FmFtbBu0E^h0-b6;Kj3{xGyR0h}dR@&=;>2@14%HHSav=gyRX6^0Oyp6%HU}2F5 zWv=^OLk9|Nhif;YB&GDXFU4+w(`Oz*t-GA?xsmc*_8mbtEVP~RZ*=fk?Nyyf-BIpF zdMejTk=M2EXW&8Mw4ResWGF|hD=hXW7k7O3bQT#oloRcrfkp?_h_Ao)c*KF9yA^r~ zJilZ8!h^fbCjcS@6+Q-?1#w~hEF1mgCMa(ki^Wa&XXvBcGpWxdHI4BNEMIB1SgA3G zbZDRJvA!VaO&q_K@XVR}g^dqGq5>LhJiKffyE5OF^XbaR^;+$@N7Lcb_3o#_T&^JX ztYuZzfJLe|YurtE2@UQ;KIfEFqntL~_SU*D``}cH+n-On)P0c1U9f1h%yAy4R@oa{ z{sy#%ag3m9Oo#F#>goQ{{Sof-)=tXE+7Qb*s;+)qBYX|Q=SRwH7%_2pAJ z=h*b_n)qx{@K*F*W2o=wc*ZOmDLXtS)IK*Nbf#K;>Je5D3ZmoZ+8xSw*uyS`0cl6+ zo)vEGR_w2BrA!uw#B8S;$Dp|LY^=lPg{t3`0>sc-ME z)Z8wG_MQwJoKnJs|cYIA>9 zCdj&3T|DM?v2>?)pJFBZ3q14rXKkJiE_*sGRN;=Ide63e(3WeEerF6XB7_~O4 zT|B8>u69x~%sStUHc|Ig9!fo7YD%JpgYUrd0kQ_Zv^XJ27a|CZH86+)8&4f3sNLjZ zj@@5h{WQJGKjCSb=Hk;zVODvI1Qo&(%hbNGt7<@^;IBm;7KsIEA#*#=BjX<1rLw#dr9WcLWbshtBF5)S&XIdcWI`3W})UIh}^w z_xImdXNs##aM$#G_~AmCwkulyX{bP3>(<}NR$pr2=5*p~|?&d*6`Y8$jXn7)SK< zCSY)yJ~$7O$X_Y2m_PjS-UPRw>0mL^I5(U-8A>G2D)YA~wNd&;e|Q{8;OOj*|LH{* z`)^2+v%{Za{Vlemk)P@OH4w7za!O4ujsIVBMmM6g-OuwbB-gy zk*Y>0C1EJ|SKvP_Ms8@51KB}ISRai68k+oxHFb8!nUK&&a>~fd!Ql!}c{vC|4hBcS z{{)%i2t;xz9+ApGz_QSvBS-6kBxgfb7JXExWP+b|axzGD0uD{`B$#@7x+w`CMF2eV z{9{<3yq~aW5?TXI!jVZKP$&|jfP~7M$|xY^$Ttcg2n-4N3*Hm!?BM@@p^tVCQ1REA z>o^n1^ZWla{n}C{IImw%zaHJ3f9@q9@aL{TqA|ZxAfkP6*q?Edxqb~{oX{SQICA^= ztzLh(JO77Tu(!uL$iU?gAhd&n90-QNqCs$ZSp-NP3speaBgg_n<^Il2^mHKkq6s)v zN3xD&t;qHHQ!Ajvua!FUcet+;?r0gvih&>spg$Coh5V+N^luqUA9ao2Q&yDzU!o}f z1pKAVko|ty$nA^V4W<8Rhrfw-)Oh}jpWhbazc>S#`rk?Zk-q=R^{-t2NP&L@{KEE0Kl;nl!mIQWpn-eI!|`(Q`gtWAMo7) zMmJK&3!l`9C;yYS;EPj;a3SyoBkHE#fGNyW^pMiML6N7y>kg$^16_>7CReE)(3p-6 zZ9`{8r>H(z-#0iow*S6%Ql|`L9(Jfp2AJ}N$Exk8HKStcRs`Fa@yA9@+eqot zh28PT)=$ZJ*9x#Hm;(a!4(dAgIaNW;BiUZY19CoH0` zIH=t=OP6#J{mwWH)n5_G772vYzVB9I9lruQip8ecIB}uE8^Mi^2w9~*E3oi z7ze|6#Iiloc!Wi#HW-V0)@f64X-Ji;n#jI+&9bQBfO$=`Vcsd}mP07vqobFm)f0&J z`?w`J?OhJe$FzpTS(Sc1`i(F_ndJD@?!K&I=0Rvl^I7yM1!&$6TbH05CO|Rz!o!kR zDSLW{MUp9j>jf~mWM`MED<=GVMrm!#H3&fQeHu=sr(uYx*+o9DbL-<^ghyq~*-aYu z)am{cqe;{;;+F^yn(%ceQ@>foq$*YKC(+&1S1F+eUk!d|((VwQ3Dxx}`$+FQps1F$ zn7<;;;%oZ({m`^{;coxCp-#x_b^X9PFR9aCP_s|sMD9gXG(KowR(Iw~tq`G{T?*m4^0of3UH sZ|5eU?0em+fvej0`kCMbv*w0#V_4ci75j*Ma?t`%ng$vV)$Bt42YNZKRR910 diff --git a/TA_dataset/static/appIconAlt.png b/TA_dataset/static/appIconAlt.png index 839942905f4fc282c6d8372613e87b071f51dce1..bd8a62d3521b99e7258c376f441e59951c5503a2 100644 GIT binary patch delta 987 zcmV<110?*6M3M-QBP#)gX+uL$Nkc;*aB^>EX>4Tx04R}tkv&MmKpe$iTeU?h4(%Y~ zkfDl$1(P}uCx1?kPKqv4;{TFDix>}%`|kLm3rVh|{W(Vj@lZ2@n6E;}^*#ldB9yjs;YqLUR1z zfAG6ovoJZ~CWR9~_ls?R3g?^`Gp+u906xrelI!QnIsgCw24YJ`L;(K)0RRb0Ij&#;000SaNLh0L01ejw01ejx zLMWSf00007bV*G`2jmP06EZe^@9G->00It4M1Mh4Si|j@O=}ZD7{`B8dq`%b2k9;$ z_yQhOe4!#pPg3w!p$EZ3ZytnmOf|K1|XFWBL(e^rUmC4vmqwT`bK(}UW z3ApRf!qFuEs%MWSxDNmi;vCbl(H-spNB-7SGeF4=paxO~2CgP0d^Fnb0h@x_Zbbf< zzL4`q+gca}n~5V-FWVVlEoKT=Q1ThL2Y(y~#HC;046v?{-BoRuV`A!c&rT--iDC&j z6qDQlyo{QeRq!~beokQCrJ=8;T|m{GfvPT`shok-zwCVUpKAeB z02M$5Pyti`{f9t5b7ttefOc~RdhY^ynXD1K;dg%@s2OeN#<`*eE;XXyZRUL_{GBW;0iQC$?4Y;;&}a>YNwqPC?cg=2 zv%r0zGh|vDSfj_quob+S*v3)U_9UFq_G$9#h<$E!;tNQu{Q|)kj{1q$5k3F_002ov JPDHLkV1inPy`%sD literal 8716 zcmeHMXHZjJw+>RJ2!iw$njn}ELVzTK^b)Dkn@UJRFChs{1e6XcNbglail_)8h$vM= zs#Fn?CcTLiY03@y*16xzopn1sGtu+V0{{Rfl#Yfm z`M2oNMMp#ao&=<&0RYSsS4}NR#%Nz4p5W==?1lr9{P8#-&d=Ea0Py=zpW#XnMZ|_3 zZk!6BN&xP_PvklfLzR96*@X>=C0{M7YjaC3yk&|N4Gp7QJ>gLM{na6IHFyVAVxC$x z@R6{6a4*Gr`9<-M-Gy(69a8R^q25}+jPWJq?#LdB9QC>6A5f$0 zHQwnZ-j#aQ2jes`J*sY6+gIx;pZWr$dw3`L^OQTj)((DMVtpMHyEc~#`LeWpX7Ew} zkCipG%@l%Qw3jYRPo>Va)4*-sY|`aZId`#O#&1twI=(%}MX`IvAXoV|H-Dzf-g<#_ z@wJ!q%DKMd?=Gy@YrLdJ1PcT!u7v~zsGnbB3$7=Yu9fXS~6S zreV6#obN?J-P%Vr9(aa2Z*M)&e$ykUMs3{dy9tAdrj|i_jhF}yVSM(TCVHi;$7@~@ z?WasWf;ld?!0&!cG`ryD6*HN-eA3`-9~MR3>W?;LRi0yAbg=}X)6e%z!au$TiU6|ZI2Cfm~c zg_i9NwRMdV;=CN!+pDxdjgQvpdMqq}r$8RU7qQo@$8J0TXb=V@&YWPOEA^6TPYaWj ztk9~H6Ff6{nMaQB!Ak&2c|2J!+>B-MdU8U7vX~j6xXj6T@PTHT{E8LfZ3YoMqEo?n zrkx#Bn`EpjRewR>%=Ka6&<7XKisSc6K+pPIT+4k|N4RS@7P_hH__Sn`Hb0vfD6MQ74qUbj z4me;MXu4_rLT4m=hE1+J<*SSa1bMNUv7tbhqUENlikfzF=kOh4*k?xBabdIkcvLC6 zIz)&j#5uB9{F>d|RA{l#w=0vg7xqGI4(`7}gsyrDe>>-)oL{XMF{`;;qQ+3lS-KWB zf?4s(V#OK+A6}=)y}J>dRqQXFnQLm~V&ejT+v%EnErBH&+&69gz;rX|`~mBeioxei zc$P`X<5)F!=dD7_Q1#Q(wheCA+?d@N(snF{1-x^rHsD@8)C*hY>T6Q9D(`E8xv6gK zM{Peg|G>{@apq#qpkDIleHXLtl&3R~P3@2sJqKAnYrAvH+~|GWaOtJR{d8h#IyCVG z#XN1vrv;m9%k!%@dna<-Lb$C5G`38;J}11koU`NWVGTJkn8#M?`EV5{y~W6)+Pv!D^Dgkkj?aMNYl*__EY5VjRn$^wD~ILR zi5vq7RH`Ewo;_HZ8DOIy|FEvRZ`(R7fYCU(T+9@vzG!>*Y{a>ZTTOW)b3*rOlux!f zKI;VI7D+B6yH&~U+HWpfVcjaT3Y3cESfvd{4$8#JG{v_3fxA~&o4)6qyuv2T-jcfa zj&OSLMpZZ@t<44mG2hr`-Kh^&+uN^r&GZeH(i>3lC89G~7wIpUJDicR{Rz@?49@9$ zSwrfUn($*wtLf8zqvzO}nICtKCB&ZBiBWvwGveAnT{oAEEPS=peyrl;aG-Xj4wR=^ zhUaB;LnFpLru2JCl8`{@f*t}zbCnCRE2`ylnJOjVNpO)!@bm8RSbo^kM4@6tGeZfQZ&OBlIjnU;$3jOKX0T+^DHb=+pp)W!d`^79ay-bFZevfQv zosWA?%_BWME}?s}=p3ms`7k!usx;T004%Vrj!kz>BWOhFglsY?xLWb2qd#zQ&Z&iS z)Xd^Sd+zQBP2~z4y5(sI+1*|m8oG5nzj{c#O!wsW%CWK`m#lPrgKVLe1Ey1A4F_Py zgk-48U1+SD&WJ}(-THDex67|rJyMwVVt58dRdcQQAzc>3cCUEOje~^+k~CgyGK{1H zXV&~ml=B+r3Trf_Pz!w0#@_pq3oAzSo}_dW)p3t3WHDKzcI7CRTZQt7IS-Sc{ULKL9noB0^IVlUt5DQ z$?N#-*F0q`{CddzBK=GcHSaINiFR)|8|9VnGXZcTpV&bYln1`OQN{RG+VOhdk&> zelU=*9%U6Yee$jNQ=*)Zk}hY*}N>*CzzkU zGjOOW^2T_+`JiL8|ADu#`IJbv#{|lYFQk%>j`Gu~bDSv2x8u!zt`kA8FR+gUl1uS)XPGp6@kcwcmLClUE z*H-@eiEI7rGd{@T2|rfrPmfhPVD#EepOro!DHTo4?m&$LR!3q;DRIFJ^?6S|@^~l^ zBab0E$0nAmeJDBly|}4Nl4$g)4IBbCtfHKrg)K!7vB!A_rhG_Rw~A~b@E%5e_-@R^ z%k?8Mwrl4DkI`lO3h!6XZCyC&R~$;t*+!|hiV3&D#NW_h-#;u!pR$Sm#1Ho~r%Qvk zmddNLqqv`No^UdM93L@1u@(z-)uM9IFlxUwY{y@+HS8ZGW6fRzaisP*&Dm3>*9cDO zpc^+3tn_(z0r6FSo6C#aWkaYA9b`b$LGeDN-qSG}vcCho z<9CYo`Yii6Xat*_aVud~kJrvuZO%?Jxb8hKN600C6{WcCKA>%Fl#7cq;T`O4GQ&nB za;nxPUJt~W{2D|Ok^Lx7PSE`!6gDUbe z*9_NWb3V1{ope9tUMZ3vWj@_przk)upYKwS1)Oe`Kv&&~R%8NScy;mQLXC?AS2N#a zl)L|cew}Az$IcLQdE$D3!ke;H9RJ!~-Y8G`+`vqM(X=O(0CnFRW^K18U^&!D%5uzy zLmCZZlQ8X@gZT&5aa(JeO72lIf;S$?oQR%(;5f;ywwU!zXF1)e957@-_n_mvb zX_K2k0Hfjb_Kn!VRkc0;PR-2+9KM-C2@nRSt=sxHbVQIgGF{cL?x=6{g1_4mXfH=v zB+FmFtbBu0E^h0-b6;Kj3{xGyR0h}dR@&=;>2@14%HHSav=gyRX6^0Oyp6%HU}2F5 zWv=^OLk9|Nhif;YB&GDXFU4+w(`Oz*t-GA?xsmc*_8mbtEVP~RZ*=fk?Nyyf-BIpF zdMejTk=M2EXW&8Mw4ResWGF|hD=hXW7k7O3bQT#oloRcrfkp?_h_Ao)c*KF9yA^r~ zJilZ8!h^fbCjcS@6+Q-?1#w~hEF1mgCMa(ki^Wa&XXvBcGpWxdHI4BNEMIB1SgA3G zbZDRJvA!VaO&q_K@XVR}g^dqGq5>LhJiKffyE5OF^XbaR^;+$@N7Lcb_3o#_T&^JX ztYuZzfJLe|YurtE2@UQ;KIfEFqntL~_SU*D``}cH+n-On)P0c1U9f1h%yAy4R@oa{ z{sy#%ag3m9Oo#F#>goQ{{Sof-)=tXE+7Qb*s;+)qBYX|Q=SRwH7%_2pAJ z=h*b_n)qx{@K*F*W2o=wc*ZOmDLXtS)IK*Nbf#K;>Je5D3ZmoZ+8xSw*uyS`0cl6+ zo)vEGR_w2BrA!uw#B8S;$Dp|LY^=lPg{t3`0>sc-ME z)Z8wG_MQwJoKnJs|cYIA>9 zCdj&3T|DM?v2>?)pJFBZ3q14rXKkJiE_*sGRN;=Ide63e(3WeEerF6XB7_~O4 zT|B8>u69x~%sStUHc|Ig9!fo7YD%JpgYUrd0kQ_Zv^XJ27a|CZH86+)8&4f3sNLjZ zj@@5h{WQJGKjCSb=Hk;zVODvI1Qo&(%hbNGt7<@^;IBm;7KsIEA#*#=BjX<1rLw#dr9WcLWbshtBF5)S&XIdcWI`3W})UIh}^w z_xImdXNs##aM$#G_~AmCwkulyX{bP3>(<}NR$pr2=5*p~|?&d*6`Y8$jXn7)SK< zCSY)yJ~$7O$X_Y2m_PjS-UPRw>0mL^I5(U-8A>G2D)YA~wNd&;e|Q{8;OOj*|LH{* z`)^2+v%{Za{Vlemk)P@OH4w7za!O4ujsIVBMmM6g-OuwbB-gy zk*Y>0C1EJ|SKvP_Ms8@51KB}ISRai68k+oxHFb8!nUK&&a>~fd!Ql!}c{vC|4hBcS z{{)%i2t;xz9+ApGz_QSvBS-6kBxgfb7JXExWP+b|axzGD0uD{`B$#@7x+w`CMF2eV z{9{<3yq~aW5?TXI!jVZKP$&|jfP~7M$|xY^$Ttcg2n-4N3*Hm!?BM@@p^tVCQ1REA z>o^n1^ZWla{n}C{IImw%zaHJ3f9@q9@aL{TqA|ZxAfkP6*q?Edxqb~{oX{SQICA^= ztzLh(JO77Tu(!uL$iU?gAhd&n90-QNqCs$ZSp-NP3speaBgg_n<^Il2^mHKkq6s)v zN3xD&t;qHHQ!Ajvua!FUcet+;?r0gvih&>spg$Coh5V+N^luqUA9ao2Q&yDzU!o}f z1pKAVko|ty$nA^V4W<8Rhrfw-)Oh}jpWhbazc>S#`rk?Zk-q=R^{-t2NP&L@{KEE0Kl;nl!mIQWpn-eI!|`(Q`gtWAMo7) zMmJK&3!l`9C;yYS;EPj;a3SyoBkHE#fGNyW^pMiML6N7y>kg$^16_>7CReE)(3p-6 zZ9`{8r>H(z-#0iow*S6%Ql|`L9(Jfp2AJ}N$Exk8HKStcRs`Fa@yA9@+eqot zh28PT)=$ZJ*9x#Hm;(a!4(dAgIaNW;BiUZY19CoH0` zIH=t=OP6#J{mwWH)n5_G772vYzVB9I9lruQip8ecIB}uE8^Mi^2w9~*E3oi z7ze|6#Iiloc!Wi#HW-V0)@f64X-Ji;n#jI+&9bQBfO$=`Vcsd}mP07vqobFm)f0&J z`?w`J?OhJe$FzpTS(Sc1`i(F_ndJD@?!K&I=0Rvl^I7yM1!&$6TbH05CO|Rz!o!kR zDSLW{MUp9j>jf~mWM`MED<=GVMrm!#H3&fQeHu=sr(uYx*+o9DbL-<^ghyq~*-aYu z)am{cqe;{;;+F^yn(%ceQ@>foq$*YKC(+&1S1F+eUk!d|((VwQ3Dxx}`$+FQps1F$ zn7<;;;%oZ({m`^{;coxCp-#x_b^X9PFR9aCP_s|sMD9gXG(KowR(Iw~tq`G{T?*m4^0of3UH sZ|5eU?0em+fvej0`kCMbv*w0#V_4ci75j*Ma?t`%ng$vV)$Bt42YNZKRR910 diff --git a/TA_dataset/static/appIconAlt_2x.png b/TA_dataset/static/appIconAlt_2x.png index d57dfc2cda2a055db1d47d7aa03c9e33e63d3bdc..3015cb5abf9fabbb1efc7b4b46ae05f25698fd76 100644 GIT binary patch delta 1566 zcmV+(2I2YAPT&lXBa^`r6BsCweUUv#!$2IxUt6_BDh}-+;*g<=g9Vf95+{F7j!ud$ zQsV!TLW>v=j{EWM-sA2a;BQozYIcnSs%9DKWJ1X1R)ydz!U!RPQS?a6)aOJo1<&zy z4K=+Gn ze+&b`U7%UF?eAmTZk_;vXW&X}`>PFL=9Bb#TZxO5FelhrmdYve!M{9qR1u-!rZLegHnqa+2%k z$~pi500v@9M??Vs0096AOF6D!00009a7bBm000fw000fw0YWI7cmMzZ2XskIMF->z z2oo|Gp*iQ&000DBNko4^RCwC$++AoKRTRMS|CvqN?5r`-x|0U`K|%0El1ighL=?Z; zVnirvMNpAys+pxJs1Oh-6bllyCMAHAEaBY7EumHVA6A^#7G#WTP)#_st)r}3y zHBh**njN&L{m{Avde;6c;imktT9tL}>_=4vx}JqkQQcXysVCa&+J2@gKyK210eAw) z*YNPPfT4re&2FtIkel>3BOI-RIZT0MF)Vyh*$fg+0G-rNbi20yZbg7H_H+h#l=_Q4 z*Y@v;707MzwS_HrGAWy_$9?e~8GkC)nmr?#oM$?QH(kzW$b(o682IaIEBEl=SaRPiHS6dK!2* z<~gMWcv{d2*Y?lu-!Ri!;&C^K6+TlIpiI)g3)o&_0Xd)+-vPG*>nk|Km)B)qQc(AC9;$Pa=5yCZxHlkiA{GDL#sOyP@%ZK4cJv@OLN%@aOnWXQh!9!Iai~@8!4Ik1I1*oIpeRS#n zaXFx5<0sJ4+b0VX7$5^=fDDiUGC&5%0GTjA2FQN^86X2>fDDiUGGTxWkO4A42FL&z zAOmE8Oc)>oR7IfT8Zgi(K$q75&|DOt3u_>Oepxk;z}Jn=BXDl@85HVgjSiF!=Fcqk z`;rf{s3nuYH^6-{^)LJHMZETl1%TQ3MwgBpW=mn!KwjX?xwh{C_r_5YsOWalge=`E zEX04rGc95bE!Sw-$DzEynQ&8nFUoV}?%`OjG|BkZeY01WiE?y$P3c_W#4Li$fjbm#jAwUgX&}*;{2qlJ4f@*$Vv`c z(c52!=bRAu0odl+{xGl~NYr+j!yLj9FXw-}Q_;<;7dVGN9|7xZ4FjDKZ+Z|qzE?li^fw7#kV1sX#xTwMS7JcQUyg2 zl-`so(gcwvMXG+mTb_I8duP6RX1@2odom|EdzIf_>$lflle1%t47BK|IjI2v0G*Du zx(VS|`~0RPCw!Z4)M)_#OvwRemUt6{FA(SH?tpPc1M&ViG!X5FaR31PrV2A%e7I`j zBY%3a){!R9d%=RTy?iC!<n`Lp%wNjXo| zPsa*bf$xl459Ml3S$EzOtMkoiFY2s3efXMd)}QxCQQ$j@ed+PzY~@r|>@8=%lOjVK zep)wLS>d?>r*e9HgCzRpvgV~DGjCe)Q`kv6yGy_J`8N(#{FlW-NKDZKcAI<|A}0W zHiRR`f8lJ~ll&ga_KacQcF6X5aGIDYwGH>14V6gQ46UJVM^uI5$?WF75(){kZEVaLXF$qxJB&dI*knV6qMS*owv?x?GBB{g{POJ9X~`@IJm$3S)C zgRb?;BW<70l}Z6obc=}`+0n_-b>Vk82dFQF=WtWAJ4f0?OBSUgW274dMGMkR-sJqndn*K`kvHCv8h26_?3fbdifT{99SC316`&q|*Hw?|x z2l?}lUFG-Ld1>DrHO_YWcH8or51v_sKwv@N9{v0oFi^7oW7zBC*};H|>FAIgZ_5*- z`_6Y(r+o~11G^d?PD7sQ+xy3-2Z}tMpoj zCdUDRjNx_dcTp+Lw(ka~TyHLDIU>If9`jn?`I4M~h7QxdAOS{hXrgUr^4B)>GebT% zHmzrh*1(=rEk`fKNh-=ImsY#VR=n%v!=jjmn$8NAKi9#&4Xxc-6~kb@a?um zMAl5v@)*V4@G)??>SoyRIGYD=*4N$K(4m z*=G`rIh`K8({*d$XCn2=PQhWSgYD>k>$k6p@4mwE@)FB+XmeDA?gG1Wu4q9LKO(+I zRhOfy;^vA|dXTy6$jEiY_({FT{K!h}Ll#+z1Df%$n%;LYZB*`NS3aeW1@x0we*!hc zz4Xd7upCE`OZ%mV`e%)Q4{JU7(Br*-&HTyiV5_VGOdLOOMijdU%ghj3>J|ylRf;nYLTE?0@?fEt92GDRI$=JlKZKYP>$X zK&VTA(MN{+%8N%G*OU*q{6__cOdf}2y&zu2w^CTISW#8iw5&yj7&=WhXni!GE?OLB z%ehw?Fl%y24&p1ka#34h9%1&WbN^MsT2))eml!bzX1b;H?||3*K9Nu*c;ri^>A6D- z0Un7<&H3~bl_}a0`*i6+F4UJ*gEy&y1Y2lp3MEnixu0IMk+fJhk6Hy>lJHRpzZ$BM z7@loO6}Or9CTu??YOxBmjGZ4wAgLQ=8hrSD2Y3RrS|%pdA~aPre9r8X?M(wEw149x zMZb_7vj`6uVRksXliNq3cGh8eTgP&RK5n0)Iri4okp5tHnR@C+vDC9$q%t~Ju0t*c z3Vd=+uqb%#=J@(vMd%|nmpsmncbiAi4L=y%C%%AUVCl8_gDOQ{z%7 zu9VUo#9xeHvdFtjl1;^h=hEwakr9X6hV2(H>-LTIKYOrehO~^y*coDFyOE@5J>pGQ z#92EX*CJhvT-gOiKaoAB~!9na(kfbhuF)BSIYB(o`8B{zCLfUV=Z_sMv}xIjoe1)?p#7fE=mytmrK^1Czt`*jp=q* zSnj7tw`soB;hn$N(*yC*Ev+vO+axm1SxQ#w)H}#!;2H1QG?IFGpR%a=a@DvFAX2j? zRJ@O+=&Efc$MAHYc)2x?v%L@_u0pd`@bKZ>>{io_egpzT{~K3iMkX=69b$7Aldn(` zL`naOyGqbA_dSK`Q)&)Geok$7#s*Pm92e32!GkXS)B9TdwDA=suDE0+hFq-K-mT$2 zL174Dzapa-Ucnfntu9wT_ez=6Tqul+^Ywz#g57f>i~89B!FuhBka?LFtxF8h`Xt(- zDdnhx#Y{nw0psI=&$Ah=2GO5sU7}m#naQTjzcqX|EDg*{c%XLCLvcpFV)22V^BB-U zhg32g%2Z!sz8A!96;Q~|TQ+3h#qIjgj2^66E3+?7%QKjbJmC76C%shT`1Y!asqn38 z%(p|pa*xwJ#dUHz7mMW&M81aR?M`&Xr5gpZiOUa*WGiKf1U=wT)r5=mnzfULh||Uk z^xs9JL@q<`JZTa=Wl_7K^DI}aDb;hQ@XEtj%34unw;C%GWj*qkmwBGEw3N6HS~uSO zMs8emB$RWiO6uMZ9uPfBbd_eD)cBUb2GGI0HrR7wppI&4^q*m`dMZ!n9${Qmbg{*4 ze~kCbT8rOtV>~_v%un~-F@l&8?tA}Z{)A1q1}72S_@>6KhG7Lb!)EBpen1J+CT7vZ zl^y&OS6H-ns7Waq7~Fhtufl6kvhmpL}Vu(t{hWbR;u>Q{YJ(3VXZsT zpC%6#_uW$qN#5wJ;MUtLeyg7Gv3z|7zAke1iOfC+y4X}%ESD;5uyN$r7M zD{vIIMG1hr_U>zgq+q2UE-ES|GW^y{NTmLNnWJUClD+!mO&*ofaffiEu*7|J2KGvK znN0I<*zrc&yLf%tkelfU^c;UQD$Myq4JuYby)8>f05Zv2*!O0hqxOI{Ijd)94C?hL zkJSk068d>$>4~3|*#MZ@m~m^kbgJLt@y)YRSsO<8P=%3wcnCsIkUY#H_&r=`D9>@G z@QhEYxhnUwji^BqOOIPk$r{31ac#B#hh$nu8iE--%4WxM=$9>)IDWv+ zd}L7r%ZK@$>DJSzZTZeaOWPp?`FP(7DRgS@8>y&@{uLAH41Vy~rb$MQrFw=|DwR*fo8HFqRDFUt89$SsE7?*h4zkWX zu%dzvH}u;eZCbmit9L$uK%Cx<8F+I9Ma#9SQ9EKWMO!0GARIeZSnZO%)c7vOEO|t^ zmv7YawqfanDpj*fRmA#ruE%j@cgl$j1){auOdSVUSRuK7rP_{KQ~fGJE+vb0;ToWW z{Ne?>_XC$M^ElNXY4eu^%9T~39@5PDE^_;~Zbs7!ThSzP*Halxz-CttruAE-7}+oqD6HT+$HROy$?V8SaKv?D%@q(8W7C?bVC)Q5N=Y(^oC! zWdI;1c$LqLuAH6hHY<&z;Z`2iYo2>55>{AtQOZ_c)x1rH3JTIsCf}(%#9#Xq*H(-8 ze!bJzZ`R`aL#QDMmy%T>l~QiA*t=$p;g=VBr2aI4CN|DS$Xd0tP$Tuopfh8Of786P z370%IzMpRKKHus6q9Al*-Q4vSAfcBv8DzyeL-O7D-UE=xvsL;>_w&cHghjm-Nt-eO zjJKZ7u0+3dkV$j4CgLDvjffIbuVIjxHa?3lqH?lPNazOsBTnYmy-RS?WlO#f#rytj})TS#AY)GB*?PhGXLFk4VXUW?0U+kSo_j#!#eWcbp^h z^LX8Fk8P|B3eA2r$FJz?Sjb+{dV2GQflk+3wdfSsi^{LiyB3OKVR`m1Z0rp#Oz%E1UEAGS9;9I%4`8LXb{csbGIR50gm&qimaflB|J5A$>cvXMp~T`t z9Ls|5qp0I2i^|y1M5ok~;VT>Um@yg3C-r=7YCX$4dk+sj?doo$Dov<|MmM*HI*VP5 z%2QlEWbFu9?Z!8-$%Zwxg;0_19%fXz9(aE9%;^f^T!&=%7E3OlA^O}mNGngC3bR%t zZ?r?LVU&_kYNbbGIV^xRsLC`BX)s>8P--#BuOQ4*o447%$u;xQw*gup%Co0bS(XYg z?fT%m)oin;k}MS9L7Ao|YR6DI(l)+mq2USBZrFyhvA-5bbX1RHE7X~_fH{5^cRiKhzj>SFA9fOP~bVl2%1xAPap|K^DEcN{3mtDcOS}7DCd9Zs4`E0rrEb=|25B(4w>=fD=7OtL?IXQprCgVU7idn z363rERuSdS1wXjqD(b&(P#jl&4>ae!xR)REMxVjmXru71 z>)SF*CMh9!=dIXP(Zi?JLA>|YV%VkGo5cjSX%ORh(U-ZlaO$S@cT)s(7r{Gby465}<*Qx&lZ8lLMXFTs*R z4BL`oNSoH_!ik)t16XL%KLS=kWwhR3L#Ly3zus}D8d~aY&6}IOZy&anBihyK`PSBi z+A}8ZCQofDmPx!S4jm-ihCg$AgV`~Oeehna#|D~(2`u(yJKRwJA^ny~=?!q9pEHe#EYm(h zRB(1aGmS30)2!suIzsG~vmDmP_U`r(zF}A4@y3`mf8Y2Nn;*pK9bBBKA_QIuV-=Y4 zGm%Yc$s7m!bAQw3yso{=S}!*N_CKWm&>Ga6AEIbEo*igJHc~mfJ7+2;t{TrW;Zv zN^5!2O&-{s@5DT+X0@1=JJCp4<3(D07fe(R5%TCWfX0UnkM)eO#m#`yN%a3nGnd+^3cm@{MxqU*^Rq z!});m1_rU>CJR54RqwIW$DizM&Mj{8%)6VVJNtAInb*bPr7oeo%2l^nRn#S-<+=qO zzIZ)J5C44Fd^h2#uVnUe@aEuf@sd9IA?bou5f|GI`OaQZq1T-7g}USdh8*SuF1*Tu zR@FQ4b`Np+ub(pz0uQoCw?XCxmWL}cUt$fILx;b(6 zxv0gpfzV$b~!Z6I@h;#W@Q}V7%>1tI4-o*zb=n-$BH9R?)GSLKP*8(xD=HAa0sLe8V|HbJ7U}v z`L|ly`GFXeBEN;SzJxwb4ef-{4)8>q1{jzj16+_W6u+_(wSu2K0RW4}BY=KbS2r(t zKSlmuxblSOb1|47_{#+EqR4NlZv<3x_e2As;!tr3kcJ<|M~YvG8mQoja*#Js*Zc#5 zFjC}q!sBuBV6d;RuedKn+}+a=ED3|bz!FkmDJc-a0_5fIhDZ2;+`I(NA%4eDM|&YX zF*rQN-3@q-iLiI~#w+sk6ZF78i5mfAsJ&Bb>T|P0(KM-kwObh7Z~eFYtE=6!I^BoVTazuXIpIFxnN3C75~#Ivi=d+>q#VC<3@RhJb^XmX?Mf?d?I*a!?ouibNto_6~ATkgTk|EX+XyC5wbP z{0+j;6GNye+x3?}yr z3Wb!{boay}2+N7VA{^0RoSWk>#W~^fDn>er{8Hi)|B)EEBJd6b2St8;1QKXy`X7xM z28%YuBhKlRl#!N`BM>4d2a|?MNJ9T(bOY__MJUB{P)P}Kh}195`MSsxvLP^wI4@KJ zz%Mx=8F@8NGy?DLY3ApvH6Y$*gFSR~lKcNtKggOF`CV)yvNy$sd%1gR=GzuCK^Fb@9zFYEK&1625Z&9yOJg!%n{iGJTwrf84fN52nUF~9Z_5cq3X z$Rm)yr{IO~L8E@fNx=GDg>*u=Iid;e%b`uxQeP~`WO68)#SuM_%w83>Gl zBxFHuIS2ex84F+ln6$Bvd$UD=z?mhWY#^0%T^f6ND6a9eoXo6$(yP zIqr0&#uEU5OiV{z#msMNBWv2-+??TV`(!;!*%PX%33X=EGS>??QEp+%K>LCh4WZpEv2ws|<0S{Q$R<Ko{sr#EMN9Z=ak3F~n8EiS%l@-y?w!P0G`racWYL#!BK~<~^~m71Z??>qRx;fXZAxKTQ*n@&W#}7wkl=BO8i~ z+GXUkWK-+{K%z{QkFmhy0Qgocozcr1j)^PmYF|j&WHsSrpF%#eo3O5KuEBM6zuG}o zuXQIn!&{0n-D1KbuBiBGGU&AB`o5v0w4+;XVN@Tn8S0WGCbncWrW#@q0EVVf-gvHR zT`Qppzr$oF?1U|&D-wb)l4YvNUXnymIa>IwD(dF_m5SA(4&JDp=(W5R6QI#aodom^&9IIr8 z5ea5mLW9g zAto6uct-W@I-3qB2QYL=qK8RMUko0=<|nNR2Y3>rL~#nl`cp)48ssIwnfj>-oo^Ow zI_~O}t3g!NZ{=ox0Q}|kWbYH8xO;U&i59iL02)$>leM-4B7mUoH5uyKQWl|5M=uer zTBZ(@Mj9cwV`S(PCq3%SF`Mi9Z=2eHZ))Y&)Pc9V6-Fxs?3$bSJACNoUy#YBAyLbY zIK8vrp~?A%Fs^}5og$3}L*I0)PqGrL$lNI2DuQvBvF?IzMn|QF$U?VNIz+T@%ar;| zid#pcfis2OE8$}#5Ct&qLUPvhmEodv7l5xwv33s0bHQTmb~bo{t)U79q>@CI!RgTR zZZSRNC3f&Al)9bo%v6eDm;^I_nuG>Bfmk$r&1lTZLoP z6J4~m-j_fovMM_k3!4{Nh%kyy&udo9LSFzXt}Ndw255f{3vuO!K~!W(3{#E=9u5I- zC62?=a1Q9Cx|a)^=!c=BtVCIrR*WKyL?csp;*>}CN1gRLs9|QYnBayK>&{79g_xZ& zE2&0IH85R+xltqrYv-B=&HV8LO zR?Evyr07Cf%&}xN;HFg1K0;D^VM+F+=SZ2`1wIQ*2&d&*pHl-;khuCrPH}0YXBo#12;%35 z1>>ktDDGzEeq=t;XqhxP%VR~X_9$BcDS(_mSUNEZU8memdj4QOQ&n-p!57= diff --git a/TA_dataset/static/appIcon_2x.png b/TA_dataset/static/appIcon_2x.png index d57dfc2cda2a055db1d47d7aa03c9e33e63d3bdc..ac6913a2d0f249f2292309503ca4586c0e8c2b09 100644 GIT binary patch delta 3359 zcmV+)4dC+9PN5o*BYy^idQ@0+Qek%>aB^>EX>4U6ba`-PAZ2)IW&i+q+O1bvmMbd` z{AU%t1dxz~mct;QXMemOPwoDM+I^w>gO>&Q z>`b^>Z-vA--NsA3FXVB%QE&EE)Iqm?-X~t7+`of(z&C zT5l5Y`4#TyZ&#&rckU}wLRa`jR{-)(y_Y`cw*b8Z`Q z(+5SKgMUH%W`ARTNJQ@+wEbZC50Lj>ZSS~g*Q)|iy<1dHFX)_iFmV8KzFt!_!%uK; zS97$Md!C?t<(UWCEM5q#>{M!5rI%ge>Svh{u~LwsCz>GYj5RiLnipgBw6e+Ad2s`m zlOi!6@*c93YhS>%IUW!rlU5VD`0S zg~1ms*@&zZ;MhP=hvdYS1{f$Jv>+r^hPNc6MrUulW96DlLP}>Cu?a*7D;v0R?jWmH zf&Ex*uz#U0ELB8QOj;6`uB=r>RZUNj>&8}1OwFvBTW{QIlcvpDYu>t(Gh(2)x_NW= z-YIo#)Uj5_{Em@9gGU`Qbl7OaN1rgCS*J{$Hrw>s7cE{06HAw^wtV#{DG({5hJ=Pi z3y;2GYnyl7vUS^T+joDkc4zgE_5;?+oi)0cI)C%*!5T)B*~=2;gcCWOfibEDjN4%V z22F>v+)AxmEdc6RBV0m~c{mM&!vIJqT&Hy} zF{C4pOh5^oxNVNyx~#DnMF9{GtNDb7$KvUC(g21s66p+p%v41Sq>Lzn_-OIyf-9=-<r+!wrGa>y|O;NYK9RRnR60xCD8PU=*(jBUL%gCn*SAY{Q^34YWhLSeR!K!0*b zfn7@{?}iXEca$3O#-UYGcjr0pRp7!Y%a6Fxp-oSxuzEOa{ zl?h??he;}ZXCk4XTBv)5_bMy;h-%AC!~;djSZj=#`rLCP%Q81Di?eNp27k-GP`Biv zDB-TewiG!z)e^yoSB6elwvGpBhgDSlVo2$tQj zyp8g>A>HddDMe9^&t;i;NZve4a9PbPFinqyz=Ye}3@vpPl)Huu7%(PohO>wcU2_An zlUQB9^x7_{F;Hl%74Ctu967qjg42SFiob$mg7Z0CgW9wEtSE_XPk*Z5qMG`~cd$-x zb-WrNj-d5FOG2tIwkdtD0004mX+uL$Nkc;* zaB^>EX>4Tx0C=2zkv&MmP!xqvQ?()$1v`j1WT;LSL`5963Pq?8YK2xEOkVm2O&XFE z7e~Rh;NZ_<)xpJCR|i)?5c~mgb8}L3krMAq3N2#1@OU5R-G6g<1NmzidDj02i( zo2f)x%w$)^&?^GyLO-Gi%FHt6Bq<5s`nsoXs=FA^^6&ezdexl8fPhFm%M8;d-XNad zv<=St#1U4MRpN8vF_SJx{K$31<2TL)mj#{~G1IAe;s~)=Xk(>~S<%#pr--Afrc=I< z@mS@&#aSy?S%34M{DtA1zOu}9TEj?S5lfIDLO~TJlwl)AyH1LQ6rIO?{6nr^B9}t0 z5*RraP=N;7^@IPx@7Y@U$q6qh90xjI9Oq*M2<-xmn&W&QJ5J*S2tET>ddpv_12dnb z*IHWi2(^xB>_oNB=7(L00(qQO+^Rg0R|8%5sRxCR{#J6k4Z#9RCwC$oL^`hMI6UJ zJGVx={`l6r- z@xiKZViNpUZ1bQfND>uM1Cl0}#LMmN?9Yc=A!xk2z1_QPuJeU`ICf_CH=mvP&df4% zmWW{V|565l0TfBjPCk5da}&oYAHwSDDxIC3JAW3VwZk5i1&)@vZv)Q(KVFnA2N=7Jrd5BC;8zJz0ZEpACNhDI%vu0l+K_9e*t`&$z%oqEAYi~dI&f$ zH#b+mE~b=90nb)Sm&s(V17?HS_0@GW;M;)DfOpgB^ghq?$}Y@-=llBl>H{cvLx1-J zS5`=RDR3S*)WDJIQQ(Z@IF;&?4NNTL zo+kK6m{m$yu>zW%odviZNHqbVgTQ660_yMYr@@|5Pgwz^*t=LS&702x3AkO5=>89)Y*0e@rw85uwZkO5=>89)Y*0b~Ff89)Y*0b~FfKn9Qj zWB?h30^~JOz5RLs`nib!{WLZ<79XH|J`bf$lg*;fM@B~C1Ju^m2Jj(}Zvr@90l!z9 zxat#!uIsL*QmMCr<1q&NJ@8(c`!=u~GoV*J&+{vtl?@H3SS*rCrCtOcp?|bjIkH4# z%CfAfvTo}8C>7gaI|EEs3n!FGXEGT)&-()y1autHREzE2Y@5MZwUiq0e@cuhqTsD1G!q@L|SSL3=9DHTI=_L{lFUuf%6xogMR%h zD=XjFcC=0ZksUAyAg8r{VN0{#iDgNS(!t^dt@WFL*U{0DoW<&vH?>M>PxVI)^qEt@ zT|+}d{=Z_0WiAr?H9kI$h*-fvy6q0%ovfkUv)h#OrHEW#C=}{a4}TG%ZUu`7`FtJ` z*&`yaiHH{?pbH}Mq=?u{OG|aFLtVcIwY0PVtb3mK3~*Dh4vN&^fp>swa=F}FfbQz* z+WjBQ9LHf{Vc|T`AFSn8YAEIh;BMddj{-~W?G5@bm3lVM?XKbB;eY(8>O5;}Ylw)o pyu94-crEiMZwcsP1{hEi>u(!haLLk1N(BG_002ovPDHLkV1kg3NmKv; literal 10066 zcmeHrcTiJX*LUb$I?{<0DH;MKlprPaCLILi3WOv;fIxuIi!>1sX#xTwMS7JcQUyg2 zl-`so(gcwvMXG+mTb_I8duP6RX1@2odom|EdzIf_>$lflle1%t47BK|IjI2v0G*Du zx(VS|`~0RPCw!Z4)M)_#OvwRemUt6{FA(SH?tpPc1M&ViG!X5FaR31PrV2A%e7I`j zBY%3a){!R9d%=RTy?iC!<n`Lp%wNjXo| zPsa*bf$xl459Ml3S$EzOtMkoiFY2s3efXMd)}QxCQQ$j@ed+PzY~@r|>@8=%lOjVK zep)wLS>d?>r*e9HgCzRpvgV~DGjCe)Q`kv6yGy_J`8N(#{FlW-NKDZKcAI<|A}0W zHiRR`f8lJ~ll&ga_KacQcF6X5aGIDYwGH>14V6gQ46UJVM^uI5$?WF75(){kZEVaLXF$qxJB&dI*knV6qMS*owv?x?GBB{g{POJ9X~`@IJm$3S)C zgRb?;BW<70l}Z6obc=}`+0n_-b>Vk82dFQF=WtWAJ4f0?OBSUgW274dMGMkR-sJqndn*K`kvHCv8h26_?3fbdifT{99SC316`&q|*Hw?|x z2l?}lUFG-Ld1>DrHO_YWcH8or51v_sKwv@N9{v0oFi^7oW7zBC*};H|>FAIgZ_5*- z`_6Y(r+o~11G^d?PD7sQ+xy3-2Z}tMpoj zCdUDRjNx_dcTp+Lw(ka~TyHLDIU>If9`jn?`I4M~h7QxdAOS{hXrgUr^4B)>GebT% zHmzrh*1(=rEk`fKNh-=ImsY#VR=n%v!=jjmn$8NAKi9#&4Xxc-6~kb@a?um zMAl5v@)*V4@G)??>SoyRIGYD=*4N$K(4m z*=G`rIh`K8({*d$XCn2=PQhWSgYD>k>$k6p@4mwE@)FB+XmeDA?gG1Wu4q9LKO(+I zRhOfy;^vA|dXTy6$jEiY_({FT{K!h}Ll#+z1Df%$n%;LYZB*`NS3aeW1@x0we*!hc zz4Xd7upCE`OZ%mV`e%)Q4{JU7(Br*-&HTyiV5_VGOdLOOMijdU%ghj3>J|ylRf;nYLTE?0@?fEt92GDRI$=JlKZKYP>$X zK&VTA(MN{+%8N%G*OU*q{6__cOdf}2y&zu2w^CTISW#8iw5&yj7&=WhXni!GE?OLB z%ehw?Fl%y24&p1ka#34h9%1&WbN^MsT2))eml!bzX1b;H?||3*K9Nu*c;ri^>A6D- z0Un7<&H3~bl_}a0`*i6+F4UJ*gEy&y1Y2lp3MEnixu0IMk+fJhk6Hy>lJHRpzZ$BM z7@loO6}Or9CTu??YOxBmjGZ4wAgLQ=8hrSD2Y3RrS|%pdA~aPre9r8X?M(wEw149x zMZb_7vj`6uVRksXliNq3cGh8eTgP&RK5n0)Iri4okp5tHnR@C+vDC9$q%t~Ju0t*c z3Vd=+uqb%#=J@(vMd%|nmpsmncbiAi4L=y%C%%AUVCl8_gDOQ{z%7 zu9VUo#9xeHvdFtjl1;^h=hEwakr9X6hV2(H>-LTIKYOrehO~^y*coDFyOE@5J>pGQ z#92EX*CJhvT-gOiKaoAB~!9na(kfbhuF)BSIYB(o`8B{zCLfUV=Z_sMv}xIjoe1)?p#7fE=mytmrK^1Czt`*jp=q* zSnj7tw`soB;hn$N(*yC*Ev+vO+axm1SxQ#w)H}#!;2H1QG?IFGpR%a=a@DvFAX2j? zRJ@O+=&Efc$MAHYc)2x?v%L@_u0pd`@bKZ>>{io_egpzT{~K3iMkX=69b$7Aldn(` zL`naOyGqbA_dSK`Q)&)Geok$7#s*Pm92e32!GkXS)B9TdwDA=suDE0+hFq-K-mT$2 zL174Dzapa-Ucnfntu9wT_ez=6Tqul+^Ywz#g57f>i~89B!FuhBka?LFtxF8h`Xt(- zDdnhx#Y{nw0psI=&$Ah=2GO5sU7}m#naQTjzcqX|EDg*{c%XLCLvcpFV)22V^BB-U zhg32g%2Z!sz8A!96;Q~|TQ+3h#qIjgj2^66E3+?7%QKjbJmC76C%shT`1Y!asqn38 z%(p|pa*xwJ#dUHz7mMW&M81aR?M`&Xr5gpZiOUa*WGiKf1U=wT)r5=mnzfULh||Uk z^xs9JL@q<`JZTa=Wl_7K^DI}aDb;hQ@XEtj%34unw;C%GWj*qkmwBGEw3N6HS~uSO zMs8emB$RWiO6uMZ9uPfBbd_eD)cBUb2GGI0HrR7wppI&4^q*m`dMZ!n9${Qmbg{*4 ze~kCbT8rOtV>~_v%un~-F@l&8?tA}Z{)A1q1}72S_@>6KhG7Lb!)EBpen1J+CT7vZ zl^y&OS6H-ns7Waq7~Fhtufl6kvhmpL}Vu(t{hWbR;u>Q{YJ(3VXZsT zpC%6#_uW$qN#5wJ;MUtLeyg7Gv3z|7zAke1iOfC+y4X}%ESD;5uyN$r7M zD{vIIMG1hr_U>zgq+q2UE-ES|GW^y{NTmLNnWJUClD+!mO&*ofaffiEu*7|J2KGvK znN0I<*zrc&yLf%tkelfU^c;UQD$Myq4JuYby)8>f05Zv2*!O0hqxOI{Ijd)94C?hL zkJSk068d>$>4~3|*#MZ@m~m^kbgJLt@y)YRSsO<8P=%3wcnCsIkUY#H_&r=`D9>@G z@QhEYxhnUwji^BqOOIPk$r{31ac#B#hh$nu8iE--%4WxM=$9>)IDWv+ zd}L7r%ZK@$>DJSzZTZeaOWPp?`FP(7DRgS@8>y&@{uLAH41Vy~rb$MQrFw=|DwR*fo8HFqRDFUt89$SsE7?*h4zkWX zu%dzvH}u;eZCbmit9L$uK%Cx<8F+I9Ma#9SQ9EKWMO!0GARIeZSnZO%)c7vOEO|t^ zmv7YawqfanDpj*fRmA#ruE%j@cgl$j1){auOdSVUSRuK7rP_{KQ~fGJE+vb0;ToWW z{Ne?>_XC$M^ElNXY4eu^%9T~39@5PDE^_;~Zbs7!ThSzP*Halxz-CttruAE-7}+oqD6HT+$HROy$?V8SaKv?D%@q(8W7C?bVC)Q5N=Y(^oC! zWdI;1c$LqLuAH6hHY<&z;Z`2iYo2>55>{AtQOZ_c)x1rH3JTIsCf}(%#9#Xq*H(-8 ze!bJzZ`R`aL#QDMmy%T>l~QiA*t=$p;g=VBr2aI4CN|DS$Xd0tP$Tuopfh8Of786P z370%IzMpRKKHus6q9Al*-Q4vSAfcBv8DzyeL-O7D-UE=xvsL;>_w&cHghjm-Nt-eO zjJKZ7u0+3dkV$j4CgLDvjffIbuVIjxHa?3lqH?lPNazOsBTnYmy-RS?WlO#f#rytj})TS#AY)GB*?PhGXLFk4VXUW?0U+kSo_j#!#eWcbp^h z^LX8Fk8P|B3eA2r$FJz?Sjb+{dV2GQflk+3wdfSsi^{LiyB3OKVR`m1Z0rp#Oz%E1UEAGS9;9I%4`8LXb{csbGIR50gm&qimaflB|J5A$>cvXMp~T`t z9Ls|5qp0I2i^|y1M5ok~;VT>Um@yg3C-r=7YCX$4dk+sj?doo$Dov<|MmM*HI*VP5 z%2QlEWbFu9?Z!8-$%Zwxg;0_19%fXz9(aE9%;^f^T!&=%7E3OlA^O}mNGngC3bR%t zZ?r?LVU&_kYNbbGIV^xRsLC`BX)s>8P--#BuOQ4*o447%$u;xQw*gup%Co0bS(XYg z?fT%m)oin;k}MS9L7Ao|YR6DI(l)+mq2USBZrFyhvA-5bbX1RHE7X~_fH{5^cRiKhzj>SFA9fOP~bVl2%1xAPap|K^DEcN{3mtDcOS}7DCd9Zs4`E0rrEb=|25B(4w>=fD=7OtL?IXQprCgVU7idn z363rERuSdS1wXjqD(b&(P#jl&4>ae!xR)REMxVjmXru71 z>)SF*CMh9!=dIXP(Zi?JLA>|YV%VkGo5cjSX%ORh(U-ZlaO$S@cT)s(7r{Gby465}<*Qx&lZ8lLMXFTs*R z4BL`oNSoH_!ik)t16XL%KLS=kWwhR3L#Ly3zus}D8d~aY&6}IOZy&anBihyK`PSBi z+A}8ZCQofDmPx!S4jm-ihCg$AgV`~Oeehna#|D~(2`u(yJKRwJA^ny~=?!q9pEHe#EYm(h zRB(1aGmS30)2!suIzsG~vmDmP_U`r(zF}A4@y3`mf8Y2Nn;*pK9bBBKA_QIuV-=Y4 zGm%Yc$s7m!bAQw3yso{=S}!*N_CKWm&>Ga6AEIbEo*igJHc~mfJ7+2;t{TrW;Zv zN^5!2O&-{s@5DT+X0@1=JJCp4<3(D07fe(R5%TCWfX0UnkM)eO#m#`yN%a3nGnd+^3cm@{MxqU*^Rq z!});m1_rU>CJR54RqwIW$DizM&Mj{8%)6VVJNtAInb*bPr7oeo%2l^nRn#S-<+=qO zzIZ)J5C44Fd^h2#uVnUe@aEuf@sd9IA?bou5f|GI`OaQZq1T-7g}USdh8*SuF1*Tu zR@FQ4b`Np+ub(pz0uQoCw?XCxmWL}cUt$fILx;b(6 zxv0gpfzV$b~!Z6I@h;#W@Q}V7%>1tI4-o*zb=n-$BH9R?)GSLKP*8(xD=HAa0sLe8V|HbJ7U}v z`L|ly`GFXeBEN;SzJxwb4ef-{4)8>q1{jzj16+_W6u+_(wSu2K0RW4}BY=KbS2r(t zKSlmuxblSOb1|47_{#+EqR4NlZv<3x_e2As;!tr3kcJ<|M~YvG8mQoja*#Js*Zc#5 zFjC}q!sBuBV6d;RuedKn+}+a=ED3|bz!FkmDJc-a0_5fIhDZ2;+`I(NA%4eDM|&YX zF*rQN-3@q-iLiI~#w+sk6ZF78i5mfAsJ&Bb>T|P0(KM-kwObh7Z~eFYtE=6!I^BoVTazuXIpIFxnN3C75~#Ivi=d+>q#VC<3@RhJb^XmX?Mf?d?I*a!?ouibNto_6~ATkgTk|EX+XyC5wbP z{0+j;6GNye+x3?}yr z3Wb!{boay}2+N7VA{^0RoSWk>#W~^fDn>er{8Hi)|B)EEBJd6b2St8;1QKXy`X7xM z28%YuBhKlRl#!N`BM>4d2a|?MNJ9T(bOY__MJUB{P)P}Kh}195`MSsxvLP^wI4@KJ zz%Mx=8F@8NGy?DLY3ApvH6Y$*gFSR~lKcNtKggOF`CV)yvNy$sd%1gR=GzuCK^Fb@9zFYEK&1625Z&9yOJg!%n{iGJTwrf84fN52nUF~9Z_5cq3X z$Rm)yr{IO~L8E@fNx=GDg>*u=Iid;e%b`uxQeP~`WO68)#SuM_%w83>Gl zBxFHuIS2ex84F+ln6$Bvd$UD=z?mhWY#^0%T^f6ND6a9eoXo6$(yP zIqr0&#uEU5OiV{z#msMNBWv2-+??TV`(!;!*%PX%33X=EGS>??QEp+%K>LCh4WZpEv2ws|<0S{Q$R<Ko{sr#EMN9Z=ak3F~n8EiS%l@-y?w!P0G`racWYL#!BK~<~^~m71Z??>qRx;fXZAxKTQ*n@&W#}7wkl=BO8i~ z+GXUkWK-+{K%z{QkFmhy0Qgocozcr1j)^PmYF|j&WHsSrpF%#eo3O5KuEBM6zuG}o zuXQIn!&{0n-D1KbuBiBGGU&AB`o5v0w4+;XVN@Tn8S0WGCbncWrW#@q0EVVf-gvHR zT`Qppzr$oF?1U|&D-wb)l4YvNUXnymIa>IwD(dF_m5SA(4&JDp=(W5R6QI#aodom^&9IIr8 z5ea5mLW9g zAto6uct-W@I-3qB2QYL=qK8RMUko0=<|nNR2Y3>rL~#nl`cp)48ssIwnfj>-oo^Ow zI_~O}t3g!NZ{=ox0Q}|kWbYH8xO;U&i59iL02)$>leM-4B7mUoH5uyKQWl|5M=uer zTBZ(@Mj9cwV`S(PCq3%SF`Mi9Z=2eHZ))Y&)Pc9V6-Fxs?3$bSJACNoUy#YBAyLbY zIK8vrp~?A%Fs^}5og$3}L*I0)PqGrL$lNI2DuQvBvF?IzMn|QF$U?VNIz+T@%ar;| zid#pcfis2OE8$}#5Ct&qLUPvhmEodv7l5xwv33s0bHQTmb~bo{t)U79q>@CI!RgTR zZZSRNC3f&Al)9bo%v6eDm;^I_nuG>Bfmk$r&1lTZLoP z6J4~m-j_fovMM_k3!4{Nh%kyy&udo9LSFzXt}Ndw255f{3vuO!K~!W(3{#E=9u5I- zC62?=a1Q9Cx|a)^=!c=BtVCIrR*WKyL?csp;*>}CN1gRLs9|QYnBayK>&{79g_xZ& zE2&0IH85R+xltqrYv-B=&HV8LO zR?Evyr07Cf%&}xN;HFg1K0;D^VM+F+=SZ2`1wIQ*2&d&*pHl-;khuCrPH}0YXBo#12;%35 z1>>ktDDGzEeq=t;XqhxP%VR~X_9$BcDS(_mSUNEZU8memdj4QOQ&n-p!57= From 47084484d6377631c72b1d8309904d473a56a54a Mon Sep 17 00:00:00 2001 From: tmartin-s1 <121066578+tmartin-s1@users.noreply.github.com> Date: Fri, 22 Sep 2023 13:48:31 -0400 Subject: [PATCH 5/5] rename dashboard and update TA's readme. --- ...dataset_by_example.xml => sdl_by_example.xml} | 16 ++++++++-------- TA_dataset/README.md | 2 +- TA_dataset/default/data/ui/nav/default.xml | 2 +- ...dataset_by_example.xml => sdl_by_example.xml} | 16 ++++++++-------- 4 files changed, 18 insertions(+), 18 deletions(-) rename Splunk Dashboards/{dataset_by_example.xml => sdl_by_example.xml} (92%) rename TA_dataset/default/data/ui/views/{dataset_by_example.xml => sdl_by_example.xml} (92%) diff --git a/Splunk Dashboards/dataset_by_example.xml b/Splunk Dashboards/sdl_by_example.xml similarity index 92% rename from Splunk Dashboards/dataset_by_example.xml rename to Splunk Dashboards/sdl_by_example.xml index c5343bb8..8ae95bd7 100644 --- a/Splunk Dashboards/dataset_by_example.xml +++ b/Splunk Dashboards/sdl_by_example.xml @@ -45,9 +45,9 @@ - Searching Your Data in DataSet + Searching Your Data in Singularity Data Lake - This dashboard will help get you started on your journey. The first thing you'll want to do after configuring your DataSet Read API Key is to run a simple test to make sure you can access Dataset. + This dashboard will help get you started on your journey. The first thing you'll want to do after configuring your Singularity Data Lake Read API Key is to run a simple test to make sure you can access Singularity Data Lake. @@ -78,8 +78,8 @@ -

    Now let's talk about executing queries against DataSet.

    - The first thing you need to know is that this Add-On provides four methods to query DataSet: +

    Now let's talk about executing queries against Singularity Data Lake.

    + The first thing you need to know is that this Add-On provides four methods to query Singularity Data Lake:
    1. Base Data Query - This will return the raw event data (fast, but very verbose). This type of query returns all evetn data so be mindful of the amount of data pushed across the wire and held in memory.
      2. @@ -142,7 +142,7 @@ All - + $baseQuery$ @@ -166,7 +166,7 @@ - Now let's select a field to aggregate statistics on in DataSet. (This is exponentially better performance than returning all data and using SPL to summarize.) + Now let's select a field to aggregate statistics on in Singularity Data Lake. (This is exponentially better performance than returning all data and using SPL to summarize.) tag @@ -187,7 +187,7 @@ - 2. PowerQuery: Aggregate in DataSet and display in Splunk! + 2. PowerQuery: Aggregate in Singularity Data Lake and display in Splunk! $basePowerQuery$ @@ -212,7 +212,7 @@ - 3. Facet Query: Aggregate in DataSet, Facet by a specific field and display in Splunk! + 3. Facet Query: Aggregate in Singularity Data Lake, Facet by a specific field and display in Splunk! $baseFacetQuery$ diff --git a/TA_dataset/README.md b/TA_dataset/README.md index 0303fd8a..7a29b002 100644 --- a/TA_dataset/README.md +++ b/TA_dataset/README.md @@ -1,5 +1,5 @@ # TA_dataset -This add-on integrates with [DataSet](https://www.dataset.com) by [SentinelOne](https://www.sentinelone.com). +This add-on integrates with [DataSet](https://www.dataset.com) and [Singularity Data Lake](https://www.sentinelone.com/platform/xdr-ingestion) by [SentinelOne](https://www.sentinelone.com). For more information, see the [GitHub](https://github.com/scalyr/dataset-addon-for-splunk) repository. ##### Note diff --git a/TA_dataset/default/data/ui/nav/default.xml b/TA_dataset/default/data/ui/nav/default.xml index 21af67a7..1912e765 100644 --- a/TA_dataset/default/data/ui/nav/default.xml +++ b/TA_dataset/default/data/ui/nav/default.xml @@ -21,7 +21,7 @@ - + diff --git a/TA_dataset/default/data/ui/views/dataset_by_example.xml b/TA_dataset/default/data/ui/views/sdl_by_example.xml similarity index 92% rename from TA_dataset/default/data/ui/views/dataset_by_example.xml rename to TA_dataset/default/data/ui/views/sdl_by_example.xml index c5343bb8..8ae95bd7 100644 --- a/TA_dataset/default/data/ui/views/dataset_by_example.xml +++ b/TA_dataset/default/data/ui/views/sdl_by_example.xml @@ -45,9 +45,9 @@ - Searching Your Data in DataSet + Searching Your Data in Singularity Data Lake - This dashboard will help get you started on your journey. The first thing you'll want to do after configuring your DataSet Read API Key is to run a simple test to make sure you can access Dataset. + This dashboard will help get you started on your journey. The first thing you'll want to do after configuring your Singularity Data Lake Read API Key is to run a simple test to make sure you can access Singularity Data Lake. @@ -78,8 +78,8 @@ -

      Now let's talk about executing queries against DataSet.

      - The first thing you need to know is that this Add-On provides four methods to query DataSet: +

      Now let's talk about executing queries against Singularity Data Lake.

      + The first thing you need to know is that this Add-On provides four methods to query Singularity Data Lake:
      1. Base Data Query - This will return the raw event data (fast, but very verbose). This type of query returns all evetn data so be mindful of the amount of data pushed across the wire and held in memory.
        2. @@ -142,7 +142,7 @@ All - + $baseQuery$ @@ -166,7 +166,7 @@ - Now let's select a field to aggregate statistics on in DataSet. (This is exponentially better performance than returning all data and using SPL to summarize.) + Now let's select a field to aggregate statistics on in Singularity Data Lake. (This is exponentially better performance than returning all data and using SPL to summarize.) tag @@ -187,7 +187,7 @@ - 2. PowerQuery: Aggregate in DataSet and display in Splunk! + 2. PowerQuery: Aggregate in Singularity Data Lake and display in Splunk! $basePowerQuery$ @@ -212,7 +212,7 @@ - 3. Facet Query: Aggregate in DataSet, Facet by a specific field and display in Splunk! + 3. Facet Query: Aggregate in Singularity Data Lake, Facet by a specific field and display in Splunk! $baseFacetQuery$