From d26102d8b4477387eede6ce4b8843f395d706041 Mon Sep 17 00:00:00 2001
From: bruzzechesse <bruzzechesse@google.com>
Date: Tue, 21 Apr 2026 14:48:34 +0200
Subject: [PATCH 1/5] new secops-feeds module

---
 blueprints/secops-instance/README.md          |    8 +-
 blueprints/secops-instance/feeds.tf           |  217 +-
 blueprints/secops-instance/variables.tf       |   19 +-
 blueprints/secops-instance/workspace.tf       |  180 +-
 modules/secops-feeds/README.md                |  119 +
 modules/secops-feeds/images/diagram.png       |  Bin 0 -> 92629 bytes
 modules/secops-feeds/main.tf                  | 1448 +++++++++++
 modules/secops-feeds/outputs.tf               |   21 +
 modules/secops-feeds/variables.tf             |  826 ++++++
 modules/secops-feeds/versions.tf              |   27 +
 tests/blueprints/secops-instance/basic.yaml   | 2265 -----------------
 .../modules/secops_feeds/examples/basic.yaml  |  116 +
 12 files changed, 2793 insertions(+), 2453 deletions(-)
 create mode 100644 modules/secops-feeds/README.md
 create mode 100644 modules/secops-feeds/images/diagram.png
 create mode 100644 modules/secops-feeds/main.tf
 create mode 100644 modules/secops-feeds/outputs.tf
 create mode 100644 modules/secops-feeds/variables.tf
 create mode 100644 modules/secops-feeds/versions.tf
 create mode 100644 tests/modules/secops_feeds/examples/basic.yaml

diff --git a/blueprints/secops-instance/README.md b/blueprints/secops-instance/README.md
index 62dc973..99071bc 100644
--- a/blueprints/secops-instance/README.md
+++ b/blueprints/secops-instance/README.md
@@ -259,7 +259,7 @@ This blueprint allows further tailoring of the SecOps instance to match specific
 | [casestages.tf](./casestages.tf) | None |  | <code>restful_resource</code> |
 | [closedefinition.tf](./closedefinition.tf) | None |  | <code>restful_resource</code> |
 | [environments.tf](./environments.tf) | None |  | <code>restful_resource</code> |
-| [feeds.tf](./feeds.tf) | None |  | <code>restful_operation</code> · <code>restful_resource</code> |
+| [feeds.tf](./feeds.tf) | None | <code>secops-feeds</code> | <code>restful_operation</code> |
 | [logtypes.tf](./logtypes.tf) | None |  | <code>restful_resource</code> |
 | [main.tf](./main.tf) | Project and IAM. | <code>project</code> | <code>google_apikeys_key</code> |
 | [monitoring.tf](./monitoring.tf) | Cloud Monitoring. |  | <code>google_monitoring_alert_policy</code> · <code>google_monitoring_notification_channel</code> |
@@ -269,7 +269,7 @@ This blueprint allows further tailoring of the SecOps instance to match specific
 | [secrets.tf](./secrets.tf) | None | <code>secret-manager</code> |  |
 | [variables.tf](./variables.tf) | Module variables. |  |  |
 | [versions.tf](./versions.tf) | Version pins. |  |  |
-| [workspace.tf](./workspace.tf) | None | <code>iam-service-account</code> | <code>google_service_account_key</code> · <code>restful_resource</code> |
+| [workspace.tf](./workspace.tf) | None | <code>iam-service-account</code> · <code>secops-feeds</code> | <code>google_service_account_key</code> |
 
 ## Variables
 
@@ -288,8 +288,8 @@ This blueprint allows further tailoring of the SecOps instance to match specific
 | [secops_envs](variables.tf#L151) | A map of SecOps environments to provision. Optional fields fall back to these built-in defaults if omitted. | <code title="map&#40;object&#40;&#123;&#10;  display_name       &#61; string&#10;  description        &#61; string&#10;  aliases            &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;  contact            &#61; string&#10;  contact_email      &#61; string&#10;  contact_phone      &#61; string&#10;  retention_duration &#61; number&#10;  instance_uri       &#61; optional&#40;string, null&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |  |
 | [secops_group_principals](variables.tf#L166) | Groups ID in IdP assigned to SecOps admins, editors, viewers roles. | <code title="object&#40;&#123;&#10;  admins  &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;  editors &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;  viewers &#61; optional&#40;list&#40;string&#41;, &#91;&#93;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |  |
 | [secops_iam](variables.tf#L176) | SecOps IAM configuration in {PRINCIPAL => {roles => [ROLES], scopes => [SCOPES]}} format. | <code title="map&#40;object&#40;&#123;&#10;  roles  &#61; list&#40;string&#41;&#10;  scopes &#61; optional&#40;list&#40;string&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |  |
-| [third_party_integration_config](variables.tf#L194) | SecOps Feeds configuration for Workspace logs and entities ingestion. | <code title="object&#40;&#123;&#10;  azure_ad &#61; optional&#40;object&#40;&#123;&#10;    oauth_credentials &#61; object&#40;&#123;&#10;      client_id     &#61; string&#10;      client_secret &#61; string&#10;    &#125;&#41;&#10;    retrieve_devices &#61; optional&#40;bool, true&#41;&#10;    retrieve_groups  &#61; optional&#40;bool, true&#41;&#10;    tenant_id        &#61; string&#10;  &#125;&#41;&#41;&#10;  okta &#61; optional&#40;object&#40;&#123;&#10;    auth_header_key_values     &#61; map&#40;string&#41;&#10;    hostname                   &#61; string&#10;    manager_id_reference_field &#61; string&#10;  &#125;&#41;&#41;&#10;  workspace &#61; optional&#40;object&#40;&#123;&#10;    customer_id    &#61; string&#10;    delegated_user &#61; string&#10;    applications &#61; optional&#40;list&#40;string&#41;, &#91;&#34;access_transparency&#34;, &#34;admin&#34;, &#34;calendar&#34;, &#34;chat&#34;, &#34;drive&#34;, &#34;gcp&#34;,&#10;      &#34;gplus&#34;, &#34;groups&#34;, &#34;groups_enterprise&#34;, &#34;jamboard&#34;, &#34;login&#34;, &#34;meet&#34;, &#34;mobile&#34;, &#34;rules&#34;, &#34;saml&#34;, &#34;token&#34;,&#10;      &#34;user_accounts&#34;, &#34;context_aware_access&#34;, &#34;chrome&#34;, &#34;data_studio&#34;, &#34;keep&#34;,&#10;    &#93;&#41;&#10;  &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |  |
-| [webhook_feeds_config](variables.tf#L223) | SecOps Webhook feeds config. | <code title="map&#40;object&#40;&#123;&#10;  display_name &#61; optional&#40;string&#41;&#10;  log_type     &#61; string&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |  |
+| [third_party_integration_config](variables.tf#L194) | SecOps Feeds configuration for Workspace logs and entities ingestion. | <code title="object&#40;&#123;&#10;  azure_ad &#61; optional&#40;object&#40;&#123;&#10;    secret_manager_config &#61; optional&#40;object&#40;&#123;&#10;      region      &#61; string&#10;      secret_name &#61; string&#10;      version     &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;    oauth_credentials &#61; object&#40;&#123;&#10;      client_id     &#61; string&#10;      client_secret &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#10;    retrieve_devices &#61; optional&#40;bool, true&#41;&#10;    retrieve_groups  &#61; optional&#40;bool, true&#41;&#10;    tenant_id        &#61; string&#10;  &#125;&#41;&#41;&#10;  okta &#61; optional&#40;object&#40;&#123;&#10;    api_key                    &#61; string&#10;    hostname                   &#61; string&#10;    manager_id_reference_field &#61; string&#10;    secret_manager_config &#61; optional&#40;object&#40;&#123;&#10;      region      &#61; string&#10;      secret_name &#61; string&#10;      version     &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;  workspace &#61; optional&#40;object&#40;&#123;&#10;    customer_id    &#61; string&#10;    delegated_user &#61; string&#10;    applications &#61; optional&#40;list&#40;string&#41;, &#91;&#34;access_transparency&#34;, &#34;admin&#34;, &#34;calendar&#34;, &#34;chat&#34;, &#34;drive&#34;, &#34;gcp&#34;,&#10;      &#34;gplus&#34;, &#34;groups&#34;, &#34;groups_enterprise&#34;, &#34;jamboard&#34;, &#34;login&#34;, &#34;meet&#34;, &#34;mobile&#34;, &#34;rules&#34;, &#34;saml&#34;, &#34;token&#34;,&#10;      &#34;user_accounts&#34;, &#34;context_aware_access&#34;, &#34;chrome&#34;, &#34;data_studio&#34;, &#34;keep&#34;,&#10;    &#93;&#41;&#10;  &#125;&#41;&#41;&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> |  | <code>&#123;&#125;</code> |  |
+| [webhook_feeds_config](variables.tf#L233) | SecOps Webhook feeds config. | <code title="map&#40;object&#40;&#123;&#10;  display_name    &#61; optional&#40;string&#41;&#10;  log_type        &#61; string&#10;  split_delimiter &#61; optional&#40;string&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |  |
 
 ## Outputs
 
diff --git a/blueprints/secops-instance/feeds.tf b/blueprints/secops-instance/feeds.tf
index 0dd61bd..444fb4f 100644
--- a/blueprints/secops-instance/feeds.tf
+++ b/blueprints/secops-instance/feeds.tf
@@ -1,5 +1,5 @@
 /**
- * Copyright 2025 Google LLC
+ * Copyright 2026 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -14,134 +14,119 @@
  * limitations under the License.
  */
 
-locals {
-  azure_ad_feeds = {
-    azure-ad = {
-      log_type  = "AZURE_AD"
-      feed_type = "azure_ad_settings"
-      hostname  = "graph.microsoft.com/v1.0/auditLogs/signIns"
-    }
-    azure-ad-audit = {
-      log_type  = "AZURE_AD_AUDIT"
-      feed_type = "azure_ad_audit_settings"
-      hostname  = "graph.microsoft.com/v1.0/auditLogs/directoryAudits"
-    }
-    azure-ad-context = {
-      log_type  = "AZURE_AD_CONTEXT"
-      feed_type = "azure_ad_context_settings"
-      hostname  = "graph.microsoft.com/beta"
-    }
-  }
-  okta_feeds = {
-    okta = {
-      log_type  = "OKTA"
-      feed_type = "okta_settings"
+module "webhook_feeds" {
+  source = "../../modules/secops-feeds"
+  secops_config = merge(var.secops_tenant_config, {
+    project = module.project.project_id
+  })
+  feeds = { for key, value in var.webhook_feeds_config : key => {
+    display_name = value.display_name
+    log_type     = value.log_type
+    https_push_webhook_settings = {
+      split_delimiter = value.split_delimiter
     }
-    okta-user-context = {
-      log_type  = "OKTA_USER_CONTEXT"
-      feed_type = "okta_user_context_settings"
-    }
-  }
-  secops_webhook_feeds_id = {
-    for key, value in restful_resource.webhook_feeds : key =>
-    [for feed in value.output.feeds : element(split("/", feed.name), length(split("/", feed.name)) - 1)
-    if try(feed.displayName == lower(key), false)][0]
-  }
-}
-
-resource "restful_resource" "webhook_feeds" {
-  for_each        = var.webhook_feeds_config
-  path            = local.secops_feeds_api_path
-  create_method   = "POST"
-  delete_method   = "DELETE"
-  check_existance = false
-  delete_path     = "$query_unescape(body.name)"
-  read_selector   = "feeds.#(displayName==\"${lower(each.key)}\")"
-  body = {
-    name : lower(each.key),
-    display_name : coalesce(each.value.display_name, lower(each.key)),
-    details : {
-      feed_source_type : "HTTPS_PUSH_WEBHOOK",
-      log_type : "projects/${module.project.project_id}/locations/${var.secops_tenant_config.region}/instances/${var.secops_tenant_config.customer_id}/logTypes/${each.key}",
-      httpsPushWebhookSettings : {}
-    }
-  }
-  write_only_attrs = ["details"]
-  lifecycle {
-    ignore_changes = [body, output]
-  }
+  } }
 }
 
 resource "restful_operation" "webhook_feeds_secret" {
   for_each = var.webhook_feeds_config
-  path     = "${local.secops_feeds_api_path}/${local.secops_webhook_feeds_id[each.key]}:generateSecret"
+  path     = "${local.secops_feeds_api_path}/${module.webhook_feeds.feeds_id[each.key]}:generateSecret"
   method   = "POST"
 }
 
 # Azure AD feeds
-
-resource "restful_resource" "azure_ad_feeds" {
-  for_each        = var.third_party_integration_config.azure_ad == null ? {} : local.azure_ad_feeds
-  path            = local.secops_feeds_api_path
-  create_method   = "POST"
-  delete_method   = "DELETE"
-  check_existance = false
-  delete_path     = "$query_unescape(body.name)"
-  read_selector   = "feeds.#(displayName==\"${lower(each.key)}\")"
-  body = {
-    "name" : lower(each.key),
-    "display_name" : lower(each.key),
-    "details" : {
-      feed_source_type : "API",
-      log_type : "projects/${module.project.project_id}/locations/${var.secops_tenant_config.region}/instances/${var.secops_tenant_config.customer_id}/logTypes/${each.value.log_type}",
-      (each.value.feed_type) : merge({
-        authentication : {
-          client_id : var.third_party_integration_config.azure_ad.oauth_credentials.client_id,
-          client_secret : var.third_party_integration_config.azure_ad.oauth_credentials.client_secret,
-        },
-        hostname : each.value.hostname,
-        auth_endpoint : "login.microsoftonline.com",
-        tenant_id : var.third_party_integration_config.azure_ad.tenant_id,
-        }, each.key == "azure-ad-context" ? {
-        retrieve_groups : var.third_party_integration_config.azure_ad.retrieve_groups
-        retrieve_devices : var.third_party_integration_config.azure_ad.retrieve_devices
-      } : {})
+module "azure_ad_feeds" {
+  count  = var.third_party_integration_config.azure_ad == null ? 0 : 1
+  source = "../../modules/secops-feeds"
+  secops_config = merge(var.secops_tenant_config, {
+    project = module.project.project_id
+  })
+  feeds = {
+    azure-ad = {
+      display_name          = "Azure AD",
+      secret_manager_config = var.third_party_integration_config.azure_ad.secret_manager_config,
+      azure_ad_settings = {
+        auth_endpoint = "login.microsoftonline.com",
+        hostname      = "graph.microsoft.com/v1.0/auditLogs/signIns",
+        tenant_id     = var.third_party_integration_config.azure_ad.tenant_id,
+        authentication = {
+          client_id     = var.third_party_integration_config.azure_ad.oauth_credentials.client_id
+          client_secret = var.third_party_integration_config.azure_ad.oauth_credentials.client_secret
+        }
+      }
+      log_type = "AZURE_AD"
+    }
+    azure-ad-audit = {
+      display_name          = "Azure AD Audit",
+      secret_manager_config = var.third_party_integration_config.azure_ad.secret_manager_config,
+      azure_ad_audit_settings = {
+        auth_endpoint = "login.microsoftonline.com",
+        hostname      = "graph.microsoft.com/v1.0/auditLogs/directoryAudits",
+        tenant_id     = var.third_party_integration_config.azure_ad.tenant_id,
+        authentication = {
+          client_id     = var.third_party_integration_config.azure_ad.oauth_credentials.client_id
+          client_secret = var.third_party_integration_config.azure_ad.oauth_credentials.client_secret
+        }
+      }
+      log_type = "AZURE_AD_AUDIT"
+    }
+    azure-ad-context = {
+      display_name          = "Azure AD Context",
+      secret_manager_config = var.third_party_integration_config.azure_ad.secret_manager_config,
+      azure_ad_context_settings = {
+        auth_endpoint = "login.microsoftonline.com",
+        hostname      = "graph.microsoft.com/beta",
+        tenant_id     = var.third_party_integration_config.azure_ad.tenant_id,
+        authentication = {
+          client_id     = var.third_party_integration_config.azure_ad.oauth_credentials.client_id
+          client_secret = var.third_party_integration_config.azure_ad.oauth_credentials.client_secret
+        }
+      }
+      log_type = "AZURE_AD_CONTEXT"
     }
-  }
-  write_only_attrs = ["details"]
-  lifecycle {
-    ignore_changes = [body, output]
   }
 }
 
-# Okta feeds
-
-resource "restful_resource" "okta_ad_feeds" {
-  for_each        = var.third_party_integration_config.okta == null ? {} : local.okta_feeds
-  path            = local.secops_feeds_api_path
-  create_method   = "POST"
-  delete_method   = "DELETE"
-  check_existance = false
-  delete_path     = "$query_unescape(body.name)"
-  read_selector   = "feeds.#(displayName==\"${lower(each.key)}\")"
-  body = {
-    "name" : lower(each.key),
-    "display_name" : lower(each.key),
-    "details" : {
-      "feed_source_type" : "API",
-      "log_type" : "projects/${module.project.project_id}/locations/${var.secops_tenant_config.region}/instances/${var.secops_tenant_config.customer_id}/logTypes/${each.value.log_type}",
-      (each.value.feed_type) : merge({
-        "authentication" : {
-          "header_key_values" : [for k, v in var.third_party_integration_config.okta.auth_header_key_values : { key = k, value = v }]
+# Okta Feeds
+module "okta_feeds" {
+  count  = var.third_party_integration_config.okta == null ? 0 : 1
+  source = "../../modules/secops-feeds"
+  secops_config = merge(var.secops_tenant_config, {
+    project = module.project.project_id
+  })
+  feeds = {
+    okta = {
+      display_name          = "Okta",
+      secret_manager_config = var.third_party_integration_config.okta.secret_manager_config,
+      okta_settings = {
+        authentication = {
+          header_key_values = [
+            {
+              key   = "Authorization"
+              value = var.third_party_integration_config.okta.api_key
+            }
+          ]
         },
-        "hostname" : var.third_party_integration_config.okta.hostname
-        }, each.key == "okta-user-context" ? {
-        "manager_id_reference_field" : var.third_party_integration_config.okta.manager_id_reference_field
-      } : {})
+        hostname = var.third_party_integration_config.okta.hostname
+      }
+      log_type = "OKTA"
+    }
+    okta-user-context = {
+      display_name          = "Okta User Context",
+      secret_manager_config = var.third_party_integration_config.okta.secret_manager_config,
+      okta_user_context_settings = {
+        authentication = {
+          header_key_values = [
+            {
+              key   = "Authorization"
+              value = var.third_party_integration_config.okta.api_key
+            }
+          ]
+        },
+        hostname                   = var.third_party_integration_config.okta.hostname,
+        manager_id_reference_field = var.third_party_integration_config.okta.manager_id_reference_field
+      }
+      log_type = "OKTA_USER_CONTEXT"
     }
   }
-  write_only_attrs = ["details"]
-  lifecycle {
-    ignore_changes = [body, output]
-  }
-}
\ No newline at end of file
+}
diff --git a/blueprints/secops-instance/variables.tf b/blueprints/secops-instance/variables.tf
index 304fd8c..13fb1ab 100644
--- a/blueprints/secops-instance/variables.tf
+++ b/blueprints/secops-instance/variables.tf
@@ -195,18 +195,28 @@ variable "third_party_integration_config" {
   description = "SecOps Feeds configuration for Workspace logs and entities ingestion."
   type = object({
     azure_ad = optional(object({
+      secret_manager_config = optional(object({
+        region      = string
+        secret_name = string
+        version     = optional(string)
+      }))
       oauth_credentials = object({
         client_id     = string
-        client_secret = string
+        client_secret = optional(string)
       })
       retrieve_devices = optional(bool, true)
       retrieve_groups  = optional(bool, true)
       tenant_id        = string
     }))
     okta = optional(object({
-      auth_header_key_values     = map(string)
+      api_key                    = string
       hostname                   = string
       manager_id_reference_field = string
+      secret_manager_config = optional(object({
+        region      = string
+        secret_name = string
+        version     = optional(string)
+      }))
     }))
     workspace = optional(object({
       customer_id    = string
@@ -223,8 +233,9 @@ variable "third_party_integration_config" {
 variable "webhook_feeds_config" {
   description = "SecOps Webhook feeds config."
   type = map(object({
-    display_name = optional(string)
-    log_type     = string
+    display_name    = optional(string)
+    log_type        = string
+    split_delimiter = optional(string)
   }))
   default  = {}
   nullable = false
diff --git a/blueprints/secops-instance/workspace.tf b/blueprints/secops-instance/workspace.tf
index 225b4bf..76705e3 100644
--- a/blueprints/secops-instance/workspace.tf
+++ b/blueprints/secops-instance/workspace.tf
@@ -1,5 +1,5 @@
 /**
- * Copyright 2025 Google LLC
+ * Copyright 2026 Google LLC
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -14,35 +14,6 @@
  * limitations under the License.
  */
 
-locals {
-  workspace_feeds = {
-    ws-users = {
-      log_type  = "WORKSPACE_USERS"
-      feed_type = "workspace_users_settings"
-    }
-    ws-activity = {
-      log_type  = "WORKSPACE_ACTIVITY"
-      feed_type = "workspace_activity_settings"
-    }
-    ws-alerts = {
-      log_type  = "WORKSPACE_ALERTS"
-      feed_type = "workspace_alerts_settings"
-    }
-    ws-mobile = {
-      log_type  = "WORKSPACE_MOBILE"
-      feed_type = "workspace_mobile_settings"
-    }
-    ws-chrome = {
-      log_type  = "WORKSPACE_CHROMEOS"
-      feed_type = "workspace_chrome_os_settings"
-    }
-    ws-group = {
-      log_type  = "WORKSPACE_GROUPS"
-      feed_type = "workspace_groups_settings"
-    }
-  }
-}
-
 # Workspace logs integration SA
 module "workspace-integration-sa" {
   source     = "github.com/GoogleCloudPlatform/cloud-foundation-fabric//modules/iam-service-account"
@@ -56,41 +27,122 @@ resource "google_service_account_key" "workspace_integration_key" {
   service_account_id = module.workspace-integration-sa[0].email
 }
 
-resource "restful_resource" "workspace_feeds" {
-  for_each        = var.third_party_integration_config.workspace == null ? {} : local.workspace_feeds
-  path            = local.secops_feeds_api_path
-  create_method   = "POST"
-  delete_method   = "DELETE"
-  check_existance = false
-  delete_path     = "$query_unescape(body.name)"
-  read_selector   = "feeds.#(displayName==\"${each.key}\")"
-  body = {
-    "display_name" : each.key,
-    "details" : {
-      "feed_source_type" : "API",
-      "log_type" : "projects/${module.project.project_id}/locations/${var.secops_tenant_config.region}/instances/${var.secops_tenant_config.customer_id}/logTypes/${each.value.log_type}",
-      "asset_namespace" : "",
-      "labels" : {},
-      (each.value.feed_type) : merge({
-        "authentication" : {
-          "token_endpoint" : "https://oauth2.googleapis.com/token",
-          "claims" : {
-            "issuer" : module.workspace-integration-sa[0].email,
-            "subject" : var.third_party_integration_config.workspace.delegated_user,
-            "audience" : "https://oauth2.googleapis.com/token"
-          },
-          rs_credentials : {
-            private_key : jsondecode(base64decode(google_service_account_key.workspace_integration_key[0].private_key)).private_key
+module "workspace-feeds" {
+  source = "../../modules/secops-feeds"
+  count  = var.third_party_integration_config.workspace == null ? 0 : 1
+  secops_config = merge(var.secops_tenant_config, {
+    project = module.project.project_id
+  })
+  feeds = {
+    ws-users = {
+      display_name = "Workspace Users"
+      log_type     = "WORKSPACE_USERS"
+      workspace_users_settings = {
+        workspace_customer_id = var.third_party_integration_config.workspace.customer_id
+        projection_type       = "FULL_PROJECTION"
+        authentication = {
+          token_endpoint = "https://oauth2.googleapis.com/token",
+          claims = {
+            audience = "https://oauth2.googleapis.com/token",
+            issuer   = module.workspace-integration-sa[0].email,
+            subject  = var.third_party_integration_config.workspace.delegated_user
+          }
+          rs_credentials = {
+            private_key = jsondecode(base64decode(google_service_account_key.workspace_integration_key[0].private_key)).private_key
           }
-        },
-        workspace_customer_id : each.key == "ws-alerts" ? trimprefix(var.third_party_integration_config.workspace.customer_id, "C") : var.third_party_integration_config.workspace.customer_id
-        }, each.key == "ws-activity" ? {
-        applications : var.third_party_integration_config.workspace.applications
-      } : {})
+        }
+      }
+    }
+    ws-activity = {
+      display_name = "Workspace Activity"
+      log_type     = "WORKSPACE_ACTIVITY"
+      workspace_activity_settings = {
+        workspace_customer_id = var.third_party_integration_config.workspace.customer_id
+        applications          = var.third_party_integration_config.workspace.applications
+        authentication = {
+          token_endpoint = "https://oauth2.googleapis.com/token",
+          claims = {
+            audience = "https://oauth2.googleapis.com/token",
+            issuer   = module.workspace-integration-sa[0].email,
+            subject  = var.third_party_integration_config.workspace.delegated_user
+          }
+          rs_credentials = {
+            private_key = jsondecode(base64decode(google_service_account_key.workspace_integration_key[0].private_key)).private_key
+          }
+        }
+      }
+    }
+    ws-alerts = {
+      display_name = "Workspace Alerts"
+      log_type     = "WORKSPACE_ALERTS"
+      workspace_alerts_settings = {
+        workspace_customer_id = var.third_party_integration_config.workspace.customer_id
+        authentication = {
+          token_endpoint = "https://oauth2.googleapis.com/token",
+          claims = {
+            audience = "https://oauth2.googleapis.com/token",
+            issuer   = module.workspace-integration-sa[0].email,
+            subject  = var.third_party_integration_config.workspace.delegated_user
+          }
+          rs_credentials = {
+            private_key = jsondecode(base64decode(google_service_account_key.workspace_integration_key[0].private_key)).private_key
+          }
+        }
+      }
+    }
+    ws-mobile = {
+      display_name = "Workspace Mobile"
+      log_type     = "WORKSPACE_MOBILE"
+      workspace_mobile_settings = {
+        workspace_customer_id = var.third_party_integration_config.workspace.customer_id
+        authentication = {
+          token_endpoint = "https://oauth2.googleapis.com/token",
+          claims = {
+            audience = "https://oauth2.googleapis.com/token",
+            issuer   = module.workspace-integration-sa[0].email,
+            subject  = var.third_party_integration_config.workspace.delegated_user
+          }
+          rs_credentials = {
+            private_key = jsondecode(base64decode(google_service_account_key.workspace_integration_key[0].private_key)).private_key
+          }
+        }
+      }
+    }
+    ws-chrome = {
+      display_name = "Workspace ChromeOS"
+      log_type     = "WORKSPACE_CHROMEOS"
+      workspace_chrome_os_settings = {
+        workspace_customer_id = var.third_party_integration_config.workspace.customer_id
+        authentication = {
+          token_endpoint = "https://oauth2.googleapis.com/token",
+          claims = {
+            audience = "https://oauth2.googleapis.com/token",
+            issuer   = module.workspace-integration-sa[0].email,
+            subject  = var.third_party_integration_config.workspace.delegated_user
+          }
+          rs_credentials = {
+            private_key = jsondecode(base64decode(google_service_account_key.workspace_integration_key[0].private_key)).private_key
+          }
+        }
+      }
+    }
+    ws-group = {
+      display_name = "Workspace Groups"
+      log_type     = "WORKSPACE_GROUPS"
+      workspace_groups_settings = {
+        workspace_customer_id = var.third_party_integration_config.workspace.customer_id
+        authentication = {
+          token_endpoint = "https://oauth2.googleapis.com/token",
+          claims = {
+            audience = "https://oauth2.googleapis.com/token",
+            issuer   = module.workspace-integration-sa[0].email,
+            subject  = var.third_party_integration_config.workspace.delegated_user
+          }
+          rs_credentials = {
+            private_key = jsondecode(base64decode(google_service_account_key.workspace_integration_key[0].private_key)).private_key
+          }
+        }
+      }
     }
-  }
-  write_only_attrs = ["details"]
-  lifecycle {
-    ignore_changes = [body, output]
   }
 }
diff --git a/modules/secops-feeds/README.md b/modules/secops-feeds/README.md
new file mode 100644
index 0000000..ec05bad
--- /dev/null
+++ b/modules/secops-feeds/README.md
@@ -0,0 +1,119 @@
+# SecOps Feeds Terraform Module
+
+This module creates and manages SecOps Feeds using the `google_chronicle_feed` resource from the Google Provider (beta).
+
+It supports a wide variety of feed source types, and the `feed_source_type` is automatically determined based on the settings provided.
+
+<p align="center">
+  <img src="images/diagram.png" alt="SecOps Feeds module">
+</p>
+
+<!-- BEGIN TOC -->
+- [Usage](#usage)
+- [Tests](#tests)
+- [Variables](#variables)
+- [Outputs](#outputs)
+<!-- END TOC -->
+
+## Usage
+
+To use this module, you need to define a map of feeds in the `feeds` variable. Each feed is an object with common properties and a specific settings block for the desired source type.
+
+```terraform
+module "chronicle_feeds" {
+  source = "./modules/secops-feeds"
+
+  feeds = {
+    # Sample Workspace feed
+    ws-activity = {
+      display_name = "Workspace Activity"
+      log_type     = "WORKSPACE_ACTIVITY"
+      workspace_activity_settings = {
+        workspace_customer_id = "C0000000"
+        applications          = ["admin", "calendar", "chat", "drive", "gcp", "gplus", "groups", "groups_enterprise", "jamboard", "login", "meet", "mobile", "rules", "saml", "token", "user_accounts", "context_aware_access", "chrome", "data_studio", "keep"]
+        authentication = {
+          token_endpoint = "https://oauth2.googleapis.com/token",
+          claims = {
+            audience = "https://oauth2.googleapis.com/token",
+            issuer   = "service-account-email@project-id.iam.gserviceaccount.com",
+            subject  = "delegated-user@domain.com"
+          }
+          rs_credentials = {
+            private_key = "private-key"
+          }
+        }
+      }
+    }
+    # Sample Azure AD feed with client_secret from Secret Manager
+    azure-ad = {
+      display_name = "Azure AD",
+      secret_manager_config = {
+        region      = "europe-west8",
+        secret_name = "azure-ad-credentials"
+      }
+      azure_ad_settings = {
+        auth_endpoint = "login.microsoftonline.com",
+        hostname      = "graph.microsoft.com/v1.0/auditLogs/signIns",
+        tenant_id     = "xxxxxxxxxxxxxxxx",
+        authentication = {
+          client_id     = "xxxxxxxxxxxxxxxx"
+        }
+      }
+      log_type = "AZURE_AD"
+    }
+    # Sample Azure AD feed with inline client_secret
+    azure-ad-2 = {
+      display_name = "Azure AD 2",
+      azure_ad_settings = {
+        auth_endpoint = "login.microsoftonline.com",
+        hostname      = "graph.microsoft.com/v1.0/auditLogs/signIns",
+        tenant_id     = "xxxxxxxxxxxxxxxx",
+        authentication = {
+          client_id     = "xxxxxxxxxxxxxxxx",
+          client_secret = "xxxxxxxxxxxxxxxx"
+        }
+      }
+      log_type = "AZURE_AD"
+    }
+  }
+}
+```
+
+## Tests
+
+```hcl
+module "secops" {
+  source        = "./secops-toolkit/modules/secops-feeds"
+  secops_config = var.secops_config
+  feeds = {
+    azure-ad = {
+      display_name = "Azure AD",
+      azure_ad_settings = {
+        auth_endpoint = "login.microsoftonline.com",
+        hostname      = "graph.microsoft.com/v1.0/auditLogs/signIns",
+        tenant_id     = "xxxxxxxxxxxxxxxx",
+        authentication = {
+          client_id     = "xxxxxxxxxxxxxxxx",
+          client_secret = "xxxxxxxxxxxxxxxx"
+        }
+      }
+      log_type = "AZURE_AD"
+    }
+  }
+}
+# tftest modules=1 resources=1 inventory=basic.yaml
+```
+<!-- BEGIN TFDOC -->
+## Variables
+
+| name | description | type | required | default |
+|---|---|:---:|:---:|:---:|
+| [secops_config](variables.tf#L819) | SecOps configuration. | <code title="object&#40;&#123;&#10;  customer_id &#61; string&#10;  project     &#61; string&#10;  region      &#61; string&#10;&#125;&#41;">object&#40;&#123;&#8230;&#125;&#41;</code> | ✓ |  |
+| [feeds](variables.tf#L17) | A map of Chronicle feeds to create. | <code title="map&#40;object&#40;&#123;&#10;  display_name    &#61; string&#10;  log_type        &#61; string&#10;  enabled         &#61; optional&#40;bool, true&#41;&#10;  asset_namespace &#61; optional&#40;string&#41;&#10;  labels          &#61; optional&#40;map&#40;string&#41;&#41;&#10;&#10;&#10;  secret_manager_config &#61; optional&#40;object&#40;&#123;&#10;    region      &#61; string&#10;    secret_name &#61; string&#10;    version     &#61; optional&#40;string&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  amazon_s3_settings &#61; optional&#40;object&#40;&#123;&#10;    s3_uri                 &#61; string&#10;    source_deletion_option &#61; string&#10;    source_type            &#61; string&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      region            &#61; string&#10;      access_key_id     &#61; optional&#40;string&#41;&#10;      secret_access_key &#61; optional&#40;string&#41;&#10;      client_id         &#61; optional&#40;string&#41;&#10;      client_secret     &#61; optional&#40;string&#41;&#10;      refresh_uri       &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  amazon_s3_v2_settings &#61; optional&#40;object&#40;&#123;&#10;    s3_uri                 &#61; string&#10;    source_deletion_option &#61; optional&#40;string&#41;&#10;    max_lookback_days      &#61; optional&#40;number&#41;&#10;    authentication &#61; object&#40;&#123;&#10;      access_key_secret_auth &#61; optional&#40;object&#40;&#123;&#10;        access_key_id     &#61; string&#10;        secret_access_key &#61; string&#10;      &#125;&#41;&#41;&#10;      aws_iam_role_auth &#61; optional&#40;object&#40;&#123;&#10;        aws_iam_role_arn &#61; optional&#40;string&#41;&#10;        subject_id       &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  amazon_sqs_settings &#61; optional&#40;object&#40;&#123;&#10;    account_number         &#61; optional&#40;string&#41;&#10;    queue                  &#61; optional&#40;string&#41;&#10;    region                 &#61; optional&#40;string&#41;&#10;    source_deletion_option &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      additional_s3_access_key_secret_auth &#61; optional&#40;object&#40;&#123;&#10;        access_key_id     &#61; optional&#40;string&#41;&#10;        secret_access_key &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;      sqs_access_key_secret_auth &#61; optional&#40;object&#40;&#123;&#10;        access_key_id     &#61; optional&#40;string&#41;&#10;        secret_access_key &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  amazon_sqs_v2_settings &#61; optional&#40;object&#40;&#123;&#10;    queue                  &#61; string&#10;    s3_uri                 &#61; string&#10;    source_deletion_option &#61; optional&#40;string&#41;&#10;    max_lookback_days      &#61; optional&#40;number&#41;&#10;    authentication &#61; object&#40;&#123;&#10;      aws_iam_role_auth &#61; object&#40;&#123;&#10;        aws_iam_role_arn &#61; optional&#40;string&#41;&#10;        subject_id       &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#10;      sqs_v2_access_key_secret_auth &#61; object&#40;&#123;&#10;        access_key_id     &#61; optional&#40;string&#41;&#10;        secret_access_key &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#10;    &#125;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  anomali_settings &#61; optional&#40;object&#40;&#123;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      user   &#61; optional&#40;string&#41;&#10;      secret &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  aws_ec2_hosts_settings &#61; optional&#40;object&#40;&#123;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      user   &#61; optional&#40;string&#41;&#10;      secret &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  aws_ec2_instances_settings &#61; optional&#40;object&#40;&#123;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      user   &#61; optional&#40;string&#41;&#10;      secret &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  aws_ec2_vpcs_settings &#61; optional&#40;object&#40;&#123;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      user   &#61; optional&#40;string&#41;&#10;      secret &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  aws_iam_settings &#61; optional&#40;object&#40;&#123;&#10;    api_type &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      user   &#61; optional&#40;string&#41;&#10;      secret &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  azure_ad_audit_settings &#61; optional&#40;object&#40;&#123;&#10;    auth_endpoint &#61; optional&#40;string&#41;&#10;    hostname      &#61; optional&#40;string&#41;&#10;    tenant_id     &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      client_id     &#61; optional&#40;string&#41;&#10;      client_secret &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  azure_ad_context_settings &#61; optional&#40;object&#40;&#123;&#10;    auth_endpoint    &#61; optional&#40;string&#41;&#10;    hostname         &#61; optional&#40;string&#41;&#10;    tenant_id        &#61; optional&#40;string&#41;&#10;    retrieve_devices &#61; optional&#40;bool&#41;&#10;    retrieve_groups  &#61; optional&#40;bool&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      client_id     &#61; optional&#40;string&#41;&#10;      client_secret &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  azure_ad_settings &#61; optional&#40;object&#40;&#123;&#10;    auth_endpoint &#61; optional&#40;string&#41;&#10;    hostname      &#61; optional&#40;string&#41;&#10;    tenant_id     &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      client_id     &#61; optional&#40;string&#41;&#10;      client_secret &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  azure_blob_store_settings &#61; optional&#40;object&#40;&#123;&#10;    azure_uri              &#61; optional&#40;string&#41;&#10;    source_deletion_option &#61; optional&#40;string&#41;&#10;    source_type            &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      sas_token  &#61; optional&#40;string&#41;&#10;      shared_key &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  azure_blob_store_v2_settings &#61; optional&#40;object&#40;&#123;&#10;    azure_uri              &#61; string&#10;    source_deletion_option &#61; optional&#40;string&#41;&#10;    max_lookback_days      &#61; optional&#40;number&#41;&#10;    authentication &#61; object&#40;&#123;&#10;      access_key &#61; string&#10;      sas_token  &#61; string&#10;      azure_v2_workload_identity_federation &#61; object&#40;&#123;&#10;        client_id  &#61; string&#10;        subject_id &#61; string&#10;        tenant_id  &#61; string&#10;      &#125;&#41;&#10;    &#125;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  azure_event_hub_settings &#61; optional&#40;object&#40;&#123;&#10;    consumer_group                  &#61; string&#10;    event_hub_connection_string     &#61; string&#10;    name                            &#61; string&#10;    azure_sas_token                 &#61; optional&#40;string&#41;&#10;    azure_storage_connection_string &#61; optional&#40;string&#41;&#10;    azure_storage_container         &#61; optional&#40;string&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  azure_mdm_intune_settings &#61; optional&#40;object&#40;&#123;&#10;    auth_endpoint &#61; optional&#40;string&#41;&#10;    hostname      &#61; optional&#40;string&#41;&#10;    tenant_id     &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      client_id     &#61; optional&#40;string&#41;&#10;      client_secret &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  cloud_passage_settings &#61; optional&#40;object&#40;&#123;&#10;    event_types &#61; optional&#40;list&#40;string&#41;&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      user   &#61; optional&#40;string&#41;&#10;      secret &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  cortex_xdr_settings &#61; optional&#40;object&#40;&#123;&#10;    endpoint &#61; optional&#40;string&#41;&#10;    hostname &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      header_key_values &#61; optional&#40;list&#40;object&#40;&#123;&#10;        key   &#61; optional&#40;string&#41;&#10;        value &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  crowdstrike_alerts_settings &#61; optional&#40;object&#40;&#123;&#10;    hostname       &#61; string&#10;    ingestion_type &#61; optional&#40;string&#41;&#10;    authentication &#61; object&#40;&#123;&#10;      client_id      &#61; optional&#40;string&#41;&#10;      client_secret  &#61; optional&#40;string&#41;&#10;      token_endpoint &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  crowdstrike_detects_settings &#61; optional&#40;object&#40;&#123;&#10;    hostname       &#61; optional&#40;string&#41;&#10;    ingestion_type &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      client_id      &#61; optional&#40;string&#41;&#10;      client_secret  &#61; optional&#40;string&#41;&#10;      token_endpoint &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  dummy_log_type_settings &#61; optional&#40;object&#40;&#123;&#10;    api_endpoint &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      header_key_values &#61; optional&#40;list&#40;object&#40;&#123;&#10;        key   &#61; optional&#40;string&#41;&#10;        value &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  duo_auth_settings &#61; optional&#40;object&#40;&#123;&#10;    hostname &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      user   &#61; optional&#40;string&#41;&#10;      secret &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  duo_user_context_settings &#61; optional&#40;object&#40;&#123;&#10;    hostname &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      user   &#61; optional&#40;string&#41;&#10;      secret &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  fox_it_stix_settings &#61; optional&#40;object&#40;&#123;&#10;    collection       &#61; optional&#40;string&#41;&#10;    poll_service_uri &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      user   &#61; optional&#40;string&#41;&#10;      secret &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;    ssl &#61; optional&#40;object&#40;&#123;&#10;      encoded_private_key &#61; optional&#40;string&#41;&#10;      ssl_certificate     &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  gcs_settings &#61; optional&#40;object&#40;&#123;&#10;    bucket_uri             &#61; optional&#40;string&#41;&#10;    source_deletion_option &#61; optional&#40;string&#41;&#10;    source_type            &#61; optional&#40;string&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  gcs_v2_settings &#61; optional&#40;object&#40;&#123;&#10;    bucket_uri             &#61; string&#10;    source_deletion_option &#61; optional&#40;string&#41;&#10;    max_lookback_days      &#61; optional&#40;number&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  google_cloud_identity_device_users_settings &#61; optional&#40;object&#40;&#123;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      token_endpoint &#61; optional&#40;string&#41;&#10;      claims &#61; optional&#40;object&#40;&#123;&#10;        audience &#61; optional&#40;string&#41;&#10;        issuer   &#61; optional&#40;string&#41;&#10;        subject  &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;      rs_credentials &#61; optional&#40;object&#40;&#123;&#10;        private_key &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  google_cloud_identity_devices_settings &#61; optional&#40;object&#40;&#123;&#10;    api_version &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      token_endpoint &#61; optional&#40;string&#41;&#10;      claims &#61; optional&#40;object&#40;&#123;&#10;        audience &#61; optional&#40;string&#41;&#10;        issuer   &#61; optional&#40;string&#41;&#10;        subject  &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;      rs_credentials &#61; optional&#40;object&#40;&#123;&#10;        private_key &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  google_cloud_storage_event_driven_settings &#61; optional&#40;object&#40;&#123;&#10;    bucket_uri             &#61; string&#10;    pubsub_subscription    &#61; string&#10;    max_lookback_days      &#61; optional&#40;number&#41;&#10;    source_deletion_option &#61; optional&#40;string&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  http_settings &#61; optional&#40;object&#40;&#123;&#10;    uri                    &#61; optional&#40;string&#41;&#10;    source_deletion_option &#61; optional&#40;string&#41;&#10;    source_type            &#61; optional&#40;string&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  https_push_amazon_kinesis_firehose_settings &#61; optional&#40;object&#40;&#123;&#10;    split_delimiter &#61; optional&#40;string&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  https_push_google_cloud_pubsub_settings &#61; optional&#40;object&#40;&#123;&#10;    split_delimiter &#61; optional&#40;string&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  https_push_webhook_settings &#61; optional&#40;object&#40;&#123;&#10;    split_delimiter &#61; optional&#40;string&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  imperva_waf_settings &#61; optional&#40;object&#40;&#123;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      header_key_values &#61; optional&#40;list&#40;object&#40;&#123;&#10;        key   &#61; optional&#40;string&#41;&#10;        value &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  mandiant_ioc_settings &#61; optional&#40;object&#40;&#123;&#10;    start_time &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      header_key_values &#61; optional&#40;list&#40;object&#40;&#123;&#10;        key   &#61; optional&#40;string&#41;&#10;        value &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  microsoft_graph_alert_settings &#61; optional&#40;object&#40;&#123;&#10;    auth_endpoint &#61; optional&#40;string&#41;&#10;    hostname      &#61; optional&#40;string&#41;&#10;    tenant_id     &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      client_id     &#61; optional&#40;string&#41;&#10;      client_secret &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  microsoft_security_center_alert_settings &#61; optional&#40;object&#40;&#123;&#10;    auth_endpoint   &#61; optional&#40;string&#41;&#10;    hostname        &#61; optional&#40;string&#41;&#10;    subscription_id &#61; optional&#40;string&#41;&#10;    tenant_id       &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      client_id     &#61; optional&#40;string&#41;&#10;      client_secret &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  mimecast_mail_settings &#61; optional&#40;object&#40;&#123;&#10;    hostname &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      header_key_values &#61; optional&#40;list&#40;object&#40;&#123;&#10;        key   &#61; optional&#40;string&#41;&#10;        value &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  mimecast_mail_v2_settings &#61; optional&#40;object&#40;&#123;&#10;    auth_credentials &#61; optional&#40;object&#40;&#123;&#10;      client_id     &#61; optional&#40;string&#41;&#10;      client_secret &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  netskope_alert_settings &#61; optional&#40;object&#40;&#123;&#10;    content_type &#61; optional&#40;string&#41;&#10;    feedname     &#61; optional&#40;string&#41;&#10;    hostname     &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      header_key_values &#61; optional&#40;list&#40;object&#40;&#123;&#10;        key   &#61; optional&#40;string&#41;&#10;        value &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  netskope_alert_v2_settings &#61; optional&#40;object&#40;&#123;&#10;    content_category &#61; optional&#40;string&#41;&#10;    content_types    &#61; optional&#40;list&#40;string&#41;&#41;&#10;    hostname         &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      header_key_values &#61; optional&#40;list&#40;object&#40;&#123;&#10;        key   &#61; optional&#40;string&#41;&#10;        value &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  office365_settings &#61; optional&#40;object&#40;&#123;&#10;    auth_endpoint &#61; optional&#40;string&#41;&#10;    hostname      &#61; optional&#40;string&#41;&#10;    tenant_id     &#61; optional&#40;string&#41;&#10;    content_type  &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      client_id     &#61; optional&#40;string&#41;&#10;      client_secret &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  okta_settings &#61; optional&#40;object&#40;&#123;&#10;    hostname &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      header_key_values &#61; optional&#40;list&#40;object&#40;&#123;&#10;        key   &#61; optional&#40;string&#41;&#10;        value &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  okta_user_context_settings &#61; optional&#40;object&#40;&#123;&#10;    hostname                   &#61; optional&#40;string&#41;&#10;    manager_id_reference_field &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      header_key_values &#61; optional&#40;list&#40;object&#40;&#123;&#10;        key   &#61; optional&#40;string&#41;&#10;        value &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  pan_ioc_settings &#61; optional&#40;object&#40;&#123;&#10;    feed    &#61; optional&#40;string&#41;&#10;    feed_id &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      header_key_values &#61; optional&#40;list&#40;object&#40;&#123;&#10;        key   &#61; optional&#40;string&#41;&#10;        value &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  pan_prisma_cloud_settings &#61; optional&#40;object&#40;&#123;&#10;    hostname &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      user     &#61; optional&#40;string&#41;&#10;      password &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  proofpoint_mail_settings &#61; optional&#40;object&#40;&#123;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      user   &#61; optional&#40;string&#41;&#10;      secret &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  proofpoint_on_demand_settings &#61; optional&#40;object&#40;&#123;&#10;    cluster_id &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      header_key_values &#61; optional&#40;list&#40;object&#40;&#123;&#10;        key   &#61; optional&#40;string&#41;&#10;        value &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  pubsub_settings &#61; optional&#40;object&#40;&#123;&#10;    google_service_account_email &#61; optional&#40;string&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  qualys_scan_settings &#61; optional&#40;object&#40;&#123;&#10;    api_type &#61; optional&#40;string&#41;&#10;    hostname &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      user   &#61; optional&#40;string&#41;&#10;      secret &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  qualys_vm_settings &#61; optional&#40;object&#40;&#123;&#10;    hostname &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      user   &#61; optional&#40;string&#41;&#10;      secret &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  rapid7_insight_settings &#61; optional&#40;object&#40;&#123;&#10;    endpoint &#61; optional&#40;string&#41;&#10;    hostname &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      header_key_values &#61; optional&#40;list&#40;object&#40;&#123;&#10;        key   &#61; optional&#40;string&#41;&#10;        value &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  recorded_future_ioc_settings &#61; optional&#40;object&#40;&#123;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      header_key_values &#61; optional&#40;list&#40;object&#40;&#123;&#10;        key   &#61; optional&#40;string&#41;&#10;        value &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  rh_isac_ioc_settings &#61; optional&#40;object&#40;&#123;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      client_id      &#61; optional&#40;string&#41;&#10;      client_secret  &#61; optional&#40;string&#41;&#10;      token_endpoint &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  salesforce_settings &#61; optional&#40;object&#40;&#123;&#10;    hostname &#61; optional&#40;string&#41;&#10;    oauth_jwt_credentials &#61; optional&#40;object&#40;&#123;&#10;      token_endpoint &#61; optional&#40;string&#41;&#10;      claims &#61; optional&#40;object&#40;&#123;&#10;        audience &#61; optional&#40;string&#41;&#10;        issuer   &#61; optional&#40;string&#41;&#10;        subject  &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;      rs_credentials &#61; optional&#40;object&#40;&#123;&#10;        private_key &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;    oauth_password_grant_auth &#61; optional&#40;object&#40;&#123;&#10;      token_endpoint &#61; optional&#40;string&#41;&#10;      client_id      &#61; optional&#40;string&#41;&#10;      client_secret  &#61; optional&#40;string&#41;&#10;      user           &#61; optional&#40;string&#41;&#10;      password       &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  sentinelone_alert_settings &#61; optional&#40;object&#40;&#123;&#10;    hostname                &#61; optional&#40;string&#41;&#10;    initial_start_time      &#61; optional&#40;string&#41;&#10;    is_alert_api_subscribed &#61; optional&#40;bool&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      header_key_values &#61; optional&#40;list&#40;object&#40;&#123;&#10;        key   &#61; optional&#40;string&#41;&#10;        value &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  service_now_cmdb_settings &#61; optional&#40;object&#40;&#123;&#10;    feedname &#61; optional&#40;string&#41;&#10;    hostname &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      user   &#61; optional&#40;string&#41;&#10;      secret &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  sftp_settings &#61; optional&#40;object&#40;&#123;&#10;    uri                    &#61; optional&#40;string&#41;&#10;    source_deletion_option &#61; optional&#40;string&#41;&#10;    source_type            &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      username               &#61; optional&#40;string&#41;&#10;      password               &#61; optional&#40;string&#41;&#10;      private_key            &#61; optional&#40;string&#41;&#10;      private_key_passphrase &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  symantec_event_export_settings &#61; optional&#40;object&#40;&#123;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      token_endpoint &#61; optional&#40;string&#41;&#10;      client_id      &#61; optional&#40;string&#41;&#10;      client_secret  &#61; optional&#40;string&#41;&#10;      refresh_token  &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  thinkst_canary_settings &#61; optional&#40;object&#40;&#123;&#10;    hostname &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      header_key_values &#61; optional&#40;list&#40;object&#40;&#123;&#10;        key   &#61; optional&#40;string&#41;&#10;        value &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  threat_connect_ioc_settings &#61; optional&#40;object&#40;&#123;&#10;    hostname &#61; optional&#40;string&#41;&#10;    owners   &#61; optional&#40;list&#40;string&#41;&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      user   &#61; optional&#40;string&#41;&#10;      secret &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  threat_connect_ioc_v3_settings &#61; optional&#40;object&#40;&#123;&#10;    hostname  &#61; optional&#40;string&#41;&#10;    owners    &#61; optional&#40;list&#40;string&#41;&#41;&#10;    fields    &#61; optional&#40;list&#40;string&#41;&#41;&#10;    schedule  &#61; optional&#40;string&#41;&#10;    tql_query &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      user   &#61; optional&#40;string&#41;&#10;      secret &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  trellix_hx_alerts_settings &#61; optional&#40;object&#40;&#123;&#10;    endpoint &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      msso &#61; optional&#40;object&#40;&#123;&#10;        api_endpoint &#61; optional&#40;string&#41;&#10;        username     &#61; optional&#40;string&#41;&#10;        password     &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;      trellix_iam &#61; optional&#40;object&#40;&#123;&#10;        client_id     &#61; optional&#40;string&#41;&#10;        client_secret &#61; optional&#40;string&#41;&#10;        scope         &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  trellix_hx_bulk_acqs_settings &#61; optional&#40;object&#40;&#123;&#10;    endpoint &#61; string&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      msso &#61; optional&#40;object&#40;&#123;&#10;        api_endpoint &#61; string&#10;        username     &#61; string&#10;        password     &#61; string&#10;      &#125;&#41;&#41;&#10;      trellix_iam &#61; optional&#40;object&#40;&#123;&#10;        client_id     &#61; string&#10;        client_secret &#61; string&#10;        scope         &#61; string&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  trellix_hx_hosts_settings &#61; optional&#40;object&#40;&#123;&#10;    endpoint &#61; string&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      msso &#61; optional&#40;object&#40;&#123;&#10;        api_endpoint &#61; string&#10;        username     &#61; string&#10;        password     &#61; string&#10;      &#125;&#41;&#41;&#10;      trellix_iam &#61; optional&#40;object&#40;&#123;&#10;        client_id     &#61; string&#10;        client_secret &#61; string&#10;        scope         &#61; string&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  webhook_settings &#61; optional&#40;object&#40;&#123;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  workday_settings &#61; optional&#40;object&#40;&#123;&#10;    hostname  &#61; optional&#40;string&#41;&#10;    tenant_id &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      user           &#61; optional&#40;string&#41;&#10;      secret         &#61; optional&#40;string&#41;&#10;      token_endpoint &#61; optional&#40;string&#41;&#10;      client_id      &#61; optional&#40;string&#41;&#10;      client_secret  &#61; optional&#40;string&#41;&#10;      refresh_token  &#61; optional&#40;string&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  workspace_activity_settings &#61; optional&#40;object&#40;&#123;&#10;    workspace_customer_id &#61; optional&#40;string&#41;&#10;    applications          &#61; optional&#40;list&#40;string&#41;&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      token_endpoint &#61; optional&#40;string&#41;&#10;      claims &#61; optional&#40;object&#40;&#123;&#10;        audience &#61; optional&#40;string&#41;&#10;        issuer   &#61; optional&#40;string&#41;&#10;        subject  &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;      rs_credentials &#61; optional&#40;object&#40;&#123;&#10;        private_key &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  workspace_alerts_settings &#61; optional&#40;object&#40;&#123;&#10;    workspace_customer_id &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      token_endpoint &#61; optional&#40;string&#41;&#10;      claims &#61; optional&#40;object&#40;&#123;&#10;        audience &#61; optional&#40;string&#41;&#10;        issuer   &#61; optional&#40;string&#41;&#10;        subject  &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;      rs_credentials &#61; optional&#40;object&#40;&#123;&#10;        private_key &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  workspace_chrome_os_settings &#61; optional&#40;object&#40;&#123;&#10;    workspace_customer_id &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      token_endpoint &#61; optional&#40;string&#41;&#10;      claims &#61; optional&#40;object&#40;&#123;&#10;        audience &#61; optional&#40;string&#41;&#10;        issuer   &#61; optional&#40;string&#41;&#10;        subject  &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;      rs_credentials &#61; optional&#40;object&#40;&#123;&#10;        private_key &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  workspace_groups_settings &#61; optional&#40;object&#40;&#123;&#10;    workspace_customer_id &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      token_endpoint &#61; optional&#40;string&#41;&#10;      claims &#61; optional&#40;object&#40;&#123;&#10;        audience &#61; optional&#40;string&#41;&#10;        issuer   &#61; optional&#40;string&#41;&#10;        subject  &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;      rs_credentials &#61; optional&#40;object&#40;&#123;&#10;        private_key &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  workspace_mobile_settings &#61; optional&#40;object&#40;&#123;&#10;    workspace_customer_id &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      token_endpoint &#61; optional&#40;string&#41;&#10;      claims &#61; optional&#40;object&#40;&#123;&#10;        audience &#61; optional&#40;string&#41;&#10;        issuer   &#61; optional&#40;string&#41;&#10;        subject  &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;      rs_credentials &#61; optional&#40;object&#40;&#123;&#10;        private_key &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  workspace_privileges_settings &#61; optional&#40;object&#40;&#123;&#10;    workspace_customer_id &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      token_endpoint &#61; optional&#40;string&#41;&#10;      claims &#61; optional&#40;object&#40;&#123;&#10;        audience &#61; optional&#40;string&#41;&#10;        issuer   &#61; optional&#40;string&#41;&#10;        subject  &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;      rs_credentials &#61; optional&#40;object&#40;&#123;&#10;        private_key &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#10;&#10;  workspace_users_settings &#61; optional&#40;object&#40;&#123;&#10;    workspace_customer_id &#61; optional&#40;string&#41;&#10;    projection_type       &#61; optional&#40;string&#41;&#10;    authentication &#61; optional&#40;object&#40;&#123;&#10;      token_endpoint &#61; optional&#40;string&#41;&#10;      claims &#61; optional&#40;object&#40;&#123;&#10;        audience &#61; optional&#40;string&#41;&#10;        issuer   &#61; optional&#40;string&#41;&#10;        subject  &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;      rs_credentials &#61; optional&#40;object&#40;&#123;&#10;        private_key &#61; optional&#40;string&#41;&#10;      &#125;&#41;&#41;&#10;    &#125;&#41;&#41;&#10;  &#125;&#41;&#41;&#10;&#125;&#41;&#41;">map&#40;object&#40;&#123;&#8230;&#125;&#41;&#41;</code> |  | <code>&#123;&#125;</code> |
+
+## Outputs
+
+| name | description | sensitive |
+|---|---|:---:|
+| [feeds_id](outputs.tf#L17) |  |  |
+<!-- END TFDOC -->
diff --git a/modules/secops-feeds/images/diagram.png b/modules/secops-feeds/images/diagram.png
new file mode 100644
index 0000000000000000000000000000000000000000..be77b283bf433b6c6b986face2d05256af45de12
GIT binary patch
literal 92629
zcmeFY<yReD)9xDxvT%psAp{7X1b0}tyIXK~_u%e9f@^ShcMq^|_u%dhr}NzR^Pc?&
z>@&{(u=&8~(a^JJ*Q~m#diJkE<zz%r5D5_9ym^BnE+(Y#=FQvAH*cVcK+wRMdOkV2
zH*dbb5f>6ra@9F%gZIRq^DD4eLuje7F<yPy89fSUvpH#9aI0xCC_g^5wMvs7quh-U
zr+oK$;bS~T$S0T&RH1p_KL&(=F*!_P{rSO76i&q_<tN3@E~KW)sttM8$k1J{kHifn
zB{Jpa2PKn5iZ(?7=wJ|8KungKWQX5>4$&1juucD-LkEMuLreeXKnx_8h4A+b2muO_
z`9B9_Wc<FA|GD@h%qPe{qXfKxP5Eay^eld?|BQhN{l9gvie!FT24(px+J9!_X5`8O
zL$GSes4~J(9F4V{eU)a;D34RXOYqMe8B>$!Aq*|%UU|5r$~NPw(ViuguXQO`y3@Za
zW|okq<8q6C6f_e(eEetrt=u}r{4JK|@<HxydG6~z#Vs#V(yk>Rjvf@RAuR`Wq2^uQ
zGZ*|$5)ZZiUVv<_k(C}c@{KKl<9GF@lC;b8*66gh&xKG5)~nRY<*oVfT2ZKvj^3n)
zPl3+6EZ!(p=?0~Ryka7<e+;Wb$wCE*o64}F{{5-B`OJB<x}~Kek+%|;$iZmVWzACN
zMbhcDqj-RzWUin@J$?o0@kLnrAsjJM=3evKP?N>OU&CA7>D{uyuYV1KKOMlI#6`y@
z&0*Ix@R+Il^7`xMF+QLkgf(u{_<R>cPAkPTE5tLW=~XLTx6RkoMYmnNa5$rQJpJ~y
zobojx<?IG4(ituKMWU@nj3rIM3YLgOT1T?fnWCfA`87X(u<%`3T?+#6_+mJ%w!RDw
zYOF>DEF3o@x>QbXwC!~upV;~HT?<Y7e9YTCCx(_{_VZW!RQK_$WqSGHk9~ph6}eKQ
zOJy0Sha|{tk2W+S?jai!>WWG|;^SGUU~?Y!bu``h0h@S@K+S{Eui+4@CZi3KrRQ#q
zvs+xT*Y=T%T6WC>Bb;j+_JL)W1QzZ-=bMb0*@de<%iVq{(X;G&t;>%YC4~;|iKS~&
z%pWt8+Po5+kDIP>P;ri9;|&U7`E0=<e2iLIiWg%~1HO9QscTU-&#L0uF9YoYRx-ai
zG}5+7;EqXf%5XJ*jND61o0&Y8-PC`%F{0Y8X(|WTd}!fDBS<7tt%y*W;<Jm6k-6fv
zxT|-sZP)lw&KMoDC?XST0nsR#<8sRGvUHdxYk7>jNa&?3iFs3Y3y<8Us=-vw#|B#j
z#Y${<*N_utOWoou)v{ot+!q^!MDlE$qt}@d)}GRO*~Bv#Wx;eD>+oQG%x(`N<J4*7
zuV_qqXlZ-a8}~_poUGlxo;}}(thg0O5*u4qbIowa+h4?5I0rp-Aujnm^gYZPy4=N6
z&$^K3Q3n&@-)c8)BaT5%1jhU6u6MMq#duh*Ni(DtVjpA=o|PXiKt;-(8A}Z1{k#~)
z$L=`VyUy(;17Q*~YkZyH-}S233Y~a}%-KLx7iYo2xJRS!bu6urv)(3;GTAO1$dM*e
z!=E&YoY*}bf)V=ZrtjGlOKteHMebIh&E#^tZl!mh75Xf1TXP{PB|4eEe!a}nLp)yO
z+wk)L+U#xA9?c2QVRuG&#VqkM5?b2mu4=_gGsLED=36-|s<ba9AR=No(`o##taYaw
zIkaj9l{BGq=_}5Quh!*PH;Sq+mu9m*$y8qGW*#<8$C=%EuTNLj%-w6h>+3_S2DI#V
z5<U7w_+;eJd;ry|fTFT~Op_oSWnq-4OK;w4z3X&a4}0oyCvC89nBR0YlBsh+(xQJl
zYBEc9lPIm-$}?Cq!q@W(^7><3^kSLG4m!hJqJ4c+DU-!TSLGO4NTW4gMog|w4e1gD
zG*PKb5`C}EWZOscqucXchg8FhbNjTZzt;i+M~l)Bwd!m}yryN<t7PMq&uC#I*|REB
zDHG~QejFH>84AScxaew6I#ZFF0k5E+Hxy!51S?@u)q#0yeO$fhksrOxmTVO@Z^Kvv
zQ>f!yWwERxPKd83FkDh@&FR|@>(4848~{zs{U3X^!uV#`i@n%5<gZCpz061*zBb4m
zG>*1k7T5INPHS2##@n!a^e(>cViGcIusbFZ-&nv_6!4oE8Q~+t(P=e14w*8Wv#oUa
zteMxD&&ABam8m=H7*E)!%qWC^Wfd82WZ=@J@L95-7G+5N&6L@w9SKu9UTG0OooUpb
zcuB)Dg!Zq;tW$ulVl7pd-aS5!<den`|Gd@49VK<pCTZ0rmbq4|FPVT#eYZd1*77Xz
za!3tH=W^k-U4Mg1z-H}vbEJOiE*?j~Vvdb-ox&WymyD@N2BF7QI~wO4RCg{4E+6jb
zU2-q4tVe9<?6W)3Z5+V;)2Wp<fq^g1Nni8cZEiaeVJXjwim30`8<!sx!4E6o%q~Ls
z3OHpO>}+Wk@6_m6L%f#WPBfU)^t*VMG*j$@OYO$|C3~cg#;-UFJRGvygEH5hIBw>p
zWgdBT_nx=wVcsQWmvL4D)*ON<Lw}k;S4CW7P2%<KC8bt)>YQ{{{5mF7ixAG+EutB_
z0^mvruWgw}K~|54kOtLpOx*a$?E4o)yK`SAx&>|P!@v`Ny+63r8xcLv%=N{nI;xTU
zguf-Oz6=!7V>Zh;u0v2}6X1^<E(P~|gHzgmx@`?@_~v4ao^EgmopaDm{Avm5KFJ_?
z{RlnWm%o(}ZeQntB0ARW_!u&Jg4l4T^lqf_n}-snQlNaveT&sRixsXqr`rR~Nv$CA
z7jRFTS3ZtuT5@ZdAc%b;uWu(~euA*pVFs2O(rC=<DV=fhn2Rb~rMG*KiwV|&WBCB_
zcxbE3ov~4TAYpJss#UbxPN8?hEzx#R9o=^vuC_e?*06N0e4b`_COZ>jC`ymHmzS5<
z?)7*ury^<ujS@x7m6(|s9ayH>fJ)4%)Dk-FJp1c$IjJx73IBw-=S^`kqJdO|l40qz
zKy|oQ58J_js;l5u(+*4UF{fT&xA_)~j|r;6q?uWu+gzp<!?Y4|(C*4K*D&JJC93WO
zZ1Q=6s4wy60XdcB5??6j^FEh=$5{oosam>9hhz4uxdje>%1787^)<!>kQJV0tHc4?
z4NL139}YAs<}~8tNK3zN)<%?c&lN(Oo`@g)ptw@pm@?7FPk5r&em~xLU=6%^P{007
zuCs8`f3B{cEmHCoo_L#WP$vMcW`(bCcoJHRbdzR`PmgE(3mkoaU#d&w4Lf54&Enva
zEZn<^Xi1P&T3Zs0v-)S~Nb**bZN7udoc!(!i6voB5x!0<|C-GGN+N>|{qsY^QZva|
zM*z!QWHj!IjFuhabq2@Uwi|Ur4;dkHP+T15e9e$yKiJHysAuCvmHMOa*vLruwVaj~
z-E3#y)Z}En)spl5g^^8dcXxL{08BCiBBq6$im@?ej&}2(ax#7|>(y3uIXQGZJeRvO
zy}>rM*RzctVlL;S#X2MwY>V3WJ%fXT)+^20t*#hW@;v9Uf)WxE>gqq)7TY{-<%WP?
z?xGfVNX&WoKi9$Fh!g&FJO(Wg%YcM9qKf(;E$UO9@9BQW8jXc}A{{(?J{%mCu{P=p
z)M5(Zo)L=4DJ)B5e`8tP%|_ooK?(mL;`T<96_sZx^Sx)FvMFq{WWe?=vG1rzfQZBO
zR$o`-K>4rBt1nL3%8mJm4l@@PFr3Nv;^-U0f?il}dJ7R9Frlnbre+GRq(TeZgwD~3
z6B}Ra*Pn~AOjlMB-UXGS9YD#I@w-G;{+2|g8~CsuXE~i%?97JB;RR({+BH*l5l&&V
zS2sy;M$8s1nJ|`;^l}$`6HbrSpgLVl2}?jcX&cqf+x%S{{|~)0co1nb5b0|8(yjx^
z;%2t-)`zQOf8)_4J*?!k$>?wG!-inByC(6OU5X(I$=<9^B5ox?*La+<P7*a~!IJf-
z6l6dG<^k;mIz2vqDn~fHNU=aBjlIh0aMo5mb(GZ<l9eqOJeJPYpj@J&*<dYPORHM`
zesM6CysF)3B=PoiEjapvMiPTIrEJD>tJ|e=$+CkaDYt8-c8l{$i_5_9&G8aB?*T%-
z^=#?F)&7)dG|5VlB31UF25^^&5>-aSujbRA{vcBaqetU28LxNxS}oO&j*W?=O;1l#
zN~c7S^0n)Bcn`uvl|LXbPkwj-#;f{eF<1V0dnzj{D{3UC_b1{IW=&t5p7J7VT-p?)
zUDNbu$CC4o4vWv>K#{7+I6a;kTzTD%w$aQ=M?lhH-jj@PiTd^}fs<aJKnok$(QFHe
ziJf%f%-fzRW5Pr&G7$}5R7z$Pro$IU-ru(>oLX*wa1pxa2Iqv~%1{nMq0{+uOD>0h
z4Ex=j!l8v-UB+h>KdWfMmsYW694f}whtpBCGd+l-W_}sI=5CPpD6K?Y`DRtsNj3gZ
zGrD{7cqH#yb}}?(?yr(1kEMOxEUGc#+m?IfRz6<H{*FeF7BUlLZiFFlTktkFFU$R9
z0ve84;P$FaTjlZL#-T2|ALe1XZP;hJ{cxh(gyc#Xbbk$$y-}Qaw~Uvm9V{DYujsRT
zkTxdVg6X3><a7P*jU*MmN^J0tQRDEb{Y8)VJgfPcS%(UuX3Lm#2{*SU5B6ZiXR@J<
zOLRT!w3M6nU16G6?Z*!|pD0`Liz<=f`@q1@TDw<YmU$HpQcn<yX0>6cShfB3a70AJ
z{Jff2v8&wa!AuDX0rTMacrZVk`7}r&Dxt5h?`$WYN|us>g6!AX4&YUK8|PaCj~O4H
z=D7j{<*`kxDxE(Y4gUaEeX#mz#bxbywM|p#ZoeQCmr<wm0g>5$50c%pGny(4CWFuf
z+qVAdY+L`bc$vfMsA0a~b}_W4OpKcf?Q`94$-7p4SlZ(Ore~$D!St$LDdHII8L2}P
zo4Mo$fsEFC`gmU6fwQKN*bDFCtBw@vOzc+JcgzKF7d30h*;GHGeS%aDr56wtPM#oD
z-^><)$eD+v<8s=J?<iJx+AOR;(|(|5c$auo*JIgQRQx{AEsHdX_nhfTmh1k#6sQ?t
z2}^U7)krx-d&zgBy(U(O<g6(rg~aCaW&h29_yL7_$;25|8O{O8RB6F}+Yh9R-s8B}
zWb`tA($<6A)<r&4!|mo?Wh`EoG{@u&)&j&QSb|_kj*@1-6F#ij>5=(c1}4mL4w+?V
z>%rPX1~8DH)VQLQwKW=f5rqxpFDJbH)e=uG#ZNjM9);A;-(q-OUq-$0Qf7j-s-s=(
zAX^WK<WoG)?H3+f{+JnL!-bIrl&+&^-LURkD{o&7w09eJyl>bJJC-s%WK`11WXJBM
z!Gs{k4u=uzpCmnw6ynt*<-8bkueAmbn#X9-tFBZHy(&7^wQ8kCag&T)3^2{AY0t)0
zIlN)=XfMH<S+~#ODQ#Vv=wE*_n<>OoO2eTLz{~}(jc4+82#4dYa62AM7kNKFguKNG
zdNijg{ICe9Myu||!ay`>F#qlT)Iba7Vw=~abM6GY@$YxoP_dEG(ZNtX)1o{SOiYS1
zAV+m|e2G?{*Y-iZ@eCe7`GaB&@?8QDE{J$N8xLq9Z!mq17g;cZp`RDurUxe7$(9_U
zXeViwKSVx6@~V(Qq1Szn#x;9&M14FDlifif?damrWE1MjFWgjGF)ep<_dC9r>Vo5R
z;wQ2y{svj?4C?imdqlbl^MAlg&RvxDgg0}|1dq^O7A2qLGsX3!`+VNn?OUrV2I=?)
z`I^mHuuPB4ZsBm`a`YDvL|Bj<^Q?1(LOtMefjvAX4|Q0BAJR{krpce((VV8PGgPwd
zuJc#&T3Ecf)?jbTZrpeoIemko4|M+US|qK0AFxWO_4&x*vsOS=mt?+Ybu4W`l=Bi@
zr5}02h!(O%%#2KGb^M5J+3W44E3oO*<7+OGRhMhJ>|@x7w=P;nEFGn54S5Vezesc2
zfKHF`*z_TO2d({56W|;gE!%{hpJ@VupJnD@efHefu350GSx93r0$;88JiW}nPCbgv
zms|Ra_q*Sn9P8(=%u+$~aQB_h7xJehw7vf7ZObQdmmQ6qOAPdsqMWKS7<k`RR8$lj
z8#`4Xi<e4-8th6_B^Zp_Evh{J#wfhc&lHPF2HQgJ!_)O-zN9`VSPa_z=7`#wFc)Nc
z1*Di1Hk&BFUKM&BUy<J;kpw`ZmoJSD4fTB?K!zJU2P*L1;ljc~1T4zJcIY<Ch3d-6
z%9rOyuJjWh9%_gUNMwlTQNYMREnCIJYy8(DJbax2S?!M$oH84?SJd*hU6dw-JE;t5
z=aLMWy!EU_4W1sP{yLQDs9z9-t2|=gQ>#O6#*6)V%*Lcy*F}cvfRCOp+^PJslgKM1
z&17e47}FAu1^%@bveSqpJKCWo)Tdq+#EV`HhNtm6q#fH^hKl<B2Rvo`f?Ktza`!Po
zUWX8b+Sk?A^Z5ZrLJOF=aA)R`btjzkqEz88H%f1Ol%InfJ#1z(nzyDVGhJX#Otqd&
zb7vy>E#QAEIXi_-*3H4OU1oT(VSv3+fW3ieT$45*(|~t1RXbf!;Zv-a{ZT&4Q}DX4
zTb+>F?vZYHvc@Kg`q6#23H*DGKGsHZZXC{3_mOL}A1F6Z1&U=gOopkY>^8y+o8DAb
z-jckF;?zF&sklHX?07VPzF23$X0sX)4K}P=&J)K9F_V!Q`~8!tKqfuR6axdJa^rG$
z9BF*D!G<)a%W-RKt3tPf*J73qR6;j`zV~o_Nd8r&T(hCvZ0c8FV4$2@p74v<<S*&e
zt1CyFeVxh4NsW5TpFe-9YiV&?E!GP7!wC#T6LI`434!b(^p3~<Dg=YPT&E2Y$!4Y)
zhbHSG(wBjjb}G_Wg$G3_dr;z$`-9tPCk3I<eUhst`5IKwHMhUJWag@kpOq=wMk|+n
zIQD1L%LSMFA$2WU+uZuS?O%v;JXS%AU*2`SZ}E(ajx2Hn4YWxdq2NGxA6YyVg;8HF
zx%qQ9LhK5Np{NK-QcTcIp9-Ftz)7In_ebBe6Lzf6i)*PcOVcsH$m^)@Y8%ditvn~6
zoZ6?FxIZB->s)29HUW_fJE>eF9-u?J5>H0b`r)uVw^*18^5PN_*^bJ|$=T_f*G914
z&<xJ1t0`#Ewk)#TB&ZehQ1#xtp%S+IeYH@NApP49&LUWS?mItTs;AF1E$y?s#j8U0
zqX80GUcW04u~yVi+y<@adzlqhL-EKSm*YN(yeEwDoO66%@AEc(<$TJ|&)?qOhNyf&
zWB&Y3VnyXx$(Shd)j8_1F7OqTp-;=cSSHnThsvyHX|lh8Sk(Q~Hd`Ak8HeX>%W1oR
zM^JF^((%a@<}}vu5>Wa9=@}0PrznH4XCBc><Ts1OY)Gx`!fKmGPn>8J(fxYY+Zmup
zh$i8|Wzd>0RcErqWJ`^8etEhdBsC)^C$Cdf@epVNqW^TY?GdQ`CScxi&@}-PP-%;?
z_U$wOb}T|32PLIQ9vJh>eSh*7gZF!C?4EaLy`flk2wx2PBbZFazD4%w|KxW2YEB_y
z96y)pXW!>@;#VjrYj~J;O4{g;yh)j+tx`wplq*>x%*EZ@2Q7Jq74+SLgIA?Wis`E|
zEyM~}`Pwqa+0un-bjgIy88#(<RF|-szM(U(BtuXmTqcW+)a%0g;=91_(Ne6e_x`sP
z@Lha3yC^&#GEKLMq%)OPJQf9No7LINcbkiodr((*_;iJg_Fxu$P|c3$tO7!wp-{oc
zZO&!<7Oyv(J~o=+Ds>yV`bNn+CV@yeYuLP|q8h+@9?rt!=S0JPN=H|C3zTQhG-I<=
z#;@vNE)X+rd7=pyj;h4!f*aeGOycs7G-ow4adCtr+)SWm0wM?&7FMN1S$>*{qr9JR
zr6F@I!_o@NfG_D#Vfb_r&9On`MMUFv?jlgVSZjvQrvnbe45QkS7?WZ&E=-EC|Du%a
zXkg`!49;?5dj)%;ir?~LuguRD`+l*QA{i?dE5R{+7e^VJk)I;vSZ!KQ&4hWSO1${l
zHNB3xF|}y?bL0y78i$A<@?{31V@uxyVdo6o>3NoubcHg!VbczW@T*(aDRyIf#nXqp
z3=@dh=amAiJ?@UsKaS9CUzj=t)P4en@m5%1hwpM6?OJb}og^XCCNJjnUw5A&WK!}S
zL)FfbeTbq*_zG;`yQu@Vf#cI%x^QXn0B5~&)U9>-g@-*x8_33dEUK-QTBe_s*Ow0}
zV1JpsB(d=fB2AzO-fYFPSbAt@*`zm{>fp4ooGftjmdg?!l{1%jPIFZHk{)>DMRaYF
z+DELrLTqY^f}OW$yH&LW9qaEL2X%_>_nyOHyudVBI;O!%PkxawO?vldU3|D1Z1cgR
z-(qOtTSQ13^liz0kj)Qh86+NkhxIQNoEZXH;Ssz#f$k5d(68&)RL7<Lg0q^>1`qJ3
zf?<n~!}NGCdsvK%1-DPI8rR6$>`nvE#>2zbyEZ&JZB_e#^H3V6^M}tB?G;L8d6*d=
z0yzQ=J|e2T@$CxLfjH`7Ht*=JW^ppL!cvJc$gxurLW}0*P1yyiwSLZ-&Wg%B%$Dkv
z0l7s1d+Ahsyw9ZYL80<QNH$c7oWF}rFxi58<P{Y3>zZ|^zB^Rjl74+!GgUPCHS&tR
zL(+PlN<BL}al^#H(5GT9OKPKYH@9<dv*66)u$?)bc;Wfw9rCK%XOJ5PP=)@o=;zEt
zxa#FeKIS4!@4Gav^IQ|BYV}X`7vhR|SN>~Fi{dW*VD+l%iT@hWI_dh7S#Y8j!_gp%
z)`Jh}sN*>28@w%-_K5)bA=44P7nS_%XckcnAg)&t&gRD~!6m1-^owjD^8sgg|ML2T
zn+!>-il%X5xvaYNZ(Mdu&o5TTII1J>`;S}Yd}qh}f-TC1cfg56ybhG^C~90@(rpqM
zS;{={(Ko)TW&DRE`6%pPZcs<bv#<StH*45;@N8HYVTxGLR<_A0B&jb{2v)#OI@8nS
zfu$swibmNirhk`l&Grx4B?c}<YxYa2Fhx7Q934XyN>azC9_|L74xWXFSH?K>u6_F^
z65~bv1I?XQqm0)~VyfN4aI!p=>{QI`TZ!jG5~b*PGt%ES+;c~5W7E7SthQx!)%aBP
z>7X-Ey3DZbD#ALtN(;22cpLV5T}W`nzRA6|8$@TJMyuGw597G4(>(*h8p+c{8z?;n
zM-@78_od|7zAsUhgzgf(kXt)7ynTC+5(SuT=JdXPm~u?A>AmjotV@Zredt39{)1!Z
z3!2V^>}UJg+i~c|a*(TmGMi6e2R~jSEg=&vCCN=S=cviiXxV|Ww`(?Z+ti%&+lP_^
z)!jQL*|5gD&VmZ>W$Zh#sWDcyan-DehQ*;)QHzW~oOQ79twQQI7>#RU_%)xpN1Q#V
zuIT3K0!suk77=L>^L%pp%}E#OtJCTC#<Z=tDTa{~7nh!lV;Lv@oGr#*ny;3{b%&^r
z`$Th1TB=FJ&R^``-aM`CNJvJFP^K2Yb4VL{Ca!r|X1%mpT0~20z`Qm>S19?sguRkJ
zv5}ewHs~ADvM=0dXOc8E5t(XZfBVI$Kr?Np@4d|Y{IpuC3awMm=S8||R}**Kc_N(K
z`$fijOWuPs8CAM7pP8GiI+c*dv85Q<3paHxQ)QS}Hu=Z#w>-dRq=!Fp_2k&Fs_s_Z
z9vkxw*Z5PrS5E16d)>^+Qi)VkEl}hg>WF@&6u}(FGhgr$z<me|hdCDNa5LhaB6Nua
zok2UR)g|{dism_u3omfF!r^f&YK{OEh`$pFa?woNrVK4)5GYJi3p<}yGWZ-!A*1^$
z3&hrpj7nKfSjM?bb&Lp@-y&!2QpcD)2HLkwCMR5~#a_u#9>s3Gh06F#+PAFaVs0?8
z`Jh%Dps)RKO;_ZDiL+nj`Px1go)#(8seTQJ!4pM6VE*KgOkX{k|4F5!uCNev6OoXw
zlK-soX!EPl34h~sN5Y3^>UdQDPygC@e0TIveufW6!ej7u<Qn_0j&0CmMfsGZa^S0N
zj7GHcfiA{3I0J(`w;|Sf|C5<_AZk1snI2oA<8N>Q?HO$2+Meq|-?h!)W#=xrZGZ9L
z3(nSQW~;<Ii$S8ilD2`Z&&4k!*W9O%5Ds)t&h_xzY?seA)1-R6#?<Sjs8FO&7kGQ_
z8LEL5+@`W^A4N$WkaY?eWw_q@J3qYzi;fc#Rq)z(e@4}bt+RnI#as4|9;bvb2+!~Y
z%$XHEUcAkTNRM+KeNN;$p2bC?gBul$<UBVA-tZkWpL?xbG&~t(>JBN{rkj&a+AVox
zsn&DAS0oHJj+%#NFpHn47bj4!xs%Kb=^2{KxgAf~_f1QxE=3$NBFKyV@Ms|KFS1_h
z!r2Mzmcdu&3j?RuTP0rb4+D?Hmdd1N*H17Sw<7#UNfaK(cgI;3aBv3)?_mkJz_)bN
zi+<dF(F8MuCtRq-hZhIIQ|MqFbl_7dbZ`&Z2@h>KRc=NuBc~6k-eY_LDm`@j%cH*8
zvs=MJd1G#qRv7j8PtN5pr>}_(%nBrpYxkmJR`9{~V^75(!P&zBGop^|OPyvKXk;~)
zxz7XZn70=G2rXl9XQ>}@H*IKU;F3i<`J~{n_h_J{w7Eckj59`jc8<P7&B470Vn4aD
z`oe{%_eoOJWw-Cp(?ExqooOF<g@?UqD{e6?W;H$KAGnKBEBv5zGfP6xsF7ub`rNWt
z0z%hcAsILobAeK~0(2-Jy&w%qAxn82D^1{~(5~wE)lUH|7Ac<#jbg(<M-%sPNM1wZ
zM~1xfd5$Hk;0GB#`?}Do*KOqezn|4)t6mDsW?3h0;?Y(vDQQ_#w-${C`fAD*{0}N=
z`n8m4W_BgT%7pFjkkiWO_}|wy(6k+OY+ep;e$O^jTbCc3bI@+~n1>SNZ^GdBuVq44
zB~A&1eb=-hOba1SRI61ydk6+R;bq+WxarQ&R0t>g{^<>)Fxns!QtiQ)kH;kn&~Rc3
zog;DG7g<CED<^#Rc%mUU$6hblqIq@IZdo{M`_eQ>?5MPa^JUw@z%^!;ol6JJ>luxo
zA&2Ev)dvWV%?u5uCK0m;wFg|p89wtdW~asYI~c9}C7V2dX0%aQ(@pxXYZ%DL@+gZq
zeCwBvDJUpTJjScHo}$UOUiUMxULN_@ezNq$K7vrK>S+nbx%hOAN?L}40u@Rg`)f)X
z2V3p!>{8)`BY9aWG!C3i!8%;uz+AE%z4I!sZ%(x`_2wccrtN9RS$bVU{8*9KJ}KYm
zaLzd30m72Wfm@sHk$2sDd>}iC?)OD`Rdis;dxIqPq)32R!#9X$kl{9S|E&r#y}J@-
zqwwwthZ9qP>05W|JJAa7NdA%xGlklC;XUwa!fZGi&9R!6qVQ3JMex13V5)FpuLG2$
z;<qa5#v70;lEWUHMYg<p5&lz_M~IyKvTQ-!8FA7n%AkWzb=hJUp&tRd>AG#P1?tjU
zRIK9N`;AiR2GuX!UFNFYiqN++XoqF&TCq(oksbV7R2(d<-vzh!BF}$c-TsC~vEFSd
zzVm=)UAgr5nvAZ{GabV}Qmyr;={Ca1LqN}X36<;RaP33d!`f@&T0{KtI!T{lY4QLn
zd-{z-fu!iG+<c?8-g7j@u!+=<)0LtS{=vh*(T(;?m<ggLVS>v3XWTVdYSvTDlj7|I
z^4((Q$2%*`vF9FE39NeYlBuJF(LY(_1-&?4zrRqZ5LBrXG|qBzYWQ^ur2D6>tG^NV
zo9|i`dX^8i)6CC*JPNKDdZ`J&%O&h4J0Sp*e?XfT4&rk&cbc%dKqS6Xg%R;fwsm*x
zTX#}XB0q?E4m(whoAKKT@h$iu1_e{$euCGW6$EHyjQ2E*GPrMS+2LW0`=($%?}+m-
znMBu)yYmKBE7rdV!FjJ=3LcpxP(O1_x|+D{{?GlGmjB4or`LUTrSY1wqNG2ShAvId
zD(XJVA2&MZ-Iq6Bzy6@%->z%hJv;Qc`p)Xtp;wZzdMSdgm<*q{T%4yBGa+IlIx1d!
z-1O;?<YO7KBj_f!z9MSbbyC$WAE&HPO0CMwuJ{ohM|3ers-=Nmy$R=ft{sV(r_`$D
z<XnsX?z#NtS$>P{<h210JSdq>3A1QigM)_`UI4f9X?WBKW9aqV`eN;MD>C{3d-}1l
za-zU!D`;UnL+R**{o<LcKd>fzi52}ILT<S{)@e?rDgpiCAscJ&!>Hw7o@KD49|_Mi
zX=K}ATy{<)%J|0<gz(^~?oZAy-5-&pI;?guj!l(aq-}>NZ<`msqS8bim}Gnim{#}?
z%wvuLY=fY{33jqMwFI*hO3-P};<}h^I2kptSxh$-ZqNM^c1T;e^%QXdgqiFAy`-dT
zJC1aji9UU|{qShUw9p}be3&xIHjS%j{^KGOSq0C3XrQ_f0Lv-fEg~(TTl@VrX#A7)
zQf1)`+jd8UOLTC3@_juvcoqHMK`XxVBVi|f7-0~sDw$p<IXTMV#JYeJ_{$zCgu5ES
zq@Z8GIs6H7_=7t{I1JtP^cP}s6aN1QKl<OwGX3Ad{(pwa{!dr{MwkLg`cDoku5@dI
zMupNF*6o&`o3MpD1l#^4?lSmrQ>zanuC{_MylExz%~ju37F!<3ObuzGYC*#W`~&D+
zr1`p1WX3l$vRtXDaJseF8MlUJ*9YL+{i>SS)=v5nwW{S!v6Q`5NAfSKH;!MTjo(~f
zIubW|MF(snl?)EbS%CGL4y}D1tWxrqCMU1=aSLcW#Zdpj{RSQS4V5*<Xz%r;e=evD
zy?=9oNX|8bbW7}|@?%Wq^8(R7wv54xo+xHcSNv+J{qqPpOZN}Xz_x<T&hVOO!e|JS
z#LXLznEy^Vn}5z+E6n}!%Rk6q9^Bs(|IUsD1-4n`FG>T%a*^35NFBjHvk;RO^evzH
z*D&TO-(VJZY>l?(8BMtSkdy3@lP+ust#I?hT%_W6q5d8A7lKF@DYlruD$aEz-F`z3
zdosjA&^RezX!oLgh(SFQ&#nA_8Sg<Qs&2HkwMdiXc#tlHM?uXhxsI#uyk0=mVT?n|
zca2dx1MlA_O`#O?wI)n#V4<)0{pYjhwz=TN_EjPmJZUz6hwFczL;4Jw*ySUsT^edh
z%~kc*nEFy*O+6B?K(l?9+1KK*>Q{H;lKEno#SJBUl(AAG{7lrQNqZ+T)NS`DEld0R
z=+gT6gcjHnWTav3YQ>H^b9;%jTcmX3RQ)6zldQR)ONQH3U2Z(8V+{5h(BkGepHBLl
z9X@?&vfdqnTC0Dy_*Vs|nX?gVo7hJ@TXoIU9{o<a{@m^tqBO0!e9`4D7_^^(j+BZU
zmyo<ko-5Gojvp<sS<>q_79aY;E*%F={zF^B`)AGIo}YVnLS!6t3w;BPTYfqH&smFT
z!xHTwMyCXIt!@{xb`OSmRwK1J()x1g8vakQdfq=vrm>*#KWK)J(hop%Kb4MVZ<c@t
z@prtq#@%+JwmOZLjy)HSLPI}Pey>#%YcbYr9ccB;bknP*-Y<p05eb6BqFMJA!)%XY
zDWos<MV1_8C|T-LwiHH*9V%M7@k+9cIVEiRN`!~MgRd1r*|I#tPt+?^rgf6oOp?TT
zETAi2_}`VHQu1ZpNoOK4Pl^A$VK+I}`Ul3QvEiGua|`7!EK!``Tyx(sYCD-FGpP>a
zah67gRTpj==T&dI3J$~2WgC&f;n*!%$r7}tm4|hsrE|?2r(k+QCOY(!+LD_=uf#33
zW6fywq+=F?(QBf?`p2=WAjiY*m7PBh^+;$$(I{hgijz6mF4nuJTwkk?EGFq_(bS@}
z8Vb@H^hOt2P~TY{z%CX0Cms)!4O-3NBkb@nPGEcWHb160UdKj&g3A|)WneeMoBN3B
zc<JoHQ%R>aN9=mqUJ%Txxz?M??K2il_e5f&GVX7y4g%eQU1=~_ylC20^x`ZwW3?Yh
zr%9c9z{}M8n{NkxA&*QdT|V?A`m0((&d*kMa2`hs;RvD<3V**y)~^$%{1ciAQvnPR
z6EX;F((F=XK5BR$q5bVg6Bl!g2>u>yDr=V2!345uq&O)#*-twcUOQ7RM0(=Z`)SQR
zpu<S6{dP%|$bJIXgWs+pMN7KzV`7RfDQ8aIDh7+nsehVWJgC<2Jrw+)7+1GcW|~5O
z>FP`K*)VmBsvb4)d)jOdHC!4QCfJRlwnXxpul(4rKg(r1LMWgR^3N6g5v|i;!=WG8
zZX?!UXuN<UEX)(zvl`A?Aj#n~?rXGnTCFtL%r)a@IJJp=IZwacam4J-y!e%G$nmhs
z^P*mmu7cB0pl`N7Q(kUbz+n@gnr<k-;?0k*TwMVV?+J?GdqfDSteCnBn5r$6kC2G}
z>pVLPFwLK67q@FIw*C+=C#^IYeTLRnJ0T!7h~S}EVRQr=>a}4!{<dA9MI)}klscTE
z-^v-0UA6b1|A7r|`qJaRUTw7~W3Y+ez<<g~FTJ3*>?9)5qTiBw`Xjx#>qw$)uU*ya
zD2TWTSm3c0qeZvw6z@^*gL<!f9VX=KD=Rv#98|UU?GvKQi--n6ec)2Xv88(A8hv~c
zG;JA9+Q?Nc)L?J9KO|D=ikm`)A6qkMZTPGMr^sI^sCTB3Fx$t%*s^zMZ&IVRTs-cB
zdJ>i4R}93s8-7d6S%G*6s>xOm&HD496L*ikZVW^9ZE)%x${*frO%`e1oEc6vd7Kb!
z%8HA{9aD3@`yWvoMXH_32RoDBr0h~P&D_sRbJgNpAZqJ44cZ@8wLYfRdXm<s=yl?e
zviIJhhynghSbJw*|CRu8BtT7&8D|_lDtGSqv+DfKFXY2(BK*XNkEu*6Bb5q&>RCtq
z0`%SV!tn3&(vog;tGC~26~2KXc1J1dyV&Q7`gu-?y>TX1s;$DvZ7W1v8$gkgbXxZw
zyyHaJ>L%l7CY`dqhw>Opcw<zwgR*~OH2wKJ;;L~P-$em@_-$j*;Z%6(m()lG66W;l
zfgt=9adX5&XOsL%Hth`{W?~!~h?yb{-xl;s9Ci2pM>+)%9Lwvp)mF#Ig+mNz8V#i^
z^jh0B>?Cl$VCR44c+s0v`872_1}U0jdJj?l{npCiQ{Z;FmVZswGVC$d_y!My)5g?>
zBcGg_+|DqqQy2Nhl<gtx&`#w?ETNj|Be2FaN5|2SgGX_T?d_E7;8|6d(dQPTYW*J>
zLi~m`(gM_K&V0pt>LNQvxOiW`h$GVBn^k?QqZNCsoaezd?DM|eI|y4GmZ-w0bIJw@
zaXAb?A@O;R1|_JB3;L?*DxHAqVojQ6R?@zPw;=RUx_DJq_dfS#Bc;aRq<l{dtNnxr
zh2y~IZmNpj(Rq24`^rq7@SoE9Z{GF8*gJx@ND6eLRSZ8yO<K|V#<|$?boVWoW3H^6
zgviJ!+C+L7AF|^97_{kV-SlIg^Cq~aN!9x~6{Odo&T#=KrKa1-5ZhI1CfjElQ}>z6
zQGwA4Zb$x<YeF5k|Hc>PJ6~1}BJw#LWZn2oo0v421y=`uinjdoZn~nYjLo=wzo+h*
z5r^iwv1kpNq=b}@Q;mX`9+XjSHm=xz%BE@b1<;SHA4$rN?8l3qaxnUodE#rQwxh6Y
z`}b0U|Ep*)<PaI*P#%>@-d0;p<4{8v&QgkB7LwBYR+0OHVT!YS8Qh!&qN%NC3$wv!
zY1QQW4_&Nwf~sj@)Jakg5!`B)!~0w}fZRtM-W+|n^&Bt4v$~t^r#?eYbk#bL;IJ7P
zj`h!+J(l+WUv8L{HO;Fhskb)R9YMRz8mw54OJLKF%dnrxl=YlT>W(L36GLJ&g8KMV
zRQ2KXC-*0#;m8~h8P#>drfA7@rY)(ZX!TrFweC16Dr=6NldmiEwmS*Uz-KaDiew90
zkrM|#gNElu58lWc7h<&VbXC$}pfZR#UB<-2ML!nEzV!CJwDx@}gvlJkj2}@}M$(b}
zpZJY|K34dF<RZ-{w2c-)!)crS+uVWknDTI?H14g(Z&ik2qx{NU1GKT{m<P#QZ3EO5
z4oVKo2f7UCwe-q5?&D(mn>?rK{)^`f>VvTrhw-v1*3oL}o)otgUWUbFSCOz~n;?Fw
z^gcf$!Dc7Bu={zG+ZLrAs-Iu0EjNZv?vqU@8mZ!t)~sYW81a8s^f!hP{9DB;Ou<k?
ziao$=bD@X*7#2tmBDm!|YH^yDPQ%rT)il*whIFA#Y0D<Jy{qC|iq^jfttj&^Fo2KZ
znXE~{6ivGB)ms7A3iSr=r5MJ@PC7sIGipblaTBPyA_}azoYP}jO`2!$b39)%$n`7m
z$9RA;`O(h8IhLDzjAucsm-jMJiWZu6n*e(4(mV1m=?=8MOfz=@J6IXsV@~u-UmZ;J
zqVod{SaDAHbRP;Ext~vp5X?4+F}<J6UY89PcBNTs6#5i>NqjRJ>$sm&Jl;6|?7OZU
z<lq^Dp~}Fw(W)NcHdnj{QkI(i1B>RS`t67Wri>=u$J8qO69%kVsc;sOR(+;q?HVj8
zwfPu5ac**fx-A)T4hn43f8Lt|Vs@p(pi$828|E`Sn=Q|VTXir3d)WRsuO%-V?3PO7
zVcOvFRSx-n981!Vw^*_}?9nes9?a?e6UIZ`q)Tr9JH=6D(fM~utWh){MOP(L#ZvTI
zE#D`{lMchBA9^cp-Om@@y-f8bXhwkYqyY&HU%j5mg&0&|y%d|!UOAV(NCi0sIzJ#!
z=g~gXujCgydaNVLtBD^1T4BIArZYT;Y5G+hHalttU&Bm}=(K$9x&lSfhCjwn;r!_6
zP932O+cLAeJMiua5yYq<pl)bfqgOa_8$qC3(07of2@cf1Z4p}@5s@_vA>Ryf$qi}v
z`M&jo;>gTLKr99ikzon2@g!YN6A$MA7@21LJp?*Q@{7jylS0#Px)GbK=5~U=rF;bw
zw&@Hxq{YSL-~Xe7{89ef$mEuu&0j*|8x_)MUiGx7`iKe6AjjU*7(HZ!_}ul7^4|Z6
z=X5&Qo1H7uyj`;CKxrJxjOKmV>p|mtTK7k@{fbKYQURsx{`!2&_i|@|jaON^_WE+W
z((FXYX1%Pc>y^JI0y+<bE^~)*-=C!29mhLl12#uU{=EgjT_m&Fko-_;@V-0S;Bq-h
zW3?hc)@&Hc+y}nlr?J}s_}#|F2D;Ys&My2P*W<-H9*-MjBqTys%XeeX5ARM}6)SYw
z049gm>!GvqdI?0<E|)b^0NrLZLjMd09vtz9)-EaPgI>uKkN?Y$0?dxb?TN0>Gs~>!
z{dN)nZuJw`ZQX=3w(rf9%oWP#errSD1E3JFEZ@^v55SM;Lt%(Sy!&D_j7<hn^9OyN
zljVD!er-QJTByOmItP$bnh(r2t3*E=tXCe|ZdV0il-~S`O4y_gJA`DvwSPRS8Ar#@
z1gs%w_=)jDR?z$+z$gLs1I1QV12p0w%Fl0yiS(KeH^(im=bN$QqHsU10q|%P0AKWa
zf*w!;(D^<=4itSw2FDxr8Zf{*n1JD=>2db}imgn&h7uqiK77#M9!}8px>mNgzlgwR
zaz0*!#Se7v@9Ps_j*p9bpZi(EGLT15Cy7y);bg@emH??lwE`6hX{puC0hm}@J_rt#
z2viif^8w+jueqqGsB9{$)z0sqA;{#x*Wl^~t0g%9VBB1Zkwp5Q6jJZI4ZsUlD)oB&
zV38`FfaQrKWD`MAEz_t2(3?;!D)7MWXlihM*3Mfv<jx@yTFp9h7R&ic2JPl7I&JCq
z4~1|C3t0khS15soBWzP;a)_B((}Pt&OcD(6cB>c;OQ5mb?&Wd!W!i0bEZtVi^w8t9
zEjTb=GU;Y-!T^|WjKL?mKRD39%AE|uJOIR|w6wH#qwNNO_1>PWgj-hq+C(lDSWY_u
zfFda=WXro$n|9xc4_Nb`9r3|vgeS{Qm%v}D#Dz{~%Lt3ZB%DuIiG^#;rr^v{naw5v
zo4ES4xnC#Jsbi9mM46KMJlPSWt@=F)WS^Y^O9$7=Aq|=k@Ks@fCdNsi7)iSdi&2F}
zbS(SjjO4gfZ>1Nn>v=A$rL_!@<Jkr1x`hsghK2yQnwyieKB@*mbSzORt5gPEMf1IU
zf+5gUR8Yw3TXRGIplJtp^L7$hGKiLnk`myZza<6(T>&4go*%BW2j%V=JDwDTPG(9}
z)zse6go1#j5KISXsR*S=0v10LgN@5^zTj=aE|cHMzD8>~SL=vS#iLx102l;VjTsPg
z_h_oo!zf^4D8R&*4<N_OozeLC_>DTi5lDatY*_P7{qf`Di6Em!EhvnLl$6gD@?Pww
zSh*yC-(`Q&2*7PWAN_UOdX%5mbLA@lcl``6v-dra+yvxeX-UW32rP!2UMUc=Xmt3P
zM8w2A08T9g_=e!rFKNBsfG6;?02p<EJLSiZ088!taJBESI~HitQ;A^(fS8{zzERHd
zhlUJ&0jB&GfERG~0s<cYXU2b>qWj@`P8W@k6}g?uaS!rWVE`RS<MVj|!ZCow>0sKo
z1I$cT9THj=qvR?41fZRv7zB3#3bM(cvjJj1)9YqozRIAdr-y89W^4p1Fz}Q?t@6!9
z<lrC?Dv!xn8o>Y7S}t4w5o`g;>Kf;Jjo8e(v%Lj4@9{JatVv{Tk#s;iFmZ8NtrnSu
z1T{?A^t%hP7ZXs3C;X7$?l@`Wj*rd3p#RL>Xr%l{($e)85E+XM4)n2ok#XwC$1knm
zE=xrs`@W3gKIk%H+N0-yXm?Rv*N%gF^I(&Zgyy@|vIH{yhopS%+~?xa`;v-wjRtFN
z!1PYr=2I$?fFrax?sw}!0+f*c-o-RPu>kSvKlkAGRl&Y~@)}6f{#B(pJn*?y0?NbC
zy_EVs4JKa2qK<z~Vb$mLS*1+l`GGpkzrhN;YWN9KoXKx9Z>uN|{p27EDiQ~9-&Zcj
zzEvM(^;FoP42=Be+~IdR=@1iPvzEXhV2iDRq-N1D5c(N2>k(7IKrTy}&sW6tYOpj~
z2vns01iPrODq_Q0uWKsCPQNnh!u!eIn5p$EFppQGrSHl{J+n#LBeB$wfS5Ua#99Ke
ztlLwcynip{te9S~Qr}M=-G*a&6}uYt<x$YLFXOW8;$3v;67lseGo8p026!(3;N!4e
z@1&u;y1N)*BxE){I}DBu=mq5A_T}-^L)2Rpie|RM=hf|U2k09>5nuJXT`AXYskfMu
zc?_V?m;<8M{rVuZB7|}kY9AIB5G4p<wgzD2l_m!hZAwzFEBQ=bubr{<B_J%mWt?JX
zy<8v8z3!yiToLMg28JYNHiZC~SSp)M`5G>0x(4V)*wb8bCn6CHLN;5hrCwYGxW$!O
z4R}}$l#dWv6|I^j4l-skMl2s+Z>6K7>fX;*1rrR9A`}&Hz~<#+>$H)$SvPek^s~m7
zZ=K)OYm8AyxLpA$hnPMaqX91c6Ub>mmVHwNvGIt#I$m<Q+MD<+`3%Rm-d-tddI)$v
zOkg09YznhkZwSWXg8X|3F{k6*&63U9d9CTud{s{{TE*aIy34wc*i4Oy?C~%Se*qxY
zGHg&tdHBLo>6|#~*#wKy%5UaG;{dnbV`~+YQ`WNi){(mmjIGqcfu8Akfe`Sxo9Q!K
z7VHzgPmD*W22>C>|MQF>)e3^EbHLBV@}Y?(eZ7UN787{zR^RxNa5|bwN&N;A>0-SV
z5|zK!<{^+vza`$$?0oAVa$0S5tE@%iz5BL5nLm=mxCSf$kVz}y#;}QrQR43&4l6qD
zHp9=(&VY`nvE(ngL2Zgi#Vc6?{>HNRPnY9P4Z`rKM4whkNpNsxij`@PDH)|xm<2Sm
z)CW;!8;wT^93=sNS&stnKiw+*zWzu;kL!a#RDstgz;X5h?k{)$wg-qqgzv(XY%9nF
zgR)v!0WpmN;|VYWS`f+r9$>XzR#P>7eR-}TS5Q=JuvuFzkR^S$`nThR5$Fu~+bPf`
zUF9-crWtJRa<Ysc30~=sCglTU?+B!1dGTi`BwE^bd6s0|`4g!4_I!Y}XXN&10Z7Ny
zhC^|Hs&s7a7Xk@h00k&yK$jwAm8262)A%iz3t=L4fWHHhB^E_F(AU@Hp1p!DY8c+1
zBeAD9jbhFKL+~pq2ajGOASIXg6G3_e<$IrLIn%>nQtyzQ37bM^Aa?<l4hqUG-s8vS
z0oe5`XCP<XbOT{B2eiC=Vw4c2kjGL&)0{y3;YS=P1)&1G{ba6!)V@cr$@|$|sNX5j
z`W=rsG|p<B#ax#^d{y+fvqrg}OeUx)p;9qS&J^x~*pcB_M~qsg+4_U%(mktBz~fcn
zB<#;ukvGEvuq+ZDL+{umt`Z?oSSEn3qKIAo<0FGipjvH}FzIq|Zb>CK|L0_2^ENYp
zTXYrV8)Vx__5Oog@HqEJ3JQVftmI8$n$LW9D9g}szKV3%e>#2NuKB$3EJKT<(|`Sn
zsQ{Yr?df8rlt}{-`fqfx_;=vndkXN7xs7B%_e?Etw|C#4-Os4%Dzm1t07!l?sz6H&
z0ylyPY#>;2!|!ep2!=+yY1`o+)RheLpZ}n(K&Sf=fVbAyAas`Lyk73XsKk{dMU@Dc
zp-Lg4V*%11mTY*kB-GxPiB5!kUlk<%Kwk~UWdGtxe1W1W*cU_pfbR$L?N_bf7xWRn
z?#)8|5#B72gn=~{rZfm2+xHH6k9@d$Rj6fsKnxTekld|%j$_oN6-!hkN9!r<WxL^9
zLQeD<qG%XpfnXR?|6Y(80G%`flnUP|kr+ojRUzPg3khNkLlu21ugQ#pbGXvN_JGLw
z(gaVWv`35W%lV!|KgU$*&5+%v53-iWKvAQGn-Xp+7Csyz1yNA)?hZiEb>}xaqi)8l
z1KZ>V+i|~#XU0#3I2FDNL&p(O2I|Le{f(~QM{`TgagrDsQ3a;XS~_FD^I}{J3C2);
z72@4fc!pA1%KE#Q%zj<prbH<Mrm=y&^RCiT=^CkJV<J3acBxhC2tIl;O>J<&6u?+(
z$;rv-=tLQ<%$mTdC;a&FXM1~N%D6_Ery-hd1i*z0{U=PPXS%ipT6Pk)BhgLwkhGY1
zc}a$mSOUa*dwV-;vs6MuLm__jn)QHX-N_(86JF;WC&{`dK=KBPhiH1m90A$@@Y?P`
zNoX58ynH46)=o&XmtO77`2}e*EsfTK5UJ@`%W9wl%!xZ*wg+Rv(^39!fmYR6$ls9l
zGaQ%RPkW=r=k;ZCj5Y$%9*$86j|^T&<hC0$;dCaW_TK(`w)IjyO57Y!tcEQ9rPE#c
zO}axTYzzjXaBSWOlYb!igGQU}(#Y=X2xitRKjUDQrh-%+*VZymW2FiSRtjPW0Ndn-
ze^~W<K~)I4@F)ZUo-usI!BXo*g=pCLykW9~v>Lv{xpH=~-`k>BBF$Z42_zz)oS;{#
zjU+>M0FjswHl^F-=bWq1jrJx4`byqeeKj0JcMNg;X;fo83NhQm`Zy5f4@E^qMNZEE
zR~a!TB;^>w{-@XCJ4B70Sz&`#Bl4+=Ty7W0f}5LA!Jimjf%lAXNrJ|Tz10L-)tp!P
zT30h}RD>fVy57FNY`T!I1b(cW(3rXy_$>x!>s_W?oKRfQPX5ffr1}O1u~dc{SJ}5U
z^@6@Cw0L{DqL)|l0G1~#27MfpaJ{cms5#<BL65!z2b!NYP&Zq|X&K$va)8VN`FP{^
zSC<p5G^z6${VK7zKep_pDkW#C{$1Z#Q~SQwciUk=AsHDNQN|-Ygd4T2SYN*P!~;h-
zAj+^wCNZqkStJeO{(KKTxrz0Y9D!FJo!eupKa$<)!w{fOvAAEzrsmy&svh9Bv#>q;
zhKq%twl98xm;>O#-iZ1V@w31Go5sX}cbWikLHBh;2*DlTaCEM^($L|4?H~{TSUTNy
zqV_;`{mOw6Or&Y78?1Zmjfw}c_V=i*Q;#sK@6dF;@3*-!7{Hpmk4H=(3YDAvDfkYC
zPt;1t^nH|1lk0(>pwrL#@O0PlpoRU<1WL)=0NNC@mw-<aM4OZC0BMtxN~Q?&c%@bo
zQ6D62k0L&gG7$>4l~7}>#R&@I<nO|O=R%^?9$+fPpQV);kN~Zfs@KFIvbYV%X7#zE
zRq3`r9MB5+D{dkRfS9A8JU?*IaF4#l#ySZZ6Y4p~sRN^`edo{Bny2|qqS;4*SRCBH
znQXS)_{Cl%DMy~vy|cR@(;Kl)ct;G$K!m4lD~N2Z@XcaiX^<O#QjSfm+!fC6M!>0a
zDw<tRqh3V&)(7-OfzAu~5w-7Xxw4g_a=2f+qWCE{vwz?6$jXKhwL(Xd@T+d+fTyt@
zK}qoQ(xk4PD(4ZDxN@4cAmTt|yIB8<!h<P;T^3*HG8G1h#jKW3psaF0>rTK&h$<=P
zLm8a~YeC-7Q8DyaqPnUly{f7Fdow=IJ9LxF-d>?JX<N8~B6y@0m(w5;I-S;coT(`(
zVcXKFtShZ<SPTI*Qebd5@Gf74vwH=UVA}1T91INBKo=H}O8HT#WHSQpaB*=rul^sV
zzA_-Hu4{XS?hvF~MGz_J9;8)Dyg@)Zr4f*ZL8MzjkPa0TBt%478b!LLySw{aJnx^6
zzoO2Zv-jFpt+ffbCxA%G%QppJ;>Kd-iZ#7fkI;P8MteL7AQ6^M8^H*`6g)NTTM;oa
zO0s!4z2VqT5ETYBUS-)UMKq4DQH}IJKrgWDNRE%EoOU5x;0+Cnu18{(y>j_QUz`i;
zuJ8Uu(^u;_hIc<EFi8kGZj5n=i_=v!x3sK$3d}R9{&%zKN!<wP5(~+nbSZB()@oX6
ze?DRU>o|oxEH<V`n`k7a(>7wh!4dQPhjBed8{1z}o$#N%zv{0lfHI9ZmXah7_mt;M
z`aE#KCT-=Le%F?G&hG1dx6UdGSv+6lAW0*7sF-+vpN#hXjjUJ?y9PRsuRnbwys}-N
z-8MFPV>OKbt(li%0A;VaJ~uZ91(QuI8OQxu)k|(0jPci}_pzEq?bb9z#qUI_pLI5S
zk55PEiOtBVldJkDI5Z^1QPnx^h0&xSIX6MexUi5_Wf{~^r;M_hHHwAjPfB|a>rydu
zA(TkHIj9L1OtZ1|O?lm;MT8QG7mfi|jpChtS_Qdza^k4#mrZAY+m<N$DHMvJ$vuQ)
z22>lm5Uv;K+K9x)9F{dkpZ$!#Sgn``_f8fKNb>|%!oKH;i8CnV2xwBwg%zUIO_g%k
zt$)&R)|xgG$SYR8@?ZP*1Bee7we{=M!>E(t*Rgc09s$Cm@nThvxEqNsTGp8Lf@n?E
zA5e9T?qHEwr*b(TFo-xX2vS=iQwg00|0f`siVDp><MTW7NR>4%7nQ32;T+z&Ote@K
z8A;?b^Bo(z;h6C;zta>d^~cWcE^Bu;PLoowXke<eFWn*|B~}pG?PsYYabo5t(6a*n
zLk_f<fBW_=HY=9+=CfsFZUX@D8x2c6In#s5pX&6g$uZ8OTeGqlx9*$JH?Wv+H%LtG
zKPpCxPHfX`+A0b+`b`{0dMcbvdK-Q_ug7KnMORZXK-K+7P@|t#I>ac*-K$DGy{B;r
z>nNW_JhH9WM*i2lJYyFPsdMAw?|OC$=5bjxs7UGKquCgRIbg61Eu6hJt1Q1BY(9GV
zl*+wKq0^M&%?<y}|B!<bt5}+QRq3O{GY+d&>GXwd_1@Q~qay!gM)BD>N<St0+>~og
z`DceJN)1)feOI2$s7KK`LPt<up91}QiK2;mwTFOzhCzw&;?}D_GWI1^*5*O`+3HQ2
zdqKEyVr)|gir)$u9umlC!mL)FMmlocHA03)Q>){^6Auv++8|SR4^rdrgwJITB|Y?7
zcMoZOuKOF;>wKrKdMtm?Q8ozYOFrdNe0<3N-s-e=?F|}WxI*j6HGQUXS~5BtwST)`
z2Amd_I{0R^^%gLU9J@Z_$D+&4ef|11G>5-`#IEf0>=}a(HKEJG-vFsuuDev?DM?9q
zL1|Ln!cS<Jh#VF5>=;+xC$LIO`wbT8lC7Sf9wsIvgh_OR02vt`{>rd13`DHkEzB5r
zf@`$FQBOE1F&Lq!Ffs8gAfA3R$L|e)Pg-o*9Dcpnrr!!qN{)V;GVSk||IMh9FS(!L
zIBTB|WN6IR&EQdd{h>LaNXFHS8T4;@%1zSR^glU1Y$?o!;(c4+;{=Q6Z@u*mT5mL6
zV603&x)l0X^eUK`e&#_Yut8)y!L`d*t`*OPSL$koLDjs2EzUOcWnkrS$n<_&#NseF
zCrtnke?^M}r=#?cQe4m@r8OZ^BmHhuhpf)8DIJ`;?`(KVCHbw}93DUJ%~6VJ>hp%)
z$e}`m#y_*IF^x%%V?U84YHDi1CUS{TJ|hySc@3Mi@6typ{@et}K=w5+ZwUxb8-Z<X
z!ib$TG)aNz_N}xOxK;A|_hG8a-k|UR+-a(IUG9Z~3LSYo?ceH+(Jw(n%*iY$xckHy
zB)QO-q|l7GxDu-_CP1m0JS*Bg7dl}g%9+0-Ze-qlv#5~vz%}(X0k+=P$C>0j&p3K-
zv%IeM*lAB4AOJ&Ek-6-L?v#K>PV?9s-R*fZ;ly>x=Ta`C$<7_(T!jS#lFT6+)x%C_
z@5XtmTwYc@n~_Du<$83gYf`Gb`P1IM{<5lZ8eJNG%)fP=tK_#$*$l<=II`a*Oe)3K
z^vR9PZA+dOM?Rq<ZA0=m-|J-y^VsViC(ETs$?ORYB#QepCoAb5s=iIeDy`Y%l6q(E
z7^cy@uI7Z7v4SPezVJgDxh=;!=SlIGX6Y2W(~qm&HBj)X>_jKO%YAn<^<F|!>O9qA
zu-wPV4$m=j?KlyVH;+af{&KlpoZtr4Tpx7o*06t_JSV2Dm`I9!GQaEH6*^t%wi>P<
zx#{`Ic51!lPM%h7C$m)Pvk2K6OZ@!ysnSgUQ@B^K=&~}WuEVsXUUDnb+&<2Y_vAYa
zpS3d?)hvE9xjdZIZ|7d5WpVPo@vxG&GfYOa_Vm$lW#BCtN6#_u<(%kg&yEF3Z?hkS
zA|DK6r+nVr1e^@-yUk7*#L7|A5^K^On~E3n1dp%w3@>ldH~bW6sPkSO<eu9!2z=bc
z;F<h%<Fp$nFV(K%;=+Qo#}*40*Xr5vE-ACL{H+pvY}%-nnVA{bP&7p96Yuo&^t^T#
zR2`Q?!)Dad#N9w&2F*}Rvb+&{=D_piOW|({%XxvF=<VwjAm$>2vg!Ww5Ejm&%T>>S
z=@1hMluL<Spw4G!X9LaVwY0My_%Z;Z=!|c5%u!#dRaa<eC{Wb!uy9akqNNL_hb-Ry
z12v8q8t(g;SNq6FMJFRv?3*)^@I9lSaCIvv>U4!Z9zR<6JsQRT{?o?8h}-h?JY#Qn
z9?p+lYYoIWt?}{Rp*1_j_MABFZaZ7FZ@HgCXe$14Z5T-L{h-CJ3?L5YFh;_l()Dw3
zF&P!%c2MxdPiM?G#Qe<|u2ct{f|QjNAc*^(9;}a);*wu=mgY9Gx7{+Qe#~`ty`sLj
zWWN&EoPHCjn<YAjsULJPllvV8N<e#Z<`VQ7!|&@!O5+`Dj90m>YX9tp69yDptBz!B
z8Eq*?V==Eij#{>?-?QJu#Kf*71VTbNk~RW`P?NE|0q95u>&0Vjn7^OuedYq0^ONh;
zq@lqCnGL2hcSUL5%yRW+2j`LA3Bz8JFgI|;P7Zt=OD}Kq^E8F6+ez!G4(xB~i=$b0
z$xU{ce3E}yQ4R)>pu^ZtogzaGetuus)@VimXFLn>zdliM>#-b*O#0kl=eHjDc8hIR
zV2S|`Oac?=+l^%iV%q_2Ibt3l6zjckIr8<<@=eg+l|XCTsM<931RY!E^30{`<$9Aj
zrE<hPNJ0o*R+8Eu4&!tdVM4NOU(QFYGO`+uD0j_J9X$lfxz<7qH6ZS0i}rBqfi*?3
zO+qeDq4kJGOq^JVvMYmC9T-52<mQ<iH3)X9uH?y)1UXS4l6y_=ZY01E0ApL=fHiM1
zZDeCW9&`^yzs_#pp!<4}V>M&-<eE?u(=kXyll#@umfJJUgj9D?7ooZ!!<t9nJ@soX
zwbG>6`{J>fQG0X85>BZ=vZcJdySgMkX3MIIshedY1JE4@tLvksj=M|%(~m+|-3KbC
z#UXOq*VAh4eV@#s#Usf4s|z~D))edJJQ%(HkleV-uyND}avPl5e0q0L|21>fXcs;U
z>w*a=EiElG0+NzGz~K4xj&2n=1J&);PU1+V$9E=Bd-yQ0T`fhJcpEGr7&G(Jb@{PJ
zZZ=2pe@9E;O~w5lt8f9?Dq3CH2F}9QN`K>VRe};{xpwOB-J}sCoK#g-ep+U8J$!Yv
zoOiImsE$cU?8RJYRbr%KsL+=v@n3-@IO0{HRe_@eQ*mf@S-Jm&hlZj^@^%5~ku%Rk
z460^GGyaPT&$_NmLM`LI!5|z~H3S{j99}Jvw0XawnZDcRyTNzr3KQA{W+^YhJEWN8
z3U%Zd#5Hm<*+x!6Hw;N$)uM{B`g(daK!rJ&nfv{=$HITFI@A1kXMX91Ps81k7x1z~
zDYJ8O>Ml-fpWfgZzcLYKTP7v4Dwb>+^oOtPkw6i%!&%W^Jo5MPW&kD^V>X?x7<(K&
zdhnnjd9&`4i9P&?15Y7BH$+p)uAx3E8+J<`H=e>QS&T>cWq!4Dn3(I5#?i;8Xmohu
z+4K}zF=rqUm$U_&mS^ATNxf?s1#f1AhF~RLiiUlgAf?eW>THqBsaTz}C&iJqufAMt
zHIgnpDyYBR<UaP(xlOm)9FL#1RTOLS@B2VCxw-H=UZ{M{e3(&_HJx|uFTFuXfz#fs
zaS-t=b*P0a#tNE5-ZxgvZxIyadYwG6ZweuDIjob`oL-m`B;(OM0|^QfP8{7fWEfFS
ztAku8!>13Mrk&yw6BFa(mqf^RB=fEczFP;YE#c&`h+a^FD-kbE$$|6be8u+dC|sUo
zs+*J~PcQN|dqdI|twfT&$}i%*iKR%!EdyBhUlDiW2DGS9SXn7+LNRMTbET!F<-<zd
zc5VpL2&W#L>4*6ie#3WO(}YXDm{V5fn?c>$_JqMm+dCmJQssV#6HbWr6(vhdj(w8)
zsWp-o^H5>ozTvc{XpEf6w2V_RfU)UtN_~^9SYx|a>%Za)jq0L>+Ne~T+5=gc_^|N4
z_btDkH6>n&nd$B8V_j8_IGZLKcHN#)NaFtz5T3<)MClk1;0Jn8XgSmU)MBTTz32TD
zLQ2x$WU8sEDsbju-cyn$+va2<16o*!evNw0BAG{j$A7Vtai5sndWnU{-KhZ2+hL;M
z7=~?iXKmGC;*y}Ix^0~vK&!gsH3^#NP#5kK#_(VVMt)PQo7Z|OU6)^BlKdd{22nKq
zQh6S{)U4Jx0^OQL&s~8(=TIA*@l36L#hCbkkj^CP#8Q}NTu$b|5O<}#|Jr>lXC7*i
zv<mfb_eu^Bg;VN!KbeGjb$M4i^tuy%bhw~&cGspyelDJkV^B(uHO7-#LH~)N6Iy{9
z5M(>E7+`m~<@&;!H;*X#`dJ}Bf#4(#<uiNiwBSh;)a7FIr>qO*2tPUXhAd|(baKw~
zBkm|>8KyL}8Tm&RX%f@zR}Pn_OJokNaYwcYFQQx7Z)V(PlwXO@ma1n+56f;ncV$ct
zV<tTa9oEhB1WjbCy|wdtc1*a*VVKG-H;XtC2C!#RQJeqVj55|ba2B7ZbZ9?$vUkMa
zS{_S%zYK$ziBcT5uvbQY*vn7FRq^;wO*8)OcEUe%+{?l51U82<e9GB=GK#zR{@6*q
zcF2VfJOB0W>`19qR+8vLMJ1)iXYlf(i$t~Ld;oq1Xo<~TTkT4d2+`vEj?CQ$i)Q9o
zOc6+bGat=FbsH&+Q@0EXM!;+a<hf-QATJwK;+BYOE%@!)J>uzr_bhT}@hnYSdZG93
zQf0ro89~iUb+{ZWHe+_Hmd(XS%I{2cMlN~!I><%zk{*0BfNY<UqSQ2`JdWX9Wj)Me
zVjyiH-BjAwpxUW_@N)!eod&}lEj_*Pi@%+nEq?%nXFZtF<^-z`N-2p|pv?_^Wo%dF
zF(GOl>TcF;zb29UnaC!>lOVN#F4;~e&zm^-zuZlXK}uRnP<B0m^aHk7AgYnK<nn6%
z%x=rY5{S2*^-dB!Lo@&N>ScZzMw*J&OQa8>8xL4sk~yro(cHWjz;J_k?fUi<%YhVS
zcYa;ogk)F#8Ul+>D1^k6c@>Lp;Fojp4Ch7BPD@bzrOBq`uk5zonmX^pk(w&+y2Xu7
zn3Uk+zOgaJ*!Y*@&8@}M9COOwcW7n5q0Ke0ZayT7#KMdgTV0A2Ur2RR<bNACJU&^s
z>PoFD#HND#@uKT=FI9X|YSVM|iP`0sPb-x7>Ze<cFkTr`x2<Mw`(pT-T0g>m`nI+U
zDU?L4!TVcYNhze-fy`eZQ~xyq5z+S#SRXq7{@pt`VDDN-nwNy_62uDD1|8|m-X)HV
zM$<5wnFtqa9r2jD|Eec?T3%WjkvlQ2DvU1z63@TUQL_~?s=I0%<@Mx(f`YF}JEda9
z7(@ILL=>9}Ow~)MX`->MwTVg)9rU!QB3+lV8s8~h2JL4yaYX<VXNHnTT2>M%NLnF9
z0h1MiV>DEU9P21DPerTOtt#)9;vm1P{9Bz0ADTFh5n*(k@cbe4ZRN8`!?`Si(YuTN
zyyvjIvhChW$BF6+=UJTYU0^hDu6n>^2@p<DQAvvZ#t%kE!Ck8z@9%eo8iQT{fAF_z
zZ>C~=(X$GSgCI;vUQMsFBmR@@eZb0daq^;>gsJqLS=UwFHzyR3W^s6P4$se2Swldp
z{Dri*8LaBs^!pB5Y&>FqPFL=XmW}J^S+&PDfatu|=iD!G<4RPnp?F2ja=TB~Mg&rc
zGT+4W3w9D9>e0`?2^y-alb$*A1jtU~F#G)Y@xye;X#p*Gur`AE6Qnf085VYSEPR$*
zM_X1e?jQt3NzVv=v5EXalmfP@^w>7dq^E&){c8!L=dUn_A1W&1<Wi#q1(83I5u&>s
zoSev=nKR70gnwL}o$J{<^AR@L?$Up=Cr+dK825rmi)n^KT)qVnQnRtY=<e&oMA=$f
zR}*Ij!04HsKNe26f6@x#W3=cdA6>ULE(y|L@!J*&jvX=%4ho7BQNYZUEmtP}se+)(
zM$&yA?C;0I#cgkI#|(<AD=ihMG`_<}Mn-G(HV-LcR)mRxftX28PoFZdx3`bwQ6uHU
z`b5qcCvZ=RV=Xx(1oxhjQ?bN>!Cnno-p0m8)CA>JEW}5rgiL88o78(ULzA_p{9GBW
z=+5xqOvPCAFO%9MO`LknL0z<EGZ|rbbsSP~?eBZ)zv)^}8Ax#J`pmNsmh|~Od0)PS
zKV!-c$}srU7aEk2Wpuux^Zfbqt0mPzN;iq$ExDrEu+(AS66iR`_t4)ye(!@**Q&)T
zUB_GIr556BtEZiviAAH>&H-7zzP?8{BgEeZS)faY*K*};+Ss@2Z!?^{&X&@|$GPst
zLa0lI`&eD#t*SW22xBj~>{7{+XtuA)d$n}6;D`7@Ob<A^J6%zg*A{=F)*&#23|c;x
zms)=4a}rdg9*pSA5Ov15xM`)yJVA-HX1O;^LPOAbqw5zfJw4_QDg=evVu&Rt3zoTW
z{2qupYXiuu4<A1Kj*+>oLtv%BtG8Thth6JTp4WCG7(IKPOFJn!8KX6z0sU}_(UVh9
z^jZe$aV(pjYyj%fP9{@jpmco|!VAsfMCKqXD@#LyRg|CKPV?}-JW=#*whs}}*ZLoL
z&Iw;Le|6r_-9|zCDj`fDxbZG>{v#)A*W8@>U(8Ngz5r_l_PKXNd|WS)rLqp14aW!@
z4N^O7tU%4S%N+y~(}bU=7iDB;`es^8RH=S9nw6C`bYW@=-6pC~|1$|Wb+4N_MLa%M
zxZ-;Z-A(nEv<V2?duAN78D<Pxu0}OpLf)i;T)|J#3sE$gLtm>D{BAzomPeexUj8dg
zKCSe<+&{HteR}WkMZI{&!rW{kdD|(R)WwJn4gJwj!}+Mq;SzeOgAvoB9W}rC?<W-s
zJ95rmFAewm$}%dC-5np<PcsXmza80lHRfe_aXz}#pP0LM3*klOMo!nJypf!ykahb{
zURGic3YjvOj&&5PjZucM=H=x*+q-5}$vaH<^U7oWCQbO=q!DL}Z5>tF7iXo_z+T~!
zSWEWMX6fFv&hwR8^Rsr0Ic{!lZ1UdnpvY%<5zZ=fA0ms7n!0b|YVN$teD{y6Bm8fY
zwY!&+HLh2kvePwMQ9@H3u0Dx}C#G6PM$DIUJp#caF0QU07?s_9dIeCzDqlXhQMv7>
znJfG;x4u`Imd0p#S44#R^25v?`l#4cp$S9Ku?a!!y<_f5*yPthhmWdTnPRHx7;*jK
zFZtu*+3G*rMJ}eb%aUbb7qt3)tW1h)*OG`OC!hjy0q<X3t*WeC`U6hYRr&n#Wd$+=
zpSU1S5uOaff`z4}pEyG5m3L;Ccx8pI#HcDRFP?pyf7T(_d6Qz=u&fAbmAB4l*T6+-
z2yyR6c{wxKea#Wn@CZQ8r}Whnw!8q-e$FBQGEa~WlVE4=%$Bycx3OW9o|!3X9U4@0
zXr!?WTHe^$00PYbOvYY)zV^ceg&z!IJ89UxDVdRR2O-52(Aef?Yl*4gxU;k462#U%
z!JpQ`nwlmdD*87?L|s<a#Pmj;&hqjytINrp{1b$cuC8tmEq$;3--hSGQBhGfH8t#I
znM|ec2l}a?dh{Un0x)CVr{#W8#OStSe({XU%j$M?`=?x~GneNrR-<+eJn!z|9^Kp%
zMn{K*9q$+UpL0F9JoLX*+7QAuK3`V%XG^F%9p7A8S@GznYjmBjyF9H^mqiB`UW}C&
zXTIMSWUV0Suv+?w3_jrX+*wkHSsJkNiQ*pxovzw_(-7i*kZ=H8XP~bS0f+xmYhaWX
z+V}MIlz$Y4_=J!$2X_Gt`_<=tu!ih`Yzd!)#3`^h$koXaSDexopRSirW`D}gHicMa
zXz)D}wp8bIOlB6LR8j^}6qRuc8DukfIXMI98KNO3c6s6Z0qLL088AzpaW{5obo3Ms
zC0C_?k}J)#pf{ivAO|7le<3-uHd)848*qv|p?NjNTH`n=O*tXrQi?ct2s8Y2{)=tM
zXql^sIbxXBOh~L5mYpEN;Hk&ga`z9HMZ0~2%7~MyDu$F9>56{ohz9AR{c|&cD&iPR
zyUruCnu@NNioZx{d~)==H*a205Da7K-M@9wgM*)tkdP(mf8oP7b`=eqyf`RF+%+Eb
zKOgcxpXc?5H_9&}a(O*y3Sb-@IH}2q@xIot(g!Vf^26}E18M)=*`My=S|6_o^dP}o
zou9uBF_imm?(RjOKXcx_`>f7S>JvXNZw!l2?bg7+fU~nROh<wWD2jzxh3R3BB=W>>
z+%SWvn~I7GIF_(%ZxLE#-l+Wb^~)Cm<P{5l5D(f()YQ_OloUesV$mZS(e&ix%IL?Q
zo}OxIBn_4p7RcIdonX1klYLvPdJcrGE3W+wQ4?FTU4X7VSpHa~BqWOeKrsWpCGe6}
zMuu4|H#ax1SQpKt_BW$d<!(<3^V1U3{fJO(>j`TF-OKglsr?GAXE$)IYf@{oXV2XY
zomwqVnJ>)U*7|UlWG;`pjPS}_7S*Q6?=Uhj+~ML1(5gG`aIA%d44~-j7r@~Y;>|5A
zN<5c)Zy5{bRaRA{9EOc!O3|T%4a=N`(|jmuKHEQc)8}aXqW7xZsL9S_(CJfIS!qT<
z9AfF#!*`HBnw_c-M4Rori31-*Nl_6)D&WJM11*9p834@HP)->96_{J1GU$bQ#H0U%
zNND))-@o#Lv4YWz#U4QXGl#>&!y(xV=<8KjK<AWOe0?9tPV9te7G;=JB|WWfh=r`i
zVVGsWpBnAy3DDv^lJPx(j8qOD$&Q1)y+YqrcuG20fGzM}9L*b~Ip&hw{rjk68WN$S
zK*sN*o3dJXnfrTtTRJP7n=(pvW#O#Y6U4;C3FP|a9z+eu7HaHEab?ZJr=_ONE7at$
z;WaT_4aTJ`FF8NQVSe9EuKh~g;x}@kJ=#U6X63ho==d3gS=XM2Mcem;_!&-b)=rH7
z*$o5yD`}_h@_e&?^26*C9BX6eReA?AipA|!Kj+iq|BTGEjBtOdMMB3K&XHlQ&oQWX
zQwDsi5WZ~NpMq*u@T_772Acwq*x%oGb8~|dh&8@3QW{eIfh><WNs%}i{m*zKI2gxC
zK>StARlpgJmeh5YHV6<P%YHrM+W;*;JR(B&*H*m~!kSM!coZUBs;b1nih2M3{R3Nd
z`sj_)IT_#GyLJ%A0^QCF^cQ&O=`#Lm8zG8DJ2S#_!G>+f)F_N@F*Y`gs$g0EnbGvK
z6qG6}x+Q=V506h+m}%O=7#4G?9w!F}AH5<cK0bbGl$f}<8eRlEKAXR$$YhZR=+5@4
zfBj8${UXgmis*%d?Grr@$8?tzBPXL8pL`*q?bk6Ks;X#q28L_b?hF48uY>h2HxI#H
zeEey$SlmtsHXW#6?x{n`QxLm#%i<5lUedt$cvOYGqhqTM-K5p4Qm8?mPzsflaQ|30
zoMApSs`fy>^94-K`F204C!B8QaTcthY-)mzj*czQgEiW*;^VDpIZCH$CJmeC&+8{i
zgr^by-JUu+)MLpU<2h80>|f1&Ef`=!wi;Euz{YgW`?%3Ilo{i7DU6`oieh9P-?l*0
z_clJIIqAt!qM7%dtgBC9LvY`|4Ov}}vm@tJrsmexhmVV@8pX5}6q;eqDB|bB!h)z&
zgGyv>?rpvGwYBbWItEq+1qFNibr^RyWry#7jCYHU_HJQLj@ezx8oIPR4Irg=PQFlT
z7d$;@`@d%yoF={>No%_DJQ6YPnRseVeAw#I`H4u);XwbZHSyvwIg^{4y$y!o@G7tW
zal516F1?6IIYjE}F7}I@<Z6O~uv7ng@?@*=>xU1oCyg{TpFE+wvt7<WPR?(^%*K$r
z<;%XR*KPYO7K5`7`!W01z1!o0k=E*p0m_2xW-O0cF3#hZ=-B!Zli>QO8QyB6ze6j&
zb4rD@4oO}3n!$&{bb*?D#hSyh$!3d63JXc%i6RZ5k|uA#F&#Y!`iYIT^;BPTGd5q1
z?GVq=>~~R4P8FD@Y-E&ytbf!0@Tt>5b@-c%4Cb1GdvVFh$#r%9Zf-&+(OZ8+xU>r<
z-d=$`rp)#~4o;uW2)>zNEm`f4-MH-FK9_1;C`ujao3yzmAex1Iw(@C0ohj4B#pNnf
zn3~F<cn;YYA|fKc!>Y;iX;OcL$lFmTAa>jNCm=Qlys<Dh2id(n$M8c4^U~E(GG%ur
zenZd1g!RV1*1SRC3yDev<cW$_otZ=5H{!2y7$g0ZI!9~?q=9XX`8g?7>qM6Xdk3W%
zJSYlevYV?bs^n;P48~So%z=pv=)0_}3<g#kJ%0SE<J-4;a&nCz_rLlg+Y2QR6P1#Z
z0tR^@`~e3?Xnkv_rHzfaI)`(EwvJA#ktl-htOG-kOS`V%|GvBlDbsiUoJago*E4N@
zhFqpq&C7^|eM&_u$R!owwm!+|>JEsg=oe7WkVKVwrRb#_Ss+}!sohm{BjnU}OIF7@
z>XuFHuj$&}KKwgAQM{sk*s!qaxJylN)`X-hAPUD`cvJ2)J46{zBtKDN76Rh#t5+Bv
zIu9Ov$;v|J5#Pg6$@vfbLny{R)fVkkEmc)8k|rl7r?j+GN9$T01~)5fzy_Eaw|Ipp
z?M<7*2XL=o6F+iqWBg3PGxu8ycK2<I3K_@6ALYa_(eZ`$r&2@*fsL)B6+$q{u62ZG
zH9?h0p`%3q-@Bn=;jp`2E~D9H+?^Gwp579M<-3=><GDoLzl<=t5hEZHe);kRM!;(n
zMMgeya@vB4pb_EW4<0_O{{z!t;ndCp5sDPy1+qT;<o#}Mr||zo*7T_EA$C?1uRzYH
z%*<c)^|E?vHIoHTOHN|1HW@p*v#ajk!2SgD^NhcAq^MoLq;}sj$Jl(0F`c5LLlk^k
zn>_E#tal<~pfJ4CF850OUM&3iZ|?V7KEA6b6prbF+mmlD!Y~Dg6a5-U`}4E1vWkk-
zC$@0E|EHxTz{iJ>YQ$wA>ev47zh-v5lFvCgm{w;e;k(<)bJNpEad$U23)<xC`9>Od
zQM)Zz-Ng~qM*Ntnw?F_{@wHV(FKCLqko4*CUsYkYecMiV>hw%c99zW9e+JP(rt#FZ
znP^+J@{w?J;t)**07KMD=3>eA)z)E`zxwwGy6HtGOmLDPz&9N@9UMg@xB9<`?y@RS
zy)*k*F+$)YA{hvwmg@igZZS3Q#A!+m`_~D2RGm38`Fal@eEFRS5M&CT`u@3kS|n)c
zmj!XOwtuW|B7Aq4u)95d_ZOd|3ul>*c_%n&HzI;%3-3E;NX?pm+)gYZJh<IHJZ^V7
zvL6!Z|G9k20_hbFhExoAApWAiVa|Sgd(89?GC))!A|f&}GLR3mq=ye5d>xjMGs0En
z_daJ8%O1eRJ<Mn=-HeTu+Wp)h(r2~*TBXDy+}9k(Lh_FsZ<&X-&rkfE*xYQ7dpmWr
z<qh@cXU{#2-R@1Rj~2Y*rQ|=?jZzo&vFb{<7*wMxL7ZzwU@wv0wz68x%w*XXlA7Qo
zB#eNNQHiZrv8fQwmGp#*YTOu`uCsP0uz~OSHEy-MLY?)i<9xt{^s8>hp^8KUPh7uN
zDaQu;s<v5zqDNXYKfXH+7R}~yIz_sP?F)U_If~%wJ*B>M%hhU8l_ky(dn_wkpDN~(
zRQ6U8zI=ajCF1Mn&&w+_D@#kt+Rnm!d??yT3C9UZcotGpQr{Rt0F~<IkzgPF{P}YU
zen(mPSN*`i^^6%VshpPH-WQ-)fpvrzL<eBz_U&AlQM|Nd{o3NFP7Ad--<~M&E(eke
z1IkyF&j&Hyy%kIAU<2>$ygDkSqRziFT-taqXNZ!^Wx|O*zoPZBQ{s&F@C$CyIYCTc
zW6|OZPt_u^(G^i)ONI)uR14Oz)-&o&w*&X0n!3YF`?C14I%}QTW!WCxDE+%ob^PJ$
zFkZiYotE~!8h$8|GBGJ>S65fjmoE*x4yL9v&_wj%<Hv}I2tYQPPpe+q1LgAZsV*ww
z<)hmNpbdwJrKKfNaIlOAbv>v=$a#d3XwlP>>`$NA#l+qtyO+}6ym@mYJ}ZlLmWkAk
z2O3z+KIi903|^s*n^((H8f{p*V51Z={1s0NbpyF1P2#v{5xww7y0N-8%Id_sO<}1p
z<EOi+r_x1)`;z+D!<S=;ryks-73GdE{yY%1#9<g2VQ|;k*fw*T+xeNOw=tUj;KU#;
ztmE_bD1##0kjte0fB(WKMbFqFZkEzN2H~>MP_=Z)us;CTAxxGa>gwi}RhyfOs}<D%
zgi6HzAN1d-3ho~sZvHEKDEKdS=0ycADbs6uX@ymCtOTHK7aqvUjK<Y#-V{u>bwBqH
zNUJq`RxrLNB>ZP*X9thN*S97+n~h8tn7)4v+6>l(Mj41<zvv{RyuO1^>kKPkD?TB?
zpv>k!fE6}2ch2PG<gT=|`q$0%^PrTW*WmsOSK0iS7}6El0mNQX5)BTDi-RL6Dd{QR
zEneQPpMN9q+Q^Xeb93^mx+SJU*RGa6GpeyO-M2nc6kG5bI(S2JG1zhat=h(}-lY3+
z$yW4sXVsW~yGQFq=lHqzhOmm-f7bqJ$GTUPxC_fI<8_H+=V#xlZtYsGXZ+B;G)vU)
z8F$3Ry-0EexOsW8dD-IlzNY4!`SM69R`AZl2M+{;PM~|v67u*D&Peq1_1_wzm#>t#
zr0M8r63W`68N#z_Na%j8sbQ2UJ34oJ@!|yNp3d2u@Mwknsw#bbeR`j@g@uDFR$W+F
z_@Va4kAsZM;|xH4JtxN?P`Dz9rK^sL-Pf}^<L%df>+7b-2j6&8UOwABkbdBBv7MZa
zAf~~l4SZ1F1Wp!qKSmsY2uw^&{M=6;KYDt3&BS;@dkzi`j`i2V!j?Lcxg94>O-*z2
zImrhwc^S6gkxpa4n~xuFUGY0^Xg6|YqM`~;+TPy&^XCubk1-4d5On@?G+gQ&+g#l&
zc6@?u^v`(oy27vL$6fKbpUBEeub=toj4z6K-8JXcHAA8;wkMRmr>1l#Otn;onJW%+
z(rxn&I-5q4rT!a<4DWRr<kl~iEXJ6-V$00+y(RLQna(VWhAu~KmS3{3{!WQGDieah
zz)>9AJk)mJR-r%A!P_T=Mo;iQJQ^`v0p)x)f=SuHCql$q5mJ~PD(|zPS8IBxB1P}_
z+@A!lEBu%t<vln#c`0+bD>E`O($w13wK<Dn?IToMHB$PaV1Pe2tokIn?6=uOGdJN*
z3iVg}k(ZzHt70S+kaSPN`<`9tVV^;1!_<hV8wQ^qnQU)o2RE6KlOqeUcfeNr)z%h@
z5F~i*5EvMUtP&MF*xqIpQF$27!NP*LO!n~bu!D9Rh+4)PK*+qKxA!qoE5bU}D&_rq
zT|%L`2vU9x=t{egHR->iZfRFlzyTdB<=Ok2=;X8QYXotP-69p^rcV2cR>#W2iAJj>
zzXtD`@iDGNvCmwhyNqHWg6|8B>F|1<Nr-rK)U2oYi{CrUyp$PwzrqwDx--)|70aB#
zr+JhR852`pTzu8AvU~#K*X6pS|3g*PTPcl*J*c!QQhr$5`8q1k_g4n2y+&D=R#qC+
zVd04TeVcw6c#Qyf%q<e;ac%}jub<@fqjow%_G0@By*ah{GW!PS@5_FhCNdoerLOOA
z*x-M*soDST7>*$*N+VC03dMsIm})`-h!ip5;d+&>oHpoo0Lf4?tuda0Bsa_J1W-pb
zpWQVg!#vXkZqG0`|4>-SGn>qRw(W=&D{}KD*4|xS-pz%D;Ev*AzOx*}KPopx6jtuE
zerh@^1qJk~T$877Bw#9ds_G28KLrmBAs>E$CHaWP=^C$*$qC`6vKAwGkQnf~Q!C4j
zgi6(KmGTy5ZR*{~&DS{!{5Rg=dk}xB=M+$p(f)kR%fQPqrvE}A)2dl6K;KWiWnOMy
zsUSEwxJ&w!s4g8q*^&K6WODob%wapc{#r*@IFg3yF8)(h?NF7EVJ6+)$GqhaJ-a}j
zV9_BgKy&L%l|>q>`bdkT{RVqClZP1e22Q?2^|ek<;&=S}@QwOwYHwhgsNyM)o4O`C
z81?(eBH<&JUGt|@jk#MB2&4F(2S+qhTm*lH<=u}$iy8tpmXu#TR8cXZ$jDA1x^yQn
zj&kuT7WJkF$enYAJHil44Gp%wzMItc-d;Z^nf<lCS010eFEmV+_7{sH$jmzBt@!PI
zBB*`v`{Ti}!;*wg>E(Z|zjhVn)6U1KQ#QHl^!Do{(k?X|3txzuH|8{+2PRgY(qK=(
z?Gm@=0rb;BT&WKtF}sPp$3x>`Y&UKMRDU=VMuP_%85Q-hs#+ELM;l^paEb^Ck)v_`
zyF3}Ht96>j_zY+2<xj*3hzhN#pXST#rL?x|$74`w<6~)yl?*P)<!Q@s5T85aUt&cP
z*Xoue&s^;aas+XeUriXT`~89O=JC>;@s3aY!gI~RJA>Zkp9d!W#G<G&vsyb+g_KUC
zc8<Cz=@$3rnb+$M;`;`h>#D~(mVJkhs~2+37ABj|vnJL`*M%)_&(zwV1?+D331G1g
z4h{K(9s_Nm+e&ck2|n?I$W7h(y5rSWLFHXsTmWYGKP~sKf*t`F@9*p56O6UAv-9GJ
zLCTAA9%Li^r%(CR<vD<;`W%c{UA^zQE7z$37@S7TBO+pA@=I`XA#}@3jk-JwC+*&L
zyNgnPT(dmAQHw(EJ*Ucq!)sp!VCn=G@_*vZ82)vH*WtlS>fPIgRO;1?8K0V}Pkz*%
zH<ubk-e^H|YqZmE97LS&a-GHtoS18!JiBw$K5F38TXVQbFKxAZQB}X4vHB=?-Ehg>
zujAvpLx~LL$Eg3{hh+`y-ZG!#9mt^_?CoW4H5(&sG#wosFL^I_c>OPSGoYBM+*+W;
z{)T4k0eMFnl22Go8Cwudm_liZ_CUY;>B$Lt>PjoR+{=~u_~C=GwMVw2nORPHI@5_-
zhO`vySw5-QrJH@j2s$eYzD|8Ryl68aXLyxYP+b9_Iy+wG?oQ#4@71mO4T2~NOvTeG
zDgCsQlcTK8&S;~ld+Wo9WF>AA-<r6$-*PAK)~QQJ`74E})f0aHv+n;z?_|i{Ft|16
z4)dDh^1AU$v;CKhk{+@3Gte+>Chq&14ihEf<`iSNIsx_kVvpW=)a#_<x4snP_!z5o
z^niRQ_EOvfNauHT#Z<o`OMw@B#BV7crebI)&Bn&Y&#x&bXLfJWHLIXtZF(B0(B|@T
z*sj}~FC``Xx<6u;r5sFF{&sW#S>q>@23-Wu&XfQC<Ntl+`tqe>KKz7*;g{a#(w@EY
z?(i|JhYu%Z%!1QJ`4P#(82PtNBGMBVgp9<828KkM)ca5Sl90)GWG-hUw@vlyo=f|?
zk$hb<TqN#t=`^SvooI8l5c*F@552K5`;KwLmDld&AK&~ex6zS8HJdC`Z3-T$Or<+2
zD!;?S2@DJj=rWP5k8bnFSzUa|&u=z*Ec)5p+BzvQ5!bS#s|&Xd!#scv4%R%Z{{(7U
zxryLYUuR&r%f&@#4xW^ogTqF$kS(5gF1%4M*x<0vlcaP@=t6+St1_Sx6DNKA6MqC_
zS(_5tr#FSvjg^<Copr5lThEQR;&;ohkB?Efi;0Dt=BppdcuCEa=&BM!v4M+>Y7EQI
zEM55@(RNlp&_ldDulsfR<9M$bW3LMPC)Vh7Dk{(kTYvpRsj0zT7Pb(Ug8f#SXYoNx
zOA7!N!UwJ|8yp-QzRS%WL|U;zq=@AiNC=P`n!#Ud7k@4(DFMi7Y@7*T({Bh2ADVoL
z97k7I!I=VsD%ji9)f?;U1{xaZ4USA5Q&Uq<PqF(jsMGA3kWd-O;@^3UYM-4MOy=?5
zyLa!?hp%5deilYPz;bqRkvjx82Qw26eZD=oS_uT`*b2~jhUwlLYosb*VPQ?hBTgfl
z_+;9cCElc^MQv=!e{XA3j*qK*_wL;isx;5`*cuzv+S<Chyv%J_Ey}|~q7?uavv9b(
zAO8LOs8}eQTld@Rp2X|<+gCWM30&TuoR^k+_`N_{>nQEVlinYFsrY>Pt1$ZALP@5q
zj?QG<ji?*`lrQcB>CHD0yn}Ywm}2k$k@88vS$FJFui@h6s@*yR#`4oBt-Gi?eHJlP
z7F<*YCO<MFQ{|U6sHxLtQ<e@6g&?ctX+C&hGu;pbr}Hn}EkUn<bWlYCDzLyF-x3rO
z!qx@d8<V;H&!0z+9-#_<|Nb3$NXRCN77`TfZ*M1zF8~z)L(zzuni?T>bTwqVpxOq)
zuK7BrM@NVb+3YEUeimXPZaQL;J&Bfp+}9V+fh{ksu44Xi4o0i@v(&(-goXKe@|Q}t
z7$8ZgGNB&L(%IRWgp1<S(1%-#IO8mKW&cijn7^XMBnaH6Ehd4PB=?jW+NcmwN$3}I
zk<p>SQVL#2Pc${j*W1DeM6W!W`$(^@^o*pQ+sciYdp`NMpF0<&pN-Ma9Tyl|^o?ja
zdIg^}(>-P&Ih<+M85v0&ACF-Y-4ZB0=4L~T4-dm+54kJyPLUOdDVW$k>XJ1oUG-a;
zC^1AZWI$DBY<c;(*j-8$8~8T~(jQI=EC+23jl8d4vE@5IefQk8#OR)?o|!Rq;!C2D
z>0)AHf*3n2U4(XjW+DeFkgz^8vlmP>=-RNuV3UmnbLN*)i}!ywZ{9?7M@L6b*%1XW
zAo`~I&(6*ufr=^ELl_BdB;jC&`}_MhVO3!sA_tWNOEd(h=(AEeS!r<$yRw5*RJpxW
z3zKjBE+{ByXt-}IazMV{Mqw5(rHMluILnVo^KWpF>O%xwDo*TMEZ2fBUocv8Bo+dk
ziz2{WJ;10UW&XfOMux(4g&`E3a`FQI|HG`zoYK?Lk#RwXb%TJhs8qvqMxR5UgK6|6
z@yA%@guod$t+nr7UQPDQ!kb&SiHKf4e=f8(D$+}V;7J@E7}$q^Cy-0xiby&rhW%~G
zlf|L)fP}9t&jUGV`RtP?%o7G~`svcChPkct>Q8Q8+MJx6czJt=_-LK*-7f<A<a3Wc
zudlO5F(;_*Ug|fvK#TTkcN)K78d37e>FMpcq9p7kcRV88&e9)0KzVeuw&vsGV|k*4
zDfpB^74{&EcDYG99YBJNH!(2*dF`kk2Nf9jwV(izi0*_Nclb;Je~Z#POc_tP!QNne
zPlfmG`*&Ap`-U7i?1rf)#)4Zz6BA5kCKL$bJjkMk#>C(TziA)Hw1;sXz*&2AYEZSc
zwKV*1A1f>4%@PR8v9q)Pa-F(YaU07_OjHy^0~2dbPEJu4JP&GzyqgH(PMplQrG)V?
z;vrzXjUksT@=>fgh?Da2SnT1?^5OHfYqoHP9Ch3lrLT9WtgH-|lL1tB?dl}KwjTcY
z@Kxf9YJnn2H%~tuWBSXe-#tYy`@hTh_O?eVoSXmnz6Vzn@tKa0Qc-ye3DFzpU@w8$
z3^-;IGJ2C2yAhXXXDOFQt2&q4GH?f<iST{2;%cQ?+Pn9v*`apH2jZT#r-K3pN`?DV
z0$y4v3N0+SDG90){%c+Wl*8l(b$&I_E&*s9W~+d$O($j~?X`!8Z~+BDQObHB`kx`;
zgo7)P987(-IazlJX~C<RC(xDZD7OVA97F@Q|12>FT+fcS!8L<?Q7j$$2&yb8qj-N`
zU!aTeO<|(s*{(AnaA-Trz@(>WzjAasl&GmTh}L1mao@d*sE6AOdGFqZ@YYLrcU(LS
zCm8vI`{7_~D=$Bv>&_jFS&Zo4^c4Y-ndV!9C<ce6P;D$tZEYM%44;5690Dy0N*-)@
zXqo~dJ?tN*EJu#xmDjUgxVXS!XUched>r?PMRa&%#KgMC8r=6g_mMUs{@LVJk9cqz
zJ)w!;(9jU>bSx+;x=sBrpc%~7HY|xCI`da^6ciKzLmwnEGpg0EOS3rkP++b(zIgGi
zu1<!G`8H;zzkCZPfts=gietM8gq9MmHmjTM=^)lcULCH2D94GvXVa-<a9%!-G+a9o
zlsFzJ!A!Gf+e85PknyYLzcpX|wvY8yry0UJed~d~nc3{6+S^l~e`8&B@qy<FLWAsW
zK);8W4?QW%LZv0FQ%@@Aj2AB=(muQKvgK!3id2hx9Cw6Q3hzeBQfFau>2JzxGG9|d
zem;t8RzCo6w<SmFf$e}1adq9)*q9IasVuGTlfF<YBOssb2c0)ylPJzZM_t$B2P!Ja
z{580_2=e}dn=_l(G?0A^2CtL}+JCdMrj;ICIqj)H$dMxfL;64LkPBcLUQ?x+hXDX+
z7d^dypnC`GI3YH{?k5Y(#!vEF>F4|z@Kv_aN$wmD5lu{Xzl$?5S~>@ow;&&`tk^Wv
zL$qqEep%Ma>NXqVW30?IId)^%Xa}qM4~CsRT3TCYpS(}cC<k%Yo$xQN15OK)LG~kD
zs0CPp129?F$BC&ZZ9o*=0#l?2Vmcf=8(Z7A5oM(u9t!!uA#F6Ee1vWc%L`JX`%&ug
z9e@9hjg3jZ#;C(c<7a5VFz=yGwJ|q;jrV~m;l+y=1o3>YBO@b|lj*!znRnE7>QDIz
zSm^@nu<A2uuz$YQevLq&5i0VsPs~g-*6yjKtd&7IQ<P`FcI_I%^n{A?L%7!m0_K*q
zn|PskAFeU>5N?xG)oW&2J$iz2^4SFalvd{(K(DX=w>lcZaa}D-<<BpQ@t!wzf7DHA
zyp4y{>oy;uSvak}S$;edV{o)w?VQ6YbNMBAQIjz(EqhNA2fgs30{*G>_4N#Y&dX+<
zFa8;y8|Z8)tZyK#$@CTFLUd0u^V`!ExMe0*NxoWtSMgq|-idSj*Vx3}MPdYC)5GF!
z!^i@y>T0x`Ddh>5D&gchl%%PtDNqeCnUV2;3Sc+L6LYu#@@DCQ#y05Rf(kgZNMlSq
zr8p0%0QdEO0PwUStjdGX$h;GVkH(n-nmD((`1W=g)PTW41HunDo;hfqJf&ec8lPmB
zefWSShYmyjq@he%<z&S`)7;3$_hc)9?FcS#J@HQ?=oFx!2;6}f{RwA4GfW03=7nAl
z%)Z?`+g=1WTGzuv^r<PB#KWqQgkCM47zY^3toK2ghYZ6Tq>qgE!G?u6L=xiK((wQ4
zWg%YfxoKr?y}9*pOX6Jka-@H}<^z$>RWLt}JuyQz9HLz&_ecKyySEXZeydvRy(Z@u
zckxH@6Jp&GjEWo}v`I)*O>c^s{GX6}$b>jK+RpvU-@?t4I5hGb8%rnQJ65HP+2fs2
zWO7o<{@W%C-qFz$EiGOe+I7p!-7BVJkcUZiHaT?X@<?%)dD6PL<sa5RIC1ND{c^`F
zTS^0$CB#?i91W6o-+E7|2YDO5XO}8g^LCoiQ?hQ>dOMdJ%vofuKH2;3wChyV)HQ_n
z00K8K5J(HOMTm$9gA9ZFfQpjR2Y79!O7W+}MCwcdVd0n1LxorZ+yIS9Z>WD@njvZ{
zDk?H3bc(PJU3(D36WDJ+<U)iJ;l9Rh#)wAN8jk_l+2VQyJD;8}s<;iAj<$;=Da0<)
z`R_ltiI&*HSn!_gVSoRVUp%i^Zp9<Jr`E2nGVO+R)Gy{xqHp)NASkfKfmS4e!ijR4
z5<MW#nKGYh2qK*F=$6!ABC%E=QNG46At8a=(W7CC^m>Iomynpq%qoh(e`NyasKwIx
zYO?FZv)V=Tb>?z|q6}y2!Hz)w_7!#ZMlALA(lcyN&V`ZjoeV@=Xemw3SqXcJNivF|
z8YS20QVb70y_hJJ7Wn~OO<HpJis`Sm>%uumm-6*|-j0#H@8ZR~A9;<Th!cgn^A*{|
z43qc7jP%hWRt~=DdWY2)r|*8Ms-Hh#%Bb!k*PF0T+R~6IiL+e7KJGY7Cq{My0sA!~
z`JleO9$-&YWF!_9CJOq@h?1hi!*}-fu!=D<>qlUa&sF*Cc@+$CG-#HpyS(t0M|ffQ
z@EX-dqK!uYml*SmK?@hMQsEH#-H{P6&IWCWa=~I1(L>j1zLm$femM9S>QmEgGRfq}
zK0cB*_vPf`Sf^;5(Q9zQU1$s)mXfI`1-SbBNAv}e-=PhRRNQ}eff(TholNLWfCFYR
zv3v*QH5$K|SY6gQ)#$rl$J5c#71u%6rT1dg6gVQ_OMJOvCEf_@;qfZ&zb5Qz=jYWK
zOa~jIBXQTx36><q5PB&;o?jE^>q(xDI=GG9Q!CdZJHIFPNPSTHPTzYTD~Wceiq{rA
zcF`7vH>Fh{*FJtp5i4i`-bS>8!+rad-&6Y{REcF59_13B7j(y3a#v%7x$|x0k3;ks
z({23*_5IXEHjpOPdw0erNBa4jRJ*4-;pm6CTxS3@AY5kW;7|(@XzOe9kXlNEgsBf)
zI6tyFR21k1kv;<HTDW!>5|wb7>g7~D=67k&ojJHobEyoLDjZcWU0qq&Lk}Rc0ztDX
z??WChWWhE*pF%6N%hlrw(aZzoqX~)(MZ@1$qU|Aj=Zc#c*!+9m9P4sAggKUm<$~_x
zDEQ@&;%jC0ze!5@rWH#Q^QjV+C?J#UYdODgEy!R3LoPpoG(X#$rcCRG305vUQ={UM
z;iHZ6*WVCQv_e*$3;-gxTbEmSA(is{`7)`Ki9QGu|Ne>d@oo85x5Zx1FA0OUaEe?C
z4nC|Bzn9p)y1Xz^J*ZV)BGho%jIr9Hg3&GTaqsS$&scS1T^#@1+rrqe5W%Ca*nWYO
z#hPvr)574WQg3CCN0pzyQXkQ%+IW!=RyPO{r_t6hP+@)idiOx@8YAVq4_{VU@=ZBg
zz*x2Hd;fWjXVLj7{~YTh&b=(Ro!K{19RneH3%8AuKT<1<Ib|wgbRWryy4MZea_lC=
z<Gz>jCB~hpcC4gwx;dP?YsbA#(j|9yZ@m*c-@iAaDwl%G*t#ow0rcYi8Vh^;Z+6eT
zy(M&G3+w8b(S#c}2}J?P9X@_V>Wrc#IeLA&Vq#2n8Gr^tV<yl`p2c@M7(<#?R$M}2
zTZM@)Q%RmUbvjs`jIZLa4|Mhp4r+_jep_NX(_|r>=%J3}C-}@t^6UWz8S_yNqE?Am
z@%H}B|9W3<e30amaD;f&TTO61z}$$Wrihjo78V9$WG}}94lQu3vh(ZUPC>{6g-_~9
zP2b-EBbO!Lo^KSK_8{;fH_s8Sh7$>$o$i+tky=N-cDD1WGJXFU^gjOi<@r6t_uyJB
z+2!D`#HaO5e)agA?}Mg$mRZcWLKKh>DGVg<V>W8v#gC3rYdbiILE7gpixqMfPF$=b
z>tbK;{r6GgkfAWIP=Be4h=@4k?PP|2+&f3R`DuDG+vl6BOH@P-4#RHNF5~5c(GPod
zs5U3O1v$AdZD}$2ADG#{`R7VYh`(!hzl(3TDZ^HMi@CHh@wlNzBsk#olM1c>4O?r=
zRVgsTCiY$s9=IhD8?KFTmW$czy9`V(bhM@nG5Xcmv_|+Yjt(+;*e9H5h`j6S4#p=H
zVQ{qd7HFDZ3>(1fahb!Ih3AFwXY}8{2~YLrtCYm%yH~GXfnW$xitzA1!1q951h|ow
znyR7lZb(B*>uqc-qT-De?(ZE+Cqy-{;Rfb(4gte9rPqd`cJ}tFeAH&3l7rc>u()Vz
zYb%f{+oG+l4L+EcmzQ~fB=~_uSY2W+3pBK}aDapQ-jN~0><kE66G#(aeiTU?Sto#U
zWztUb=j8eioYEC)R=t720sWg(m>d?G5`EFv-_Ouk<`fx}MQb|@I%|9Q|8|u1aD@x+
z`x`aPar8NkhO5tg#;Ur1XfmWJ;dP6PPclgyY+OF%;?YFE)T8<4a6VX;Ak_X=n-|~E
zP}jidX(fMo@g0Zel^WdWMalv$j*-|j9lz~fx1*=S$KrSK3Z5C&y)+;$rk8Gi`yzW*
zCp$CqIYpV|>Q>3-khViuXh*?#<!yFW@6pclfs`NAU&nvC9A>r6>!z%}Oo(?pIEZ*J
zt)#;Mce$ks8+2;-{)oh}KK*`s(tx@k!sk?_>(%ScBX{>UT3xZbOsuF~3F-A+9@_73
z82^f|mbI@~5x($y`Pa)l?(A3Y)Z%raE{*Oigt+zk+Ynx_=1o6KAtq2T90HU8I6==M
zAprp@8#Mtzf^HKa!6-2DyIWf!2nj<w1Mi-tg4L?2S>kj2V(%V5Kjcv&qN1?LswyhN
zj839p27$hsT69K6#<y=T0M&<I=K@FvF-_TNBCDehpFU+rl$VR-Q6u>|a2m)yefor0
z1=&2FoJ=s%ob1Pk4>#G_aS9@vrZk>CTie)xaUAw$?$Be${|=1xmsoKnS}=nNB6`Nw
zYmU$a(t;r;KxG_!HLCI*G;6f%xS%bcu+cdgeNTt<i8jc}koo|T%rbgU8ar}hX-cra
zjN9nsMcc=XV5Bwo*EBUX+=mYwBz;ddaMzpn58vOx5Khjar+kOCVn6Jb=XY8=V0#DI
z%^x<BVgsW?Kbmx1m~H>AU~PYl`h7~mbVwYUpjEm<sw(+nEhN|g*L_{;O+qOZV|)I}
zn9n<137*1#KkW}|b5d;G|9djze|RodyfesnN|tNtd)_%7g6z&SO3*2}DVh%Pk+x4N
zbREJ^3u$~Z5Z@j4)Va!QH<ssXmlxKg$3OhcTzH5-Ui6XpiR+pY$(5!0Z?mf4Tar2j
z9eZ8>LyrOqZ|0_gx-+IFT}QDxyHpSV$)JP63D&&m0gomSRTVt=A$16ZEz=6xL4<^a
zoUEQcO{%W;0Y?&rLc~%^u1rlK;-6K#xRrFBh=4`04{-YL#t(Va{`v$gG+0E1;K*Nh
zDlIPVhL{FOgrV#t-B>f{=jT1I1%LgSGC(;Q7%;LhIg!4^HMf2K9HzkH7Bew0RNIZ*
zd!dD!sSP;$*E(qCufXVpp80FRU2yLH=BodFCkzVju!TnhWF#KS$pw~R;2iuL9v;@?
zc;TtvZ&D9<kJ6OLJ*(Js|6)%TTsH5WBbAPKmH%;-3Op9*?Yn0}yIg$tDZ8{lo24cD
z<hOf$#_xUPEc9?DvA)Ka7XLqz&N3>>u5H6JFm(6OB_Z7%LwBciH<HpIB{?81-5?=I
zOG$SLNQt17v<Qd@i1_X2d;O_vv0TG_@7dQG$HiPrY8qE+kIwY^Vl!4b1Z(rAAq+!b
zRbBJvHImlB%EypV+vZ+NpZS;s^=DM@&`wxyToW1A(UT*fH$HiSnum!j5tohPdU$mH
zJH76;TkKI{{y-jwfdOMKp4;&aNp^N|es)G~50|&f(&BolQvAmEr~HtRzU7L_SQ@`p
zGj!>b6VIR5b#EK*9+vAD-ZP|-<IP)7!{KJ#1?wU1RASs%R&?aq<V8(W_CA$=$`h*e
zTpNouv^;x-@QRF{eUBN+?9EYB<IJNr<q|45XlVR#ct*XwOHV>n0M?*NYsq5}?RVXL
zSZ*4u9xqqD3FS#_@wGVJAtElwmHx^(GcmQf7?ED&9_fYH5N(OuDIHs{Y(HvQ@q2?!
zhT_E;Cly&6FWaUO+UxyIVf2Nh)6BE-O&}!Ae{|Az5&r4<g)e6B)t!7?HFwwk?a!P(
zwSYgvuNlZozcP9|8yk~%JqrSi0N{h#80fl!mywUEfng3D8W14{xD2cmTDxZ_C?!|U
z!^3lZeGR-%BxgHN^MKi4V-1tz-SUWtklBJi!V@FMa5-l$+|Da3#6@6asVFL@{ZYdd
zLfzmOg1ou`g#mb1ZB5NQQJM(eJdjVfYzPPlAVS2DAJGL1XmWf)P1KH+QO09bGpf|=
zCETRqo`lZ;!|nX~ddw8A^uKd}9=Ej1;_RD-3Cdr2u2~PfUo*JBH1S+MlI51kJSWkL
z^H1SvpZt9gNR*=%rKgi8(@#wM>zUToGjt~E!+cDR#3Nl+Z^4C+A}b3*Ox5*{nt6%m
znId&oB*pS1K^Y<I&blhnv?L3(q{1Qo;So>ouVR1I2vs9_aN*z7^62;tT6od#bqwq+
z165l6M8*oZa1FR|Gd;9AB=R=PpzELR`=S~va*SVKN_#CYT2#CyadX?--#vQgXy6H&
zaz7_h5JHI7v2|4~dFSq|BV-r8;J$?ZKA+{v@$}$y9TL0rk9hB}NzZq`e7L)O=E;0H
zuIH<Z^V6a^D_c!t688UoUktv$;($mnFl+&`ErT{liGjHpswvmVpl5Aut;@>S26B<5
znvf9iYVV~wgK^7-$82+B1Coz47aMrxq7=KaVF8o#_TYKa0t-XRjY6r2EG#WSfgkjq
z(JreiD`!e%p99+I-rRm#8sU{?lMS@%2*ow>L2hQRXj@rX8RCE53@%a)4cvEjih+TF
z3<3gd(*>D-BoH6OC=rFA<AogRq^2HB?<&#-iug{l5CGpmO8K!X{yWKa>CsE&K7f>Q
z)B~g0@txb$I^Q!gT06I)=<XJLS7LtK%p{)g%vY5KiXNrUbZPYHmBXfV=ZW)G-v@<7
z1WH6R;1N*^vD=f%J&j?)y)KI<)Y4ZoH&WBczEgZ+`cg{xwnRM)qnj?gec9r%afHx^
zo0{6E>1D>q=76Mz1*;{(NMn=c#d-FM`QZ3C<=Sqy-29}N{0yFMcXxPDFqg#b=HvZA
z>L}Alr|;owH4rMdlO3lY$4wKYs4nTD;z;7NSF}N!i@=Nw1-H!~<ZyoA`;6fF8tLgl
zNu%ZdOE{sT8nJ_WKU8`Fy9P}i#XPERZ&1=kXg-e%^(naIbn4^OfRSBA2=@E(QeRgW
zlEsW46h85bGYxA@UZB+cYI%MhB4JMgds9{QqD&8!Mnwqmo$FXDzSP-+iGL5vSeZ(d
zj1t9ra0h5#s>@?z=&>nf%_^WPo(jIZdr)ib*%>{@c3+CsGVqEr62Ep<1>gIp_;KXV
zNi)F5uMR$bahkbXzXR~<C_)W!0dRYfOJn;@l1n{#3A0jR{Ek^1|KCv>^t@w8<)t*%
zT%BNeTg{_(3{)Y(B}@<9r!k3zC6kfqBQ+bb6{w}ck2~lf?nEHj5+Ly2-o9zv)VV6k
zDJxOC@%@DwTWe@oq_K5<ZL^gEx0RM-S$;-YK9h941Z!LlntRgNxrHpw{G0a#)ZB>S
zqt_;XB_mGjBp#eL7qsJy=#FZ{mU@4BeEzsEGZ$(dYM+$!pZJHw?1OF2RasH8g9}Ux
z6N|2Z3o#l{^9@lro%KvLb0!!zx8G{20kctB`n|j&K0baWR{8?YAU`=4h?Eh;@o;dI
z7l8`K!1zeXn{T*-cn(O|#C$>|RY>N>Z=?%mvLQdV8nsM~oLx;UTlscoZ?-caUdYJE
z_+}AOPV$vLkCk`uZ7(jB;xx{b1D_=*ItBh%uc)nN8_G9ZIquf@m9p7(CCpA($)~Mh
z^u)l#a`=Oq;DC~WwSj`xi#S&;GBPbA98Y0US|bu}qi(AgHvFSKn(}0#0uo*Gl86Hb
ze+i7J)`9r_-6+jinPC*65_hHY$3Mk`&W#-06j_yVim*hJugR7&rG$-KBgvKFxbu6(
zDQv0LCU34zknNdx?d7vq>PtqN%gap5M&Zj@v+V2#@%q~;yBG`00!hhQdq_H-|2^F<
zP%4zRXZ}6~lH#+p3TDrpe}{&sv2*sBMm~6>%z=R3aiYu3s|ZvpkRNw(-a3WnWKx%<
z#eoDiP+Wn(1PRZ5qs(*3u={5^kF0*-I0kxk?fF?QXlc|?=4Y_`QISte&v&=ypO$5Y
zmo#Z{RpiQw<3bdw=NeMh--){ZuxzkzeBD_6rc6CgxwP0RJ4(4BYDEH7n8MRY_{N>E
zkgUs>Yd|Ys%$1IINwK08Goy}OUtCw{@v%a;K{jazHu7?t`nkXFE3|g^rFPp0&hN5_
zgV@|!^#{6I!k}-|-}!EaS{dfHFbz8lVId4|7)JhW=%{V;5gmduo@LgqHDvYGZ{Akh
z$psYN(J%xpxzru0#Ev7Qcpn}>%I1w$Zwj>Z$=?<bYsf}`bmx}kW4HJC{~3rSu`+Ok
z*JpL85L*86l-Zx}9+FZPUxGT@Ld7-%p7EJ1FlkcmR{e5&t^GTqul;OA&8)ntYKl$C
zkrwYeUYuDxt}s5e8@<SqS;gCGoHG~#hte#eRp{5HR+h>OWIdC7`5rOXi(XtYayu3|
z=b<+!AK}Pev$~|L1s6`2s<>Tiw(24@HmopHirl!Qa`b<hLxI@UN<;Vq(zM13V%;vL
zgN=;l+(s1qA>>vmBB3_!{s@4F?Zei7DgPlmCoW>7C70hK>Y@Mb^2kxV@XDAgi2M38
zLB6Mb?9KjPkb3>j2J*f=f*R_=S6`j6(r~M7S<GWeH&=vHWVTU6v*f>YBlM<=Rr9qU
zFVw};R4pr~BVVFMZ&cCXk2&+~FiPagCyz>}0St9UggbVEHzXfpLf>?sg540U$?YP_
zh^Pd{gl19C(OInZ=i_Fr)qN`N%(9^opt(A)=P9yIXjp${z2O{j?9=1N@X+-x`%u~!
zLm4vPIgBbaI{#ZZOY8Okcd6a^crQv;X-`k-^d=V?vhJbfb7z~<?vpQukagWb_1_y4
z3BWp-tWAA-cHMf<Ie+5-y?dWv@rmWtGa#aEZf+hq?vJrPdGZM)d6IavMUjO?MWBWi
z*ZVSh!;XKCIdT}s5_~Iyz9krV8yXrw1{H)tfUgHCP?R`d@R&ielbN}KA1RY;Hb<~q
zS6j<ZJ;uFfZ)f)(o*k3`eg7r4wOysPvhirjgDf#f#{QkD0?!ecc^VtfY{s$3O9?Z@
zL7@84*5ToVhZ9RV0l_>Uo?}DGN{*M5#lXDRMiFnP1RP>ccI$HJ{`#Ut?p<g}zz1kU
zhjhqb<1rNnDX*K`VHTw;z0e|xG`+y0=7Pa8RTyKyRvm}d`yJLtdQj<)0}`;8NtdFt
zErt|zMwqiGFp3l%#&$S8f%iFsol`~|q)&<CRv6ibiYqOKr)A{q^OPLT<(VUiT-{I?
z6M<reI`^}`3Fj^}T>BTHubifj6F(BTze)KBni;~$s~utoA|*XvKVQau{50$6d1>m$
zb}%&jWkSpIDcbDU%~M<Okxz_`u?h)g_3}`M<rNi4&m9~`&H+;akQE$6a9PqCqoSa}
z)oG03;eWTbY%WGGzdVLGnwjOle5nI$08<i%<iD3d-j<0@%=_Y%4$d6HFpvL&=~xal
z2SWIdM@9z0M9TEz>Bt!u2wevY{EZ`KWwd*u2%O(13f|;s^N{eu0o;H>8!##{Zi8U)
zz`y`-+?@nDiNaMQ$v24PHsx(zm-Wm|T~_Y)dUmWNKf_ysVb+(`H#XZf@0ZauFbC%!
zMVTqD-{Z_ws?A!N3tC#Ynp!jKnJilv7`;%ok~3|d9y62+Lgh~><4`|F;ixLj>6?=D
zmJ87}ec+~#frOm@a$@{}9YbPFPTbTIU46+QK)%y5Z!q#DaVe&>kV+$sps1_5E>lc2
z8KsR1Z$A17m49-_{u<QGx-i1j-m?&lXE$Eo2`oi83xJ@?y3}6v-No56!}R$2I<`CD
zANIqMmXpGtdXa}=QZB?xGaz(<cpe96jCOcXMic{2RZ2<<lqi8!1PumuF?jqzBp+xk
z;3f~McR<p)%>s}1D6c25#hn}+O3Aj884|DzmApZ04BYVNO~Ei`_Fo>N?&q&xTH4xU
z`(WM!rY*FE!AvYZHrB>KT^*aNGvK?~WjV<nB`sOetAcoss3pwykY8?(;;z#8X2TQ*
z!fi_US;XvJ7K|%X`XVAC;ItdcRz`<=d$9{znwm~}kvNqKtPua`)wOhRKfP>$pRNMW
zCM~z1fLcDCvrp{p#MG3$F>a-@78p<BKnOoMHC5R-cN<Vq2PB9Kl!~-rXlS;?IRNaE
ziS3Y@H_k;yN@_#8_p)rVutrZFs->DO_TK<f0Q*ZsXz#h%-44S03=B3vOq!?zCVxvy
zMz0I)WCeQY_UWl+4(5o1UBCAwf?RJ<6Qy)=G6SSmr^Ld5dIjv1u~$&ZgflqRM6%1F
zk^m8#hbB%c#ho4Kz-#iN4+WxrWjZCLq*wrMU>eyafWM<v^Giz?5hZ2U{QoycH|+*j
zXP8EVqitE^Ze5kEj)G2RH;Ouh$fD+L?Y2YXkw>FrsnXLL!b^75byJOHeT`)Vj-$*f
zwianoEtPFOCKJwKrp^agsnVIe)BG`npTMTR1?8)vJYKFq;tT;N_TYVsfFn~jsut=y
z83J{iftzqL)xd?+Aw5OHLiNb!68tEUBCL|^mCh0Pb@!8dAK;LXPq~mgYRYS^b@0Up
zszOUkbDLquTB=6%fojPn{O*|(Vd~~XtM80yLw{}s%f?Sz6TLt?)WhL}O`y_6DMs}p
z*!frpv84`ncTuxoq0qps7<EvlX!-%%pD3*>M^`i8@0Bv$#LNKHC2BFMV}?0%q&kC?
z_oJz;ArQWfDkml(0rqW_@c<Vv+(6EXf%Oy237XGOgA#23%5W3)`nu?2=@kAzuczng
z1fbdh8q{yl+JqcMEN}D`((o2S$0dleT!a`4!^wuN;yDx41tQHFH8P$DAs%CmL+1rb
zFbYQ0(ge*<=EskZ4i7QEpiS5XLXvS!$0;#~q9fBq;6$Mq7@7jCglco;Upg=oM$P~b
zrcPhI%mJhyK_Dtxg)>gsx-iy;xJe};@g5Mxn-Yx$VEdFmBgIrvuW)%VJj$5w7l>^6
zw{xvvik$aRt80&O+guiyXxuO7lr&lKfa0>45T}KVrW~FlCnK}nU%(OHl|)!|#t7nR
z3fn*M*Ao#DLF{5jeZ~R1A~WU(y0Rj>?~pO5>9sW{N~68qovsGr8C5))0zH1|J80=M
zSnu?KNME`nA-bhi)iD}O3Xw82gs7jt`89-z;*ak3Gd%0oK@DL5lgN&&JkCm-=l)iq
zxdF4_RBsGRGb%^gxj;7;(QFaKayE9txX<w%TX<1_4Z&{4csU<qD_3^U=Ox^opB%m4
zLTyWmY5k<&;}6=E%v9sIzoT?9qW|5nKGR94&i}I3i0J>xIP|vimtz+9BQnkY9RA#T
z+lm@jNs~=8rEx3mWp(*4igt~YqAkjc>ig`PB^8`iHmvm?jC6aRA`1FmsnL|D?vx6y
zj?<qm?-_{wv<}!W-7B-W`_l!LtKQVLXJw#i$`6t@Tpo7_)ET$#rRe1tv<|XOWhCwI
zTzqwcQ@pqN_{jeTRd3L7*<+tQ|3il0gZerIA5)brPCbGG*=Uo5n@-HJK$|$buM>TA
z+Qn);eJQ<Ql7Stax<`^NSoM0t@qrOa<#x1(vcMyIEcvhWRlAxU1>KcZ#L}NFrRN41
zuS<qyHEGC8#~IG)2ZW@h!-1W)#Ws)Yjg5(hkIDumFDfe1LvNfdx8g-PgwjFN<+Lj^
z$l)%)JV#h5qB24+LE|D4Sy~Q4WEdD29{B|Y!*~smbpT3&8`TV+3_hV7WbZh&6!siz
zpjnKhoGZj7l8XU%0!KiB7Yvky2cMsILz2=(iRAafIdL(7bc!g0vFI~n&%-YH*s%w+
z_S71;$|2Z~-rC0sLS0T7s!=AlkkJ;B6qL^7*O)U&SWyJ5<ci7a1DqltCN)nhm1M;p
zDVL7x1Q%Wl_prOvL!XUt#Cpjjy%#wN3q+Ba^kh4X#*&j+)0!bz9AIRw*hOL%!(GUq
zapI#Z;b9L1UZPwBk%*5cxa{uDAOvrl6f-xO1Z#$johBYDo~{R#9;t6`p8R)6jfmKO
z!#>6jm4*wMEIpK(wyM0-Y474c=zaKNIEj}|VEh(KoNzB8Va#@P9s~98`{#i3w}?!0
zTG+@~yvU%V&2eUTfAq@?QijEmH#~d$gUVw1^RK)dXbFg8yBB9(YxdzOZka6BV8e~{
zb;sHI<L+oeFl8n#r4zC4U7hvp$VKo3WG?k5aW5&hozks_JZ>GaOOJ@q47s^*9v7w}
zqT2H_nrr8%LU#@3oL<JmT%JMNynmpxs(04bR#S^t$7A;2s2deVD9+BTNcIPXKXKIh
z)V<z*;+8Y&ROv*v?De&WiTk;h-ZMAjvV)A8`;1?D7n}!OH^Xc;u1q#&Qgdn5)jx<y
zv)@ZqFbN0Rn|-NH%Pp*${@H?kB5&sxQ(<zDEvm>$7SC->^2(}@U5MN9S6sr#P-j~U
zQdoH5aaCWLtHzKZiHUJA#_Q6>QAw%+4w;d(>hhD=X5!YBTi$82HX&)@z|5~LZ;-;~
zQuibknHn_GOhUK^@oc0vSCvM~;*OGO!#h=!^&0QEE&Ike*~M9$E4)<K%jd7EeB3ww
z5-(ngWI9BboAlg_JaT?ZkTQ$+k~cw}=K@b{6#qCsG~wXf^)skvVrH$3uR93P5H0ME
z*g`{aQ5vF&<eY#CZ9@g27sGM@*JwO9*l?60ILxsqqL;C;vB6z$;slEl0{TgPPd6nX
zoP0P}T%eh5W`=FLw77^85L3><!2vOX<6x>nsQhcn%jJ2vcS*Qj<RZL*J~&ic4$-pW
zPv9x#>13P(9t4OeLuhRH^N3Ybeb7QwqrO8rw?eZ(Q-qIg%`y5i)@Sg!D*DJ{{CNgd
z+$dHX7It#Jl#ziV8<iPn8yf~z!bjL1ERd9121v>qU5IXm$uI+zQ*N)D54qB9dKRBj
z>=XW~Tytc?O+qg?xgkQ;6bhx0;!p&$5mhNa0cNT~q(GbkidYJib2zUTg%&dvHR@iE
zfPPOiq0k=#!AyxV4-BhZav@vMbliOmLZkt+CQcv0M4_&LuY$@9q<V97^o7)@i>GG_
zFIjN-9mv8(ZQTSgaxvLZc+XFIx1BdAWWb|+obl@kVDsVkp{0&hWR+E<4wd`ZT6C=3
z_m$XwYI0`!mCE|5jYR(GG!FObt`Xx=xs{366pGc+!`ARZ-^>b+Qk+&qURGsc0-hUH
zE!OY!Cpu{Ki(2X~(IGzcP6*8<3vo&<JQi7!2H()#Y23&FfgU#A3UNRs)YMGhu~=@Z
zng%_DA7SZ9w^AidhgXjLlwZ%pTWSNG&s!Xve-m!CSgQ_QWIA)youKA4vYYih7U4J7
z`zXT5!uz&KU1`<ozi0mGRyS7}gGd9HluUn<TcG@kM9CH@qT&0!uC8mux5l*Gje!Xx
zHJ}eL*1B`_rD$-z3&gQ*VxOB7%xH2oJ9BbBuqi3cN+4766Fx{J;IFJb6lY9`|Cclq
zZPpZO5kfgH&R|znWiY?4g%Q<HrHo@|u&Uh1E{{Sc96xw={@Xm~XpanS14DY+eFl|Z
z<#kr>IydyBV(XOhg%~CZ%}X`Qf<7mlIT&Q4v9B4Er+E0aCzvto)j;Teoax*c$gH`~
zK=KFxSRsPY=+!q*K;lLNLKS3aYKn;wJv3kuDR79PI012)Cl101k5XYU>5S@tR)Yc*
zNE#wE{pC1oLO?eU0^k(`DC%pEM7?ad!cbBNr)<W7cn*p-rF0pCti+IrC=1X{g?0i$
z%puN(0~c;|TU1DXR+_Bbmu)mvwCw29baXxn4~)a{R8xHvHG994l?H^7E;Fkq_-X+c
z@kldoIuSiAIGP0$zD*mTy*S#i_$urJfZ^UJ8IK*!$PKjAS_o_OV?hA{UGy%LuY+ID
zN3Js7cwa};@Y&l0&OE}0n)ZT_w@Q@MXo9$+-64MQ*gdLqI^+8sG<+y49=;gfKp2yN
ze3@ho6$TY$w6%{#nrxH@aQeon)KL1MJs^s!NHO0E+(3bmFSepY7`1lVd_2So-t)3^
z!A%CSaf88PlYpG1Oe0ByLK6};yY(`RkfsN>R~Z(o6gbFFh^<2I_rgb|({OreAs%|z
z*Y~i#-u<>eC;uY5GGUgoDbKI^gQ8r<ze(P6Q8Z!p<W3@;GBwP5w7KX$CfnNz-AyHB
z(j%rrmbR!UbS7OHWRsnYJjQlo;%Wj?`#^R}#N~CYvKC4^PWeaSkyK1AyD^ic*f17h
z_m0M?4L<wtR4N~P${~MeMb#gjmeSO?2=-?bGC!t=!`J`OLDmQCY_IdNZG1M8maE7L
z?1_!Lg5xpb*?M@BW+r$>S?7a|tVVOXEuV<HZ|C&YDXN85GSpY@@_9Yzvv^`i<M94V
z$PRdFYb7^1a5zxoq4F}}wy)Wbbf)lqx$&Dibfe*YZcM-HBy_77f6LyA_o$PjTT4yf
z+@tM%_m(_I;^B*=ZKs6X5>=#xxCQTQ9y0{_n8sBZY-KcQz8k%`BezPWOK+)Lk*Gey
zJlmuEc1%)`^<IYEO*lxJr-4g|l>$ziX?A?}im*hFC{zEKq>w7x@RT+SX@KHzc1){)
z&1r1JXmmj%<7p4Qs{o$AJ&`JD4U803YWpCMYtzQfElEo#{U6#}pn<%89dGPSoJK0c
zj`|c~X*2smeh@GF5Pv6Dws5d#Z*+@YRYN254-X%?Su>U~YB(4!QT|NScSV({#(4}u
zw_XV8ViCgLFpK@I^Y$G^r6I%?-gzmQYMc<K$44GLJvo`K2`N%Vm2&p<#H*Q|o@Ulj
zh@OL%p36ZSR3T5*v(m6=nsD}BB>2^?z9bR#wH6RrNIJV2VZElxM5SX{JzbzJzPg1t
z5lAK&JD}*?eEgWq>MN#dz4&5=Ae>&L+*WrlQHKUiQKU*yWING8b-xm)>j%xC-b*Un
zB&p_F&G*=J-Y+AQmXg0NBv)#c+v-fl6zmlydF&wU@zWXAhG%AQ=cbk<w|%zK_+-dx
z-c8}8M(M&SUMq{0Q2PGLu6;v*IsfZpf5yFU9IV+@a6fEPbg+7U|K2`sM7H`v_0*n$
zF7NR@LAp-2vV(!t>G>}Os^MVLa3vCw$-;kX*Jtz}S#DTYG<0>SY28@u8{;(Ml5{ln
z<%i_8_!lg^`de>xV5QCx4XOlM%0%D)q{J3JN4Us#MfnJYupx9Z=kp#{VH7YX>V$`B
zmsCh9=u?ykvfO4HzW-vfcsBxmO-yvosxfRkTO`U%27|Z!YLqhmctFw=th{=yflZ?<
z+{jSMcZvu*&U~aCial;8(eG)n#oO}uzeDjq9sr2zA(`HlEEX{LlaXBkG!8KbX(ZN2
z%o(Km-KGGe1o<6sdLghQDuJudcM+<IPSGSWpz{x4N(l*=d^>+sUv9u=-c*g`lK83%
z?o(1bmGZmXxFEfT&gaTeJOQ^2KiF@MbQRqF?z$TU6(MFef-JCv$2N*SLNu_{k6R*{
zS0OzYwCti6)q&L6i38|vH@l0$NfMZsY$ZFBILv(Rike(Hj1C{@!i@Q{@FdA9|Fpf`
zbEvdzH}ZXh*B>a*GmYWGud~h`iBCDK5c>n>vSLadgGVrL!Q-C!K@lI6x#-Pq#7)SF
z{`O@Pfe4>kRxul((o`-1%%;D8)5}xg1%guXCDg3lfBo1c#bA(M#Y3C_2=h?)Bt9pr
zkcjJtSmkL&i=o61YT3;xP^-m>KxuGPXf__%J(95`M2gky^5y;!`7@6El*NC7K?!x)
ze@OaVm}gx-lWqCtwXx9O`YyW$)a#U351V;?P#G+EbS)AY@nuRpsH<nk#rXod!kV5<
z3&=u^Cjs{KJ=ho^z9bVK&KKF(uqpAkUam%T*Zr|i9CZO6%Ee#-vN{m{q8IWv@2jd7
z^CxWfV1_J6X<j(SD(-i|LamCYA;qlG>+BzH@}J{$cK)nET6`dXOY!aru`l4yfqbBd
znuls+-=8<UeI1^15v?awE3B`&_Jn)BiK;yHkbKtjYPb<qS_I@pz-z1ZFg-xR>HCxa
z+A=333bQp>C?h9FxlqqC5Ae~33SZVuPrTRyH@v-vXHK8T-+;J}P4T4rShIUeR<8CB
zYk0mC$AAaC<QzlwOoi?F%NeIK85+duk`BGil=zgJ#5NH>wtD^!T*YHwbg?5~&U!ZE
zK|hFX81pe9zrrhJGqcanr8VM~<{?^2rO~+5>M9=|v5Ls4d@$`j`YuAV&s191%~PST
zY^9`S;Fa3OH06u!c1G8SBOT^=P`8M$&S4huFgVwE=AUwiiz`db6ev%STS|r&LWlnO
zjd)lj-7p8u^MW!(g%2LV_R=5Geir^^-5|W?bVc=<vHNZy>=Su*wCg0)X8zVg{f)b%
zch{eh+2S9j1vCLW${z+fH_`q`()bnFziaz@pZ|}C4Al9!>FG;==uFH*nV6N81@6o7
zw<#s}C`n+#1L-H(M~@spWqK;c<S8AP(cbjFe-BVSd3av0K<)6!L-Z%Ur`w$jz5xLp
zJv}{KzlJCP4It!6_XSQ`e6XL7kL{AZMHuJAXDhf?D|_|3_I4#>;IljE9X}xzprWKi
zLq|`NRTQgi;=O4E@9Ru?Uo5z+Iy4ZEFisB<ih|Y)&B_JW*QiJk7rlwY&4b4&lLRO4
z@i9I5w!fbPHmDsOF#A=H+icsgu(3%>NPxfqsOkt7ya0}YrGbG8>eZ>ZpT?^3-T}o4
zbw0^DwW9A*b#2%8{n_@1D6r-+4t*>K8f6>tz&N0#z^tM3mIY^{H*yPyJcRceN10H|
zlbQZ2gha5QOPxw@;iA3WoVj9$G^_oT#sXTs=*yABVaBjfx&@F~bICcdJB-*n9{jX|
zdS!wnhT<>DAjdz&S>yb6PO!B}>3z}g{lFHV-*hm84I9O~t$A++dyVK{J8{)44}&Wm
zscuvu$N6_tb?f=-=*A-Wc~3so9_8J|IYm0z@Z)O9B;U6hJ2B&VTH1SA_qSY5t*yZd
z1-blxKiQ#haByRJ+yJK`rXwXzC4p2@kP`22wQc=t{Y`h~L$*5n@A>7QKAooJK$D(h
zGglMG<^OhreyQi4ZecOcaWFp{6XAhV^W`Eiv9N-_ia}AZ9;bzos2&b(J>89){m~j2
zU}DnK!r#FK+xS^{Amaz>#^Qp3DKdU}k_vFKM{{oq<xL29$Kl3ewN(T{2XHex$JWNC
znm<X|8S3wRGp^@v_!Pn5P<P(6Hnecz8UIqI=TM^M=?bCI);{gq!<UM*(7T_>@6??>
ztbP~&_r+P%w&g^$-`M}t;rDt`fbG6Aq1LhD$d~?o(r;-3xr?Z*s8FEEfzBrAK!E#k
ztANjxpi~18LK{G5z7(Zffmw_sve{WDfSeByGSqKBYFnPOfY1RmvqG<`hN>!%Z9y&&
zWp|{`*!LWLF+Bc<3YNmDFJ8;luU~Q+GxV6qRByC`!-PqPq?a#WGXwn#h{KhmiF{2A
zF_1s{FpN;OctZt4LgLLf$@~S&_4JfJg_JaUX0EX`{<0jgFE4y-VkgV6lyU!!D3HZv
z!7-5#cE`5mj5IaN9fw$>MVUvYJCqt`yzK02oj$uGBd`H=BE7*kb|=!~ud0J8T#G4a
zxAlmrvF?<V7VjYm;=;n&HXc&ybLZ!LCNYoBh;@mHQHNBMW^eY}8L`koN(%V<S;Pfv
zd?Pv%@nPQHX%n~7gy>I4IsBB-4`N3?U<pRsdL#U#=H)JrB7A)K-&f<TwY9Z@9Tv&Q
zirTCMt0E=adg$uTxj+5k=E}%EzGD9*{<18angpl<W8FNB!4!}~6B}$?lDnY&et}2-
zMEIH%nb2c(kHq>9T#jrs9<a7@h<1HQ;LB=&UJ>(jkr_G4df3L(M?O&8Ei?-!9xIj(
zy%}%+j~ZXbI6WXfkpaD0s2DG_5ZZBUieLY8d+<D9=g9el+AMM*_=idZ6&+FF<sJ^9
zcN4$w^a`!LJ@xgOG{oX*@h4*oeXP2nEE4M1EiE|w2<YLj-2!CU0=MU8W@bUAL5tn)
z$9(gib;%Gldl4ZieO=SI_{Ot7Zga4$yHD^D*ZPWuy#aOG`bSYyUBj~@vZj#P_0Cws
zOM{Os=AV0%R~z5fdY+yhe?L2V+vtgjiQPJ1*D4_;kjgOlDYw(%yt}Wty`rANM2UrL
z-rL93QQ7!mV!~AC2g1f1u50zg$VAWRRaOSpCxW+TnVBYg-zjFoBF`5EeATDj@9yGV
znyVWZ3a#}M6&A4b6zW&}{jZ7Ly#5j15-nf_#IUYJ<3vV`+>LE&&SW$S)yMk_*Jrkl
zt2_H0F*^yr?1#-0+@Xh5No*)lAMKO9KTI-rO~zGv&UK7APhWJ);e2;GKtl0$(*iO<
zdOP>+vi&ogRe!!<_*vfSTMkIL?Bb_SU0`j&yaQkd+F+~!u@H~wGM>H^h6COjK(QQ^
z3rr&{^asmPf-uD*eIXRhe%>HC@_e&w5%k`CBYh_ZItm1wn$RA-1B+yDY(Qz6aC_KX
z6s4AMTS5&)a8B{{qskFHVjy%`-PT4LR@>Of>V(XrMx@Pu0Ihzo@>aP9jt~d-<&{fV
zm<5eD!01R^;VkY11O$-tRJP7=N>#-SdIGTB%Wt4SOsPYROJzS16rHiNq!5Y3bgk*?
zqEwH$hTGB*LyFP#po2*294R8MDD7M%+Y5|hoGK)nR!jzx548_)9z&v_jqqS8OqWcI
zF$Tn!rBP~~l-CBv#>y{Y1N>#g{m@>yJzxf)+`uu=bHveyhn8@5oMEa1&xKU_jo(^v
zdnsYQXO%x5N)RKJ%o`Z-Pl6*HLe%}r-H`-yQHIS2qURhUgpZoQ!WPm<R@^wWc-V}~
zZal{Cy-XbeR$NT`iI3Z>EcxiQlvcPkbC^Gq$uK5#w6!mVMk`*&kZ#W!zo4NLn!|eO
zys)x9HqfncQiPcpjM8w<44t9`FV=I(8Kc8}fT%r0fhJ_qQnE*oiTS*8q5?$$7I*}Q
z5JvUSgsxFWg5=l3!zka5(B8M=7RGQ<B4i(KNah-yBFU4(1zUfzu{n!)tiiO*^ghT(
zEnXARQCSXL?CM~kzi@qj#a0~L*j3e9Tg5EQ9QgTkE_TG<S(N)`+HXDtBg7>P2WMJi
z+MR%2oScd-v-n9<hy(7OruJ-HF=su9ADPwFQLlgQ3BSifcm^xY#!c4JN(RQOjI0|6
zUR~jnlje|<XNwB84~{ce*hAWs55CT?89%Y?cRac7i?W>%?r&;q?h>Bq?v6=S9DS7W
zMAtAU+j4$+v!pP8c~w@bBci;c5zFh@Gp%Ny$&}geFGjyL(sj379%~s08hkWYpRPCf
z=r_gbjyA%^>TI~Ygh8pv;<(JfHDmd8O`dbq(P%^g9*kDyNxK=Nz?^ANAm?0XVz}z)
zaPZ-^Ggj#Vd8X;%C*>IdfAV8S{x<RPdy(}go>oH(zOwG6-yjV&<;hj4kiXj$PLXsn
z5f^u}x3Y3dIq_k^f3JT&7ec-I_}|-Pje;2F2mM|I9c+GO1>M$ry5t(v0_I69;ykwC
z4|~a?-V93e@+jvpeR`QNxN)R>(*gM@<Y>!PSB>TYd3ANAi#8N`+B{yWKkyB#&Rz-$
z`piX$g<JF(3z|He_>Cz*27Qx(_zumI9}3Y)v?wgWh>@T1hUcWwm=3ekiu=N_VWNyp
zz?F<k-QLORGr&nhi93DhmwjLT=bS#0CzZ_sw@aXMr_#L;p)I61W3_n8i<H$;7!G+~
z+}-&?3;MJs+1OhtpABsW>IskWVc>FFV$q5YQ@0g}jy;IfzUVfigKuJBW5s+)d|&P}
zw1*MLOqWkcf-aUV<X^ww;+-l@fNx?qi2kzRCNDlnm0I@WUo<Ec!odlJH@dj#ag+AR
zy%b!Z7&k$TC0##=v;_BY<Ccd2Rt9TA%7H51)r;4|A2LcPUm^o8AkPJLY|aKDQ_y_<
z_2{RR1Hg({D^fvL1(j$;6IHn18<#m>EauxBQqg&jLZUBA#eZVdb!xQY-;=N@$o0Sw
z&q2Upz~`Zv&wh`BX`g%KREEBkau4)v^oeBl883$`TC<45O4}U8(1kc6GJnSDuxjAU
z7jw@3P?`0hAR_Dc`Z~z=Qr6PQvVX{jEIxB;RBLrp5EEJLxEJ7m^>j^a^Rq0>rK7`t
zbnG>BKI*RN>`ZQJany2keO<WQ>HY>xYKp8QW3N+@$ib<Q7}w?FXVfBdLP7zChAYcU
z!bf3OHtuRqzTI8mwSEqWn}kpu*q^Y9XnCT)m41(6_PM7gWJU=0RNG^%&G|>)*%v5W
zl=JlfvV#=|VPM(t>*qC2^y*&}r0&hcVRyQ){k-45f%7Gye=W*(I~ga`H<T}xm093b
zWV9nTm?^QpKCkys=bQaSQ6SD(jB*Y47ITp5a&`K?7NlX$CbPZYe!>d5nmg;GmHh3o
zA%uEovMjVmmX&3+<lscHhL<nYK^{V0FU&Q<Wys_tE^Q8{qIMQUeEm&~PoWcfrDwQ+
zVS-lLA6O2#iot$<6h-#n8`D7uX;Z}SWznA7eJL@ojGqQIlhZqgKL0iPukW=#sQZE4
zwVhDH-JP8Q=0l8)ShG^M-bDKnMqGiCpdG9r%wh=D)@b~1bgDksFV;uURJp>QHZ(T5
zB#@r-Mv5^KD59oM615*<zK^WhqPs&8@xd8RCs^YTX=2q%sOY66$u*~8kbefr59@sv
zLx8Um{E@KHhL?IX+TV0Br>D&yPKxSA86e=Aj5#QIfo)9_pp~ylNPe*NOlqpYtiy49
zfKrg&!{wFGf<DLHghC}n6RmBg&cMx}xY*oB3a_Hz=snC{)Xu0-I!-t@IqWmkztsN@
zX-YB3djJs5NN$G@BxO7m<6fv#*J(Mp3tCLJrEuE_>igJ{?bNljQpRQnRjzICSK6i{
zR&U70Q1O7pZ`8(#;i8;feS4JjZWNTu4&IG(mknK=w~6({vyOCe4+$Fd5ufNC<37I9
zB$63jN+|pfM4aN|@+vkgB!#3HQ#SPB@r6YY%^5xfFWDg3JfEC#0Y^%3iz%oJv$Dgy
zzb_UNZiwQNZ5l#dL*VIp1c$>}^{n*FjXs)Me$FZ~ci23hoB8+<#W>%}_-JUASB#mH
z{tS0M9-W%0%_?f~M4#S3u{XIO$KN!_-&fsO+X_p`?8m_2nuBPzs12T*^FAr1LPeCT
zf@)=bJbn|tK<*B)ew4kAWu)h7a&h0_b?RBh;?zJXpWOi5G~UHPzg1A+r$FoFF!OG7
z3XyILzYw;YHRD3vliAmdA#bv@p~xh)i8*ehjwZ8jqYaPA4)j%~f#6@%6cMZEitGO3
z0uqcOjA&j~GItCLV$vMkZ=?EaU6PQ2zRLqEhPW>iQjpp+lblYl9pXjIVQYGIUd%C~
z(gvI&&nqd6sX)D29JlPT-w%*=tv?l#y9x^|^M4?R$tGU^zQq*0{dY3vj&oEZ+v&4C
z_5CwWQz26_Gd4oDCQ{}8{lVLZ(^D=8UM*q~u?IlW1GETOZsb8KjX26Dmv%D<jtlv}
zc-r-#s|6KXUOqH!5JK4}e*+c6rxCM3b@653UQ1_1@So$8#^9czv=gwylvTwuB83D0
zX%c2Z0~089W13-zkF<B3xNxS6q<rl}uiit<CQO`YEhI4<MuZ*dWCx)KD^+OEQNk#7
z_HobIgVZ^3S)2K{>?~npm5dtbDur2dP4k6Y9%C3KO|)T}=D1XCDu!aP=^z+LLT5!6
z#A2j}s*RIRL8<chh#+63n48fl=J$vae)qu!{Ge*1^3EYqq9GV^#HbONroEa~*aWXs
z)RK2<7s$VZea@{n<7DrysJu!U8xhZain~m25r#qNsTT^)N5cK=W<(led7&O_P0)k3
zQ5{ZE(O1P!KefC_C&EdfbmO<UXH7H?Yf7MRGSWmpr10dAMABJ~Ap<DceKDzP93hl2
z-RzEYtY4Rke5l^H!RJT-)#D?v{n%z&HOuWM&q^k>0@j%)qJ4rvqDjaagYrSU^;_WF
zRpd6Y!;CIp+>B5{W;bc#OZ>8Ju&^^z%}^-C4;@NyRTR%z{K^8p48WvBtx|rIkh{YL
zHVX^k=w(=2uv_?F)aXgg4-=C!Q`1vC2|B7iBJ@Js4YTdKMM_15MstmBN2gCY8S+1#
z*RwDhUSqFJW#t5Z=`hzw9qIEkmvsI{8W%T?So0k#YRyxr*^iq!a5ASViZ9b%l>3yC
zBF_IcyQ<qVRs^+?-{<iRY^LDw$)wfZTf%}3@udutS5(<}REJzk&{q`tKYd9F+ON>>
zK9?vSR$}{9(kqdLBmQ<k!jF!>7xj1Q_x}$2Hus`E;P>r&-siy&Qw?Y?+UcW&Xr=Uq
zH-7lf&ktzu303$}l}m9EkmIQ0`N$wVS0O4R4ze83SR24==c~?gH#LR#qA(#cw@_|S
zt`gq9-D2djC51D|$P_1u9n`&=d*1QVDP3`-wtY%8q6ss1$kdz6L1AX?BkgCkphs{#
zWe8@RaMWvX_B1?cMQ<!u4b#OW)rTpDXpBehCTZT!J6>L(Tk?}aD8nYV_|)wd1Wm`b
zyfq*Yp~IZV;iT;OPByOEZ>9(ja+1g8SjVJjF*R{JgQm6d`3WOywE2Q67@Mcak=3rv
zM@jKlqim#eZP0^CtT;L!jkX;ec@!sfdCShc^IZEi^5G!WP?xQgFI^fo@%%c*nrSY{
z`cJp@0u#}0@d(*KUcWGAdZ6kCs!Q>24{@$5U`hUr(la7S@rAS!Z0tkaf>RCuE;%X{
zS;@1@6Bc=-t;>Z|(b`R!Z?a!GlR;Runrc>(@ENk>2A#CG`gIU1y=?hQP4OCeqCvuj
zo0{}8R>QcgsL^6ftQagZM*dzYik-4nT$DC$^2u|1hWKjNSNg0~a6wjFnW$}mJSbP{
zg6!x@262C|0O-B@+~j&Qd{4Vy+*qQ4I--GiCMKeSwqKQsSc+a9Mb~+}<2=B8_Ec-4
zsM7#{zSs)-l!I4XS_6H^DK#AJjimV!Bb>7<f4Ir0d8MUp+@fy=u@>qQW|-gAs!h&U
zP|}pArs+kGG&<m3>x{{Vn)OEYl~nX*3(qIX!2TLTz=F+Hwy&M}l72h^r?~BQD?F9<
z&Ne;P_utmrsd3H=nFx6PJL?kKi|H2G?CzgYV3}%pJOcaY87(`ZzAd)wMiVg15p_so
zDf&A&;*pK$n4N*Sm)c0`wAgqCQ?Hy9ffw{D9Fr6?Eou~?NOnHUc)2Rz>Z$+0gp)D{
z-J$%xQu`X3$j!|6GeZQvpvJUTbQY@CLn?^rursSc%+HFXJ7rnvT}Q|BDqa*Ja#+vb
z&mpSLikHtnUfMZItIg0pA1i=+H&4c44ja>=KE2>tLD(zURHAiF6|AT-bsuqm*K5eU
z{ze%6e2w(#)rVl07d35*=m~8aX8!82>aLOgi<PscS#FhDB9Xr0$;nm;-FB*@$7mM?
zq*1nrx1R5YsKx0PZTI~j>6)Q(N7&0{%s=6080x~*Kh+cfvvF5a5|YhxfruY34TJUA
zZj1YSHV;axuvXvAh#y$^%D>1e(zj?Ow3C?pTyn_t{)CXacWtKg+gB8HoCkBvG#QCD
z`;#AprSHQ~%I%41ROhPC9-`2_z9Mc+A97aT@T89UCHdIsx;Q>7daQ1?#s98ykgl{}
z&+#1lo4a7^WoygN_r0i!3UfTykngp>e*Gl4)D0e-r)sb^)|OLtDqflXdTlH=L1?UR
zMoF8={#>Vb@m^$;yz=|s?!S^Z;-Q}!_{j6{6?}L%JPdFU@7lf)Af{!Ra8oDd9=ol?
zJBzzA8P{pa7YVUCe^5;yHlogj!*d=#{dSv*S#=oQEl+lKO1bT<nXJj>1PRBjCBjnT
zF;iX~S?;z>3~%^R6u}u;UE})o#o9CH^3^X|gNHePDP(SjdNrDvlEFj8*@B7k$kEvu
zkh)?LyKj4p#MA*F!)fQ=<v&%$rV5)Y3<_wwFS)fqR7M`dMd|1tryhO&(5~MDH+ZDr
z4>`F2v{lQDTm$Y2{dPIS0y|{egESCeQ(C=u`g?<3v9Jg6b9!OW6Z)sXTykir!qP%G
zQO%VyuZxbOsJ?)8gS03+o1z9#F>%Tb5uU#4%GysEvFK&PzYfe_?KikmipxaES!ks<
zH=dal1xE4<2}lcmAf(Dm%OWbt%}L8@yetgetpB;fR^_BL&g$Ow5Tc-{9@5A!#DTaQ
z;(f%W{{1NC-^%q|+PrG?>hZmy8}C0zjM*+X%C+vvC3aFz_n#KuOVnujWOWWU(ODsp
zc4Z~Dkueq`*@e5C<DQVaBn{53O&f(EC*$JBOz0+Yga*EDtPKfdT&Wd4Z0+f7_6zq7
zBKvuXvAsElb!McI_$hO|^+%8EPCd@38oVrxj6WMZ`5K?I;=d|{7jXTS_w9GJnVMtD
zLIyp()z2H^W?wt%>Yo?t7s*Vfmy<pNG9?eQxR8YO`)Ah9U+)xDN@!_IxEoI$2H2_t
z8j9BTt8@b1{CfW}6vGAg`r&vw3(uK0@sl3ON{M*L@igZuIYOdq1CX3Db!2W&tpD8s
z5CPa#u-RwI3V1u6fKFMoV!V3*a7&l7o&d!77i_P!>J8F!`o#@1p?`jVQStzQjSm+u
zEfUXDM86Dd7ojwf)O{=p6?*6>hqN&zGej4T{L%O$fI;N7@q@ON^ob0U6UvuGV(&jK
zUc5oOqRdtzpI=GSJQ0YD2$MkoXm?52+3n<{>%T}F$p?~mU%o(hNvPxFRG64{^*^>q
zbcaYtgkmSF+pgrznsaivYY{bf1uMM|kEukxQr>EB?8CytN?sFs-__c)3a47wShNCT
zpPR!H+%DP}{N_08kFk@cz>g5s)=p_C!4w@8%UdNc__~Wut(Eub7OcT>Jre(mTHh0j
zE-CRRBqZK!y}L6dAqgV@OkG2o3u*r9ZcfGlR!+u^FTF}JsUsU}>MY+yly_FjdtrKc
zJhkq5%EUa~>rR*c`wD-LA`9`k{aFf1DR30P|Mi&KY-+0B{UjeKg&g&6F}Svzv;mW8
zwc!s%hfk*7-83(>wtbEZ9!^0!$uM>eJ0mFlH!ePpE<H#jZj^#LTjahTGG^ATJlHeW
zcX3+2-`0B<*RkBrt)P~-yxolUf{Zq}$}@)9AXm8K<x)GYBe_sF2L|4kf;-sjfhob(
zKh7PrYc0E59hULtJ*y(m-bB3~7xAFB5G2dAI5s^Aef=AM-s|sy^2Mn*@*w8&(~Q<(
zSFBHH9M5{l*;{&$SU#|p2n#-5ss)QWG_|#T0nGGyC?Mj1XmSJ~lv=CH-~G2?=|f3B
zAc2CvYW@26ED)>_6ax!#y)_?uYsz5ZK3u-)m-;y)`0xHecJ!dj0+38LK7D!|#+0kK
zYMfli3((dengq}rRT464nFE4YD5&F%`@l>B?fw7Oj><-afou$$b|C{@osEJ=`7@$N
zowz$C*|CeOR-xZ(Ul%id?fa0-2u`T-1SVN>@KDM4?$ywgqW&5?JL?0RUC79@XJf=K
z778-s>+8GUSM>C@DDNH#_J;U_5!&mYjirKL6XSjJIR1+lDo4Hd)KvMBJt25w=L4l_
z#h_(**5~;-5S@A`F3#j&pG@E9WaYch#pEtY=24#bEVpN*hf9#5RfLa$-{))E9ucoR
zEp_ccztyB&r50c8I(KTY0{ZjXT6g&PS>J;Zki1z%Js<PbZV0st_m>Juu$GlIlSQT`
zskykhmgIdxAqlPVFISmstZPGhq|pinX7ltnz3FRShEpvsEiNo=SXq9YUt4nH%SYU2
zEUJqVSjy==zVec(^xh28a92^V$MMjTYDqabZCXS2|MVl*73VScb%=jGQT7SHRIh#P
zbwk66j0{uZ^R%Q%BZ_ZznMG0M$pP0$?`!0vOr}L`s!Z(?(sbRzd;^MXQ@h!h{)+5M
z6iZ}v-pZQaNH~{<*>cR|@?(1fkv%3e1oqN1(kNHiC-25f-qZ9)&@sL8l6`*q+q&=a
zTKMY1z}om!jLmv8>T~S@Z%I!tWEm?;%%s8W+4<IB;Fn;Go%?Zcge+?C0s_q&^LJ-}
z#qvS+U$59ZTcAP9f^}h`p`nAH4vIrlPXH(i5a9j};qXdbui1lzHWBw1<Ic{`gWpQP
zLq*744De!>Gk}@S9}0lUwoldqLqe!z;b0jn>Ay~CfNSB6xWKuA+g}1^j)aiVe`@#|
z6%3=ZnVybrY|`B8y|9c-szPJhT{3T<DsDVJZOG*$8&-xU3hD|L-P~AY4cOIL>-hEH
zzsov>oWDfTP2Ei2R^Q0@_yG^^UT<$NHV%&GwB}~jY7kI3lq-CiQErs=Y7GGeiJza}
z?iKovA3vM-esf<*fPV(0A<*#yeA4C|XZA~7M=;J@Fb8Oe$rt3Cm4qE1r3<^y;&^kX
zIYV9KLLI*ug`*Ci^FMkY{L>>;MaMWmE>gx}c<gb}96^l4Pg@p8j&>diR-b@B+6<w;
zi^HK&W5r({vX(Rh3BK=DyTSvVey;3gAy+!^1&!RnW;|bx`jhHv5!4kmwWHj`wC+%l
zRX33hIJ`)`F8=;GkU;HUOxW&NUdv_vta$(skzmwX;9$JOR)6*d`WJOL^ja!EH;WZR
zcb>BJ!z`zM=pA9*m77#sUo+lr@fRpWLYJONTL_t`b$mkqsHvg#^EjJ`vC-<cZxlv`
zE0xubPX<;aQ1PaF9D@DiY4d`faxmc?(I9wXv%cAo?mtlI9UU3WKVwDO?-`eo;eyH;
zUa8mDhr4h6R@2226s^~qmm{C{5(QnUKR9U>{r&Z|@$VG@MPOf$)BfIp?4RAL%;z^P
z-qU$miGq{`bF6Rvq3oU>wZ82Q|EtYLh0+6}qy2ZwZ^6_b@NFs^JZoV9;tI4Z8+Q$j
z<TVabK3X^&lGP<&4>r><lcbGaF4Y>OxhpB5)ud3;-0v57B^l8$cmRYZ=vO<<3p#A9
zuC6XEJ;GNTpl(PIB<TRle}sT690cx>o*7_<-UbWs>J!cb`~T3=Sp|Q~{_p$)2)jYJ
z%ou`Z6fF$(43K|2QLdD56?wEvOy7t6axMuMc{`l^2php0y|l6t-SoBd`nMGf(}~<s
zlI)Y-RtG@8-}d<$Zd0IwCW-4?<S21_n?{isReo2|rg4ufaoMWfiDR*hp#A67h$JrO
zCsdL9yyNM^KffUUV8B+Fg@;nH)LiuzurkJ|D}T)|3ZS-vbIt99im75pUY^<AjY?ge
zQ#I)LK3Ri9YDofjhd86^*DO_OS6^9G+nc)TjzNQyf}CPn58S|K9~~U_b8?L28$qZ+
zZSu%4(C_yi6-7xj|2eG#reE{Zzv;#4=KA`dHWu@8ax9-bvDSM6kQy87>nya<Yp$4y
z{wBfS_9>hlz7Z+tybb>9vN81)`=s~Y_G;!-3R6-@ii4F$t^TK%hnu-{OGjC=Fu(Zb
ztO7L=nTer=HYE6VRQOp+sh^zf;~bFMX!cQ4u9&>uU#s?&>6m_1AD-$s7-#WadhJLb
zrL8<EqT&k<5Ic^H#|Lqm7k5(fEf0<Zi_WCZZ@XWAcz^eS*S+I8OgixFPo?YX`1709
zSAXMW-xmJ$8jliuAy_ijD2=D^TRP&RLeQGK6Mh327ofqedjyURw9CHpAspSKikC9#
z<$Zm01Cb&B&f{f~sj2_r2sL!!NdSPc3^tsBja1h9II4i1EbFra<B|keT*QAQ&C74o
zkz9=vP-nocRE+M=E#<4^oU^fd_mno`hFXGW60ET*0O&5P51n^cA9a*seIvhg`5l0>
z5UlvR02JwjLe($fzc-~ruLr)u5YGfgZyhlqc*_5N_x~&Ux;skrpSD0nO$|iZL;%zi
z&=90bF>4^NA;xfk<HmuwR7CK7TrLODm7@ALE~$4^NXW=WOZ=Xy8Hlp5yf~Kn^~x$F
zQH|^)Z;#;ZM%9NOH@4eagaHl?kKWza-7HkTe$C5-Ac3cktI8J!{K$p6bPx1%K0wdC
zVj`d)!D5r0B_v?DIhBKBaN|;kg`2yfw6qi~VfYLH=3p_^(@{=8fm^otDzWiYA#wlM
zW1%GaYHZN?6{F}`wH;&EQzr^%18$5SSbBiRJk0G0V9UE02XJukQ;?G<Rr_SKC9bKN
z<t82jvffA})N%l;QB}9dm^~#mRa;%13EhlQkdaaD)N_XWC&mLOLr4CDPhZ@>FO$Hf
z-X4DW`TNi|y-NZzH88;F|7iNks4UyA>5J}`?vQSfE(Meh=`NA(lrE9(?ht8^?rv$M
zq`SMM`3~>rd)IRL%LS)r>|^hl*)u)W1>0)6Dj&HrM?Gyvpt2hj{nU34KRy4LAkTvL
z&D2xN(k8dCLU(gZ92@QVjT)tJ^0O?uQvY!K8$#j&N{K!LODST4$Sw8nN2t7({-Hk5
z3tB|Zf?SwQ+U*ecL4;n1yeW5!5l>a(TK(r-BW2KU`oGQHaT?4N5}MX`N8w59+_(*T
zg?~9aout+WtvHjlqQ3&=$LT+b+&0X{Jj6tQbB#i)y+MO5WL_(hC17CiLcvDvTi361
z5HjoK@;8CwWJ%B@{TISS)pW^a$Q>)$(JMdOw#wHeq7G<||3jkM@cn$Yj}ME9Sys`L
z#<I%i?;S2rqTQY!k3v@siZY(gn&#L<Zc1yKh*w`a><sihA8W!`$m@=uXnZdMi`2*^
z%I}zMHvg=)dV6=V9NVt8qrrmk)6@>rHH3XILd;E+Q|$aZj)8@fUB}Z6D6{%r=aOr<
z_0J&r6S*m%RqS{uo(@b84uiPb+jtm;Bfz;?<bE$77_vSeXms4K1!9nS9&s>kM5+(^
zJLLXIHt-?T%%iOE!-Rd=6@9tObX)NcUMHDYy4k0s1jfb~AuoWJ6*Ci>fc?yuy9^BV
zvjtqj7`f$HP(w&$D6KWK4@)cC1v&=)2mf|fQ!xK#bC)grjf;zSuHrY9LJT~pJMD!`
zVq)bm<w=B~B%s@Y_EhX(y$AG(r4KYv51ns(Ff{`lqDrA#zi;vYt{dLK!`*!iC{<tv
z^M7qXbEkyt8cB<NGFNLC333JwdP~x^&i?x1d2$4|ZJg`W2pd~T7EB>X0V<j2Rgu_w
zCO-y6g?u&)>3z%te1$+%7@YmJhj2W?lpOz>sx8<7`?*yQmIc|_W8@y!bdPG$$isD@
z`*CB}GNcF;-!t&@Yb{|*XVB0zzK*8|{SGoJn<HpY<*&!a6l@*n>$iVcJj-+X7FgJ(
zVqn5|v0G7LdsuR&-a<_bw3Ia~f4UpQhPfhHmu5oFkyhek7LqadTQT2xw-~Str<Rjz
z(q1lAfevqM7Y4UBwbI|6Aja~Y$$kk>Xw51tVn$|IYUjZK^0Du;m#aK8N!Co@7fig`
zs$iBcu8(3$S@nC}nRO*FVxA3YqEs1+tZQW3bhcdq?itfRCQ=^bN-DtU60;}7=IyBD
zo;3e)bS~z76e%UYh1|&s2dg%)nySp%S_`rEcK__5@2zR=Z)aaZt;%3o$iz)c$2L5W
z%rvtOl}pI*=Z*e74VZ!FVk|>Oq@^mSznK+$nhPGl{k}7unw+)k$RaaT{92T?PKdvS
zmNS=+s@=TF#>b5f1aw7~*3XQ8;W8WM@#S`XtZ`BFxw#kZ2ud+{-0a(Zv3EE-^Ii4&
zJFFJ{(y-e}2lGvYCF_~O^0qA`7sGfi%V#}$u3b0eI0m=^_O$$qp%8h#H92=6n;t#}
z0SK(Rjgb1d%l*RaEJ3#uU|+Tr*LeZ7SU9UhKIeV-N=Lpg4+a$p9}j^S;BD?6DEp9m
z{J0DeZz4KF4h>uXBM{wrMlHSK`{F%`9IJGH>ia@WSMQs}*M)nN5LS=qw<D4a%Y}+a
zK(}Qg2AzGIt12Pb(em%TW(x>;BfR0e5&m*bafXEnJ1hpGymCN<cyqHr3<^;odg>6z
z46xb)-bTRz(}r61_UxD=+_D+RtvQB0&S8w0i@+c6^78WO@zL<A4{i@cqvUkxV$;Gz
zg>#!Pi!X?3a?7kjsnEiJHD3D;_0q2rsSzN*&3}#{Fe{<Hw)R#gon-R{_`^hm&Xc9r
z@73|i5jQBY>A^G-vSRFaVtsCw``Be*oBCO75jBU;0xrh1wwM*&{`}@9IMhMmw=vge
zzVt=l)}04@Eor(~VnaIjNTVSE_=4h_K}~NU<;i2kl-N7HLT}-Nbf76v1J=9#G}{rw
zN+xwMQ;LySL27Fyy5`uV$X^j*5>S-~{5;<v-TyNK;%*h~d_--Q8U9o^YrKzCU?rPR
z(Qzp9F{=}(8ux|NL6w?J1{PmC+X~`}8)f?<n0&}2mQGwKZ7SFlfp`>rQ^v%Ag%3-d
zyHV#ww@q1DUTCW?`%&0fUGu}j{?l^OuX_>03M)h1Uq>ZYghZNc7WSjgdWZJ<(pIX*
zNJ~OO0)c;iutY1!9kVjqxdkywZXayn9Bb&3PW^#-?*vRn5yG8hwW)Bze_tMy5F=d3
z=%hAmy=u56{LOhmEK}MNUt`I5_>h`C-2li7U6mR3m{^T$ohi#OwlH}XH|q_-X-}xV
z4qq=W-<mH_+>lH@AKEX=17C<m2UpIrHJ)AX@O_&bpUe!7+|NhYUc8Xvg44MMUgEjV
zeKykm$_1VVW3(m<-ks~bH2GZWysY3h<<mpj5TOx46m|GZ=<4Dk${mzGd&SVF0IOVK
z3dIa;4Ir^$NM&E0pC=%p75%kn$nIzQGiQzK;WG`exJRlI@n;N2nE-1bm}iXA6ecaa
z6H(CnQ}Ue&{4kkc9a1suQHG}&e0^VlOl$|&y(iA!I3YwU0zx6H1BN*=a&oh!oE5Ol
z0t__)mzwwmt^sucd?{{6^KZ?XMt}WU_-O>Q8Jx<O7hOE)4}$<YnzjNJ)GmXxlY;{)
z?9SvLO{Q@sF+s2modS|#Tu|iyGCUBXipL~E`1Zs3^s4jn0y=?wDWzzF`!`HCBnN58
zLG0(ZeXu*cSRoZ_N+k<3!E2YcDkhlD8^I+`46#9tl#v}C`o)Nd77oA6oh5RzV^S*&
z7$@5k?eeklnNgL3a~?M9vxy4s?B+ZSq)12CnZ{<TWi|ah8MDOnZwiOor&Od~@+^_F
zY}8ze1vjoPzoiJ!%+mR%l(!S^B6IjFPh`@YwbYvRCOY~?tl7tBWO&1@Eo+kb-9n7?
z^Jf|J?x871_hqbfT(QRBEUdbR0-=)Ys~%>>C|CPgnSVgchnZ}28XN}pZkd;K7lkCo
z_HKFHSy>uvd#=dlJuHXw&COoijU+!f?WVP_M;emD$8&iW)}QDI*B5+mCUya@<kx26
z_`n05ZUlJchBb-U{gQAViS5t$JRBwrmB$wQM5d^zQwgdraH-X)*)*TkIh2P6t=J`Y
zYF(pUugXo5jKi2d#o?rX#7n+;g4qLlPP>=8MA$>wy_C8_Y7K7!{;L&#gUqMjo*D-C
zzx(i4S{q-sYg`0H!t_mdc0#(`UVG4<uO#h`XEc3sX`6QhmS8QX7*Bz({teiiTwLpn
zw-`xqHX!u*ZS&BOw7YDXjo%h<4FG8*VBHUjv&(mlx?eSDtMkp;$JV{CFBJ7VJD<<S
zDk$fb%T`xwEpU1xMr&yRx=E9TkCn5Inim!W+urej@0jqe6rAzEBsB;@w|i8Mpwqw>
zNXz@qH<!Y=YKe)6{4Rj{hL#M%bct+VpOfRqxW+uw1QM<b@ZdL8Br8;VL;1e6w72W0
zgvQqrA_NmD(Z)OUW3<XLsL^-(b(#}><Br6!9iowUv7F?-B&WzikYLeO4kw#T;^QFx
zSSWyWu%VJcfp)(b2{Rr(Z}@a}X5T_3nG_0CUjK^O)y2FP+)+Q>_w6k_&x6NE%2?$|
zV0C9fW|<Ad$Xf|zdnvv4D%S6ewY5ELWi0VRNC-1yVp2|yb_j9OBdQ1!-iW}PNJxD0
zvevC$_|3*6@|s7auDY6RoIq^Ru$KDG*rpy+C@W$DXSH*YNVNLtM3C-oB65Y^L{r4z
z@#A8Al?j2H#?Vv+?gP4qd(kOQ&New#iPxrAfQqt;7v(2BGL1d*I5L8y)C@J8PrrV#
zS|04_kjLw$#p$68?e}m^E+pkP&l;WPeCmjCj(`$5s`C%^p|prnDkz%3C5oqIr7NoV
z!@{?ZbvT7W7s)`uOwC%iB+5-nfsQ(i7&Q_q&5D9N9;R4|7&)XkS{y0IyaP(!M(Ccr
zmY9>HtGvWJWpn4On%#?q#}j=B(cRzubQe$NRjfSa{KCsZk-N(WjlwKpy^hQLgFn&L
zv@6j>J{aanR(-S4D|dSfndmgFK=Aqxr2IE8VV|~Mj@4PsZ50@g2J8Khr`W*|xm^PQ
zko$I`#y@yFbotPS28d#)5Mc=c=Rr<hIb->TNM2P{wV9@CO6yk)ed_n?smb4<>b-J+
zt7+^@(FV8<&?|4S^W;y4Fv&Cpcu1<}hQ@#gltNJDq75t)b+dq7ok090DcMn>dTD6V
z$|M%{)vFzJWaK=-t4y6{T9L{vOLl_B0_vqO@vJ@;@wd3x-F_z%Z<Vp=P^sM+TOA4p
z7Z=lm=yA=I;&WKZ0t!qDq!D*Nh3QaIVH+_lOzk^!vn*^Jye6$xcvmY)0}_eq>k$JD
z>9;L;(XY~^W2>nL9FtzdnQNf!F)Q@@^bS#T3(@kw@%&m-(%ekR*6}^Bnibflsl@{Y
z$kde6L~wt7f4@2}25EoOm)EQ(&A&?S2aAHz7T(*fQp^*j@9ac{6akkv;|d_v>#Swq
zB&&DT!pzw%rDkO-LLuzQe|P%XT6VQSPph4Dvw1R1$!SuED5=yW_S%(IO16k|_vS6K
zpRLVd^WE`Fay?0oMp5_IG`Hd!l5J8}(mysLm5cKD<rk4IQxYM|Ig+toxJ*_Xo5DVd
zAXWT(r{s<H5}T!ng;DCzT^eid{H~f}lcVH#o1_p5!<qQ=RF?##!^M&kSE$8STd%Lr
zH7aR`qbQfI!^1lsFAFlzPCuY(t?({d^sad-W;NU2Es%C31DI_GI5`8H&||IB9}J)W
zAZC!rt*e+RAh~h2-UF)7%PjydpZ|7<51qDy9ki$O0rD4+tL*;r^w)pq`fx6r&tU^3
zD|=s#^1eNuGw^-l?YKjO|6Y83P+IxC&F0$#0?hb30Fu7yaajH!l4#!)3O#`#Y4}U9
z4dZ65V{r=F_yPDwM1X3fT^^U1xGnYh7xdCLHG~(3tV(IIT`qQ;5@_9a-b`$~u7#bL
z94gj2b5>CiTp}UP-q^L1l9GuI2{YKwQ;-`&L<(nQC<pFsFgbuNfwJOF)G&1k1Tty5
zhC$v=F$+0sN3#zGx?YwZ?`{1=Y8$^J`=O&EU!SA=;1{&6QxQDVQ#!S@{_*kKNK5fd
zVq}Em4#~2%b=j>TMh*+=@$+DYhZLikITz^db|!1kigz={!;x_zPkwY*j3s-<`@+!N
z7k7O+!XH?BwW4K;|G3mU-fRw1J~WK+9Iw3We=t~T>{&Fc0STV@g@wCKyIC+HV7UK#
zyf~nCr2ltXMKMz9Vk4X_O!0+|mbSNj81ff1tJz)`L%>i5;2F?=057muXN7+^51i!F
z<*<PZx`~O2>KCBE1d-M#mf|yi&wYK8azS_F1yacoXmOa_u+9_H+hVDP-*Xd1Hh}QU
z6^1Zoa;=Yku2>M8t~xPq`Z83x4+Auk68+!OjnynG&qC%6^DPQ$7=@_D=2pR{oRyYT
zK6(FMl5T4^`4)}<%2dP629(?6Xc4wbK2CwEpG73P3JOE8`GD}v?JP=xHIdp{A~xT*
zDTR}Jt?DA7<5_3xYxJeisz3+f$rWNV^QDev_j6IE9fhZv(CKznVsxg`4khE|O!q_*
zU(?f&Omw#9{K9%>EvcBSFfQ&Xc}}8t4z4$%$LW7!fQ~P_;LWt^p0DEK$j?rNe>n~r
zGoJ$8;bp_{+^Ky~7$(#N`w1Aefu%W@u<-K4#Kh#}<l>^|+1lHxhUHl551{c9I{^HS
zHIOB7J_Ca10nmNzPdAH7Z(O<#Q&R~oyGE5bCt5)=$7nil$JLaqD!<PoAM?uUY6pmF
z`uBzGjNa+p`-DMHgwf{>MoT8a=k&3XD6sB4aac<nR!mt4d26J&jVmD#cf(zj2zv{u
z>MPZ0Z*K17&Kx`fMqGGWA3lGG0DJwo^zY52Ab;tgo6Fy;OAH<Y>PKi)1y)A#4hnDk
z#!3VBl!{CAPOen-lLV;RR8rE=8(YQ$fgQFyfqS6DY5Wu1q3&0I)mMfsR>{p(yBvpl
z?zj+@#ZoZK&?R$dv0fj^2Mchw>vAY<eksYxZ@GZ|8Z0Pnm=kpxx_LuM#D8J%A(#iP
zz2&@jpN*B(%O^}8vIp#V&hT|@t*ktEQq4fh1k=qoZ*WA2S+3oN(q(~IoZ!&Er>njf
zThcjS0Gh0HO>EZ+BEa4;+}HzOY4!;retsm^@HdqIBJpyMLCD{~usdMj(KmECF6w)I
zp!Pt~{tcWnabYqA$cTvUF~Wi8YrDH{t7KkYUU=uz4o#RJfkU2}S|Z<;B$i}SE;EOi
zPN;p<`i{Lly3;P|4z{bL>)q$N_Qfm>OMNCP{olXZ{!AXU?LEyj+tuB4%Z=0vbAR_5
zUNm=FxX0GM^453x;%j<kU6=&ZV+vWGS}2Cp<_$}9;EI`?H(=P!p77i03}Ut2pa=#>
z5qMQv-sE?9+t2KrDRlc*XZhS)_!0Q|>=z{eqlE#?_>@BPayRY^LQ;K|kr6ro917?Y
zkg+;V2fou`gXg%bVYZG(P!69y#ua9H9Mpl=<>`7Znp_n9(+en~zMx7Db=~53-1ZU2
zt;KvKVU*=-_pExkY-EPZ31aS2pPIM?PFihtPVk8!c>*{u{fU_aFJ42#Uoy%!0s`7c
zIA+5Z=H^n0iuhg36_``N+{?wKZgYn+jJ{g#Q!&(nOhdrS4t3>~$F%|@ok=({U(zfT
z$|vVC<6N^v0R+#0R<}B%Lzz%PQZzh`(cCcea__2bov@wyPA&u!;-N1-BmGIrnWwAo
zMjSo#nf;PPo^@Qa^BL~Fr|sY-5L1EL@cvn&Vx-;u%i%b4^Y)z+7o8~Yp;PwhU0>?l
z^WR@HU!%xs<AK3{wxApOEBMSx-KK8QuykI#EU=yk-hd9DCxLxHr|JXzA4KF3=r%it
zzVtdI76SXBXf&5fy_WZqVeO9>vJMo(fDJ7gJO-I5Ljw^c4~XsA|1`T{Acey#BR(GH
zZHX!)<X_I|*)|aYfz)SN+2LR`Vn9s+U-iiMn*hD)^`9|bH76%0FDWc2aFBJ0;RQCk
zTwL+ZewFh#6#!4>;E2^RVn*M>DeswW1gojJ0tGZ760n$fcp(3-!E%Ptp@?h@px=iF
z2V$003dzm2#N_0PdKtieH$+&NBpR~=ziS+vpZIQqmXfcubpPXGZyf~v>M?V#Em^9K
zYf1GNr<{;b#B|WgPIYb2Sr`rIt-D4al-5T%42o(oyG1TnoY&oY+*F8l1dD{;-SP2h
zj=inXh1x?9l7d6yG##Kxz9aZZjT0V7?YQxAxX1XiX(zc3F6eVm->cq2wV*z{Ac@^O
zq6EEzS8eG&I)2X!BNGkd`t8?uU-^Z-*Gqrz+NE80kJco&cN;<_sC<f*06!WxrLL{5
zt-Ra@(1xGC8l<PE8~p*g{~SUxz!e<>{2pu#`<YDKfbSjn$9FY?>?#Thv5Z6(g>S(>
zfnq|+15lRpo8X{501!~WxP=9S$od*sSp-76(9B>C&6>~hc6Mwz5l%nTe}IiO5apMj
zmxqWd>)zJVLd*wW3|1>Gl8ZV`btkXZ)+ku;@bSfuf%?ilJtO10a!bQt3@@oJ3z9@u
zLc*uN#ThaJ@-bBG+F6w$RKqe!s5uzq0vktpvFvlLTWbpQyNJH(w0JRey!A&rM%30{
ziiIfOSZb|R89J@XoYpmOzFk5odYTJDhd)^rdt6-#l4pV8dr{9wF;{j=bW^!}g4EW~
zPQwewIDCGa&(K~3Fppes7rkM7fNb>YF7s)AocSkKnd6+Edb2PqjMp$S)~4dzwC@dc
zAFJi`kf$8zzIR1AyH4Z62*Tkt{17EgkgA493&{Ln`Mz-dz^<Qmt0GePJ3rLHYU#X@
z1Bem<ao`~C6|N5I@bS@0YVH%~*Wh4dHuT@Ye!xoZyvAu)!Tyh)b~F@hV2x(LoFS`i
z?lA~}!9;RinVf{up`)R32LqkEdkhS#hN>#2G;o>baI&$mfa>a61@!+Ecg|6xL{QiW
z>;+91S6fWS=YB4ze@urKJE##trqWOgGhUz8km>5ae>QG`;Y^!BZpVvAB8{@i7Yj%D
zz*)aNKjnHbpCMmfYol((<O;vK_V&k(%W0n5nZ<{;zqw9cM@2WXd?S!$A94uGYCpOk
zYni#?cq!nOn2HZ<PdNgsDLD&E94JbEGBkXzYje}Hb&!4UBW^DdMa{)fQY4S-_q_72
z1!QDD?CgX<Jhld7!L|g1s0c2nO9evY2q)lgK`^biz~~O}5x{k9NVEZuGk}1L*8*x~
zy1*GQjvKEM!AV`AUG55cB0w?MSHcIDfA|uAa(asY!7QB0z6m6<i~eln^Ux;g!+-Va
z6WVNMk@+h>JSedj3H0;iq@;IuKlx@Hh_SGYN&_S$C0$%yqoe~6Hex&cfs3*wRToB5
zwFkIgt)Cd67KTtKEcf$yFPlFt=ArPP4Y6yqma31MiJ+Lv%r(ggCURAfq_N0~>~zE=
zO&<-Uu|;`Qk=z<vDesJ0*BG{-H`}}4FsgGc+F@{3&bjR$>8YX*L>+7$K_)Cu`+w9w
zK+Nxm%+2J3(lu&JS;MUCC3td32$I&nha#d5bHCsA*pI(n*GgzM&mVODL@S9~x1R~|
zSljEf5{-G&Bg)<6_;llBr$3q{@;3o`;xC>3?%tlcn%WFtAG#(oGBPp+-SF`6-c^B>
zH3)Yj5-iLQzp_blSl=ec#ko0zpC>DAV8AB>+g9J9_8J@c8r31(ORXT4ah{u!5-O!1
zG7N)&-nj%;Zgv2sWDf@mvkm&rpMopkbSnnYp#=DWU<h!6TkR|U2IyX_)9=6xg~w(=
zRZma;3?%ym2?MomN{W=^2fyISDz*fP+U>@PRNJt*b=Ny^f4x41Lhg4ozCp|{vC+?^
zSB3nt5Tcxfj*Wcuj?3^Um?B7RNQ#yFL$FUPGCcFG|HSsRcBFq-H`eFJNZT!5O5ain
z`}GLF+&!^_)cKAnuAG_GOx-h`zpmmq$#z?fWG43nS`BYRS1dC_Ro##0+d(@4ghhic
zatK!`shvT$m<Nam6BJQ#+uU4W_qdX66Kw?z>YpAzn6+Dwqe&*|QtU*J`_!#(6$G&C
z>fc|!fy+7l01U+_#y~0`aM+y3pAGuZhraa+Byrr|-cHZV{Nq?E{Xj%Vd3Lq|Fw3Nu
zgC_eLT@0Om|L_1(oe5Flv2)7ZEizM6rS%%|L~kpLiwTK{ENyM0LPPxrDfa=lp^brt
z22j9m3=33xxOR?C3=)iR90D6G#wsL4_%g7aUW`pnK5hdT#}H>#KL0-}mMBokU2d6b
zcuNw|v?;RmrF^fn#;QL-yl*EqA+?cN+o)|Hf94AZYp){oOgIs+yabKOg>k;CE0iYY
zSTvunaFLA-+DE}3g{tj4MmED(ly#o0g}EM+d>$k*Tb16uxB4sKwJjsfBG0E@tL8TH
zh-aB^#_`o&<AIx*QH-f%FR%!VoR0^GsramP@)^hcj^`6E4;RH6l_J+^dBfr$BlqmZ
zhyS*>?~!G<8C}oo<+AdXUpqNetiMM7Bw~3OOOkX<k6M{fKfDrrI5?T!Dz0gs(Tg!-
z8!}x<ixh~}ywAt_9H7F{nW$g6tDYfmo*;3w@Kync!^sfE8}kr}v5*4D(`d0#?WqpB
z2WsExZS<y4*&@Z2B3i$dXm3%9MS}SaxeLPrN3?piGsI@4f6R$eD$`SoDRzTIrQ%hk
zC!Clps?BTB)W~a=y7Ix`VQjJCw^|BAPLggPYZNcLt-{T)vfvuaC$&wo3Y|X373l3}
zPOn5?1uSVhS1Pni<6oKlFe4UQT_xUoahMgHip~oY$q|6&hE6T_zW+GYn|ieG^d%iv
z@BJ^Fp(SV6z4<=gl@^Chrb`qHxE$OjU#Q;1nljw~J+rNlO=5EtKM~^{lgR7Qio^)L
zWsSySG7dBC)mv>%b!&Ud*UUwXZQ1onGU#fb6C1YkJbI5tv*JiqEyuKqWb(|2nRFU;
zxA+W;gyWE9`EvzQmh%@%7NzF2X{c(c+PztHinVNfB;MUq{npy1DIN{|w$PGWbqxh2
zK*3GT(!e^OaJ+-NSrX}Z6X6^?EssB1UdqbITG!fG!c<vXmsi0yn1GwDJ~>;%Q~Gm=
zAThj3Q}h_<Yzq{5BzA6L3meU;Gr6%U1e~5_>O!sL94%axaZ-1@Y*Yc7r6sQ@<7(rs
z+l8#wNd1lBUU&v<+c7`v9cdIk|Gjsz)AinQkxY(#z8baacvw9gvG3*B|Nk<#Pe9wz
z{zc^oMi^n@#9!c)=8}H}PbjlN0mfx6=+LX$OQTWSU^{JfC+!lBYP>CvXD%^pL}NJ2
zasYp%!Y9jz|Cv?)#!71Gv2ILz6d8XQSnSI;^7cckZ9`aM?#C?sHJF4~rH_BkWBDGV
z?(Anc@ly@k^oCywCZ(Z`7+@~I)cz9RzFvc%VOD0&&kD1zOw>1*o0a9;Etk}#e;6>E
zvs;=JY~|pu@h~5~O1rMPGqu@vX)Bmn4kb)1?dORuTNP;h+zigb)smsqKTl7kv<P!@
zE;r?;L<EJ-GYhFRCh6${?~$1VK2}@Z2h-8<90zpES~XV<+|Bpa52Xt0J#C&f{NFv(
z9vszasMPK7z5}0^R7b1N!;d3Tvj4kNceaoPEmB=_l8&LPkkS?%zka5%MZqq&uPrj9
zI|Y&FHxX9>XRRCF*gvQ<R4v^^%S(A94s(%a%AGUC<=hpCkH4nIf0Hqturz5~etdJ{
zPc%+oH+7(t`Qhg**DqQ8-OZz7b+|)px_s4K?Xv}HrP9co8+LO&uQ$Q>6fYZ)DTORc
zm&T~(G3_^xq$|eL5>{Xq*20rzDBC(1%)hZTF(8Cp^(?omf27req>YlJgaxq-WLUtN
zr$bL%qXB~j)`g;JAl4;rfa$WDwS)6Dt3M_uU7ek5Xs`3MF%|dysD9mfQ0x=xvA$ND
z(Y&;glxl+z{N4<*SJLlaotCAR&jnPZ!E<BW^_BX<^`>6G6;fJS>l=#l@;wcyXbZ~B
z%*9vF-V=B@8!rwvmlOYR?b%cERCx&bMK>1P^Xe(<Ko6oFyUhmH3Y;g+xq%B9IK*h<
zhw8`pK*%`*gS5}ujoyD!I4hc73x@akldf01aUjB-jLaulJDk;-4zw&_&Uo`i%?tU?
z1n0dVfJwm&0n)RWm=4LvE2uDZk}z|k1r{L-YNRb)uV(Ge5U;P;Zg^b?shc6{dRt;e
z?Nk)4b9)E*&!OQuN5Sk6ZQ@NFO_DXd?;Nx64pxh<qrA(!MT``UA5V`;k!{e?OVHV;
z;o#Nah!&uGJOg_K&?qCjDCOU->%G@&ZHRCAHErgMF<a*R7txAS;)<xJ88yvaZ_Coe
zT=Az_MuTFSos?&c#r$68$#I$b2j?L7{sVQs7U|KUnCY;>sb}0v{ncOd(-}W`Q=<El
zK5A+6HT*0a>0Ak&Nz^Mo7ASOlLBaiFCIeZvH-J3(>ITA|mnnU1`66irgVT03wBRQZ
z>D%fS!=HN-DK6|~tmmRk^a87jpR%=|-C5q^hT8vK8MX1Xe^sF>ibnU8Am3}sHcp0`
zUy{Vd=iwiUC9%d_JZk*SCAGTG#Xo|*%{edwisL8BB*w*6gPc?ltf;7{7)ywQ17iW2
z;?V{@P2d1WQ6uQR^}z>NQ-c5>uk<GHbc#F}2rB>;0(7?R?O8wil4eAC04w_$7K|+b
zFns^vgKtJnh$+1+`~*nbb&0+4*IzGlL^_jOB_v(ICYd!xwBfw{^k5m^_KqkpuKs=b
zl`F<6r}<_pnS)DoIyX#hjXEh8k*ziA#pun~Ksd2V`->0*;&n@<a{EjB8x2XcV1b8{
z&AD_b_w9oKE9iW6Vw2z=FD`Fyr^hQ(C{_V^3Ez;Gx5pc$VLJF^n(O2XM)oMPd!;Z!
zIIZd)Mcs?y0YuQyC68WC-g<4^_j!<LOvU{SQBS}6^&c7Lq(-W?CeriD7rZ4fn?5E^
ze@oD_zOMZLjaMyay<%jynfGtUqa?$gmDHg2PV2zjq6BM9Mo35qI*E~yY0EnMOK>Ye
z*o=h?rA3$@%X6($dQ1$vkWj17lgGtd{R;$mcy`QzGRTi{;lCu0%QG_tbBD)7&|Mt!
z)ut#45c8bKMGz=Y{UItLF>#qXXEhv?AcD*WS5#E=4#mzb^dj_UTbuXw!OWTnX<-M5
zvAha!21#T_M!8*v6!Ff${aIOA+1#9dzqM5;IGkS$WK}sja^8U_2s=&!BdV$>Bg4qR
zkV{WR6(C`0$(TBiiBUI*FXEse@*A5Zu4iJMQ70}S0NS?6_`PHXLFD@jNu8w)Mu7j#
zs;jEL+LT7kW9bfwjKsBB4`N(jUr$l~T7M?~fjwUZAX7pE{r&x5bmbRemTbrQ|1&&<
z=vHSv51Af0LXQ;hBTfP*j*U4oas>)1Gs;9VJdJJWncS2l+E;Tb7bacdjsBk24KMZP
zl5PQ1>2&I)$2U9yy6Z<+E1$2%&d$TGU67R0@87k?c~gB8r+N@?yYzZzi8fg(o*yiJ
zjq4w5+2-5c5nf2!I=U9WeP}x!<cjc+eCt_w=eGm(_1XV56l36+5-F^!Niq6weyBJG
z5nGSQ`0)8X8zaX$QvvMqWyURj6T&8eSx0+E-nJH;rqQ-T?+$;T-sLqZ(J;n)zY@sR
zU$BIs@8xgIYqz4Sq5@L^rEg3M$KRO*G2bf(xG+c*lm+%l0C913cIM{gRg{<S3ISk1
zUM<K<@v=R)2k>d9bJuHfK1DgX@5nJF>ZPS6CF<qcYFb*-xE0}u6YR#oz`sKcvESAk
zQ5DS%y34`AVeO5@XE-4Hc}*4)ABBpJ?$`oMH$reAeMtM0lgcr#ZVCeB_;VDycakO{
zy-m0u^22+k0Q8+ghKY0*=44CAJCE<!$KN0(G>>-e*a8eOb|{hJVsaAXq%x&I&|PC6
zjAD>fj=lp5>~C%yf(6{dY9}2HjRBUb*l{mN1np<4(~}c)BqU0A+kJd_9D?OSelJdu
z4K1dN%;71htJwUp3e2BGe&{0@&X?5dSPRyuw$m`}>n!kp#m2w0C_~LW_y3@vOC%Hv
z`~@8-1D!d&BOy`QC0WkXfl)t|E1-(6i~H&$=~0==zAQ{2BaD}m7mOp!w6gZ<D_`$W
zk!m*X)?q)hL}iq(o_!CnNpQ`?LQfZuFtRYf@qYDHNknswqp+mClafVFuFNT6fz!ug
zn2W0trA)vH?<fzy$3wr{p(^yG&`b9Z^c}|c`MC4g##u(s=C-l7+O^(R^6l5dGvxlI
zk$!QWq50N>&ad6)lIPRSf~Z|<$)4lKtU&{?5`1&Pa$fu2lcxaQG4Kk-s*Ipsp8rrs
zpO6Al-$7gg0>qbpP7D$-n1BUB4nA3K!Iy<NgQ<EW!Me38#7%o5Vw^>%-Vh=tUg{^P
zi;flG0iL!;n~11r#{y$a-f|pvqTC+mB=i!foA6)OEh7Baz}hPZZ_eDjSScX7^XJ4E
zZ<I~}m65C8Ji=lkRY*{Kd+TmXI0ER&V?bose#DP~GXkJ8M#l!>y8xh*F*Mc@w$Jzh
z7@-tLb`dbRQejtZ>Vvc~9MmFh>(<Ele~u**!PAm75syFQ)5UCTp^UpJ2(Xasg?M=C
z&Bn<-e;}LsvJ=4{`wAB~w0%=acRMhD(2ZUeZh|-4;~*$J-L=3p9c6!5Xy3-!&?tv?
z%Bmp!3w2ac*3WGB#)_Xmi@#J2Amh8?E4sJ`Did#SZ&^agq*vHqYp&DUz}c)6jOht%
zOB5Yo;YY7+P{;=*$Ny?}s;L>EX6=4|9a1WI%gWQiMW;K0R1(AH>ZM}@qqJ|*B6wc(
z7<tiFB;+2xfcIXIK=2^IXx{W!CY$+wN_2Ch<unm_riNjBH3opE-{b!`jgq==%lvLf
z!4({1YA&mF9Jsr0+bzuQc<jhtdDMp5`$h?1Id}^wO-Kf056A{$CU21cz)yf_>2U*3
z31<1$qyv0>ARIadE9VtNSWpn<<KnF1Vkk+@y0RhGd}dY_D;t}Egdd(=4nkR6Murz%
z4n8!u$@{tBZ{Or;akdtgmq&jBbuXv1A&H@`UrMUDu`yKzI4x7?<^{Sn{mTK&`^}cY
zR4fIXy$%w)|1WG1*Fiz*3Tx`CvC#$?Woa>jWPYD<tCBJ!O|yoiQoV01DA=wVAcN@w
zb{B}KWBp(kL<gR*bq7mMULH81O*tDGQ5s=tN=qa87Zes=(o<SnhR(gf!Yek^*9){e
z27d>H*FKRb{67_e9N=9*4E^=X^D0AKzeYRByN{Q&#H>VBJmTdX?&Z#@4WFP3RLw42
z9cxO>5yB6?6ktPn-tOyiXEEs=F=;>QRJrK8T+X>%^7Pt&8g1EYn@_hX%l`Z4Fu<oh
zbaLC}xS8Qab0T;6GUN6ZE-^uU2S2GoU)bZ}2HN-Fgw@e+7M>=!f9vo{+7bKXLq9N(
zZam0?e#aF+?WkL)998?hD9;tR8W}7%x1G*uI2Mkpp9*xWZ<%V!Pj2TEE9hJL9=%%`
zX&TyP<r-Ipc$~ut=mJdq_O?+on<9rW4B8T)uoT0<>l0vlCqVw$2wUDMSS95rp`?Ua
z1}_aWiwO=%8W$t^9MIN`p0{utCQSXyJ@)F0vtDY%`Yz~kMGrY{+}do1Q}`NaQvQyH
z@egmf>pQG+F7ccPL#AmR6&3M3pidSF$clh(pkROj`So%l4I@-i@!~$dzM^%#bfJ7u
z?KX8Xva(R76e+au2nfZ)8U7^q3KpiOual;!vLTkQDc>@reqT4SoP^!%kJ$*))^(6V
zZ;arOpPQM%V*EVaO?e)#$iVZHQ$d0S`iI3x<LKB}Juw0YhhKe{?f*SRqv~-H!OYm$
z!=t>a9zM@H>+1CwyY-GQo;`o4^Cf3y4=hm#$NzqQ|DH*A%v5GqdvWiNI`=^FW$15K
zgJ;X7kIrsqb)2<&EpC?Eww9!rLxt9Ap`^kniEdiW&5d8~5rS*$T{7>NOM$AE&A{vY
z^}{zej0@4~*Cgu>U%wQT>*8=RnyCE3<|;8(86LLs{Ox!c5!+;1*M??O8qZluY9XyG
zc|47kGp^STCy;C_`1ihrS47zDu;wz1mHO#wNyDzyE&pY&FN}28;As~PsL;cLf`bE8
zfLXDTk<rG>4v4Y}>;tayK&Pn0CXonu_Kb|9<6|_Y`2G}~7>zQ@S<5<_UZyRu_ybZm
zY(c;%kc=aj1&9*?>oz(SuRrgZ_^=H2l@D1X9+V`RU2;yHKhUHgb*?&p^Bc;g-l*gD
zrlUlKkhbY7Lc>&C!O784&f=*A`IjfGDC;F`u+Y#1)!V<$*o=Xqv55-`x<&k0`xPp7
zqIQ(H0u|t<Ed8P&yi{F=09O3nbb$pROeWzZNU9W|F<dwO$ai4mf__#pef%`^$pUh3
zwg37GVBOiVsk_^xdj~(hE&`p{PN|Z{VWOO@h(=_o^C2^*DdWYq8Z$qhNh!HgcT$$h
zE<aaz^Dm*ngI}4<YXfh0NybVycJ?g~f0Qy)mNKCjwj(TJj?TnA#PZrGXtwMSB(^%!
zF2{#JAQnN=5^q(<Lf;>1eAK>PROv8@yPVN505rwu^U!kOqpt!K&t9lBL#YMP2%DAF
zAz`T%q3wyLisq!U?w{0H4RSmkr5V17X_2@rgHtKlFh<Kl;EHsfTIpyuc0<}^Z%Rp_
zvL%R5_GePXU}r2t@UCACJiR1HB~fI*ZE2X`kT6k?Jy@h+QD<OdLjWDJJ(W7;;x<$D
z6?8L4^smuTwIm7OZvbkG>@+J>c=EBfZmlY=tFLIPudq<CD%Z%}8R>6s?oUgDuT8VE
zF)3H7NflbAv9{K>QJ0l06|bp!Q#h&nRi`+SsK(Uf%NK8J>tZ=s<4xv$KJ3|A{?)R2
z3F!!}um1exCN=%CbrL?hp%aabakW=63!J>#i}Y|!KV_=ksHfYEgnnU^6!cAyIJFk%
zHM1steb*UArQ<^O*2%=_VfqRfK-{%F{l4d+LNL!1VHivxC5erXQ%R4}kB!qKPS?(g
zUB$HiH48`k+Em>P|INd<?}Aftd0`91)MCE3eH#3~&AvtJwc6@`DjlqjXRBQGd5+cq
zzR|)@CD0SAOjwoH;^o*RBwl~N4u*L(K=WP>;yJu-rus`Mi!|{LDCht6{j$lddI>{t
zse^XovKuMB(bYM=I_<|dZGT15Q*PU|c%>{AUdG}~RCHor8@<77NYcJM;?*1(k-1m&
zy_doZD6n$n)L<;mACzm?!aHhzeHbUnYS2Ei*%*z1uuX-qmuMLu4<BhiBiUq`uj?|o
zQTxh~-to6&`ftm4Y8F5`WUgT4M6dqauWC<cyik&aGM9X%yfr{2i!m{*1U51cMn(+C
zN=}yU>hIFi$cqM{w3Q|CWlv#pL|g0+`x+`pg|D|aJM_e&pH2=APxU)IHW41!&IR$|
za*|a+3J}P0?h7zn{DoYuet3NRq*t!&LqMfpM@8e4!G!1D=)5{G@C{+~`rDQLe*^5C
zEc8TW>qV${sVK!==rz5abdN@n9MeqLN@0aqBFxb1Ct#zoy>QGT+VZja*z07Z3GR*E
zj_&BmW#O~K)BPx%yFx6&f4`fXNZ!<Rdt^jTMkdUrPZCH50U4L_X4TaQYv70lDh5jt
z^vOy}G2UImQeZv??z>>l0<ncPa1R^g{+*){V&FgpPNh0J>6OkS->Fucz-V|K2f5nK
zHmI|^MxYUOK&gKl9dDM9?$(-zk;mGsNlO_ec4zV%(7_FMVB@Pp4<@!4yX_`Q#^P^o
zIC*wc0rRdq!GBY_CL>5W;^N|BXICm$PnY`vHXjzEE`oz|&DdqjqF!@xa9}xtz{YQJ
z03HFC0eAz5R@lboW`o`8%F<Hnnsm_ohYugjK(u3Tui?@9x)C>#1MqWyy>J0?OZiuN
z&tHQ!l$-li0v(R-&E=(R9PA)y#(-oA#4rK7%cvHjRlTFAi+Ywx9vN&hvay-pzvC7D
z*jfY>y({ZB#|*Uj+7L}c(_3v9)~i6I8T>UE4i<JTQb##Vr(f%qQe}kK`mj%0Nrtw7
zD!#K<39&12UQ9b-g#mj#dq9E)Y-%|BM=8Z}n8Efcub}2TCj8|D3rHP4w-E2GLDA#%
zN24KXbwB-FWVhM(Ee|w#wxSZadY<zK2e=I%N!Jk*M0tR}#nb9#1AxRMbj%b-qSCk>
zZuaLYe3~$)7%u$4E$qS71m56ghK4!$`P6iDACxK|X}W`gf`IBSDGAR(f;{y3+2^Q>
zP0Zff+IlqY4Y-dWfK5!t!2uk)B1lPz$;l>mb9hIBLPB5#Sqsd4LtXZ_xl{^%pN|-@
zvzor5golOMODcc_aa~=K0zbAv9W^z$>wtaG%9D|j_RXIh^Tk4DVbmRjezgEqu@=-M
z;61tr0El8^V}r>rHA>-kv;=et_QQ!-m`K{p3=EXk8@a6Vsu~(xuPHjp%1||cKjDPX
zoQyP(-Ske<yb85R*@w%_qw=wT*Al_?`4i_)IhK_Ekn$fxAS%mrM@*z&H5ZAhs_v@}
z6{SI~WPnt!!c-m$Rc`v$X5<MblFwN`%W@Z2Lv3EGzrH%SMROSBIY3wz;T<o^d`G@3
z_Ew0;&-Gf`^{$H{(=llITQ0H~N}HSC^TF)g2Sq*kMfX{(Wc=xp%v~cvONQ#k|8DY`
z!|qsS4soj~J3()NA-`Bp9R!a6`QqUE9#CIO0{r}Uy*P@UPSGOw^qA_JnvFJ#JnrZi
zz|9Bukc#B*5@Z=Tg2KTDwyvzKG#1>0g*kFyinp?&Kj`A+MWS&FHTq`id;vrYP>XVM
zVyAs)mH$04TdrfY1oB*MbEVHWbXSysSW-TuMjLbSd6p-adb(S#m5&asjthMRO^!Cc
zqeIlW1+;d+5a?|II~sw2py05oKPwJ@q=KR%4u9(~i}k2q4E4%ypdZHJxjAEUd8@_<
z>Tafy5&J$$V3X%x+cXMP<NVVlPGNSbcL6$_3{>6y{qLcv<A7Atp#sf+9kYR3{<Izh
zQFCx~;cO*A0M&;W91{X7Mu&|G@!lbT?Eooc@G<_c**!=}NaW0H#`R)Pbzk{C-%|o>
z;-l3HJ<l9r)})Skux#xKbDVsDn6v7p2Jr~JUV$P~DqV09xv2=}-6Co@8M#TW(7knp
zDpA>b3&aTDn8a`;;G~AQpi~yI(cS(iuT0zk1wyX$Eh=q3UJ-&sfQM2h-!Ec25O*JS
zb;O!k^{%|Ds|!$$J%`|RKhp(a5<<ua>rT#q3&VomeZ$Ket~S=mYfi5}OO->{1zA$f
zu<B&&74K71kFDI*S5jrf<@4O=4Lv!r^_%MH$p@K%Lv-0BL`2x-I9rqXA3}LRx1`fN
z!Uy>wR^D>;In%-K6cC<Ga9v2(KoGgcT+ykr@u?l^XbLl^7ZGUI^od76X!jRj4}jDO
z3Jiyt{`m;-;y{wLw*f4yilT6zCe&|tCI$w6*CPV-$SDW95uA`9Lbx0@sz0xhkZcJ*
z8Q#B`oeDqZN#WHWzifG~{Pn)c5Z*mXyKXFPX%_h0m+?F8GR+AO20DO>5Lb1CYA3?D
zyUePSgguuarE`mN#BF@~W4$m8=dZ?~hx-`}51<+^^=xjbC@DSxmIhomEFyVl0CJnh
zJUWXeR%FC}WnP#KcYn5ye{ikFF9df#kWD{fKt?}7m7ttc9+g)_{UeI9;$+u$y`oS8
z;g|>h_?)btZXf2IF1j#<jN5u_pc_sS+bi=IXdFGTy4hN<1O66p_Uoa<Zsq~Gi@lw@
z6h=RH!D@{;$9J?m)R`V`IrIu7jldqDx?=__ij8a$HvJKVq=K$jB*_u5#=5Wx=oS2*
zM^Yvxlm<ygu*opsB0@s^)TzYf=E`;4GKe{Z@Jo=HGPy0V%W4&~MSe>6QVS!)#N+iP
zbzXa3AH1n0Ah6jNF4Ob`F*K^g@X_);KAMg8lp@_JlQCjOIjtdGAFSUTk+_CO4=1zX
zQ;YqSyhY^wx@w{!*53Ew2;oSWfSq#y<eVKreF|yP#JcF!?>^`aqc}82HOw}Fc8Y~h
zTLJrhU=?+P+Oe}lIqpx588rtUA%`)n4D=!%d6i`XtZ$XRmqe@*cA54_AMbpL8q*fV
z&c?8$@wGk$E(E#u_c-*^QL1uVJL9)q%qVgq*Yj5szrZbD<x7yv2@lJ_2Y_$S#!6T5
zQ1G`(l<K<I!JE7+-s<gEHAmttIZK@ht-J!KZa5&?OxWk~7C4o-ovyqgK>hkPJK|<=
ze7s@txI_wyDqGkyDKXKsN^|=1l@Ra&0GoZEYqa`-9Sz0!KN|}0G6)Ll#LlA7L#8MY
z+Vt6sNzeztEvamJyHilPjAPAqQL9}JlvtupJ0r<$vD4E2H@t5wrwRD%DZH!}YAy7d
zov~<<1A|K53HKF2Mgsib;;om(XpFo=g{=U3Np>DSDmf3ZtD9GYcONdrSGD_7TZ;XW
z;3gDSido=$Ebc7&SDT3(s4JrPAt?%(0$m+O@%Azt?S$mY3L}!neDvyirRpqYa9WgT
zzlwFSc#!uG@l=|HsX0_}Q+qy~<L^YuzaN{hEh_?T-2A5^Iv$nQvsO@t#e-41>T}$s
zf=$n{JW);GbH0L)osYLS=rv&#F~(|SyP>0vf#H<c3Bf0X-a9(&c!|0;cA<w62~!In
z=_`qa_?~0oMR}bm3z14z5P6dMazti^x{pYz=e-Gto@cGHOyL%xiuCvpgA9RN*jMyd
zkZV1y^QbU(zY%jny_$nXu0=G(G7l^;U%83?i_W@a!Tm=!)M4fA!WpmNoWnuAvK=F)
znemR3)#_PtIev$~_+P|1vNnrL4_-=ZN3fd@>e($2qMWaF!3>%zD2xF^Matwt#q1T(
z2m$5XT4kj{2T!V8#ha$La&mGbKsI-}+JQj_hDM-->G`Nh^2HdMJhrFG<UbiOOn-HE
zI(UX1zAw*UeGlwiqkIXI+6tD7cu#E%%p6o*`R<cgbl!=JD`p8Hxx7c+u?1BE`~f;y
zdLGX4;o+WxwLi4Hc?5%)l3yD;Jg$+`1LF*d&SUJ{FS`N}stN#YFo+gQFJ^1Ysvh=f
z9`jR3v?KnPuh7SCYiaf$%n2Fo&X3H_Um<dEs|(=~aXX2=Kp8@ZVnsJ8Su(TI_Oc_<
zbOxlL_@|5dK3^FBP|QZR3L-N8lkNMg)!Ie8gO(jg(H(cLEYt+ekw<gAJV>`OQ>vjj
zk{FnE*ka%svLvIiHPsas6G-ppK8sKf2iNHlD=I@Tng_WJsYCG|2o8_3moP5HqTbo4
zoTuBMo-%Ct$tPk=<QvN}`&G`zm0Fzz{xy><)f9EA`{x>6{OWhXj(VDGv#h`FY91WO
zH}b1#jPuWwQBf@R-nUUp!TCWSUlodFi)QBoYwWGfa8>$=ZLELAQZmP`!~RP1?tJAf
z!$dM!T0`cHp11WMCuQH0iv3R9Kzs9Kv2Vh5RTQOaYw7jFA|rp&{*J8`P!p;PSk0D!
z<*(&N2Wn<!<~MJyff<PXZy;LMZ*c{~I;@jX2KX0US2xFtV0vQ0YxTNwR8^hc8j7d<
z69S}TlF-bFNlC$1=jZ4C{{DpunG4|A10eJ#-v*m*<4>1E_1^I;VPfnEi|;{D2yk%a
zdM$XyZ2%W7BkK41d!lD_0NyNpkYY-+3v7Ge<*c`8vZ*`oPra5BUAn(L-vkUv2pARk
z0fI#PlTwpfy#cfk%<Uj`lp99L4`eJDV`<_{8REs|o@olwQc+V^>bHfB4mj)TF5O=r
zCVCFxAUm7F5wUm(!<|{EiE>a%z=02k*FP#^Wcu*<AW=<H<V&Jkx%yd$@7!VMSwZeo
z$3g9Si|TWOHFV}3XUAb!G_>%WKlWV1_q!^?6_*~37pZcaPZ~UdO>4iXFIQym)5puc
zRcv1)epxYIiO0Ll?#eBsJzPy<o`{jnpG*N;Cm6wU2nYxmBz*QDOb`Tm_<8F$Il`Ue
z(8~D@0;_PKh}zlR4R3iVluLzP4)S8t{Asw^AF0U>W)cNdG*Wg$h#Wo@it;~if;b~v
z0Blxk*ID8|;^KsS5Q#bZ_gytP0j3wqs%sVaS-;Hzd(B&(gE5qt2A>=+cfjsW4nT2&
zfi@T<7AGJmL<<2VJbY#}QxLx<hJXsaDwuwgx{QbiRknW>>|k`I@LJFNse#Yhcj~(|
zJvbb>Vvu-n?!<aI(3%E*6#tzrRLVi3oPh%;i5+xi+=WEj55`|^qTI^v(TDOus0R4v
z;}uGH{<Epbg*KdnyLJ(ZQ-#aine8UOJgnSaz1o+9L;qX-S!aEed3Z>tAC0a~FEGnu
zNBFII$L(DO3T;ixfHoYg$IeKq(tJ2RTQ?hJEat@E;2?)dzah~NrUVa=oMHb9D9Xft
zpdcdy?Jk_o*Tf3lCTwVry@^~PSO)sU&bU~zP%L2hAVJUE`zjUae_27~MsElf0y>GG
zzIfVt<1LCtKjT^>C?Cme2JfrEHWI5|^A&ijHHUu}DuN);Dk^gUT|%e6HOyBSU;Q79
z3;qeps0Dr|f$fLxxV{?LATjX}x09vNLCJ7DN>d;hcXj0<f~TkX6@eWlHwF~M+$ku1
z-+t$-hNzwvE9Q#%vbdBig*PG<mnh|A`rz!fxYZrJQB!_C?I7}8z<}w|2(CtSHp;!c
z((@cw^L2R_EjK~hZYz*!(fmB^ahZC3C-|*T-~F@z?RPS{)|6fPMzq&nD>ur`5_s!|
z4)sMn59zP+Tq`&x&J6eVt4)X3q5zGt3O?%}`O8NDv#m%?OGC~LLKY8LPs0lbo`qKS
z+W-maa*%Z6#P0E<EC#KUUd?ATM?Z1#SS$=R@8`!Rck`ovi0^U>!kZ5=d{)}pM9z3{
zQVI&sKs|kqH4EJG&745xUGf0=753%?m*9}Uya4Am3$}?v3O91F3+Ss*Wk|8G9PY0y
z_AbEZTy@af+gqwp+5LTzOtZ?k4;1lOen)Zid06XLJUCydu)nrCY{K(EIYwX6H@Wlq
zdnkG%!`)k1{HfjsyWJlmiMH=7#okGM4FHueT5O<y#euK&kz4om-O0d@tec+Bv&39x
zXtawmNy-N~(xtyxuIMx9(cYp$w4Ux)!xo1IcA}-8H?w5*f0rABj<6=#u>SBKeJO=g
zq@2i1HZ54@_P`Y^d?<beN>&S?^aBwvR@%J}?fEEvfCK8w)BT$=eB_6VZP{M21cO$0
ze}YT}4J9Rt69&+#04onrdb$H{QFuog;Q0;TN^G2h72BKzaHO8;F^3fB;|E6nGpV`S
z!}>@R`To1t?HQ#yO;))-uF(uVfulGj2k$D_^051fJknP^NG=m88H0p<wA|tbUU*>5
zA!SnYN6Cjds@p`8o*&zgAweYp?TfKilciVCd$1zq0y1~a;fwzJIy;hp`aFtESb&l7
zU^m-WeVjT-m4<#o;RW&Pe6w=8w7B^(dt+dpgFV57K3@zUm)}mr2{r8QP};RT*~gsl
zR-5a^B09z_e%6$2`OZ~hWZ2ceLf?!~d&INaYp%uZ{;}hnl0U}U+yR6X044Dp-9{q*
zAPEtg)=Txb-?`_I8Q=m2NKpY;J>drxa72j#_7+6{_Q50~QR3o(x*-aknfY{%RH;U`
z4JroeHtsL_iOwB*83EH1lKVNSy;<9Dwl(ynJsV|yueFZxMQ!+B@`b6dkiC7LLM1;x
zG$^U6!sgd$GQ+|7_^K2y+YW?n)!cZ!78PAJ=S~~l8Q&4}XGI`-V+pc%xPhx4IF20I
zx&Qa8F`(NVHes#>O1NK{!}|tRqj0<5w68_?M!VtEKbMl<$48lAX|uSeIaAFU-n7)K
zi~qa+KzOvc`1swC)ci?v`iUS_O>i?s5w8-NPNxrxrXI&d`GW#;9|IMkBe@?cwOYRU
zdVSYB#3u3hG*bHQPd#)cFGgHtAhaGjx7~^t2nz%<*b1G73U@VR%J0zc{9Th8#6C!x
zrpb}bcqRr5PoO>{iXd^{8Zx6Um>dyYB#U{v?2%E9N9m5&%s=t%Gzy6OKWkggmVwrP
z9E>scsNlawf?QkE3g@xfZgzmH>O%kTXS5@8M;uElJU?5_Mi#OVhxOd6{OHBGcNuWP
zic_>uG$p#;>Ciuv|3!*?H8%xr5vXH8c@W74P4hiK{J)D5_4uSznNuR}|M~30nOaWf
z$-ujGYe@l>Ty??-L^wnb75~xmKg8>U$^R~h2&nNvv7nVtv%li{-v#Ny2~e)vcCC6?
zy{tmRrFD_7qrj#;w*BAnQKJiYfA#;^d+V<%yQpnck?scR5T#2>a?=QifFMYxbV;{J
zw<sVg9g@=0A&ullO6imm5TrxT#OHm#@B9sCoH6`?G2CPC`(A6!y5@DwwK2IlQ+)ku
zFHo`F@`6zwU>0(NgIr}t?#|U4kv*P0*$Kb>pJlg2Bi0(we5}%AQ4ASfunyeqb}<dv
z(Hd?|)jCPJt*c8ezkS(<k2dur0HxWopV@t4JoxYBqRzu}Q<Iav1vca^Zs?6{x8;eO
zZnq^Ba+qG(ajL2cA4iYTHaX@XeDfjpRXrVi$7?Dx+u%O_8<Q~!0~YlH6;Kp{&5~k_
zza2W>cTX6-u&W0(s!bG)-jGcR+WfG4NL!n}c2_Iac{S2}^hrNbWVTMOBkj#8srBwy
zfrdH6B=EAUu0oiFV^{BW3p8MFAKMA~*WT<w+&y9T!gkY0_^ps^exT>ys<d4oc*bXU
zlU@C@Fh8q8c%*FL)W8uFwp--E`Uo>vGYn=~^wq>HZ2Ir3!ttBc*Yq7S|NA0=@-+&>
zz|GB#7!eCS@0VF9q2u8XPK>xEDwm^O8|eEV1RbfpzWo4BGF)#HczLKJD!`aT3h$VT
z3Vg7KX-=Pl%J#3enjNWjtl#MVp`FHmkvc4j^jGYHuQZOL-viQhVw=$q56sM#%1t}e
zuRqGfD$Kol5=P|K#4Hczfu^h$$+sJD@uT`H#B1g2Xbo~c$2-ktT~X+GR0URqGVBDT
z)>ht_ZVKJh?jOdnumyspP|zAQW#Pd<i|~f?Nu^2K3!lTy!Zo6QpIy_zakH@apl0>R
zN-yo-TdHSr2*S!%+l)R1?c(+8*TDd^uKXJmutR0!>xqf^n>58Y{SvVM?^i=BlS;_G
zH)}XV%j3UKiFsCEed_P=e5==gvG)~fLqTt$FomI?#lvBX0>t7^iSwLPzv3JvKYdbb
z871v7l<f=Apt#8TWoND9H`$jwzL_^K2%E60zZ+GbN4XzOG!bE)WmVvkv3^dv<H%bg
zY5zi4Hk%C@^0EjQZR*q=1?EPnxO<Gp1LL^+f6nux%q+`B9(@djEp&yA<PTI5^zsA0
zgu{^jAE5SbDRyu3jlJhH=^Dw3G_oEq8vj;dj)6<5-ss_Q*u?)l55zvlcnZ&}T}NS@
z6=W|6Qo=_dX@Wd2VnZR83WQ*V;ncUz2OmIi2sqowhqEnc^Ys=3LncIe7>fv$hmt2%
zVDb=R6wNw){Vy=dokp_Jh$jm)Zm76#Pmu+7`6u_bLUqu4y`L%Y@Kwmg1K4fjJIFGl
zw`1S6rMyTOgQZ^NBlKzIUkg+DC|Zy1elrSS^~&L}C=glvRP$??6N5@9*vu_|cZv-;
zXEWDy3WDB__Vy;96|0~J@T3RSP3V45q(jaYvIX@5p{0T<L{UiNAxFj0fC=cU>mxaL
z9;VaK(MdwKrIDi$d-E>(9PZxba=cU+K*N-j5hs@Y$ytTSYMVzEm2jJHZcmAEz^VKv
zZl$|N_hIOY+|9QT&aXyi>Y^4~&(!fn1&Jp}eMPKm_Y?1XN(Xragd&{2{mNV~+Y1<{
zx;m5aO4I|POO_)kCkK?b$WUH?w4T@22WQhKZzs)&Hbo7GE+n$Mv$MB!=Kky3ZGu@{
z&We7i{FZ&NpihTVPp6$)+c=Z@J>Vk0t|&5y>0t&iqfU~6;hLyEyj})q`5+mE{RloZ
zlg4CKtp@heN%RclyrUoWg)K@4iU7t%E<NrNu>Yq1i92B!=HV@#DgA<X=GHA|xOeYn
z0<Q@v9e(VmGT6)Z5G=wO@Ln*oe4Ss;8#4CtMd@JlNQ|SbZ%~$%TaoG>ac~5gnm1}{
zYL<&UgX)9j=rdTb$(sM!f%H%>A@z&Yit!>#tkcF!gjlOgCXaDI@ldf|yD$;|m4~Vx
z(h}iS7B+2e+x*33vEqa=-yb=BWK>)|J*>})Wcdo&Gw3`Rk?O-xH^xy5b2Bn#!MTD>
zHGsm7$#Z*ZJWqvUJZER2r2Gr4T@0-l`Pnqw#shQERB>rU2#c<YMqu_JB(f%XpLIf+
z*k)XTd5e-h>4ucaCS=^{k8vwC@z|st;VjGe0n|X<(AHow+>34WC%BR2`BxcR4fb!X
z%9$|a674h$8-O|5iRh2fF)?yfC1X_>RI3?Mfs#j9RM)K0O~}fvN{CQmxwgMo-N6Pl
zp*8E<|9N$-OlD>$>R5btqjBP+E3XRvhE@pE?Kaw(D=Ql0Q?@Wd6AVXQ6^dcTcP}*t
zl-1M}_=m0JkGCdyczJ(8y4CFl56ST9^87gbBR;)k6F}vJ>#(2Fe#^_t=LZ|X@iJBk
z-hja;p~TWK6p};{Nleh|EFYO;k;|Ea$`$8^Lb@(9amOx*2VpsO8D+zig2Gy&1!d-i
z9i{{zwG!d$gXfMdH%+N{CJ&g{a|zjZFvOLXiYm%J6fs$>LqKA!B4CZYW{Kd}AYQEu
zxrn{8TXv-HkwxL%qEdBmT|_OanOrs5?}uq9=%$9Hei1{MXzk--UARX07qTZ3$lOC>
z{=n!vWLs~q(ziRPqTJm0D6~LsT@IOTf7Ix{^@9zGG>fo-QnjlG?6NI=vCv_v`gFT?
zzQ%EOs>S~tXjVXHJlY(`A(wQV5fS02)<67Zv%>4~^V`iX0IZ5rB>hEEJ>k^DAcsdE
zREc&Uh0F@sj$wZP^XGgQYQL}?SwGVb2spBgP`F_hcQbu6vZw94hIJ%hvO-8lhwt9~
zqL*e6%Z~=&PdyZCx`muIHHKU!1lV*TLdq*s$4bjE>uMYQf)LEBLpT$A_rr*=e9BBM
zUIdH`HCgRqV{ae>o}(DvUg#lQ1yHq}$n-N*=qVDuLZnrY5CMA(4^*6<bfRv(b_4<g
zWZj&K_x_%3mA(7{PKR+AvK_cS^s_+%V`?2lM)j{~IOGVcJE|#}J^}I&cRGXlQF|2y
z(e<z%qqfoBeTqwZbE?^TBs-Gij^np-Qvlq)VO!uo>G4@avQiTx0wKi=&SvrluT?@d
z9o-p`Dqy1tNlD^c+2aZZd+Ln@FL0LDS|Ac*l<gHhisa{GB!evFcQoo%rWGJ*x6t}8
zOv3vb`!7+F=Q~j(PCtDTnPna!#5ZeS?K2$Yhex{3zXzTKROzmO5~zQHV1Y*^fJudi
z0pN_#ElNr3)!8bmhtMT&0BE<ElJje(bT9~u4|Zm$qfMT;FfRaRM|h*BtMa{&!#nto
z-UMbrD!diyqkCSzO#GnO+?^D!yYa+y`=xy%lylvNGYnP{`_QofH1RKpk`c!hWG4|X
zK<DlRQo3*>6KQ)C0V)=n9rSEm<K2;*@EPtzJU%l6MG!P2dDlnt37&NeWnUBpv4m*R
zKm_L@UOzancjq2Y`P*~lq8Lxuk+=0VkaXsV@~ISwj^|3Vhn(R#h_oB0%Fs?gDItBw
z+AW08gh9q4=G`#>8bN#M*+2^4>!=`IS)(Lb28Of<<8qTA%8~071o-%2t?cI??ZyhO
z4<FHpEE1HH<++)wbmr`=ctnN;i4rlA(fzmNcY3mi@~D2##y^nQ4i8%7fC9i!YehVu
zf8vhJWX;%)710!TKi-_(*LTY2M1|$$zq+C+z)nF>RXM%A`JLtW#p!PtT1JVB9^L_n
zYcSxfdLJLVGqnaKv8&h#z0VN$UfR0t$49zemKSh&CgF1cYZ0%Ib5*KGlXK}&i~_hn
zp0f^_05m6RVQv$Sc^E4ODyj*a<vVOlH{+Nc!i)WWo}W)|ClNu}<ry?rxtbsvy@_{~
zyb$>juM0Q4uz8QW{ifKkJ{M`8cl3?xy_MvP?Cfk9>BnQ-;x}HT4c!`ONd^<PLWF_c
z!WT|~M-d#L9EFBDG{REIABJAd(*)>*$FKp_9Um80RY}PUXckcXzQnZwFo3_UQZ$YG
zUvb97(QIU_u72%%7pkV2p%UAx$X*&@P*Or&{P~4aj6g4W{S!{|i!KAsh{TPJ4QTEv
zg}q|<3%(%x0wmH<VyHXi(q|$_WQuU0b+n6ext3Ad7pe4T%~ulRUDk!{cQmTfn!~0~
zb}18&5>>E9g;$$T)YaGJw+$}qV9CH+4-E{2U`s*g0-hLX;*gw&MqUlNhG=}^wb&jC
z&CQR1O#Hbx1uzY6sP3o)FdBe>Fa;;jfI`?#X#~i>vr}%}3(8-(_A=r<1O&roA2NE#
zY+mjIu%delL>D3=UT`tsmEXd{GlcVYg>;}NIJ@|DqE@~@IzjddKi0bfR>AZeW)ZD0
z(_OU>3==z_RxxHkY&7E*%0>PaR@2NhJOE3DnJC70f20s<?qwmw{7Kgf3RI(6jML-~
z!~O;7M8nKo%e8oe-(Q-8o$Gc?^;VtZ@Z0p{*c%HPOOQKtCVM`@SzTr~C42;OZ{kPU
zy#9hJ6?TYEC14%@9&#2g-SP!U&3-Lok=#Zk0wJ=p%CJ@ek(pKFJaJWK!u6z#jHbZE
zEq?q_hU$dR?dIv#%nF&96X<?M3%6XMx>cHw9wjh7gX_k&dx7%6Ya_>mfhq7bw7yM~
zbusmxE8GGY`vjoeln4mRD7pav94VvhhChUX1a#4$insZscj%EUOlnO5t(`W{iDqBV
zVJmAwnIc@+>39_XUkk2>`{U_<uN*ofv<Dd-5)@TwWhFhNj^n>>H(0-ISd=}_B;c<+
zW}p4xnp{7<FB%%4de1gi^0#F`OV4ZwaNv+gxWW|RCs3N6Lpptec{6mZ^hwnZK&HSD
zQ-P5Vg)mqa>i5t;AM*3J+(h&BGZ`x(IK72fH9%HH&SQj|^-kRTnYudi6^qKt4hS0M
z3?CLdQxM7)aT}1sFc7oHh?_1V?IOhZp+yqn(D7<<2beA?(H6Qmk{@z&O~_ck0zSiQ
z2W4gojt(~`r?~GC=YFSh)>N<YNwaYlqOm}`IN9sH$;QLSw?njS0c@a0JKJ~^>~m^M
zV7z)&UMU0xeB`1bz1*8?+gY5toGj5-+X_=`jS{uj_57Ne;%MaiRotan@*<OOxy8Tx
zX|SKBV)(*L8b!(N_j<cgQBlxl!J@~*!itQKznX$zAS5C}$p-{MaM0mZGJX$JMXo!A
z?JCI0F~rtAafWmMQcsuv77WjIhurI>-b%0q;PU1A1M*AIwYPQ&q4pA5(Z$6HvSOx_
zX@X$|1;4@7LEaatN*H{YF6wRz=?+NEXIlKla{VB60^C*o0*8Vd@qrIVUS^0@Txb#c
z-M!eG1i?L12}zWB+fuB^Kt9(WsshhNqJm$tLk+bNjVROi93Cc9&kK<ip}Zgh(CGWr
zi-3fwny$3I+4fKQJ5!H%)-g(b=u*!d$Nvyuavb|pk{#c+Z~dc?>@XEpyZxrwp=x0K
z-fV#PPO|HqqRY4KBMKg)nPy*#KrZrrpb#(SKzi=8zw!lg_Fu;UXZkeHS@6RpK&Ip$
zx)_#WbnY#MchJ6U@?`$XOrP6{`s2syYO~)dF&ok8z#yc2(4ME@)V&rY>372WOm?X!
zo<90L{(Q6VoA>XdOFA!KFztgMSb8ewa?bF_O#UQ7T;8~D@M-_hkixx$zu<H$PJ{{9
zA9?=tXR3Zb{Mac7u-9WalDAb;5aG9TivTP-V?wSCtrk$+2F&Dd2>(?9N?JMmEz8UK
zZmQQ;^p2L|ABFeJe8a@I=ze0)CQEHm{PF9#Cu_Yardn(8t7&|RM&#f*>+EWehhhsw
z^Le)j4StFvFtZdC&{uRN8ef?V^Yqm@(GwQx2ll-(R*yyVfs_{n6es$7^z4e5r~Ggn
zjZyWAKNbF;N4P>ThB<o>U99*b2Py7nbEe<9)}+P<e3@j<Kj-I|8+$xS9ye>*GLJ?Z
zp5p3%^7?6?Ao*Fn{t=12W0NEyGlT|vp*I4xny_wvKgaE|vdtQNMDy91slWSlKwYBd
zEum%-6ej(gNHGs_4W9cm{}Nc({?ALS%BsSi_?Ie~L<SF6bk9mx+bJ|N^#^>vK5H``
zWr~UL_CL;(Xtj9K3_cphaKKd>S^Ro_en&swj#z6c1SG?bHX8*(Z3wOBXpA{+305RG
zWHgB&II{o7+d?1m@8~^w8r0%HeQ3eDgmndDW&K3KtDGZ?F|<;b{DPl#`062z-pwga
zpN6}#PSwc;!yb(iP$~RRy8&P<SB$S05S)Pk4@7c^lB9uEm6gzQhQ?Vk0HFZwr0hXM
z15C>ouwH2BM7s<qc|c+f<_H<IOwU!HLH;G(Db2lSEAXLSl4#&tfBp#PYHioFF96z|
z*^pO&m$Cs=u+}?Bh;hX!2xXh|{S`u9F|AT!SA6du#Fl|d)ljor^znU9qt*hFtLfgs
z0G^Xklc$$|bkqV&H-TO|(ZjjVZqQ`%qlls*Cr?gEftgxz5$*;C25xQ#QDhtdA3+<7
z8pIkE>B3G%US22Q2mkduem(V@fo5KNC=SHwh#3&xS3~=clXCSbyxG!qT7Y=OAos8J
zUaQH-L^N7M0t~>aHNY|skknOT!3D-V<IxFb|IkZ7KzjwrhrTDToeDWU4Bsg~+1OBh
z-Mr$90X(sVN=VFsgYh+jh`H3L8CyjS;>yE^8BkloI)ec^g9)GhUh9Z~1QyS!TOijP
zd>El+CnARrk4xbUdPzUORWRSWwF2nElHnbQaB=bRijGSzLn)uEhSOnE6T~%Y+@urf
zw^!(o`+tks>a{rS)nkixbq3mWg1FhAr8he5l4QM(um0_9Jt+~&^+O74{(MK)$mPSF
zvj`2Gsraa<Dd>LB)Vnfvf`2WykZTWviQ}j@=3sc105sh$LydU!Yj7KIi{m09pv{E<
zkD9UpJt*imKz0uA74aRKIIp_8yW5j0NN+=MN=!+?43~tM@#prfTYkaEXlL=Zj7Yeu
z)*P^9?_dVT@hdbK7o|DiGFVxHcVzybx%iP;o79l8<i0&Gop8q<51@J`hTghWeqi}|
zsU*^_YPY5Qi+HnHg)YM&0iAene}ALb9@EdGuX!rq79ZZf{~fFco(g=Q-_FdvPG({~
zKgjX!S`B?pujnm&l>c%8mJ+TXQF`#8i%BWC6XbFcAs*&uz%EmF<@5rU6Xb(t-@zf8
zOQ+O+w}1TR!@fEfY6GBBu$S_U*yH&=bd0%EP`f2dXYv>pmBd?K3jJ59A~M^k{TJ)c
zj{pwEH>#yo53{Sep);shO1;}uKBa7Apsuc-Id0qKY|&fYX7YI+9+H7ySa@>L8Brp?
z0>2AQ9J^0?pd(@83u+a5kLQ}zE}DkFQIR-;C&@&j%3!6swz3jobJ4}5OGuJ*eA8pd
zmI(=k_4?E&4l0H1sZYxYE14oLQtP!fR8ju@nl|-Fr>#@;|E;6>IyBTRDk$DM7@?4J
zu69fBCu!jXk>6rrffd5x|Cla~Sx5&3cm~P(Y-2_d1w)3+6{3E^A9OpAd0Z*;3iotg
zY=8dz8UV86Bv4zpqWJ%9QER?-O8P$#=~s<dR389#0M3CRlaC<Llz=o)g>3!gr16wR
zYAXu!pV8!DRSPpR2Z|A{yB=>}=D2M=)OHUtf<gF@>%JGTX*Y%5#Y3<)O|-L>FZS-X
zOV|G$<wu#Z6WOLNXN(nR1l`Jh`G#cO793NqT~op`wOk!=<+nT<Rkr~|Mo4emwx^P2
z!DIpWfv*w0lTR$Ax%poDUyFd$S~2LZb$o?ufso{&-|~|`%{qXG&iL#+m-w4tK}nV0
z`U`2Kt0j+iwd>4^F)@*mHdEDXjTu;lHLyM`I0qjd5RBiC6#n-z=_s**o<=|74fA(t
zv(A}Ecx`UTqG2z;J_t5<4>otxA9`}|baGU!s00DnOBp2VDe6~1Ff}~bE3~tzPsf|N
zoz(xl-oqgDQ?w!KCvgv~xQN14Iq)fOva9L3BNN^F{5In*{nNKJg0vq)Q+ow!Y3ec*
zTCyY?p|#@I#7_TqxCvW;mDO!?K;FqM^!pS_SQLrT7WT8)(0vwwqW^=2Ii)iRXuL|*
z6qTQ&{4e}1%|gBoST>Z_1#op7&5|l68y46lYEZy_XXgKYk^$AnAbU<as5FF>Ty)oJ
zjUaZk9(8KkwUMJ55f4Zj6H_)oM^T%v2xTN8`1_Eof3n*p+YfEE47>Uvu;|11u}iv-
zzJFQ}{sRfv@m)rV9{m$i$`m#87RN^dmr)$Z1?U>w^E+{dNl8fwA%skDa+<LYzE_ov
zM=E{!_l7j5@*|3aX|k?wwuR_gO#ADchP^(kW3_|H9f;Mys*wm&qRVfA?Rjs<6(CW7
z8uby*A*9QxIU<;hM*qIi&9U@BT0|o5zX(~-dwSr|c0udyuVWY9v!z&OSs-A#LUp-7
zIopeR`QdJ|C;F~ab0HE1&nYfCTEEibKG05S-w{H9o!VeTPS;9l<TK>$2mZa>lCt|`
zX2LqZ;3nm~tfAJ{wpF?_;J)!RtdDpiqcYc^Iz4b9AUCac$I7aUVjURCkdb?=BZHum
zv=;(hV#4+5TGw$lrNTPY1`j**uzkFx^%ntex1o=<h`}tIhgIL*F0PUwF@L!8{?*mH
zL9-IdJ;0%qZr;aaBnESQ1i1f~>hE4XubeK1k7HYkvrOTEG9`zU#<Q2Oui!p(0=gz}
zGqBxkMJh6wr<efw7b58I?aN5K_rs67vJQ26t6W<R7qkW_pGjtaS<Z&Md<9936xlij
zPt4}`71w_|G1halP*2MsC`|YYWdh6997_rz+{c0vNG5Z#EKvRHC3h|<D^i=^Pe=Cm
zZi9o}<;<sv;n@o!+dngh;po=`KbAgj3>2U_h*#)HlBP333mp<y898riKSmEzCaL})
zQ=C(f$YI+>W(|+Y`R{9ajQonz75lECH7JMeZdDh~7EA|jVqD}0U<8KH!yhN}L)_t|
z<3||}@-L8fy9CVytT*tvzD-gaE;hXW(FNRT;Wa+3cjYWjb4N|%;i^_U-&K4PEJ8`v
z;Wyasg4k#?TIo<0^Qx88W}-99Yzc@POGoQgP4Q@5zLno8+93R0He1)@=`MQNXy`Ra
zbgV7??e188kFrDfYP~};pVkK?H*0M__IBrCSk>{*q-A;b5JDM08B90Z%}0m0nnG7A
za?#I%ln`I;=esC&)E7DPbQk;Ecxn4Eh@15pU6bP$W%gm>T{tzOp|)>!gx=X3;l6`2
z!k9$Oh&<le7`v<VomD=w^}OPg08}=%Hh(m7P6<8<xZA=-VaY#?1qCAhj$Bqe<$5qH
z%4Iw5kyohSh(`RkO2JjNpYqmcx$P;c+@6DD!LeeKUypu~uJ77f6Q0Tj$DN$-`q2J)
zQatV{sBdy6b$BD-#3_H*uJ%-MF!`?ya!+apmFexd`R8NzsjC&|+^LBAiYnUr`KEX0
z%7z7Q5^FVHA8oxtM$Yejdv$C9#t<z>2BeFNCk_7Y?t7MuJkp@BLyxoi!;l}_XBS^T
zsN_ss20DzMu1#E*`V@xkd0Fq?YCKha=2Xo1U<%*yYmI)+L{5O+bb(QH#%2w|uO~y#
z^R)hOeST`uY2J8>fuvK_ey&t;c>?J;Ovab!`-{}Nz<D%|Bw$NmaqV%3D8AlA$?ug6
zJ$#!Hf1lUS_h`|%OHW;E^<sT%wp!OGkIdhD(9AdWTimjncQVZpVh*&uH<lLgs)t>Y
z8JTs?icFHkjT>+FdKh#YGHVRfv(8AJO<m2W%0v)q^$~#-wHv(6^5-stQ-ikOuQ!NS
z-=98n*NeIQI2%L0tuJ6LSa5&3VsMI4GS?7Mh0Z02r#IyIJwW$$4JOAF+QRMt`F6Ol
zL$n|Hr=91W4pcS!21K&;7!QNOm^`Uy#%$EpUq6>RyC9m*K96}Gq#{ay^(SvOWrtbk
zve@YSuPyqeq=W2q%WpAUgRhpl)>UdGff)_gzr1s!ob)wNU2E(AtFiTZcc%)4b}1TB
zi_^DVuRJZKImxCqJz?&6Q?_xno|)tTI?UTDl<u>Py3-N{(}Jqe<BR49XUBMF2dk2i
z%aMm!J<8h=sQ&ZgqV<Ljv&=E)a@K}7I)leIRIpiH*U0pKvT$<r{l!B;J-dhY4!{pO
z!gXOM&i`2>y-$LdfuRVD7@G;l1E=jDpEh|bZKey~9Z68v20a{h_%1z~sofa%@l3$+
zhEy20`C085SGb_V^k(ZvLXwG=<&^oU2d@3cyR9{bGomKQG6(8OyN!CLuxAA6D2B`V
zrLdbjqJHwfxgVXy#XHT~;oqJ*daF}=pZ-Grh0lX?_nTDvkNUH=&$vP~?HV3X^WLj4
zoJV^g7Pl)ViEnmkIQTF?f>kjnY^0k;koM20$5M^Myx{bhh3tKF1E1%9`9?Kiw7ecT
z$C5`rx-com+iw46|7UAj8aMD8%{nFh9&b`w4B8VdWc%c|mJAh4o4-{@Zs9?okDDo{
zt$P}K&o(UAhdU2@w!Iq1V`aPEzRPIJ{Y!(u__x^%%j7GM&!|n(m=-MD5~YcHc1|@I
zSUAbQkU!Bn;dE-(oa`_Y@bhdsljXMF-&*b2DXz^i$C2_<yA||Tf(6S|2Ql$~i$*S5
zcT%3>=?OU@i31a4!8(LL&cEu&Y<+NL(ss2$On-Im77Ud&Q`gdJw|;+4|7RL&^l#B5
zUEp86mC3okC9_n@v*lfcs()vEye{X@CLL!;HnuLNdd$gInUUAqras*n419X;)z`rh
z#Rt$89d(@c`S|q{-izH$@|}VAtsUR)w68Ws+-!c_dTU(7Q{N~)snpTjdbNbh`)(~|
zX6|bts<YAwL+_v8oTp~&k~~Zj@dL!I^wV`8m)PwqbfoE=4$qURPFp<xv|DHLWrU(V
zKjEo$s$-kl<nr{(`#mpbTq4gZwholSXkL;%Tc<DV@S(_~#OT>%Y|}kl!3%q$|NDcz
zfU2(3I_=^nC0&LE;su}GVVX>JFKS*F)1J)_m3Z0&#er;Xq-&nz^3DD{#UsHx1NZX>
z%1teZ3A1U5^TU}Q&ReWE_pOfpGPfrs4?oB;eSYb@)8hYE&~A+AQJ;MOcVCa6bAL2M
zbEOfCSsR8r)<EVL!=vVRRWWKE&p6&6M!)iMgiE2CsPD4&(ZPKms~e$62s}RiY1o$R
zntWZOfo_o-Bdt+_pbryI;;oIC^Q;fkC{(rX&M}VAhrjE&?OUdo^=g{mpt%>)8VY(*
zO&)!sz=IEX?LLQ*Dw$cW&~&dDOQ5dFb;FT+gqxA_&b}^v)hqQieZ%mH;;Y5p2h=~E
zFKuvWNZ-=5S~mVdwj70ck5OIL{3iFhXxn;B={>-A_kb!OkbgAbN4o!-JjXu4l(}lF
zxzx&zV2>U{3C9uj9%#PSqR5ye&8rrX8IK3#ztgpRiDxIbuEv83%V^D9zAEz%HSQ&o
zJMa0J%HtBp*2afEaxdr{BF%*j?=c5xD9=sc_ID}b-|FUmQJGVq6mwFoUy4H0Vk+i3
zOkO!G@-*%GTk{T$KfN8dSwF4eAG2N2YC;Hk)H91MPHIqS_XJV!%!PEZDR%pUjkzBP
z(ly#V9Ik#apIW<Ez4~SP1>mFYN7NZDg9NHyg4K<DH=nz;N7Ap6A~bm<DrH$1C*XMU
z+4;Tt^G-ighgLwsFKxF*|NP@x95f7;o{SM%TU$>#od0koUuiv#It2Kq;q}vApOfp%
zG30MQ4_P_&2TL#yFElGCiSNHHpDXuz!*Ttw=knVd@53yI=c;(-%|pD6{j80>k*MFB
z|BMBBiJTq%CKtfUTn1EEcXQ%*JPIx0t7sJ2K)&OP8|Ozj<fJ@{A*Vws7)%LwCf>h%
zD(T+S^81DR&_okUp@RMS2(=JtW3+z6x#H$aslJ;o-$L9?W6QlQLT`7zNb~kIUd^bt
z>)@pH>mfXxI}-eVt=03{iStjMgBcBHY-4BjcH0WGb^<>S3_l*t+x?iN^vml;QunEQ
z1kq9D`{wY3{Bp+}N~;`snc^5=#cJUF8I`u_oWJ#92)@VplB{$m<LLI<De_4t=eLAo
z_F4wFjE$jwKQG%|%<Z}28jgpO*av5iew28kHFE2bjB>pn(o^{8g4bZZOm1z>aX|X&
z-6?<I@=e$78|MvfuIrM_2cF9|Z}yG)pK;FEgs^rPYt($aSz5YIb{-2S_z|}r<ESq0
ze#E`OaSVIvx0&%$j$w!0G<VaQom%(52@;~&;fk54Hd}=5bu``ZyvZZwp%m0@OvxK1
zY8PFcaIIEh2$P`lcUBj*+FR&fQnN%#+HR6=QZYz!s<p0F_J6Ekct%NFJnuXHF5QMe
z%%tI<mnh@MW`)9Of{AXE<YojG6aHTXzO$021pf>c<0=QMquVrS?I6HIxuAIY7c%#=
zc`B}!;>qRn`44c(PYplxDa1l;3I5tNp3YR5wc2PX8|^>o$1q>~I@^7i&#7M9)wsVj
zs>&lp$~p5EL$T?yoi9*vF79`7z7x(<r$Mkqm%Rk@RmRa+t2pW>^k|~?t#G@jU!Bu{
z#$7jW^#S9K%uoa~2c|$S%^dDMHE~OYz5xnwp(#7FI;X&=x#KvU^`ljBD>F+eSX`t1
z#^lG8A)hw{Jrd4?*p|kCod@*9C7H#t(vinYJT-D{r%5sEEK!O7sZ@WOx*BlQL$}^m
z;bT7)hm-u-&|ArSSNl&o$Kw@H`7|&L7URE7{>k4Se{5V8wj=B)?$GTRDgM)zi-Cib
zZpweV@P<RMyjZMo#;WY74xK<2FYC1<#0=kE8mfeEcM0u=X?Gr7HMXFf`q#pRl_Kgc
z8Q*PQ+7ys@yMe7f_a~u&XwPTQAg=1zfO~pgLjB}~YkE)rDCWFW?AMvxdh)iAOsJ<}
zrHpBrl>0?OLHMKsjSybEXCx1C2Xn{Kd!N#aVrCD6Y`U7LR+pYZI6^&lZoV4UHOWwU
z6szboRW54bdr{-CeZOkUqdDh8OM+-G>w(YxqGF6Qix2&|3B*|K_$l~?o)QYn7dLwH
z6ywmu_E8?~cfPdF&8TY=th-5#);t$DD0qe<PlhtfY=9%J*v7jxAaNdKSGqUKN?b!U
z-LhM>RmcE2(jtcHNyNu#mp0L-X><<Hy>xo+CAZT#C%Gz>1a$vsf;h8AKb1f|5YVQ!
zy#DEI(8_T57{Nz8Iw+wNu<aiLbvGtsC$s>8Hkg6hV5rWG>he{gqxu25lEcGe5~0lZ
z9ZLs~gs2t<Z!j6gd*EYE#Hk`5-WO8Ub9yd;fx6Z%$k;j3V<3SnpJuEOy|qri`cClk
zWe7Is^l)>DuEr$q_Af90H)MKp_;DkqX3iyawsC@SdO3fYza&wTC<V9nGBR`~4I@P)
zh!=K44$%``y<Tv%WhXXmuW{YaH^`ADEYAkXnyPwJg53dxI5_g*U0YcrFZDVzKQAeC
z*X-P}XLx2?c|9^gdrh4S`@*-{@hke|kLaGT1HC-JI<x~K_=RZrnwhJYUmK`or6D~(
zao~AOZupk&&AgtmYnx!?u!u+tOS!%i9`3c{kOAyULK)1x_P@vR8RGxji{=Vm!+9WX
zT$Jrc`z7S?3@?9BpP#ev&Bxy!EAD?b!_^Y`s$Hejd3Nf&&%L*Xq9;~;W14kNEywfh
z1E@X2MQ=$0lrx(jKj^sS(8dF64ND&K(y8+eR&`m{qXG}5RL23)OIU-S-$z?7DMUl9
z1LG&8bKpgR0Nbc@gI#u#SEsdZpEi6I$azq%VKUA~I58tvDW@7T;`g2qIBo@GL|gf3
z<Nfbf%gK{l*X;vD5HlF|UEh%B7d7d!&!I^Mro(!`<g_-*i}4My&=n@)Iq_SM={-JI
z-x@!BDmQFjZ1JDng!nPDS0gZ1OU14G>UMpw`dyCSU&tKY%y;BZZLuSmbt0CP7DZi)
z3hHvU8%V2XDN`vB+Asfdc=k&61CW_AwkwkT$CDaH|CNPMbjKDfprobj_#{62c71uq
zq0~wyW5Dg6fZ1buA-t#&c^aYZ7W-MRDSpZOtpej-zw4L3nk&k@+o~Tbdxlf<v~G?z
zBGI?BZZ1W_yeezgmR1NrF&f{QCi_~Kap}=_0(bwpn3kRtw?3MH&$s4+G&la+M#dFt
zjXg9fA@RWQt?L8%yWfFU7kvB<1P5_hy^sy_(|vpWl`HE!<}J_f`1wjMWtV36)jkr%
z6Y0?pRmlL@tlTBvlWg~%{{8E?`>vu{!%e1uAEgh(7fvBcFG?kR_JMqCkK3GWcAN|l
z)~l>RriF;iIJ0Vw+`!L5Dq+J%qd)4hd*eNxOs197;I#Xf!@eCwC+xVHYP1~~*82ME
z;N|13nv7bSI>%s-3=km)4ju-)E?~ZWELLmibQEUsH(|x+*<Jn_mpRM1H}qm22IXN5
ziBoj$oilCbZth(`1O4wX$pK^|RYfzRs9II?;{oKIpOnQs(&$iVy*sN<Q_;|AGM={V
zce*UqNbq)H${W3LRCvd=#_3z8Yx)gosfrsrDqF`R^{lfFO>{N;lX0%&fSyFI-}e3A
zsSe&&yVI}Lo;-ErqiHskr5c_l;RyJ@$D|HXCbr=d%#izJZcf-X_D`R=4#7dG%EZ8%
zxaC@d8@#2G?j_%xMBRG=_7b3f+5ws0G0x{h$aGWO7aF$r&3h`|*MR$j!o)$!X}fXi
zkV%#^`eHVx*nxK!)-C)`wE``l#(!(86sctqq>$1yQVx}h)nO0yxlh?w^j*O}3F|&s
z9xJA!eZe09MOkX|!1173j(^|7vT5Zo7)*W~hs2K@58t`_@t$d%m}7d)7k84y_B8L(
zJMJY&rVJ2bvhC<N^V}CSGgGg|50jAmlIde?l85<!78i|TT`g;>)O6|yJEzO7me-+&
z&;e0i1E|We^JH}dk>1R`F~Okci4MUAPS<~uWNp=BZx|9(Z8fwfT_Z_}e$v}2`>O|w
zGt^H!T4V3VKNoX#HrvqNWySofwyumM6QL7}fN~z}`xF=h9R!-09R7gy4iDx1i)JAw
z882k4`s7ts{X+$1sgLV^eWAt!4*A*i|NMWVn7sTDg!k^-n-ZU5vNTZz0?y<&;mC+!
zM~%&M|M#<<^dkFdz*GZ(GVVz}Ju&?2SHIVe)V+l0AkWq<@#dowUZ~N*+p8iFs)sxF
zr}D$|6f=J5frpXHo91E4#OWfA;;!P}`X=S1WZvUe|Edg`2;-m-GID;cBK4KC3FZHJ
zDVYd@|1k^9z3cyd4wF&xe_oQY6B3<&-Yn$g+J6rhLimr8^6!Ul{I~i5PCftcQU3og
zy9(9+pIS2xZXTm15ol!sjc=|suq<6i2nfa=K&S(%D)f_zt<GP=)#O0u0p>ttJlxeP
zegCJ&`JG7i8#<*1-oF-tM3c2__J99&X_;vagx+`Y72o}8LP>$Oz0iA~Zi*o6El@8O
zAV$A_Ri}loBMI+Fc>C7-;>4xo5(q}OU*AuAp>?gO60TSBezg1pnrxfiWYnpDL4uk6
zD-(L%K(^4j!+uliukX>%jmff%0cl=qBm-r=sJr)#HQg3JZ$R)nm0j)u^T2Vkl=g$w
z;JZ9E!;1T=s-*frOhP*pU%~;x)xOAqGPG^S`!62QNcz<Q?<`vj22p4YmtF(<-12Bz
zzRgH>7f{!LczbxVXYOt*^?ckk52oO6-pnPgggf8I7jsvD=C+A;(G3#P3I#3l&6}1t
zj(`c`yTS`})<g06@1N{+fLfH)h_W^d&BpPKzV~nwTxu@}`PECQ@Oh#84a~TrN3UDS
zun&Y$wkHXp@zA6({QKHkJgYbKmc`sRb6s>^exq?0b!rOy8vtU7{m#+4ak*2Mk!*SE
z*&+%Ksl?4P7n}p&CwIEV(@BgKa^Q04ly=s>PDsd#Nxf?o$9f7hi^RQ79rkDhNV_z?
zWo1@kRuj{F36N+@8&}8#U0bL8IgEqY^wy4GXGTH~oWycx>Qk{#di=r*p5trJUb|ZZ
zv&CH$+5x97aJfv<Cyrt#)%*`1irz2=(vz+`g>Vj7m32KXCL4T^8xtK(LJx8_kQ4JH
zO?#v1_-UP*$wPy+_1S9F2_H@%kl}fO>f4zU`{&o9?BT0b)B{7UQsBb+p6;`}!-F;~
zD=VvRgBu&R$5JQOAqpA#$kIGC)cN;;AOKh0WB_y2(Xo_2{Y2Tr<0#gw)VP%!UqgV@
z(&FZH_#cHj8|b$TrNK;o7}(<;h5ej$1$yb7rLxqAu$w^cxf<0k<^kMXk&UtFB>Hi=
z%q#it(HgXR$9@+P%49-Ao#UYb3wp40^Yi%=<sjfO;bLP`@tS<r`GYJPx1FxG34Rqr
zC!vSyUp>7ICx<ND-`cvsC+OJ{TmVnnI%BpC-AoXNQ|uMUE)MQnRj>!nX*0nbf(Q_0
zY02iw`RaAT$k&FLoNx**y<5q%73SeS>Auz&YJcFA6k8?IKf4Q?U!1N}vB!?=q|Zzz
z!NA&7Ic#dB=KF>9v@BgCfe<CuBaMB|S^#c|RsX5q`sb-kP^mIz&>u4gF2xqj%zj{q
z<L)&}`5Y+Sq$eS%a#>c8a{sWf0v+Gt?%BnUdS!_G(O4=$<>j659}f4(LN-~DB0oV{
z2O?DY{6<$kCML7KL^iNG>+)>PH#pfNkrq}%sci?Z?>qzz1LzjS;iSS+7Ip7iJ$=fQ
zXEo3J?p4Iq9*@rYbsoGEw39Q<v{syj*^q_F#6ZR2v%j&WJ<LI7pH}eA&ybgghroUD
z1sYEI+k)r7CM<67+yu2o<p8(}V3VW)-vNkqNY*!ED{zpMo_kb%Qyn0VX4N?KTYeQ}
z7<Ea&7y$>(!9PJ0-|ZgUe=g}0_mlL?N-Qm?Ub__q)YN4-D=oed+YiCC)lLIHG**HZ
zX?uo$8f*K?0ql9nWKe%_MM;2iIH8JiD=e0bUfVNofvUl>pFCj^)c?R`$hBRJXm){1
znDTuO@N4j=BMyMJx#}LQvYO`>)SWKwyzpF{YR|GTt{aGVX7kyhVY{Ld68^xsIhl~N
zBgq$fx+wRVJ&s-~t_=OOmwXvWFJRx|o;wD6AAzHfp_n=F*l#48grcYBgjFmkb!S(A
zjm-v}t*$ue(>3#&tgq3`DMs_~)SZ-o3^+fs&i8trgr1-D=MuP)$fDA$3)@>^fkFB(
zrl06>?5x=*J+hm{Z1*#P*xClXKfxU}x7CU3!EMj05cUDUB+%1)SM-KT-)+oaEh{fp
zR*z;5%wb>rl^2;cXQ((VTwGrH8|SQ!4d%5d6_#H=aeDjuh^v6-s;0{4P@!vr3*BhA
z4x3&1#VqTQ5P6SJ*W(45HFqu6Qaa$d17kw&9n2#c$HQgK*F_sLqtUBFT|5DLp^uEr
zi>99pbXdG9GzA50olM&MAHG)NRDY`wx#$dH#CLz_{2?=r@C%Z>3#(Xd5na2yK;LCx
zS)eC$q!_W>8yOYVP7%UGI$qGkH_Nd^nH<0t*8q<qHk-uX7c;&X6=cCO-g?FIT=L~v
ze)#DdBH`|k=g$Fnp`u51($}x(nHC~&zc$R~sn1E}*r{!M8*0(##Uf(Xg@%3pxbri4
zXF}v_G<QA^1~rKldTQ#e!?DkjJ?>A#sA+zslX2`tf_1c;{XJQZ2k{4+q9}@1^?nRQ
zD+)7+W#Lf<bGUbaBNATe1Q%0~CIIUri4SEZ%!{T+?bw_q@t%@1tqvE9G+vfVhDy4v
z5w=+hTdAb7*aauhk6*W5C<7Utn_CpcfK?vi$(pvX@CB#@mV{ft*>Nm4zle?=AUXBi
z_$q&|7UG{`91YQEWj_Yp^Y{YA)fd<16P2zMI7BzzepWO{S}Cx6;DQ#<qcPK7kPEJ9
z-&f1O3#DRhB!ZZJB!tzd-cF_KBfGM5HLEXL=iF!X_8(o(X}-Y27uU<aVL}$r!Wk`_
zG0X(gRo`p1b!PUbF3DKP^fu1asT76PpoYgoGP5yHtjVK<UJ<7bEm1If%N4$4#s^x|
zx_4>}C7+D9N-$vpXkOSc)U#ivplKlMcrYs&xjt6}G2?~5-6ZUi*6b7cp@}-RQJOD*
zyN|vSSYs>R?{Y5s-e;E!3+#O05t2?K)+=c;^2Qd>YXusWCRgakj!#;*M0}4*B0BGJ
zzadtAFZ5tplBMEH!H7J+!F8=kjOq_2Sgck2nz-WXKf-<+Ui>LV^;K=)5to%)x}`m9
z6I+ajd&6b{(dTvlzN1zlTMlB`thgc3W+pfkIi_)2wz%W&&3CMQ(R6CUE()w|d%;zz
zzisZXY$INQ9$<+u2}^51FGv8K`V#Y0!AZoA<TVLO>nHvV>x#gJWDqhv`LzfRQDgY=
z^Vs$eh0nSxzhU)Rh#V!7y+*~e`5pn}^0E)O$KRvvaMTdhLVFrzlhGy4dXY4@lwPN%
zmKaR9-eHI>a%7Rzphcs?j#x%Ngdq<!YUbW=$uC2P%z_mBBVEZT)>%}N7l`j#_K_yw
z9=`nfge@A86Q+>!$mm!@P|YJ}v*i_ok&%I@$4}j({Iv+}-Wr=H&u5~2N!3>~2dIVY
zQ{Z;6IuDbMyib6YmTrv|j`k&SRNS%jXA9U>!238e0CI-NLDC5EJVXv1F;iR`=R|b>
zTW8BQKt<N;cY!NyVzK~U#Z>L&L&!Uroq&#wmZ#h3@ljXMP5R*XqMZy@R{$cE9h<X(
zO9D-li|aw>=d3qe`pJojAu8#*<i^P*#-RxF;tF%1Aw=<zPP%yq$x1N3(tfB+Y(1uL
zmP)U7pN1XCE?sdl`f8oM#%iIGQTh(QSe6>oc}-vRDq~isTrux~e#?xG@dfNZRBN%k
zQ;`N;<heWt<`=nf?iSC45)eo&<(%A99^0ZiE-Nm0RZ$``C$RHAYK1|Akx9hN#asG^
zNRqQXLL#jTg$rLim01MSMVlxbZ@-f<YV>L>$h{nS_GjFd&*e5yVyk3R1)nist68|9
zEM?ybppwyM7owl!w&|A1?4qL-_u`#m?3Ml*Xz8d%5Y+vh5yN`PzI|e`oz>q^z(k#W
zM4%l_{l~J~@#Cl&IJan2=h*r|NlTqXXrpzloEKe%X(=hJ?;rN{^Gp>pJ%bCHtS>&Z
zFR*5>2A9d^CZNP>n@nWOM>}687_+8+*_dPUJ704CTBpMphhZt(&<BGky4jdL&{`z@
zvcQp+cU|Xv2g;N4<7f+!k(an{+8`s0+7)JHRl5CpP>JSN-TpEMIa#>Kk;VNLb!<OR
z)@%F}t)<q=bXXhOnO)w(7QKX>%Mq{0Vrgz|MB3lT`6V)2?orlErw)^u+^-9HfYPvX
zkIfxLQ4$<bWR8k%cnOa4ZPD2rfi6XXzmiXaFyO8nrn~~CJVdl%_+_wvbeY1DYt{q_
zPM;VjFb`unu06gLe~SI=?|sW$QS9n&|I{zPug9?ru^QZ$k0G><)$dAdU0ixe_6FC0
zR8I8?s-F50AF`lUPFaIJ^~myKR(;GA!tCQ=*6UiS**DO~Up>345gys5D>5x#)<kOE
zxvWL;g$6&|YX)P2;|(a3ij)dBi-;^=qi`J&40&7bjsWvn4z2K1GiaiY=TlK>Bb>FY
z7g~QzFfs_?Fvhwj^P=mqAWxV=$Pqk=hMp(SLSbx<q+w_8AFrRLBiajYlQZp%ax8`p
z5MsN&hser*|A<pe{s%G~7PAmZ+Zn;2qQ|ehgI%8-;t&iquB=$Bnm+G;A%Yvif+L59
zi<Zd8D{h)0(w!L0v|wxIVw1dYgKn*#{f$4bN;gw*XZcZ0Y8Sx-m8YzV&|{aF$g0dl
zMVBOQ<j_)0wU$CPouFgBmeKuk*-noyiWbTby9DKSSUF#8rF1)B?PC}x0soVsM&>m7
zW|2pQQ7TpT9&=f7-#kfYCJ!gaSFrd<o^yPt=y(EuYxp!ZX+_;Yztd9ZY}%2O^T?Tx
z=!={@0~(cn7EMU`vsGoHcqfBStztf;QDj7fbHn+QE_Z@Sht;^GL9)HjC3T`VcHeUM
z<vOl^aM^Vjc^^$BCt#!Qzrc|2#d({o{(cZS+9OHL8*BJeYDO4$FhNM%JzK@WgXyg9
zvhpUN_{P|y@A<(`?^)=aZtZ|zsk3CcC%#`PQGLv@Za+GWVGAWud564lRuU-kKQXHR
z5_z8=IV32Yc9iLqlQHFqoaZ8LtT(EL$?6Dnt*Ud6-1_W&tN%HcR*6xM{%d~C2WWbN
z=*BdAm3DGQ>u_d^Rex~)k;nRRC!m(yGpKunljDv-l3dj@kf?0B%@G=ISi=2k8Qg34
z67jgS_*BG05!lt6Z`k<8P?h4r!}j;Y^!BI99qk6ZMZDqnL!<CC5Ux;>M;Y-i9b1Jm
zs)^KRuA>5G74mVw(66_ehYLh5sAf5d3FCNWD6z6ierWrOfsu6wvK(ECS@9x*;u&{X
zP^lVgbC2;0@Pn`4K)04`o*#OY*#$SyI8672y}TtZZm=x5*}2Cf-&sYT2tJD7`nw$_
z{#&=?5{}A>vGFx5b6@deA3%1T8pX{qT#*D4qKUd`#-$uWYXN+1sW{V)u5}8`;s_0F
zfur1Cj5O1Id8tuzmV58TJX%g%5C?r?WPKdwxd@I{6sx`4<~khH*Psq1icD&yFpW*W
z>@*9Hn3H5f_LV-$Z<J?T>QZ;VgVvy%IXXHjxKlxremtDDGfHawWp&swox*g)g`u<*
z3~QpU_4e={Z+7q#Yys|FCYCsX;jG_AP`&g@A0Awx3AQuK4-*s87u2Pb@@WK7xssnm
z>IDFoIfHwJYUmbmw5?1D&RbS$GPUCeLHlGjngrsz!s<cjF-mOdBn)VJ?!02N%dK6U
zemrXOX)TbWmo;y!;1tB6#QL0#h6JWP1%faMeJCPl=ogJ8W5#EeshL%7B#2X}Li?g?
z8b8#b%WS#AY_;_9DuhA5MeV2+k(4UO`&{BwlRi;R?CPRV?8EoHyEtLTMZf;05b(YS
zB-V6(%P9W03qY8DW)NipoaO9_gqJTFUMI<C%KyfiRJWwMURuPI$NQ8GS(L8i7f)4t
z!Ny!nZG=V@o*WU<eRxi~sQYfo<DE0x*e7~dP6f>BNe$JP^+4leC%BQin{A92#rfJB
zyIMDG@{h@BaRH?WhaBo8-Y^Noy3Kp*UsqO4ISFOS7?1muSTe}0UA&?-()W9gCH>C|
zJW7yH>X{gkea(!JU^gf%V)sP{(>&Y$UWB@&$o{0Ur>o0mrcudFqK{j(zNAT{fKG}t
zox6<c592htjM%S_HZ$q@Q>qLB48#x6>ZiND5l8x6Bs6W5>tP9~;kk&tBi0y<G{!=z
zYVJ-f(Q>e-K@k@1Hx_wzNP@?^*Z=W^9V+}h_OPltMFs5YE;FK}cio0|%jMx0Nq?Bo
z%1~y9m!o1)?34?5nqKJX|M|sICVn~7I-eb;=}<zGo&aODES7p+f6drESn9&5h*+aV
zVRxn_VUw3<wo?^&Hg-RH*m@*CEIQvSBD~vhWBEmm&FJk@bDUHDBA92<GSpFw@V)KI
zUb@?E)^C{ERhCzo-}7XqKUD9!BfFp8I36>Rl=PAxxB0oI*3(M!hoPFRd5Gd6;U~i9
zw~%$L(E@$O&(J&?4F}HngO2P&bFfJ%hz!~^{KG;*2Hpv({Gs_-i~yy!%}hsOk`3zP
zV(nZ2vsxc9B8!}q-L$}1hcvLOn<mLIK(_KKB8|<K|GQI>945R=wDw+sTNhD;E2Je*
z4<&|6Z=gtkLbwx%&~n{MS`VZdnfizx5Hlj#?<C*Ozrgx-I*!8StJ#&siXMgV9`~)H
zWJ6t2-Mc`$hVU1_4%Ei3rYYDQw|8!^A=POINymsGmk(;EO|d=B7sH~>D3Xc1DGTuZ
zZJBJ+3#ew4r8C>?PYQpa81_+Gr}9u8YpXQNMq}aQdyoez)_pCqqF@eFT|ga6MD~%9
zMOEH9sm#vF=^Erh(F#p(byoscUGkl!1-lyY6N3SrBC`7i)#Bzhr-JyFEN8au$3g_Z
zOV#zGET6gjUSt2RSY6G`W{+ai4#6n;IwV6|y2jl5Xp);c)WhgfY|J2b13RGb8NcjO
zlXqYYyMY}<C+=0w{yhYXM8NnKaw*Jh6|WsXTvlsQWCx(ULJeGWZN|nI%B_kIJc?D`
z{=RTmO;2uD@7Kw+wEAeB$>Du=P?*AE$2oHU!zS6N?I))1R%m($>&x#-{fr2xC_(Q(
za>9*lw|CC_-L%x(V1Rp`g?RHqCnx|w$%q5{$Au>-LF7`jne82ux0qc#qDhL}g2>&u
zo+a}UdkYc<i*ZCCaHQM#Zg;0f$Px+Wt&OXO5?b>ONrx8M8M7hx-<XxvGA&LOXv_#K
zaZZ$g2z<$c;*|C9zz&rvzv{yZ-E}N9y)Jm97{T4Ok@#Yng9R^-JB0v9)_(}`^owfK
zOJ`{#yD^C|kmOlPFY2b0q@d1?!j;a(M)xyE4*w=`FkM$OcHXxp1ZJ@pmmXV$3TjDC
zqGJCdl8l;_N3rrlvM0Y%`KVln>?d0-BLMnja2_A+yx~5+;>>bi1zCNon1WOj_oX;g
z7bGZUS$B0`5ww8^&TH+FJHXBf=`&h^xmo?bixsx3u@vl`IWkBEo{gyZXcT3ZbV)`Y
zj3VQgX;Ho}yQ<#8qPw8<H*RPLTgcJBQqVAu-0FhCTZvy*n&-d~jW9_2D%>m_-RPvq
zCAA(I|JXoPgn9-_kR|5ZiC<Eq`ZFj~RD!s{55$ILpI~>E1DJ4YwIjC$k=Y#gtIeC;
zM^=Sm9d!8Cq_qe(B7*)cK&3=t{(1y;Yb#Y#3Stukz=*C0BHFLY&Zb)U6yzwetwlsD
zU)?PG4cL&@0nt2aHeXP@M;=M)BaA%4aBpV25O8YDy*Uy@;d=ORI4Bn?|K!O60NXs`
zB2N2+r?s6WIgtDHz3EAlkQJ}QC5;EI`P+QU+gHXkB>AEhyzhcWc-+jU^5Vza{d-zU
z%rts2yT`c(sCu~W>ofILG&!7C#V2b$FSd(nwqaI-1FaP*zWnzuOzC4m><<r}J+(fF
zpsZGc+&7yfA0|TfiH)(Squh&;I}%n2q7!yZEz(zvF_>g^T!m6UegBV2swdR;lYZ>%
zop)gOpa4q!vcDj^ddo*dAnJA+{9ZA6&Iqfm-C%xC-cSA5xHyjn4yUpkTo#6c09bi<
zwUHS|G=4yJdb!X^azh~jOGx?D9xqjVNp*rXU6|>trs8cMk=9G8#W(wO(fef9RuzfX
zGkqM6#qFU80XkI8%+*2JXNk9j<Rlrls!+Im#D2y0r$yo<*ZJ5=!uH;YRk@?Ngw4vG
z#vas7rr5+ri-t(zBo7hao~eK2XSd(OkL|_=pwaV3vdfZgNktg<H`nOwSf_=I8IVhk
z_q0kYDaeg0#PgLYtb^MaM4z3p(H+Kit;%YzN<_@-X08@DwIy-rz!Y0fe6`qf-p3OY
zW+s#ZI;YAwoG&Q(_O&}PuTpe_%A~kUo=Sk};EvopgjjS>ukDPlCiZo?CvLxT_R2Od
z$luUjAHrNMDI>Bz)n!cW@0-9c{R&Es&h9A5eb{|9ql!F`Vs_SNtSQthjW1N8#O`Xj
zd7B)w2X?f1M_mTfa&%G&zFS{!yUzTP;&J#H=@)0>$We?tiPkQMtO3}KqnCLRF7cJO
z<hvdQcDQiw&L^R4f7c^Pj7ETfT{97NEumze4)AKnP!L_^6g1|Uz}*sxB5^k>7+GsX
zC{`8(44hZY{hmF0*4Z5SEwA$UL1`_>vaO%?dT<hdmbKVztW<n*N{Vk^k{AW3XQUqS
z+KXOeT%fXR*I*Nt`4|xFkzrTkKs<$}0$;#24DKNd?>i)t${g*7TKL0MP=UURR0$S|
zO+vx5A*Aq(T%#RCITfI{2*rho0Ic15_m%&)p$UdRlV|m4U1|(P?JK6n)$e01#n(+U
zAosm5xzjL%M)fJ7j_ZCXWmTRAX0;zG4E6Y!saW9C^+^}k<gx^jlgC|z@Uznu>%@G|
zWBX_@ALXNuS?ft8^7lO?66MrA;)bm5i|%Ig|EIe%e`hP-<M@dnTI=-QsiAg_T8dVy
zEv97Dw9?cX5s_lXR%^?M7<<xM?q!TURHRyKV=s!5R^5);nocx`JzBM0LY2@W+;9Jl
zdww`So##B~InO!gb3UK<dA-iOHdT*P0rW^dUj1I*KRMU)iq&&Zdn048Xir*PxlT3P
z(B9crtsc(7wwGN>1D8hChp+j{JFjLxRSY&uBJ&2mWB}n6XAKvvW=}Nx^c_xTTfWsg
z?ym&ezmrkvb4ne582k;u=APxUuUm_k@=;et{Zib9e0w%$pXB;sv08htC!&A6uow&`
zOD`7EPbof1y7WV1-mu(hgBzu*Vgi>R)v+26uDkSnsYO{#D>@I=+*M8YQL}KhY*ZO3
z-j{`$CV#;p76(Cj0wCH+HBwo4Nn=yG%ZoD@?7p{nxK5gn1I=a|rwuGPW^PQ@*ubfZ
z$GVDCvVMw1@RXeXB(2CHu`%C)*DY}r`PYT(>W;45&jq*;sXujxy+7afAK^$3TMV3F
z^tc7hpLiG+?syPlAmP5MbhDuG+&u1|{NyR8K7vi!BsJ{2Ecp!Ka(t)_07jDW)D)5y
z!i;Q9DZ?UPwEOm@(t@W_SAqWg@Nj$0^J36x8ThB3c}ayGlpR%9mx(H!J?@r(JgOX^
zbrywzNl2Zv`RTq`lDKWl4E~_y+RU6%AHlX%_HQimADO+D5ec4?z4o%y>HKVfHyTa8
zuZL6tBlkFo_fgyArU$U;h<KUni;M-g61DR5>DUM@ha;qHBc&KoX79Vcf;Mr{HguW2
zc&zDcU1xtnMO$bty#VVtfm_Zod9&ku>W@U_hgHuMJ;`XjezreWahV3&1p$XZPZZk;
z-#X7P$Kgu~-o+YqIl^`kWQnCfHTel4RcEf-*#3Rt0{sqcL?cu)vQ};^;oE+Wv}{zC
zzXtNw(CE?~UpQ%E4?N4s8Odh;^$73N9<1NP34t|H9r1f)VXEEelxj;9ET)L=FdfjI
z=kr<Eyjl57fPVwX!I+&YFBuMZO3=m`1wR9N8jrmKGr#O<(a^PnKrGp6MlDjDWsjZj
z#4ynzE3_Qrj!v$BVq#*n`>i{c>@F*-(ZFX&P)OG$n_8xXar}iSi6vhV7_~;KGk$l^
zOd=Z5wwq+yV<UcZGyX=pR&Uykwnhdy?sk|Hr_4a71z70LWFqBlbw`Br^1o=N(M75M
z@pB!gUwbvrEmMjtf|J}=yK5O**WV5{tW+f>fK;rZ?bM$*ihXm*!k{x4N!a<@ZH<q_
z>TCmVhVJ0U4AWSqWq@dQtkzJ3acwV7YZ(E@mpcPoo)dsd#9On0+`^XVx5J%jLK9wr
zm}PTw6s?Wyq}A(V{2g!d7YZ-BqK$4D*l%7PT@egh8*JY0&x`iFd7z$_V+t5gOOFT-
zliRQki|(vnP3OISc8YZ}2-!GqrqQ)lq<XM1*J~qSi2zdm^oC*A3ynQMc9TAUbckur
zC9~)?3=vz=iJn)+nD=8h8Qst6wlHqR?j_dh7q2aqqN6KaYK8!3-ej=vlEaD;DJ(7D
z8qtWXtp3S8*f3Wo@zZ(`K^Ww5w$f}HdG(tPHn=ZF&Q+cP)~%7oTq{-Uixno3Wdo1s
zD$gR{SLjnK>T-2>o?Quydo&L=ON?Zf-;dAoYw|69*#X{Td0t*0{9n)gH|$+f=b<0B
z1#y9AcpMXrsbdWi$5U8i4AR)sF!PeQm{v_<4u_-qrp<d@hxXA!7{hZ|z#bdmZk9*5
z@h`_6b$NdI#`o8qTJEwHpRZ^J5KbE+`+vh@^p<5JmJ0pADZn>dRCftlPkO~4J!~Mz
z#qjR+Ir9=av!A2a!yBvZg9#292jc}vL&E88B(ZScome=}6O?|uGU+{@t<E2&ht7mt
zz@-G<8yqjh7@~NpUje09?WDKDH=nwd2@qQ6$t?9&GD&47P>yp*pu?vRsr-|n76fwq
z1LOY6tE0jvh_G^S!`Y6gEY-=Iz~vgGIV$I1G19Qz$4{9)AczX7VghR1>6|%v`d3*M
z#@rE(AdtSYGW1dbw(EO@LzLoN6M!*m=z|aUK`&Ec#n(~(_AvktX*Ii~;y`)(eq$yM
zzQ!z;gY}{*mISe_<6>K9zkmn>;MO(8bWnL$i|_~)rjHZ{gu0JUC?xLdYR;Y!U&=+I
zB62_%3+x}wB9VyguWb&84yDD;Ly(NZLm2c61(JmzxOe~r{h)z@LoXqiG6YFVaUkdn
iiXsV7VE=cU&fdw==;sO_r7l2VLH}%TQ*Zst-Twi0u|}2v

literal 0
HcmV?d00001

diff --git a/modules/secops-feeds/main.tf b/modules/secops-feeds/main.tf
new file mode 100644
index 0000000..dced257
--- /dev/null
+++ b/modules/secops-feeds/main.tf
@@ -0,0 +1,1448 @@
+/**
+ * Copyright 2026 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+locals {
+  source_type_mapping = {
+    amazon_s3_settings                          = "AMAZON_S3"
+    amazon_s3_v2_settings                       = "AMAZON_S3_V2"
+    amazon_sqs_settings                         = "AMAZON_SQS"
+    amazon_sqs_v2_settings                      = "AMAZON_SQS_V2"
+    anomali_settings                            = "API"
+    aws_ec2_hosts_settings                      = "API"
+    aws_ec2_instances_settings                  = "API"
+    aws_ec2_vpcs_settings                       = "API"
+    aws_iam_settings                            = "API"
+    azure_ad_audit_settings                     = "API"
+    azure_ad_context_settings                   = "API"
+    azure_ad_settings                           = "API"
+    azure_blob_store_settings                   = "AZURE_BLOBSTORE"
+    azure_blob_store_v2_settings                = "AZURE_BLOBSTORE_V2"
+    azure_event_hub_settings                    = "AZURE_EVENT_HUB"
+    azure_mdm_intune_settings                   = "API"
+    cloud_passage_settings                      = "API"
+    cortex_xdr_settings                         = "API"
+    crowdstrike_alerts_settings                 = "API"
+    crowdstrike_detects_settings                = "API"
+    dummy_log_type_settings                     = "API"
+    duo_auth_settings                           = "API"
+    duo_user_context_settings                   = "API"
+    fox_it_stix_settings                        = "API"
+    gcs_settings                                = "GOOGLE_CLOUD_STORAGE"
+    gcs_v2_settings                             = "GOOGLE_CLOUD_STORAGE_V2"
+    google_cloud_identity_device_users_settings = "API"
+    google_cloud_identity_devices_settings      = "API"
+    google_cloud_storage_event_driven_settings  = "GOOGLE_CLOUD_STORAGE_EVENT_DRIVEN"
+    http_settings                               = "HTTP"
+    https_push_amazon_kinesis_firehose_settings = "HTTPS_PUSH_AMAZON_KINESIS_FIREHOSE"
+    https_push_google_cloud_pubsub_settings     = "HTTPS_PUSH_GOOGLE_CLOUD_PUBSUB"
+    https_push_webhook_settings                 = "HTTPS_PUSH_WEBHOOK"
+    imperva_waf_settings                        = "API"
+    mandiant_ioc_settings                       = "API"
+    microsoft_graph_alert_settings              = "API"
+    microsoft_security_center_alert_settings    = "API"
+    mimecast_mail_settings                      = "API"
+    mimecast_mail_v2_settings                   = "API"
+    netskope_alert_settings                     = "API"
+    netskope_alert_v2_settings                  = "API"
+    office365_settings                          = "API"
+    okta_settings                               = "API"
+    okta_user_context_settings                  = "API"
+    pan_ioc_settings                            = "API"
+    pan_prisma_cloud_settings                   = "API"
+    proofpoint_mail_settings                    = "API"
+    proofpoint_on_demand_settings               = "API"
+    pubsub_settings                             = "PUBSUB"
+    qualys_scan_settings                        = "API"
+    qualys_vm_settings                          = "API"
+    rapid7_insight_settings                     = "API"
+    recorded_future_ioc_settings                = "API"
+    rh_isac_ioc_settings                        = "API"
+    salesforce_settings                         = "API"
+    sentinelone_alert_settings                  = "API"
+    service_now_cmdb_settings                   = "API"
+    sftp_settings                               = "SFTP"
+    symantec_event_export_settings              = "API"
+    thinkst_canary_settings                     = "API"
+    threat_connect_ioc_settings                 = "API"
+    threat_connect_ioc_v3_settings              = "API"
+    trellix_hx_alerts_settings                  = "API"
+    trellix_hx_bulk_acqs_settings               = "API"
+    trellix_hx_hosts_settings                   = "API"
+    webhook_settings                            = "WEBHOOK"
+    workday_settings                            = "API"
+    workspace_activity_settings                 = "API"
+    workspace_alerts_settings                   = "API"
+    workspace_chrome_os_settings                = "API"
+    workspace_groups_settings                   = "API"
+    workspace_mobile_settings                   = "API"
+    workspace_privileges_settings               = "API"
+    workspace_users_settings                    = "API"
+  }
+}
+
+data "google_secret_manager_regional_secret_version" "secops_secrets" {
+  for_each = { for k, v in var.feeds : k => v if v.secret_manager_config != null }
+  secret   = each.value.secret_manager_config.secret_name
+  project  = var.secops_config.project
+  location = each.value.secret_manager_config.region
+  version  = each.value.secret_manager_config.version
+}
+
+resource "google_chronicle_feed" "feeds" {
+  provider = google-beta
+  for_each = var.feeds
+
+  project      = var.secops_config.project
+  location     = var.secops_config.region
+  instance     = var.secops_config.customer_id
+  display_name = each.value.display_name
+
+  details {
+    log_type = "projects/${var.secops_config.project}/locations/${var.secops_config.region}/instances/${var.secops_config.customer_id}/logTypes/${each.value.log_type}"
+    feed_source_type = one([
+      for setting_name, source_type in local.source_type_mapping : source_type if lookup(each.value, setting_name, null) != null
+    ])
+    asset_namespace = each.value.asset_namespace
+    labels          = each.value.labels
+
+    dynamic "amazon_s3_settings" {
+      for_each = lookup(each.value, "amazon_s3_settings", null) != null ? [each.value.amazon_s3_settings] : []
+      content {
+        s3_uri                 = amazon_s3_settings.value.s3_uri
+        source_deletion_option = amazon_s3_settings.value.source_deletion_option
+        source_type            = amazon_s3_settings.value.source_type
+        dynamic "authentication" {
+          for_each = lookup(amazon_s3_settings.value, "authentication", null) != null ? [amazon_s3_settings.value.authentication] : []
+          content {
+            region            = authentication.value.region
+            access_key_id     = lookup(authentication.value, "access_key_id", null)
+            secret_access_key = lookup(authentication.value, "secret_access_key", null)
+            client_id         = lookup(authentication.value, "client_id", null)
+            client_secret     = lookup(authentication.value, "client_secret", null)
+            refresh_uri       = lookup(authentication.value, "refresh_uri", null)
+          }
+        }
+      }
+    }
+
+    dynamic "amazon_s3_v2_settings" {
+      for_each = lookup(each.value, "amazon_s3_v2_settings", null) != null ? [each.value.amazon_s3_v2_settings] : []
+      content {
+        s3_uri                 = amazon_s3_v2_settings.value.s3_uri
+        source_deletion_option = lookup(amazon_s3_v2_settings.value, "source_deletion_option", null)
+        max_lookback_days      = lookup(amazon_s3_v2_settings.value, "max_lookback_days", null)
+        dynamic "authentication" {
+          for_each = lookup(amazon_s3_v2_settings.value, "authentication", null) != null ? [amazon_s3_v2_settings.value.authentication] : []
+          content {
+            dynamic "access_key_secret_auth" {
+              for_each = lookup(authentication.value, "access_key_secret_auth", null) != null ? [authentication.value.access_key_secret_auth] : []
+              content {
+                access_key_id     = access_key_secret_auth.value.access_key_id
+                secret_access_key = access_key_secret_auth.value.secret_access_key
+              }
+            }
+            dynamic "aws_iam_role_auth" {
+              for_each = lookup(authentication.value, "aws_iam_role_auth", null) != null ? [authentication.value.aws_iam_role_auth] : []
+              content {
+                aws_iam_role_arn = lookup(aws_iam_role_auth.value, "aws_iam_role_arn", null)
+                subject_id       = lookup(aws_iam_role_auth.value, "subject_id", null)
+              }
+            }
+          }
+        }
+      }
+    }
+
+    dynamic "amazon_sqs_settings" {
+      for_each = lookup(each.value, "amazon_sqs_settings", null) != null ? [each.value.amazon_sqs_settings] : []
+      content {
+        account_number         = lookup(amazon_sqs_settings.value, "account_number", null)
+        queue                  = lookup(amazon_sqs_settings.value, "queue", null)
+        region                 = lookup(amazon_sqs_settings.value, "region", null)
+        source_deletion_option = lookup(amazon_sqs_settings.value, "source_deletion_option", null)
+        dynamic "authentication" {
+          for_each = lookup(amazon_sqs_settings.value, "authentication", null) != null ? [amazon_sqs_settings.value.authentication] : []
+          content {
+            dynamic "additional_s3_access_key_secret_auth" {
+              for_each = lookup(authentication.value, "additional_s3_access_key_secret_auth", null) != null ? [authentication.value.additional_s3_access_key_secret_auth] : []
+              content {
+                access_key_id     = lookup(additional_s3_access_key_secret_auth.value, "access_key_id", null)
+                secret_access_key = lookup(additional_s3_access_key_secret_auth.value, "secret_access_key", null)
+              }
+            }
+            dynamic "sqs_access_key_secret_auth" {
+              for_each = lookup(authentication.value, "sqs_access_key_secret_auth", null) != null ? [authentication.value.sqs_access_key_secret_auth] : []
+              content {
+                access_key_id     = lookup(sqs_access_key_secret_auth.value, "access_key_id", null)
+                secret_access_key = lookup(sqs_access_key_secret_auth.value, "secret_access_key", null)
+              }
+            }
+          }
+        }
+      }
+    }
+
+    dynamic "amazon_sqs_v2_settings" {
+      for_each = lookup(each.value, "amazon_sqs_v2_settings", null) != null ? [each.value.amazon_sqs_v2_settings] : []
+      content {
+        queue                  = amazon_sqs_v2_settings.value.queue
+        s3_uri                 = amazon_sqs_v2_settings.value.s3_uri
+        source_deletion_option = lookup(amazon_sqs_v2_settings.value, "source_deletion_option", null)
+        max_lookback_days      = lookup(amazon_sqs_v2_settings.value, "max_lookback_days", null)
+        dynamic "authentication" {
+          for_each = lookup(amazon_sqs_v2_settings.value, "authentication", null) != null ? [amazon_sqs_v2_settings.value.authentication] : []
+          content {
+            dynamic "aws_iam_role_auth" {
+              for_each = lookup(authentication.value, "aws_iam_role_auth", null) != null ? [authentication.value.aws_iam_role_auth] : []
+              content {
+                aws_iam_role_arn = lookup(aws_iam_role_auth.value, "aws_iam_role_arn", null)
+                subject_id       = lookup(aws_iam_role_auth.value, "subject_id", null)
+              }
+            }
+            dynamic "sqs_v2_access_key_secret_auth" {
+              for_each = lookup(authentication.value, "sqs_v2_access_key_secret_auth", null) != null ? [authentication.value.sqs_v2_access_key_secret_auth] : []
+              content {
+                access_key_id     = lookup(sqs_v2_access_key_secret_auth.value, "access_key_id", null)
+                secret_access_key = lookup(sqs_v2_access_key_secret_auth.value, "secret_access_key", null)
+              }
+            }
+          }
+        }
+      }
+    }
+
+    dynamic "anomali_settings" {
+      for_each = lookup(each.value, "anomali_settings", null) != null ? [each.value.anomali_settings] : []
+      content {
+        dynamic "authentication" {
+          for_each = lookup(anomali_settings.value, "authentication", null) != null ? [anomali_settings.value.authentication] : []
+          content {
+            user   = lookup(authentication.value, "user", null)
+            secret = lookup(authentication.value, "secret", null)
+          }
+        }
+      }
+    }
+
+    dynamic "aws_ec2_hosts_settings" {
+      for_each = lookup(each.value, "aws_ec2_hosts_settings", null) != null ? [each.value.aws_ec2_hosts_settings] : []
+      content {
+        dynamic "authentication" {
+          for_each = lookup(aws_ec2_hosts_settings.value, "authentication", null) != null ? [aws_ec2_hosts_settings.value.authentication] : []
+          content {
+            user   = lookup(authentication.value, "user", null)
+            secret = lookup(authentication.value, "secret", null)
+          }
+        }
+      }
+    }
+
+    dynamic "aws_ec2_instances_settings" {
+      for_each = lookup(each.value, "aws_ec2_instances_settings", null) != null ? [each.value.aws_ec2_instances_settings] : []
+      content {
+        dynamic "authentication" {
+          for_each = lookup(aws_ec2_instances_settings.value, "authentication", null) != null ? [aws_ec2_instances_settings.value.authentication] : []
+          content {
+            user   = lookup(authentication.value, "user", null)
+            secret = lookup(authentication.value, "secret", null)
+          }
+        }
+      }
+    }
+
+    dynamic "aws_ec2_vpcs_settings" {
+      for_each = lookup(each.value, "aws_ec2_vpcs_settings", null) != null ? [each.value.aws_ec2_vpcs_settings] : []
+      content {
+        dynamic "authentication" {
+          for_each = lookup(aws_ec2_vpcs_settings.value, "authentication", null) != null ? [aws_ec2_vpcs_settings.value.authentication] : []
+          content {
+            user   = lookup(authentication.value, "user", null)
+            secret = lookup(authentication.value, "secret", null)
+          }
+        }
+      }
+    }
+
+    dynamic "aws_iam_settings" {
+      for_each = lookup(each.value, "aws_iam_settings", null) != null ? [each.value.aws_iam_settings] : []
+      content {
+        api_type = lookup(aws_iam_settings.value, "api_type", null)
+        dynamic "authentication" {
+          for_each = lookup(aws_iam_settings.value, "authentication", null) != null ? [aws_iam_settings.value.authentication] : []
+          content {
+            user   = lookup(authentication.value, "user", null)
+            secret = lookup(authentication.value, "secret", null)
+          }
+        }
+      }
+    }
+
+    dynamic "azure_ad_audit_settings" {
+      for_each = lookup(each.value, "azure_ad_audit_settings", null) != null ? [each.value.azure_ad_audit_settings] : []
+      content {
+        auth_endpoint = lookup(azure_ad_audit_settings.value, "auth_endpoint", null)
+        hostname      = lookup(azure_ad_audit_settings.value, "hostname", null)
+        tenant_id     = lookup(azure_ad_audit_settings.value, "tenant_id", null)
+        dynamic "authentication" {
+          for_each = lookup(azure_ad_audit_settings.value, "authentication", null) != null ? [azure_ad_audit_settings.value.authentication] : []
+          content {
+            client_id     = lookup(authentication.value, "client_id", null)
+            client_secret = try(data.google_secret_manager_regional_secret_version.secops_secrets[each.key].secret_data, lookup(authentication.value, "client_secret", null))
+          }
+        }
+      }
+    }
+
+    dynamic "azure_ad_context_settings" {
+      for_each = lookup(each.value, "azure_ad_context_settings", null) != null ? [each.value.azure_ad_context_settings] : []
+      content {
+        auth_endpoint    = lookup(azure_ad_context_settings.value, "auth_endpoint", null)
+        hostname         = lookup(azure_ad_context_settings.value, "hostname", null)
+        tenant_id        = lookup(azure_ad_context_settings.value, "tenant_id", null)
+        retrieve_devices = lookup(azure_ad_context_settings.value, "retrieve_devices", null)
+        retrieve_groups  = lookup(azure_ad_context_settings.value, "retrieve_groups", null)
+        dynamic "authentication" {
+          for_each = lookup(azure_ad_context_settings.value, "authentication", null) != null ? [azure_ad_context_settings.value.authentication] : []
+          content {
+            client_id     = lookup(authentication.value, "client_id", null)
+            client_secret = try(data.google_secret_manager_regional_secret_version.secops_secrets[each.key].secret_data, lookup(authentication.value, "client_secret", null))
+          }
+        }
+      }
+    }
+
+    dynamic "azure_ad_settings" {
+      for_each = lookup(each.value, "azure_ad_settings", null) != null ? [each.value.azure_ad_settings] : []
+      content {
+        auth_endpoint = lookup(azure_ad_settings.value, "auth_endpoint", null)
+        hostname      = lookup(azure_ad_settings.value, "hostname", null)
+        tenant_id     = lookup(azure_ad_settings.value, "tenant_id", null)
+        dynamic "authentication" {
+          for_each = lookup(azure_ad_settings.value, "authentication", null) != null ? [azure_ad_settings.value.authentication] : []
+          content {
+            client_id     = lookup(authentication.value, "client_id", null)
+            client_secret = try(data.google_secret_manager_regional_secret_version.secops_secrets[each.key].secret_data, lookup(authentication.value, "client_secret", null))
+          }
+        }
+      }
+    }
+
+    dynamic "azure_blob_store_settings" {
+      for_each = lookup(each.value, "azure_blob_store_settings", null) != null ? [each.value.azure_blob_store_settings] : []
+      content {
+        azure_uri              = lookup(azure_blob_store_settings.value, "azure_uri", null)
+        source_deletion_option = lookup(azure_blob_store_settings.value, "source_deletion_option", null)
+        source_type            = lookup(azure_blob_store_settings.value, "source_type", null)
+        dynamic "authentication" {
+          for_each = lookup(azure_blob_store_settings.value, "authentication", null) != null ? [azure_blob_store_settings.value.authentication] : []
+          content {
+            sas_token  = lookup(authentication.value, "sas_token", null)
+            shared_key = lookup(authentication.value, "shared_key", null)
+          }
+        }
+      }
+    }
+
+    dynamic "azure_blob_store_v2_settings" {
+      for_each = lookup(each.value, "azure_blob_store_v2_settings", null) != null ? [each.value.azure_blob_store_v2_settings] : []
+      content {
+        azure_uri              = azure_blob_store_v2_settings.value.azure_uri
+        source_deletion_option = lookup(azure_blob_store_v2_settings.value, "source_deletion_option", null)
+        max_lookback_days      = lookup(azure_blob_store_v2_settings.value, "max_lookback_days", null)
+        dynamic "authentication" {
+          for_each = lookup(azure_blob_store_v2_settings.value, "authentication", null) != null ? [azure_blob_store_v2_settings.value.authentication] : []
+          content {
+            access_key = authentication.value.access_key
+            sas_token  = authentication.value.sas_token
+            dynamic "azure_v2_workload_identity_federation" {
+              for_each = lookup(authentication.value, "azure_v2_workload_identity_federation", null) != null ? [authentication.value.azure_v2_workload_identity_federation] : []
+              content {
+                client_id  = azure_v2_workload_identity_federation.value.client_id
+                subject_id = azure_v2_workload_identity_federation.value.subject_id
+                tenant_id  = azure_v2_workload_identity_federation.value.tenant_id
+              }
+            }
+          }
+        }
+      }
+    }
+
+    dynamic "azure_event_hub_settings" {
+      for_each = lookup(each.value, "azure_event_hub_settings", null) != null ? [each.value.azure_event_hub_settings] : []
+      content {
+        consumer_group                  = azure_event_hub_settings.value.consumer_group
+        event_hub_connection_string     = azure_event_hub_settings.value.event_hub_connection_string
+        name                            = azure_event_hub_settings.value.name
+        azure_sas_token                 = lookup(azure_event_hub_settings.value, "azure_sas_token", null)
+        azure_storage_connection_string = lookup(azure_event_hub_settings.value, "azure_storage_connection_string", null)
+        azure_storage_container         = lookup(azure_event_hub_settings.value, "azure_storage_container", null)
+      }
+    }
+
+    dynamic "azure_mdm_intune_settings" {
+      for_each = lookup(each.value, "azure_mdm_intune_settings", null) != null ? [each.value.azure_mdm_intune_settings] : []
+      content {
+        auth_endpoint = lookup(azure_mdm_intune_settings.value, "auth_endpoint", null)
+        hostname      = lookup(azure_mdm_intune_settings.value, "hostname", null)
+        tenant_id     = lookup(azure_mdm_intune_settings.value, "tenant_id", null)
+        dynamic "authentication" {
+          for_each = lookup(azure_mdm_intune_settings.value, "authentication", null) != null ? [azure_mdm_intune_settings.value.authentication] : []
+          content {
+            client_id     = lookup(authentication.value, "client_id", null)
+            client_secret = lookup(authentication.value, "client_secret", null)
+          }
+        }
+      }
+    }
+
+    dynamic "cloud_passage_settings" {
+      for_each = lookup(each.value, "cloud_passage_settings", null) != null ? [each.value.cloud_passage_settings] : []
+      content {
+        event_types = lookup(cloud_passage_settings.value, "event_types", null)
+        dynamic "authentication" {
+          for_each = lookup(cloud_passage_settings.value, "authentication", null) != null ? [cloud_passage_settings.value.authentication] : []
+          content {
+            user   = lookup(authentication.value, "user", null)
+            secret = lookup(authentication.value, "secret", null)
+          }
+        }
+      }
+    }
+
+    dynamic "cortex_xdr_settings" {
+      for_each = lookup(each.value, "cortex_xdr_settings", null) != null ? [each.value.cortex_xdr_settings] : []
+      content {
+        endpoint = lookup(cortex_xdr_settings.value, "endpoint", null)
+        hostname = lookup(cortex_xdr_settings.value, "hostname", null)
+        dynamic "authentication" {
+          for_each = lookup(cortex_xdr_settings.value, "authentication", null) != null ? [cortex_xdr_settings.value.authentication] : []
+          content {
+            dynamic "header_key_values" {
+              for_each = lookup(authentication.value, "header_key_values", [])
+              content {
+                key   = lookup(header_key_values.value, "key", null)
+                value = lookup(header_key_values.value, "value", null)
+              }
+            }
+          }
+        }
+      }
+    }
+
+    dynamic "crowdstrike_alerts_settings" {
+      for_each = lookup(each.value, "crowdstrike_alerts_settings", null) != null ? [each.value.crowdstrike_alerts_settings] : []
+      content {
+        hostname       = crowdstrike_alerts_settings.value.hostname
+        ingestion_type = lookup(crowdstrike_alerts_settings.value, "ingestion_type", null)
+        dynamic "authentication" {
+          for_each = lookup(crowdstrike_alerts_settings.value, "authentication", null) != null ? [crowdstrike_alerts_settings.value.authentication] : []
+          content {
+            client_id      = lookup(authentication.value, "client_id", null)
+            client_secret  = lookup(authentication.value, "client_secret", null)
+            token_endpoint = lookup(authentication.value, "token_endpoint", null)
+          }
+        }
+      }
+    }
+
+    dynamic "crowdstrike_detects_settings" {
+      for_each = lookup(each.value, "crowdstrike_detects_settings", null) != null ? [each.value.crowdstrike_detects_settings] : []
+      content {
+        hostname       = lookup(crowdstrike_detects_settings.value, "hostname", null)
+        ingestion_type = lookup(crowdstrike_detects_settings.value, "ingestion_type", null)
+        dynamic "authentication" {
+          for_each = lookup(crowdstrike_detects_settings.value, "authentication", null) != null ? [crowdstrike_detects_settings.value.authentication] : []
+          content {
+            client_id      = lookup(authentication.value, "client_id", null)
+            client_secret  = lookup(authentication.value, "client_secret", null)
+            token_endpoint = lookup(authentication.value, "token_endpoint", null)
+          }
+        }
+      }
+    }
+
+    dynamic "dummy_log_type_settings" {
+      for_each = lookup(each.value, "dummy_log_type_settings", null) != null ? [each.value.dummy_log_type_settings] : []
+      content {
+        api_endpoint = lookup(dummy_log_type_settings.value, "api_endpoint", null)
+        dynamic "authentication" {
+          for_each = lookup(dummy_log_type_settings.value, "authentication", null) != null ? [dummy_log_type_settings.value.authentication] : []
+          content {
+            dynamic "header_key_values" {
+              for_each = lookup(authentication.value, "header_key_values", [])
+              content {
+                key   = lookup(header_key_values.value, "key", null)
+                value = lookup(header_key_values.value, "value", null)
+              }
+            }
+          }
+        }
+      }
+    }
+
+    dynamic "duo_auth_settings" {
+      for_each = lookup(each.value, "duo_auth_settings", null) != null ? [each.value.duo_auth_settings] : []
+      content {
+        hostname = lookup(duo_auth_settings.value, "hostname", null)
+        dynamic "authentication" {
+          for_each = lookup(duo_auth_settings.value, "authentication", null) != null ? [duo_auth_settings.value.authentication] : []
+          content {
+            user   = lookup(authentication.value, "user", null)
+            secret = lookup(authentication.value, "secret", null)
+          }
+        }
+      }
+    }
+
+    dynamic "duo_user_context_settings" {
+      for_each = lookup(each.value, "duo_user_context_settings", null) != null ? [each.value.duo_user_context_settings] : []
+      content {
+        hostname = lookup(duo_user_context_settings.value, "hostname", null)
+        dynamic "authentication" {
+          for_each = lookup(duo_user_context_settings.value, "authentication", null) != null ? [duo_user_context_settings.value.authentication] : []
+          content {
+            user   = lookup(authentication.value, "user", null)
+            secret = lookup(authentication.value, "secret", null)
+          }
+        }
+      }
+    }
+
+    dynamic "fox_it_stix_settings" {
+      for_each = lookup(each.value, "fox_it_stix_settings", null) != null ? [each.value.fox_it_stix_settings] : []
+      content {
+        collection       = lookup(fox_it_stix_settings.value, "collection", null)
+        poll_service_uri = lookup(fox_it_stix_settings.value, "poll_service_uri", null)
+        dynamic "authentication" {
+          for_each = lookup(fox_it_stix_settings.value, "authentication", null) != null ? [fox_it_stix_settings.value.authentication] : []
+          content {
+            user   = lookup(authentication.value, "user", null)
+            secret = lookup(authentication.value, "secret", null)
+          }
+        }
+        dynamic "ssl" {
+          for_each = lookup(fox_it_stix_settings.value, "ssl", null) != null ? [fox_it_stix_settings.value.ssl] : []
+          content {
+            encoded_private_key = lookup(ssl.value, "encoded_private_key", null)
+            ssl_certificate     = lookup(ssl.value, "ssl_certificate", null)
+          }
+        }
+      }
+    }
+
+    dynamic "gcs_settings" {
+      for_each = lookup(each.value, "gcs_settings", null) != null ? [each.value.gcs_settings] : []
+      content {
+        bucket_uri             = lookup(gcs_settings.value, "bucket_uri", null)
+        source_deletion_option = lookup(gcs_settings.value, "source_deletion_option", null)
+        source_type            = lookup(gcs_settings.value, "source_type", null)
+      }
+    }
+
+    dynamic "gcs_v2_settings" {
+      for_each = lookup(each.value, "gcs_v2_settings", null) != null ? [each.value.gcs_v2_settings] : []
+      content {
+        bucket_uri             = gcs_v2_settings.value.bucket_uri
+        source_deletion_option = lookup(gcs_v2_settings.value, "source_deletion_option", null)
+        max_lookback_days      = lookup(gcs_v2_settings.value, "max_lookback_days", null)
+      }
+    }
+
+    dynamic "google_cloud_identity_device_users_settings" {
+      for_each = lookup(each.value, "google_cloud_identity_device_users_settings", null) != null ? [each.value.google_cloud_identity_device_users_settings] : []
+      content {
+        dynamic "authentication" {
+          for_each = lookup(google_cloud_identity_device_users_settings.value, "authentication", null) != null ? [google_cloud_identity_device_users_settings.value.authentication] : []
+          content {
+            token_endpoint = lookup(authentication.value, "token_endpoint", null)
+            dynamic "claims" {
+              for_each = lookup(authentication.value, "claims", null) != null ? [authentication.value.claims] : []
+              content {
+                audience = lookup(claims.value, "audience", null)
+                issuer   = lookup(claims.value, "issuer", null)
+                subject  = lookup(claims.value, "subject", null)
+              }
+            }
+            dynamic "rs_credentials" {
+              for_each = lookup(authentication.value, "rs_credentials", null) != null ? [authentication.value.rs_credentials] : []
+              content {
+                private_key = lookup(rs_credentials.value, "private_key", null)
+              }
+            }
+          }
+        }
+      }
+    }
+
+    dynamic "google_cloud_identity_devices_settings" {
+      for_each = lookup(each.value, "google_cloud_identity_devices_settings", null) != null ? [each.value.google_cloud_identity_devices_settings] : []
+      content {
+        api_version = lookup(google_cloud_identity_devices_settings.value, "api_version", null)
+        dynamic "authentication" {
+          for_each = lookup(google_cloud_identity_devices_settings.value, "authentication", null) != null ? [google_cloud_identity_devices_settings.value.authentication] : []
+          content {
+            token_endpoint = lookup(authentication.value, "token_endpoint", null)
+            dynamic "claims" {
+              for_each = lookup(authentication.value, "claims", null) != null ? [authentication.value.claims] : []
+              content {
+                audience = lookup(claims.value, "audience", null)
+                issuer   = lookup(claims.value, "issuer", null)
+                subject  = lookup(claims.value, "subject", null)
+              }
+            }
+            dynamic "rs_credentials" {
+              for_each = lookup(authentication.value, "rs_credentials", null) != null ? [authentication.value.rs_credentials] : []
+              content {
+                private_key = lookup(rs_credentials.value, "private_key", null)
+              }
+            }
+          }
+        }
+      }
+    }
+
+    dynamic "google_cloud_storage_event_driven_settings" {
+      for_each = lookup(each.value, "google_cloud_storage_event_driven_settings", null) != null ? [each.value.google_cloud_storage_event_driven_settings] : []
+      content {
+        bucket_uri             = google_cloud_storage_event_driven_settings.value.bucket_uri
+        pubsub_subscription    = google_cloud_storage_event_driven_settings.value.pubsub_subscription
+        max_lookback_days      = lookup(google_cloud_storage_event_driven_settings.value, "max_lookback_days", null)
+        source_deletion_option = lookup(google_cloud_storage_event_driven_settings.value, "source_deletion_option", null)
+      }
+    }
+
+    dynamic "http_settings" {
+      for_each = lookup(each.value, "http_settings", null) != null ? [each.value.http_settings] : []
+      content {
+        uri                    = lookup(http_settings.value, "uri", null)
+        source_deletion_option = lookup(http_settings.value, "source_deletion_option", null)
+        source_type            = lookup(http_settings.value, "source_type", null)
+      }
+    }
+
+    dynamic "https_push_amazon_kinesis_firehose_settings" {
+      for_each = lookup(each.value, "https_push_amazon_kinesis_firehose_settings", null) != null ? [each.value.https_push_amazon_kinesis_firehose_settings] : []
+      content {
+        split_delimiter = lookup(https_push_amazon_kinesis_firehose_settings.value, "split_delimiter", null)
+      }
+    }
+
+    dynamic "https_push_google_cloud_pubsub_settings" {
+      for_each = lookup(each.value, "https_push_google_cloud_pubsub_settings", null) != null ? [each.value.https_push_google_cloud_pubsub_settings] : []
+      content {
+        split_delimiter = lookup(https_push_google_cloud_pubsub_settings.value, "split_delimiter", null)
+      }
+    }
+
+    dynamic "https_push_webhook_settings" {
+      for_each = lookup(each.value, "https_push_webhook_settings", null) != null ? [each.value.https_push_webhook_settings] : []
+      content {
+        split_delimiter = lookup(https_push_webhook_settings.value, "split_delimiter", null)
+      }
+    }
+
+    dynamic "imperva_waf_settings" {
+      for_each = lookup(each.value, "imperva_waf_settings", null) != null ? [each.value.imperva_waf_settings] : []
+      content {
+        dynamic "authentication" {
+          for_each = lookup(imperva_waf_settings.value, "authentication", null) != null ? [imperva_waf_settings.value.authentication] : []
+          content {
+            dynamic "header_key_values" {
+              for_each = lookup(authentication.value, "header_key_values", [])
+              content {
+                key   = lookup(header_key_values.value, "key", null)
+                value = lookup(header_key_values.value, "value", null)
+              }
+            }
+          }
+        }
+      }
+    }
+
+    dynamic "mandiant_ioc_settings" {
+      for_each = lookup(each.value, "mandiant_ioc_settings", null) != null ? [each.value.mandiant_ioc_settings] : []
+      content {
+        start_time = lookup(mandiant_ioc_settings.value, "start_time", null)
+        dynamic "authentication" {
+          for_each = lookup(mandiant_ioc_settings.value, "authentication", null) != null ? [mandiant_ioc_settings.value.authentication] : []
+          content {
+            dynamic "header_key_values" {
+              for_each = lookup(authentication.value, "header_key_values", [])
+              content {
+                key   = lookup(header_key_values.value, "key", null)
+                value = lookup(header_key_values.value, "value", null)
+              }
+            }
+          }
+        }
+      }
+    }
+
+    dynamic "microsoft_graph_alert_settings" {
+      for_each = lookup(each.value, "microsoft_graph_alert_settings", null) != null ? [each.value.microsoft_graph_alert_settings] : []
+      content {
+        auth_endpoint = lookup(microsoft_graph_alert_settings.value, "auth_endpoint", null)
+        hostname      = lookup(microsoft_graph_alert_settings.value, "hostname", null)
+        tenant_id     = lookup(microsoft_graph_alert_settings.value, "tenant_id", null)
+        dynamic "authentication" {
+          for_each = lookup(microsoft_graph_alert_settings.value, "authentication", null) != null ? [microsoft_graph_alert_settings.value.authentication] : []
+          content {
+            client_id     = lookup(authentication.value, "client_id", null)
+            client_secret = lookup(authentication.value, "client_secret", null)
+          }
+        }
+      }
+    }
+
+    dynamic "microsoft_security_center_alert_settings" {
+      for_each = lookup(each.value, "microsoft_security_center_alert_settings", null) != null ? [each.value.microsoft_security_center_alert_settings] : []
+      content {
+        auth_endpoint   = lookup(microsoft_security_center_alert_settings.value, "auth_endpoint", null)
+        hostname        = lookup(microsoft_security_center_alert_settings.value, "hostname", null)
+        subscription_id = lookup(microsoft_security_center_alert_settings.value, "subscription_id", null)
+        tenant_id       = lookup(microsoft_security_center_alert_settings.value, "tenant_id", null)
+        dynamic "authentication" {
+          for_each = lookup(microsoft_security_center_alert_settings.value, "authentication", null) != null ? [microsoft_security_center_alert_settings.value.authentication] : []
+          content {
+            client_id     = lookup(authentication.value, "client_id", null)
+            client_secret = lookup(authentication.value, "client_secret", null)
+          }
+        }
+      }
+    }
+
+    dynamic "mimecast_mail_settings" {
+      for_each = lookup(each.value, "mimecast_mail_settings", null) != null ? [each.value.mimecast_mail_settings] : []
+      content {
+        hostname = lookup(mimecast_mail_settings.value, "hostname", null)
+        dynamic "authentication" {
+          for_each = lookup(mimecast_mail_settings.value, "authentication", null) != null ? [mimecast_mail_settings.value.authentication] : []
+          content {
+            dynamic "header_key_values" {
+              for_each = lookup(authentication.value, "header_key_values", [])
+              content {
+                key   = lookup(header_key_values.value, "key", null)
+                value = lookup(header_key_values.value, "value", null)
+              }
+            }
+          }
+        }
+      }
+    }
+
+    dynamic "mimecast_mail_v2_settings" {
+      for_each = lookup(each.value, "mimecast_mail_v2_settings", null) != null ? [each.value.mimecast_mail_v2_settings] : []
+      content {
+        dynamic "auth_credentials" {
+          for_each = lookup(mimecast_mail_v2_settings.value, "auth_credentials", null) != null ? [mimecast_mail_v2_settings.value.auth_credentials] : []
+          content {
+            client_id     = lookup(auth_credentials.value, "client_id", null)
+            client_secret = lookup(auth_credentials.value, "client_secret", null)
+          }
+        }
+      }
+    }
+
+    dynamic "netskope_alert_settings" {
+      for_each = lookup(each.value, "netskope_alert_settings", null) != null ? [each.value.netskope_alert_settings] : []
+      content {
+        content_type = lookup(netskope_alert_settings.value, "content_type", null)
+        feedname     = lookup(netskope_alert_settings.value, "feedname", null)
+        hostname     = lookup(netskope_alert_settings.value, "hostname", null)
+        dynamic "authentication" {
+          for_each = lookup(netskope_alert_settings.value, "authentication", null) != null ? [netskope_alert_settings.value.authentication] : []
+          content {
+            dynamic "header_key_values" {
+              for_each = lookup(authentication.value, "header_key_values", [])
+              content {
+                key   = lookup(header_key_values.value, "key", null)
+                value = lookup(header_key_values.value, "value", null)
+              }
+            }
+          }
+        }
+      }
+    }
+
+    dynamic "netskope_alert_v2_settings" {
+      for_each = lookup(each.value, "netskope_alert_v2_settings", null) != null ? [each.value.netskope_alert_v2_settings] : []
+      content {
+        content_category = lookup(netskope_alert_v2_settings.value, "content_category", null)
+        content_types    = lookup(netskope_alert_v2_settings.value, "content_types", null)
+        hostname         = lookup(netskope_alert_v2_settings.value, "hostname", null)
+        dynamic "authentication" {
+          for_each = lookup(netskope_alert_v2_settings.value, "authentication", null) != null ? [netskope_alert_v2_settings.value.authentication] : []
+          content {
+            dynamic "header_key_values" {
+              for_each = lookup(authentication.value, "header_key_values", [])
+              content {
+                key   = lookup(header_key_values.value, "key", null)
+                value = lookup(header_key_values.value, "value", null)
+              }
+            }
+          }
+        }
+      }
+    }
+
+    dynamic "office365_settings" {
+      for_each = lookup(each.value, "office365_settings", null) != null ? [each.value.office365_settings] : []
+      content {
+        auth_endpoint = lookup(office365_settings.value, "auth_endpoint", null)
+        hostname      = lookup(office365_settings.value, "hostname", null)
+        tenant_id     = lookup(office365_settings.value, "tenant_id", null)
+        content_type  = lookup(office365_settings.value, "content_type", null)
+        dynamic "authentication" {
+          for_each = lookup(office365_settings.value, "authentication", null) != null ? [office365_settings.value.authentication] : []
+          content {
+            client_id     = lookup(authentication.value, "client_id", null)
+            client_secret = lookup(authentication.value, "client_secret", null)
+          }
+        }
+      }
+    }
+
+    dynamic "okta_settings" {
+      for_each = lookup(each.value, "okta_settings", null) != null ? [each.value.okta_settings] : []
+      content {
+        hostname = lookup(okta_settings.value, "hostname", null)
+        dynamic "authentication" {
+          for_each = lookup(okta_settings.value, "authentication", null) != null ? [okta_settings.value.authentication] : []
+          content {
+            dynamic "header_key_values" {
+              for_each = lookup(authentication.value, "header_key_values", [])
+              content {
+                key   = lookup(header_key_values.value, "key", null)
+                value = lookup(header_key_values.value, "value", null)
+              }
+            }
+          }
+        }
+      }
+    }
+
+    dynamic "okta_user_context_settings" {
+      for_each = lookup(each.value, "okta_user_context_settings", null) != null ? [each.value.okta_user_context_settings] : []
+      content {
+        hostname                   = lookup(okta_user_context_settings.value, "hostname", null)
+        manager_id_reference_field = lookup(okta_user_context_settings.value, "manager_id_reference_field", null)
+        dynamic "authentication" {
+          for_each = lookup(okta_user_context_settings.value, "authentication", null) != null ? [okta_user_context_settings.value.authentication] : []
+          content {
+            dynamic "header_key_values" {
+              for_each = lookup(authentication.value, "header_key_values", [])
+              content {
+                key   = lookup(header_key_values.value, "key", null)
+                value = lookup(header_key_values.value, "value", null)
+              }
+            }
+          }
+        }
+      }
+    }
+
+    dynamic "pan_ioc_settings" {
+      for_each = lookup(each.value, "pan_ioc_settings", null) != null ? [each.value.pan_ioc_settings] : []
+      content {
+        feed    = lookup(pan_ioc_settings.value, "feed", null)
+        feed_id = lookup(pan_ioc_settings.value, "feed_id", null)
+        dynamic "authentication" {
+          for_each = lookup(pan_ioc_settings.value, "authentication", null) != null ? [pan_ioc_settings.value.authentication] : []
+          content {
+            dynamic "header_key_values" {
+              for_each = lookup(authentication.value, "header_key_values", [])
+              content {
+                key   = lookup(header_key_values.value, "key", null)
+                value = lookup(header_key_values.value, "value", null)
+              }
+            }
+          }
+        }
+      }
+    }
+
+    dynamic "pan_prisma_cloud_settings" {
+      for_each = lookup(each.value, "pan_prisma_cloud_settings", null) != null ? [each.value.pan_prisma_cloud_settings] : []
+      content {
+        hostname = lookup(pan_prisma_cloud_settings.value, "hostname", null)
+        dynamic "authentication" {
+          for_each = lookup(pan_prisma_cloud_settings.value, "authentication", null) != null ? [pan_prisma_cloud_settings.value.authentication] : []
+          content {
+            user     = lookup(authentication.value, "user", null)
+            password = lookup(authentication.value, "password", null)
+          }
+        }
+      }
+    }
+
+    dynamic "proofpoint_mail_settings" {
+      for_each = lookup(each.value, "proofpoint_mail_settings", null) != null ? [each.value.proofpoint_mail_settings] : []
+      content {
+        dynamic "authentication" {
+          for_each = lookup(proofpoint_mail_settings.value, "authentication", null) != null ? [proofpoint_mail_settings.value.authentication] : []
+          content {
+            user   = lookup(authentication.value, "user", null)
+            secret = lookup(authentication.value, "secret", null)
+          }
+        }
+      }
+    }
+
+    dynamic "proofpoint_on_demand_settings" {
+      for_each = lookup(each.value, "proofpoint_on_demand_settings", null) != null ? [each.value.proofpoint_on_demand_settings] : []
+      content {
+        cluster_id = lookup(proofpoint_on_demand_settings.value, "cluster_id", null)
+        dynamic "authentication" {
+          for_each = lookup(proofpoint_on_demand_settings.value, "authentication", null) != null ? [proofpoint_on_demand_settings.value.authentication] : []
+          content {
+            dynamic "header_key_values" {
+              for_each = lookup(authentication.value, "header_key_values", [])
+              content {
+                key   = lookup(header_key_values.value, "key", null)
+                value = lookup(header_key_values.value, "value", null)
+              }
+            }
+          }
+        }
+      }
+    }
+
+    dynamic "pubsub_settings" {
+      for_each = lookup(each.value, "pubsub_settings", null) != null ? [each.value.pubsub_settings] : []
+      content {
+        google_service_account_email = lookup(pubsub_settings.value, "google_service_account_email", null)
+      }
+    }
+
+    dynamic "qualys_scan_settings" {
+      for_each = lookup(each.value, "qualys_scan_settings", null) != null ? [each.value.qualys_scan_settings] : []
+      content {
+        api_type = lookup(qualys_scan_settings.value, "api_type", null)
+        hostname = lookup(qualys_scan_settings.value, "hostname", null)
+        dynamic "authentication" {
+          for_each = lookup(qualys_scan_settings.value, "authentication", null) != null ? [qualys_scan_settings.value.authentication] : []
+          content {
+            user   = lookup(authentication.value, "user", null)
+            secret = lookup(authentication.value, "secret", null)
+          }
+        }
+      }
+    }
+
+    dynamic "qualys_vm_settings" {
+      for_each = lookup(each.value, "qualys_vm_settings", null) != null ? [each.value.qualys_vm_settings] : []
+      content {
+        hostname = lookup(qualys_vm_settings.value, "hostname", null)
+        dynamic "authentication" {
+          for_each = lookup(qualys_vm_settings.value, "authentication", null) != null ? [qualys_vm_settings.value.authentication] : []
+          content {
+            user   = lookup(authentication.value, "user", null)
+            secret = lookup(authentication.value, "secret", null)
+          }
+        }
+      }
+    }
+
+    dynamic "rapid7_insight_settings" {
+      for_each = lookup(each.value, "rapid7_insight_settings", null) != null ? [each.value.rapid7_insight_settings] : []
+      content {
+        endpoint = lookup(rapid7_insight_settings.value, "endpoint", null)
+        hostname = lookup(rapid7_insight_settings.value, "hostname", null)
+        dynamic "authentication" {
+          for_each = lookup(rapid7_insight_settings.value, "authentication", null) != null ? [rapid7_insight_settings.value.authentication] : []
+          content {
+            dynamic "header_key_values" {
+              for_each = lookup(authentication.value, "header_key_values", [])
+              content {
+                key   = lookup(header_key_values.value, "key", null)
+                value = lookup(header_key_values.value, "value", null)
+              }
+            }
+          }
+        }
+      }
+    }
+
+    dynamic "recorded_future_ioc_settings" {
+      for_each = lookup(each.value, "recorded_future_ioc_settings", null) != null ? [each.value.recorded_future_ioc_settings] : []
+      content {
+        dynamic "authentication" {
+          for_each = lookup(recorded_future_ioc_settings.value, "authentication", null) != null ? [recorded_future_ioc_settings.value.authentication] : []
+          content {
+            dynamic "header_key_values" {
+              for_each = lookup(authentication.value, "header_key_values", [])
+              content {
+                key   = lookup(header_key_values.value, "key", null)
+                value = lookup(header_key_values.value, "value", null)
+              }
+            }
+          }
+        }
+      }
+    }
+
+    dynamic "rh_isac_ioc_settings" {
+      for_each = lookup(each.value, "rh_isac_ioc_settings", null) != null ? [each.value.rh_isac_ioc_settings] : []
+      content {
+        dynamic "authentication" {
+          for_each = lookup(rh_isac_ioc_settings.value, "authentication", null) != null ? [rh_isac_ioc_settings.value.authentication] : []
+          content {
+            client_id      = lookup(authentication.value, "client_id", null)
+            client_secret  = lookup(authentication.value, "client_secret", null)
+            token_endpoint = lookup(authentication.value, "token_endpoint", null)
+          }
+        }
+      }
+    }
+
+    dynamic "salesforce_settings" {
+      for_each = lookup(each.value, "salesforce_settings", null) != null ? [each.value.salesforce_settings] : []
+      content {
+        hostname = lookup(salesforce_settings.value, "hostname", null)
+        dynamic "oauth_jwt_credentials" {
+          for_each = lookup(salesforce_settings.value, "oauth_jwt_credentials", null) != null ? [salesforce_settings.value.oauth_jwt_credentials] : []
+          content {
+            token_endpoint = lookup(oauth_jwt_credentials.value, "token_endpoint", null)
+            dynamic "claims" {
+              for_each = lookup(oauth_jwt_credentials.value, "claims", null) != null ? [oauth_jwt_credentials.value.claims] : []
+              content {
+                audience = lookup(claims.value, "audience", null)
+                issuer   = lookup(claims.value, "issuer", null)
+                subject  = lookup(claims.value, "subject", null)
+              }
+            }
+            dynamic "rs_credentials" {
+              for_each = lookup(oauth_jwt_credentials.value, "rs_credentials", null) != null ? [oauth_jwt_credentials.value.rs_credentials] : []
+              content {
+                private_key = lookup(rs_credentials.value, "private_key", null)
+              }
+            }
+          }
+        }
+        dynamic "oauth_password_grant_auth" {
+          for_each = lookup(salesforce_settings.value, "oauth_password_grant_auth", null) != null ? [salesforce_settings.value.oauth_password_grant_auth] : []
+          content {
+            token_endpoint = lookup(oauth_password_grant_auth.value, "token_endpoint", null)
+            client_id      = lookup(oauth_password_grant_auth.value, "client_id", null)
+            client_secret  = lookup(oauth_password_grant_auth.value, "client_secret", null)
+            user           = lookup(oauth_password_grant_auth.value, "user", null)
+            password       = lookup(oauth_password_grant_auth.value, "password", null)
+          }
+        }
+      }
+    }
+
+    dynamic "sentinelone_alert_settings" {
+      for_each = lookup(each.value, "sentinelone_alert_settings", null) != null ? [each.value.sentinelone_alert_settings] : []
+      content {
+        hostname                = lookup(sentinelone_alert_settings.value, "hostname", null)
+        initial_start_time      = lookup(sentinelone_alert_settings.value, "initial_start_time", null)
+        is_alert_api_subscribed = lookup(sentinelone_alert_settings.value, "is_alert_api_subscribed", null)
+        dynamic "authentication" {
+          for_each = lookup(sentinelone_alert_settings.value, "authentication", null) != null ? [sentinelone_alert_settings.value.authentication] : []
+          content {
+            dynamic "header_key_values" {
+              for_each = lookup(authentication.value, "header_key_values", [])
+              content {
+                key   = lookup(header_key_values.value, "key", null)
+                value = lookup(header_key_values.value, "value", null)
+              }
+            }
+          }
+        }
+      }
+    }
+
+    dynamic "service_now_cmdb_settings" {
+      for_each = lookup(each.value, "service_now_cmdb_settings", null) != null ? [each.value.service_now_cmdb_settings] : []
+      content {
+        feedname = lookup(service_now_cmdb_settings.value, "feedname", null)
+        hostname = lookup(service_now_cmdb_settings.value, "hostname", null)
+        dynamic "authentication" {
+          for_each = lookup(service_now_cmdb_settings.value, "authentication", null) != null ? [service_now_cmdb_settings.value.authentication] : []
+          content {
+            user   = lookup(authentication.value, "user", null)
+            secret = lookup(authentication.value, "secret", null)
+          }
+        }
+      }
+    }
+
+    dynamic "sftp_settings" {
+      for_each = lookup(each.value, "sftp_settings", null) != null ? [each.value.sftp_settings] : []
+      content {
+        uri                    = lookup(sftp_settings.value, "uri", null)
+        source_deletion_option = lookup(sftp_settings.value, "source_deletion_option", null)
+        source_type            = lookup(sftp_settings.value, "source_type", null)
+        dynamic "authentication" {
+          for_each = lookup(sftp_settings.value, "authentication", null) != null ? [sftp_settings.value.authentication] : []
+          content {
+            username               = lookup(authentication.value, "username", null)
+            password               = lookup(authentication.value, "password", null)
+            private_key            = lookup(authentication.value, "private_key", null)
+            private_key_passphrase = lookup(authentication.value, "private_key_passphrase", null)
+          }
+        }
+      }
+    }
+
+    dynamic "symantec_event_export_settings" {
+      for_each = lookup(each.value, "symantec_event_export_settings", null) != null ? [each.value.symantec_event_export_settings] : []
+      content {
+        dynamic "authentication" {
+          for_each = lookup(symantec_event_export_settings.value, "authentication", null) != null ? [symantec_event_export_settings.value.authentication] : []
+          content {
+            token_endpoint = lookup(authentication.value, "token_endpoint", null)
+            client_id      = lookup(authentication.value, "client_id", null)
+            client_secret  = lookup(authentication.value, "client_secret", null)
+            refresh_token  = lookup(authentication.value, "refresh_token", null)
+          }
+        }
+      }
+    }
+
+    dynamic "thinkst_canary_settings" {
+      for_each = lookup(each.value, "thinkst_canary_settings", null) != null ? [each.value.thinkst_canary_settings] : []
+      content {
+        hostname = lookup(thinkst_canary_settings.value, "hostname", null)
+        dynamic "authentication" {
+          for_each = lookup(thinkst_canary_settings.value, "authentication", null) != null ? [thinkst_canary_settings.value.authentication] : []
+          content {
+            dynamic "header_key_values" {
+              for_each = lookup(authentication.value, "header_key_values", [])
+              content {
+                key   = lookup(header_key_values.value, "key", null)
+                value = lookup(header_key_values.value, "value", null)
+              }
+            }
+          }
+        }
+      }
+    }
+
+    dynamic "threat_connect_ioc_settings" {
+      for_each = lookup(each.value, "threat_connect_ioc_settings", null) != null ? [each.value.threat_connect_ioc_settings] : []
+      content {
+        hostname = lookup(threat_connect_ioc_settings.value, "hostname", null)
+        owners   = lookup(threat_connect_ioc_settings.value, "owners", null)
+        dynamic "authentication" {
+          for_each = lookup(threat_connect_ioc_settings.value, "authentication", null) != null ? [threat_connect_ioc_settings.value.authentication] : []
+          content {
+            user   = lookup(authentication.value, "user", null)
+            secret = lookup(authentication.value, "secret", null)
+          }
+        }
+      }
+    }
+
+    dynamic "threat_connect_ioc_v3_settings" {
+      for_each = lookup(each.value, "threat_connect_ioc_v3_settings", null) != null ? [each.value.threat_connect_ioc_v3_settings] : []
+      content {
+        hostname  = lookup(threat_connect_ioc_v3_settings.value, "hostname", null)
+        owners    = lookup(threat_connect_ioc_v3_settings.value, "owners", null)
+        fields    = lookup(threat_connect_ioc_v3_settings.value, "fields", null)
+        schedule  = lookup(threat_connect_ioc_v3_settings.value, "schedule", null)
+        tql_query = lookup(threat_connect_ioc_v3_settings.value, "tql_query", null)
+        dynamic "authentication" {
+          for_each = lookup(threat_connect_ioc_v3_settings.value, "authentication", null) != null ? [threat_connect_ioc_v3_settings.value.authentication] : []
+          content {
+            user   = lookup(authentication.value, "user", null)
+            secret = lookup(authentication.value, "secret", null)
+          }
+        }
+      }
+    }
+
+    dynamic "trellix_hx_alerts_settings" {
+      for_each = lookup(each.value, "trellix_hx_alerts_settings", null) != null ? [each.value.trellix_hx_alerts_settings] : []
+      content {
+        endpoint = lookup(trellix_hx_alerts_settings.value, "endpoint", null)
+        dynamic "authentication" {
+          for_each = lookup(trellix_hx_alerts_settings.value, "authentication", null) != null ? [trellix_hx_alerts_settings.value.authentication] : []
+          content {
+            dynamic "msso" {
+              for_each = lookup(authentication.value, "msso", null) != null ? [authentication.value.msso] : []
+              content {
+                api_endpoint = lookup(msso.value, "api_endpoint", null)
+                username     = lookup(msso.value, "username", null)
+                password     = lookup(msso.value, "password", null)
+              }
+            }
+            dynamic "trellix_iam" {
+              for_each = lookup(authentication.value, "trellix_iam", null) != null ? [authentication.value.trellix_iam] : []
+              content {
+                client_id     = lookup(trellix_iam.value, "client_id", null)
+                client_secret = lookup(trellix_iam.value, "client_secret", null)
+                scope         = lookup(trellix_iam.value, "scope", null)
+              }
+            }
+          }
+        }
+      }
+    }
+
+    dynamic "trellix_hx_bulk_acqs_settings" {
+      for_each = lookup(each.value, "trellix_hx_bulk_acqs_settings", null) != null ? [each.value.trellix_hx_bulk_acqs_settings] : []
+      content {
+        endpoint = trellix_hx_bulk_acqs_settings.value.endpoint
+        dynamic "authentication" {
+          for_each = lookup(trellix_hx_bulk_acqs_settings.value, "authentication", null) != null ? [trellix_hx_bulk_acqs_settings.value.authentication] : []
+          content {
+            dynamic "msso" {
+              for_each = lookup(authentication.value, "msso", null) != null ? [authentication.value.msso] : []
+              content {
+                api_endpoint = msso.value.api_endpoint
+                username     = msso.value.username
+                password     = msso.value.password
+              }
+            }
+            dynamic "trellix_iam" {
+              for_each = lookup(authentication.value, "trellix_iam", null) != null ? [authentication.value.trellix_iam] : []
+              content {
+                client_id     = trellix_iam.value.client_id
+                client_secret = trellix_iam.value.client_secret
+                scope         = trellix_iam.value.scope
+              }
+            }
+          }
+        }
+      }
+    }
+
+    dynamic "trellix_hx_hosts_settings" {
+      for_each = lookup(each.value, "trellix_hx_hosts_settings", null) != null ? [each.value.trellix_hx_hosts_settings] : []
+      content {
+        endpoint = trellix_hx_hosts_settings.value.endpoint
+        dynamic "authentication" {
+          for_each = lookup(trellix_hx_hosts_settings.value, "authentication", null) != null ? [trellix_hx_hosts_settings.value.authentication] : []
+          content {
+            dynamic "msso" {
+              for_each = lookup(authentication.value, "msso", null) != null ? [authentication.value.msso] : []
+              content {
+                api_endpoint = msso.value.api_endpoint
+                username     = msso.value.username
+                password     = msso.value.password
+              }
+            }
+            dynamic "trellix_iam" {
+              for_each = lookup(authentication.value, "trellix_iam", null) != null ? [authentication.value.trellix_iam] : []
+              content {
+                client_id     = trellix_iam.value.client_id
+                client_secret = trellix_iam.value.client_secret
+                scope         = trellix_iam.value.scope
+              }
+            }
+          }
+        }
+      }
+    }
+
+    dynamic "webhook_settings" {
+      for_each = lookup(each.value, "webhook_settings", null) != null ? [each.value.webhook_settings] : []
+      content {
+      }
+    }
+
+    dynamic "workday_settings" {
+      for_each = lookup(each.value, "workday_settings", null) != null ? [each.value.workday_settings] : []
+      content {
+        hostname  = lookup(workday_settings.value, "hostname", null)
+        tenant_id = lookup(workday_settings.value, "tenant_id", null)
+        dynamic "authentication" {
+          for_each = lookup(workday_settings.value, "authentication", null) != null ? [workday_settings.value.authentication] : []
+          content {
+            user           = lookup(authentication.value, "user", null)
+            secret         = lookup(authentication.value, "secret", null)
+            token_endpoint = lookup(authentication.value, "token_endpoint", null)
+            client_id      = lookup(authentication.value, "client_id", null)
+            client_secret  = lookup(authentication.value, "client_secret", null)
+            refresh_token  = lookup(authentication.value, "refresh_token", null)
+          }
+        }
+      }
+    }
+
+    dynamic "workspace_activity_settings" {
+      for_each = lookup(each.value, "workspace_activity_settings", null) != null ? [each.value.workspace_activity_settings] : []
+      content {
+        workspace_customer_id = lookup(workspace_activity_settings.value, "workspace_customer_id", null)
+        applications          = lookup(workspace_activity_settings.value, "applications", null)
+        dynamic "authentication" {
+          for_each = lookup(workspace_activity_settings.value, "authentication", null) != null ? [workspace_activity_settings.value.authentication] : []
+          content {
+            token_endpoint = lookup(authentication.value, "token_endpoint", null)
+            dynamic "claims" {
+              for_each = lookup(authentication.value, "claims", null) != null ? [authentication.value.claims] : []
+              content {
+                audience = lookup(claims.value, "audience", null)
+                issuer   = lookup(claims.value, "issuer", null)
+                subject  = lookup(claims.value, "subject", null)
+              }
+            }
+            rs_credentials {
+              private_key = try(data.google_secret_manager_secret_version.value.secret_data, lookup(rs_credentials.value, "private_key", null))
+            }
+          }
+        }
+      }
+    }
+
+    dynamic "workspace_alerts_settings" {
+      for_each = lookup(each.value, "workspace_alerts_settings", null) != null ? [each.value.workspace_alerts_settings] : []
+      content {
+        workspace_customer_id = lookup(workspace_alerts_settings.value, "workspace_customer_id", null)
+        dynamic "authentication" {
+          for_each = lookup(workspace_alerts_settings.value, "authentication", null) != null ? [workspace_alerts_settings.value.authentication] : []
+          content {
+            token_endpoint = lookup(authentication.value, "token_endpoint", null)
+            dynamic "claims" {
+              for_each = lookup(authentication.value, "claims", null) != null ? [authentication.value.claims] : []
+              content {
+                audience = lookup(claims.value, "audience", null)
+                issuer   = lookup(claims.value, "issuer", null)
+                subject  = lookup(claims.value, "subject", null)
+              }
+            }
+            rs_credentials {
+              private_key = try(data.google_secret_manager_secret_version.value.secret_data, lookup(rs_credentials.value, "private_key", null))
+            }
+          }
+        }
+      }
+    }
+
+    dynamic "workspace_chrome_os_settings" {
+      for_each = lookup(each.value, "workspace_chrome_os_settings", null) != null ? [each.value.workspace_chrome_os_settings] : []
+      content {
+        workspace_customer_id = lookup(workspace_chrome_os_settings.value, "workspace_customer_id", null)
+        dynamic "authentication" {
+          for_each = lookup(workspace_chrome_os_settings.value, "authentication", null) != null ? [workspace_chrome_os_settings.value.authentication] : []
+          content {
+            token_endpoint = lookup(authentication.value, "token_endpoint", null)
+            dynamic "claims" {
+              for_each = lookup(authentication.value, "claims", null) != null ? [authentication.value.claims] : []
+              content {
+                audience = lookup(claims.value, "audience", null)
+                issuer   = lookup(claims.value, "issuer", null)
+                subject  = lookup(claims.value, "subject", null)
+              }
+            }
+            rs_credentials {
+              private_key = try(data.google_secret_manager_secret_version.value.secret_data, lookup(rs_credentials.value, "private_key", null))
+            }
+          }
+        }
+      }
+    }
+
+    dynamic "workspace_groups_settings" {
+      for_each = lookup(each.value, "workspace_groups_settings", null) != null ? [each.value.workspace_groups_settings] : []
+      content {
+        workspace_customer_id = lookup(workspace_groups_settings.value, "workspace_customer_id", null)
+        dynamic "authentication" {
+          for_each = lookup(workspace_groups_settings.value, "authentication", null) != null ? [workspace_groups_settings.value.authentication] : []
+          content {
+            token_endpoint = lookup(authentication.value, "token_endpoint", null)
+            dynamic "claims" {
+              for_each = lookup(authentication.value, "claims", null) != null ? [authentication.value.claims] : []
+              content {
+                audience = lookup(claims.value, "audience", null)
+                issuer   = lookup(claims.value, "issuer", null)
+                subject  = lookup(claims.value, "subject", null)
+              }
+            }
+            rs_credentials {
+              private_key = try(data.google_secret_manager_secret_version.value.secret_data, lookup(rs_credentials.value, "private_key", null))
+            }
+          }
+        }
+      }
+    }
+
+    dynamic "workspace_mobile_settings" {
+      for_each = lookup(each.value, "workspace_mobile_settings", null) != null ? [each.value.workspace_mobile_settings] : []
+      content {
+        workspace_customer_id = lookup(workspace_mobile_settings.value, "workspace_customer_id", null)
+        dynamic "authentication" {
+          for_each = lookup(workspace_mobile_settings.value, "authentication", null) != null ? [workspace_mobile_settings.value.authentication] : []
+          content {
+            token_endpoint = lookup(authentication.value, "token_endpoint", null)
+            dynamic "claims" {
+              for_each = lookup(authentication.value, "claims", null) != null ? [authentication.value.claims] : []
+              content {
+                audience = lookup(claims.value, "audience", null)
+                issuer   = lookup(claims.value, "issuer", null)
+                subject  = lookup(claims.value, "subject", null)
+              }
+            }
+            rs_credentials {
+              private_key = try(data.google_secret_manager_secret_version.value.secret_data, lookup(rs_credentials.value, "private_key", null))
+            }
+          }
+        }
+      }
+    }
+
+    dynamic "workspace_privileges_settings" {
+      for_each = lookup(each.value, "workspace_privileges_settings", null) != null ? [each.value.workspace_privileges_settings] : []
+      content {
+        workspace_customer_id = lookup(workspace_privileges_settings.value, "workspace_customer_id", null)
+        dynamic "authentication" {
+          for_each = lookup(workspace_privileges_settings.value, "authentication", null) != null ? [workspace_privileges_settings.value.authentication] : []
+          content {
+            token_endpoint = lookup(authentication.value, "token_endpoint", null)
+            dynamic "claims" {
+              for_each = lookup(authentication.value, "claims", null) != null ? [authentication.value.claims] : []
+              content {
+                audience = lookup(claims.value, "audience", null)
+                issuer   = lookup(claims.value, "issuer", null)
+                subject  = lookup(claims.value, "subject", null)
+              }
+            }
+            rs_credentials {
+              private_key = try(data.google_secret_manager_secret_version.value.secret_data, lookup(rs_credentials.value, "private_key", null))
+            }
+          }
+        }
+      }
+    }
+
+    dynamic "workspace_users_settings" {
+      for_each = lookup(each.value, "workspace_users_settings", null) != null ? [each.value.workspace_users_settings] : []
+      content {
+        workspace_customer_id = lookup(workspace_users_settings.value, "workspace_customer_id", null)
+        projection_type       = lookup(workspace_users_settings.value, "projection_type", null)
+        dynamic "authentication" {
+          for_each = lookup(workspace_users_settings.value, "authentication", null) != null ? [workspace_users_settings.value.authentication] : []
+          content {
+            token_endpoint = lookup(authentication.value, "token_endpoint", null)
+            dynamic "claims" {
+              for_each = lookup(authentication.value, "claims", null) != null ? [authentication.value.claims] : []
+              content {
+                audience = lookup(claims.value, "audience", null)
+                issuer   = lookup(claims.value, "issuer", null)
+                subject  = lookup(claims.value, "subject", null)
+              }
+            }
+            rs_credentials {
+              private_key = try(data.google_secret_manager_secret_version.value.secret_data, lookup(rs_credentials.value, "private_key", null))
+            }
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/modules/secops-feeds/outputs.tf b/modules/secops-feeds/outputs.tf
new file mode 100644
index 0000000..90f5e73
--- /dev/null
+++ b/modules/secops-feeds/outputs.tf
@@ -0,0 +1,21 @@
+/**
+ * Copyright 2026 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+output "feeds_id" {
+  value = {
+    for key, value in google_chronicle_feed.feeds : key => element(split("/", value.id), length(split("/", value.id)) - 1)
+  }
+}
\ No newline at end of file
diff --git a/modules/secops-feeds/variables.tf b/modules/secops-feeds/variables.tf
new file mode 100644
index 0000000..9ba7d3e
--- /dev/null
+++ b/modules/secops-feeds/variables.tf
@@ -0,0 +1,826 @@
+/**
+ * Copyright 2026 Google LLC
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+variable "feeds" {
+  description = "A map of Chronicle feeds to create."
+  type = map(object({
+    display_name    = string
+    log_type        = string
+    enabled         = optional(bool, true)
+    asset_namespace = optional(string)
+    labels          = optional(map(string))
+
+    secret_manager_config = optional(object({
+      region      = string
+      secret_name = string
+      version     = optional(string)
+    }))
+
+    amazon_s3_settings = optional(object({
+      s3_uri                 = string
+      source_deletion_option = string
+      source_type            = string
+      authentication = optional(object({
+        region            = string
+        access_key_id     = optional(string)
+        secret_access_key = optional(string)
+        client_id         = optional(string)
+        client_secret     = optional(string)
+        refresh_uri       = optional(string)
+      }))
+    }))
+
+    amazon_s3_v2_settings = optional(object({
+      s3_uri                 = string
+      source_deletion_option = optional(string)
+      max_lookback_days      = optional(number)
+      authentication = object({
+        access_key_secret_auth = optional(object({
+          access_key_id     = string
+          secret_access_key = string
+        }))
+        aws_iam_role_auth = optional(object({
+          aws_iam_role_arn = optional(string)
+          subject_id       = optional(string)
+        }))
+      })
+    }))
+
+    amazon_sqs_settings = optional(object({
+      account_number         = optional(string)
+      queue                  = optional(string)
+      region                 = optional(string)
+      source_deletion_option = optional(string)
+      authentication = optional(object({
+        additional_s3_access_key_secret_auth = optional(object({
+          access_key_id     = optional(string)
+          secret_access_key = optional(string)
+        }))
+        sqs_access_key_secret_auth = optional(object({
+          access_key_id     = optional(string)
+          secret_access_key = optional(string)
+        }))
+      }))
+    }))
+
+    amazon_sqs_v2_settings = optional(object({
+      queue                  = string
+      s3_uri                 = string
+      source_deletion_option = optional(string)
+      max_lookback_days      = optional(number)
+      authentication = object({
+        aws_iam_role_auth = object({
+          aws_iam_role_arn = optional(string)
+          subject_id       = optional(string)
+        })
+        sqs_v2_access_key_secret_auth = object({
+          access_key_id     = optional(string)
+          secret_access_key = optional(string)
+        })
+      })
+    }))
+
+    anomali_settings = optional(object({
+      authentication = optional(object({
+        user   = optional(string)
+        secret = optional(string)
+      }))
+    }))
+
+    aws_ec2_hosts_settings = optional(object({
+      authentication = optional(object({
+        user   = optional(string)
+        secret = optional(string)
+      }))
+    }))
+
+    aws_ec2_instances_settings = optional(object({
+      authentication = optional(object({
+        user   = optional(string)
+        secret = optional(string)
+      }))
+    }))
+
+    aws_ec2_vpcs_settings = optional(object({
+      authentication = optional(object({
+        user   = optional(string)
+        secret = optional(string)
+      }))
+    }))
+
+    aws_iam_settings = optional(object({
+      api_type = optional(string)
+      authentication = optional(object({
+        user   = optional(string)
+        secret = optional(string)
+      }))
+    }))
+
+    azure_ad_audit_settings = optional(object({
+      auth_endpoint = optional(string)
+      hostname      = optional(string)
+      tenant_id     = optional(string)
+      authentication = optional(object({
+        client_id     = optional(string)
+        client_secret = optional(string)
+      }))
+    }))
+
+    azure_ad_context_settings = optional(object({
+      auth_endpoint    = optional(string)
+      hostname         = optional(string)
+      tenant_id        = optional(string)
+      retrieve_devices = optional(bool)
+      retrieve_groups  = optional(bool)
+      authentication = optional(object({
+        client_id     = optional(string)
+        client_secret = optional(string)
+      }))
+    }))
+
+    azure_ad_settings = optional(object({
+      auth_endpoint = optional(string)
+      hostname      = optional(string)
+      tenant_id     = optional(string)
+      authentication = optional(object({
+        client_id     = optional(string)
+        client_secret = optional(string)
+      }))
+    }))
+
+    azure_blob_store_settings = optional(object({
+      azure_uri              = optional(string)
+      source_deletion_option = optional(string)
+      source_type            = optional(string)
+      authentication = optional(object({
+        sas_token  = optional(string)
+        shared_key = optional(string)
+      }))
+    }))
+
+    azure_blob_store_v2_settings = optional(object({
+      azure_uri              = string
+      source_deletion_option = optional(string)
+      max_lookback_days      = optional(number)
+      authentication = object({
+        access_key = string
+        sas_token  = string
+        azure_v2_workload_identity_federation = object({
+          client_id  = string
+          subject_id = string
+          tenant_id  = string
+        })
+      })
+    }))
+
+    azure_event_hub_settings = optional(object({
+      consumer_group                  = string
+      event_hub_connection_string     = string
+      name                            = string
+      azure_sas_token                 = optional(string)
+      azure_storage_connection_string = optional(string)
+      azure_storage_container         = optional(string)
+    }))
+
+    azure_mdm_intune_settings = optional(object({
+      auth_endpoint = optional(string)
+      hostname      = optional(string)
+      tenant_id     = optional(string)
+      authentication = optional(object({
+        client_id     = optional(string)
+        client_secret = optional(string)
+      }))
+    }))
+
+    cloud_passage_settings = optional(object({
+      event_types = optional(list(string))
+      authentication = optional(object({
+        user   = optional(string)
+        secret = optional(string)
+      }))
+    }))
+
+    cortex_xdr_settings = optional(object({
+      endpoint = optional(string)
+      hostname = optional(string)
+      authentication = optional(object({
+        header_key_values = optional(list(object({
+          key   = optional(string)
+          value = optional(string)
+        })))
+      }))
+    }))
+
+    crowdstrike_alerts_settings = optional(object({
+      hostname       = string
+      ingestion_type = optional(string)
+      authentication = object({
+        client_id      = optional(string)
+        client_secret  = optional(string)
+        token_endpoint = optional(string)
+      })
+    }))
+
+    crowdstrike_detects_settings = optional(object({
+      hostname       = optional(string)
+      ingestion_type = optional(string)
+      authentication = optional(object({
+        client_id      = optional(string)
+        client_secret  = optional(string)
+        token_endpoint = optional(string)
+      }))
+    }))
+
+    dummy_log_type_settings = optional(object({
+      api_endpoint = optional(string)
+      authentication = optional(object({
+        header_key_values = optional(list(object({
+          key   = optional(string)
+          value = optional(string)
+        })))
+      }))
+    }))
+
+    duo_auth_settings = optional(object({
+      hostname = optional(string)
+      authentication = optional(object({
+        user   = optional(string)
+        secret = optional(string)
+      }))
+    }))
+
+    duo_user_context_settings = optional(object({
+      hostname = optional(string)
+      authentication = optional(object({
+        user   = optional(string)
+        secret = optional(string)
+      }))
+    }))
+
+    fox_it_stix_settings = optional(object({
+      collection       = optional(string)
+      poll_service_uri = optional(string)
+      authentication = optional(object({
+        user   = optional(string)
+        secret = optional(string)
+      }))
+      ssl = optional(object({
+        encoded_private_key = optional(string)
+        ssl_certificate     = optional(string)
+      }))
+    }))
+
+    gcs_settings = optional(object({
+      bucket_uri             = optional(string)
+      source_deletion_option = optional(string)
+      source_type            = optional(string)
+    }))
+
+    gcs_v2_settings = optional(object({
+      bucket_uri             = string
+      source_deletion_option = optional(string)
+      max_lookback_days      = optional(number)
+    }))
+
+    google_cloud_identity_device_users_settings = optional(object({
+      authentication = optional(object({
+        token_endpoint = optional(string)
+        claims = optional(object({
+          audience = optional(string)
+          issuer   = optional(string)
+          subject  = optional(string)
+        }))
+        rs_credentials = optional(object({
+          private_key = optional(string)
+        }))
+      }))
+    }))
+
+    google_cloud_identity_devices_settings = optional(object({
+      api_version = optional(string)
+      authentication = optional(object({
+        token_endpoint = optional(string)
+        claims = optional(object({
+          audience = optional(string)
+          issuer   = optional(string)
+          subject  = optional(string)
+        }))
+        rs_credentials = optional(object({
+          private_key = optional(string)
+        }))
+      }))
+    }))
+
+    google_cloud_storage_event_driven_settings = optional(object({
+      bucket_uri             = string
+      pubsub_subscription    = string
+      max_lookback_days      = optional(number)
+      source_deletion_option = optional(string)
+    }))
+
+    http_settings = optional(object({
+      uri                    = optional(string)
+      source_deletion_option = optional(string)
+      source_type            = optional(string)
+    }))
+
+    https_push_amazon_kinesis_firehose_settings = optional(object({
+      split_delimiter = optional(string)
+    }))
+
+    https_push_google_cloud_pubsub_settings = optional(object({
+      split_delimiter = optional(string)
+    }))
+
+    https_push_webhook_settings = optional(object({
+      split_delimiter = optional(string)
+    }))
+
+    imperva_waf_settings = optional(object({
+      authentication = optional(object({
+        header_key_values = optional(list(object({
+          key   = optional(string)
+          value = optional(string)
+        })))
+      }))
+    }))
+
+    mandiant_ioc_settings = optional(object({
+      start_time = optional(string)
+      authentication = optional(object({
+        header_key_values = optional(list(object({
+          key   = optional(string)
+          value = optional(string)
+        })))
+      }))
+    }))
+
+    microsoft_graph_alert_settings = optional(object({
+      auth_endpoint = optional(string)
+      hostname      = optional(string)
+      tenant_id     = optional(string)
+      authentication = optional(object({
+        client_id     = optional(string)
+        client_secret = optional(string)
+      }))
+    }))
+
+    microsoft_security_center_alert_settings = optional(object({
+      auth_endpoint   = optional(string)
+      hostname        = optional(string)
+      subscription_id = optional(string)
+      tenant_id       = optional(string)
+      authentication = optional(object({
+        client_id     = optional(string)
+        client_secret = optional(string)
+      }))
+    }))
+
+    mimecast_mail_settings = optional(object({
+      hostname = optional(string)
+      authentication = optional(object({
+        header_key_values = optional(list(object({
+          key   = optional(string)
+          value = optional(string)
+        })))
+      }))
+    }))
+
+    mimecast_mail_v2_settings = optional(object({
+      auth_credentials = optional(object({
+        client_id     = optional(string)
+        client_secret = optional(string)
+      }))
+    }))
+
+    netskope_alert_settings = optional(object({
+      content_type = optional(string)
+      feedname     = optional(string)
+      hostname     = optional(string)
+      authentication = optional(object({
+        header_key_values = optional(list(object({
+          key   = optional(string)
+          value = optional(string)
+        })))
+      }))
+    }))
+
+    netskope_alert_v2_settings = optional(object({
+      content_category = optional(string)
+      content_types    = optional(list(string))
+      hostname         = optional(string)
+      authentication = optional(object({
+        header_key_values = optional(list(object({
+          key   = optional(string)
+          value = optional(string)
+        })))
+      }))
+    }))
+
+    office365_settings = optional(object({
+      auth_endpoint = optional(string)
+      hostname      = optional(string)
+      tenant_id     = optional(string)
+      content_type  = optional(string)
+      authentication = optional(object({
+        client_id     = optional(string)
+        client_secret = optional(string)
+      }))
+    }))
+
+    okta_settings = optional(object({
+      hostname = optional(string)
+      authentication = optional(object({
+        header_key_values = optional(list(object({
+          key   = optional(string)
+          value = optional(string)
+        })))
+      }))
+    }))
+
+    okta_user_context_settings = optional(object({
+      hostname                   = optional(string)
+      manager_id_reference_field = optional(string)
+      authentication = optional(object({
+        header_key_values = optional(list(object({
+          key   = optional(string)
+          value = optional(string)
+        })))
+      }))
+    }))
+
+    pan_ioc_settings = optional(object({
+      feed    = optional(string)
+      feed_id = optional(string)
+      authentication = optional(object({
+        header_key_values = optional(list(object({
+          key   = optional(string)
+          value = optional(string)
+        })))
+      }))
+    }))
+
+    pan_prisma_cloud_settings = optional(object({
+      hostname = optional(string)
+      authentication = optional(object({
+        user     = optional(string)
+        password = optional(string)
+      }))
+    }))
+
+    proofpoint_mail_settings = optional(object({
+      authentication = optional(object({
+        user   = optional(string)
+        secret = optional(string)
+      }))
+    }))
+
+    proofpoint_on_demand_settings = optional(object({
+      cluster_id = optional(string)
+      authentication = optional(object({
+        header_key_values = optional(list(object({
+          key   = optional(string)
+          value = optional(string)
+        })))
+      }))
+    }))
+
+    pubsub_settings = optional(object({
+      google_service_account_email = optional(string)
+    }))
+
+    qualys_scan_settings = optional(object({
+      api_type = optional(string)
+      hostname = optional(string)
+      authentication = optional(object({
+        user   = optional(string)
+        secret = optional(string)
+      }))
+    }))
+
+    qualys_vm_settings = optional(object({
+      hostname = optional(string)
+      authentication = optional(object({
+        user   = optional(string)
+        secret = optional(string)
+      }))
+    }))
+
+    rapid7_insight_settings = optional(object({
+      endpoint = optional(string)
+      hostname = optional(string)
+      authentication = optional(object({
+        header_key_values = optional(list(object({
+          key   = optional(string)
+          value = optional(string)
+        })))
+      }))
+    }))
+
+    recorded_future_ioc_settings = optional(object({
+      authentication = optional(object({
+        header_key_values = optional(list(object({
+          key   = optional(string)
+          value = optional(string)
+        })))
+      }))
+    }))
+
+    rh_isac_ioc_settings = optional(object({
+      authentication = optional(object({
+        client_id      = optional(string)
+        client_secret  = optional(string)
+        token_endpoint = optional(string)
+      }))
+    }))
+
+    salesforce_settings = optional(object({
+      hostname = optional(string)
+      oauth_jwt_credentials = optional(object({
+        token_endpoint = optional(string)
+        claims = optional(object({
+          audience = optional(string)
+          issuer   = optional(string)
+          subject  = optional(string)
+        }))
+        rs_credentials = optional(object({
+          private_key = optional(string)
+        }))
+      }))
+      oauth_password_grant_auth = optional(object({
+        token_endpoint = optional(string)
+        client_id      = optional(string)
+        client_secret  = optional(string)
+        user           = optional(string)
+        password       = optional(string)
+      }))
+    }))
+
+    sentinelone_alert_settings = optional(object({
+      hostname                = optional(string)
+      initial_start_time      = optional(string)
+      is_alert_api_subscribed = optional(bool)
+      authentication = optional(object({
+        header_key_values = optional(list(object({
+          key   = optional(string)
+          value = optional(string)
+        })))
+      }))
+    }))
+
+    service_now_cmdb_settings = optional(object({
+      feedname = optional(string)
+      hostname = optional(string)
+      authentication = optional(object({
+        user   = optional(string)
+        secret = optional(string)
+      }))
+    }))
+
+    sftp_settings = optional(object({
+      uri                    = optional(string)
+      source_deletion_option = optional(string)
+      source_type            = optional(string)
+      authentication = optional(object({
+        username               = optional(string)
+        password               = optional(string)
+        private_key            = optional(string)
+        private_key_passphrase = optional(string)
+      }))
+    }))
+
+    symantec_event_export_settings = optional(object({
+      authentication = optional(object({
+        token_endpoint = optional(string)
+        client_id      = optional(string)
+        client_secret  = optional(string)
+        refresh_token  = optional(string)
+      }))
+    }))
+
+    thinkst_canary_settings = optional(object({
+      hostname = optional(string)
+      authentication = optional(object({
+        header_key_values = optional(list(object({
+          key   = optional(string)
+          value = optional(string)
+        })))
+      }))
+    }))
+
+    threat_connect_ioc_settings = optional(object({
+      hostname = optional(string)
+      owners   = optional(list(string))
+      authentication = optional(object({
+        user   = optional(string)
+        secret = optional(string)
+      }))
+    }))
+
+    threat_connect_ioc_v3_settings = optional(object({
+      hostname  = optional(string)
+      owners    = optional(list(string))
+      fields    = optional(list(string))
+      schedule  = optional(string)
+      tql_query = optional(string)
+      authentication = optional(object({
+        user   = optional(string)
+        secret = optional(string)
+      }))
+    }))
+
+    trellix_hx_alerts_settings = optional(object({
+      endpoint = optional(string)
+      authentication = optional(object({
+        msso = optional(object({
+          api_endpoint = optional(string)
+          username     = optional(string)
+          password     = optional(string)
+        }))
+        trellix_iam = optional(object({
+          client_id     = optional(string)
+          client_secret = optional(string)
+          scope         = optional(string)
+        }))
+      }))
+    }))
+
+    trellix_hx_bulk_acqs_settings = optional(object({
+      endpoint = string
+      authentication = optional(object({
+        msso = optional(object({
+          api_endpoint = string
+          username     = string
+          password     = string
+        }))
+        trellix_iam = optional(object({
+          client_id     = string
+          client_secret = string
+          scope         = string
+        }))
+      }))
+    }))
+
+    trellix_hx_hosts_settings = optional(object({
+      endpoint = string
+      authentication = optional(object({
+        msso = optional(object({
+          api_endpoint = string
+          username     = string
+          password     = string
+        }))
+        trellix_iam = optional(object({
+          client_id     = string
+          client_secret = string
+          scope         = string
+        }))
+      }))
+    }))
+
+    webhook_settings = optional(object({
+    }))
+
+    workday_settings = optional(object({
+      hostname  = optional(string)
+      tenant_id = optional(string)
+      authentication = optional(object({
+        user           = optional(string)
+        secret         = optional(string)
+        token_endpoint = optional(string)
+        client_id      = optional(string)
+        client_secret  = optional(string)
+        refresh_token  = optional(string)
+      }))
+    }))
+
+    workspace_activity_settings = optional(object({
+      workspace_customer_id = optional(string)
+      applications          = optional(list(string))
+      authentication = optional(object({
+        token_endpoint = optional(string)
+        claims = optional(object({
+          audience = optional(string)
+          issuer   = optional(string)
+          subject  = optional(string)
+        }))
+        rs_credentials = optional(object({
+          private_key = optional(string)
+        }))
+      }))
+    }))
+
+    workspace_alerts_settings = optional(object({
+      workspace_customer_id = optional(string)
+      authentication = optional(object({
+        token_endpoint = optional(string)
+        claims = optional(object({
+          audience = optional(string)
+          issuer   = optional(string)
+          subject  = optional(string)
+        }))
+        rs_credentials = optional(object({
+          private_key = optional(string)
+        }))
+      }))
+    }))
+
+    workspace_chrome_os_settings = optional(object({
+      workspace_customer_id = optional(string)
+      authentication = optional(object({
+        token_endpoint = optional(string)
+        claims = optional(object({
+          audience = optional(string)
+          issuer   = optional(string)
+          subject  = optional(string)
+        }))
+        rs_credentials = optional(object({
+          private_key = optional(string)
+        }))
+      }))
+    }))
+
+    workspace_groups_settings = optional(object({
+      workspace_customer_id = optional(string)
+      authentication = optional(object({
+        token_endpoint = optional(string)
+        claims = optional(object({
+          audience = optional(string)
+          issuer   = optional(string)
+          subject  = optional(string)
+        }))
+        rs_credentials = optional(object({
+          private_key = optional(string)
+        }))
+      }))
+    }))
+
+    workspace_mobile_settings = optional(object({
+      workspace_customer_id = optional(string)
+      authentication = optional(object({
+        token_endpoint = optional(string)
+        claims = optional(object({
+          audience = optional(string)
+          issuer   = optional(string)
+          subject  = optional(string)
+        }))
+        rs_credentials = optional(object({
+          private_key = optional(string)
+        }))
+      }))
+    }))
+
+    workspace_privileges_settings = optional(object({
+      workspace_customer_id = optional(string)
+      authentication = optional(object({
+        token_endpoint = optional(string)
+        claims = optional(object({
+          audience = optional(string)
+          issuer   = optional(string)
+          subject  = optional(string)
+        }))
+        rs_credentials = optional(object({
+          private_key = optional(string)
+        }))
+      }))
+    }))
+
+    workspace_users_settings = optional(object({
+      workspace_customer_id = optional(string)
+      projection_type       = optional(string)
+      authentication = optional(object({
+        token_endpoint = optional(string)
+        claims = optional(object({
+          audience = optional(string)
+          issuer   = optional(string)
+          subject  = optional(string)
+        }))
+        rs_credentials = optional(object({
+          private_key = optional(string)
+        }))
+      }))
+    }))
+  }))
+  default = {}
+}
+
+variable "secops_config" {
+  description = "SecOps configuration."
+  type = object({
+    customer_id = string
+    project     = string
+    region      = string
+  })
+}
diff --git a/modules/secops-feeds/versions.tf b/modules/secops-feeds/versions.tf
new file mode 100644
index 0000000..e4f408a
--- /dev/null
+++ b/modules/secops-feeds/versions.tf
@@ -0,0 +1,27 @@
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+terraform {
+  required_version = ">= 1.3.0"
+  required_providers {
+    google = {
+      source  = "hashicorp/google"
+      version = ">= 7.0.0, < 8.0.0"
+    }
+    google-beta = {
+      source  = "hashicorp/google-beta"
+      version = ">= 7.0.0, < 8.0.0"
+    }
+  }
+}
diff --git a/tests/blueprints/secops-instance/basic.yaml b/tests/blueprints/secops-instance/basic.yaml
index 4df2b0f..a087f1b 100644
--- a/tests/blueprints/secops-instance/basic.yaml
+++ b/tests/blueprints/secops-instance/basic.yaml
@@ -12,2268 +12,3 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-values:
-  google_apikeys_key.feed_api_key[0]:
-    display_name: SecOps Feeds API Key
-    name: secops-feeds-key
-    project: test-project
-    restrictions:
-    - android_key_restrictions: []
-      api_targets:
-      - methods: null
-        service: chronicle.googleapis.com
-      browser_key_restrictions: []
-      ios_key_restrictions: []
-      server_key_restrictions: []
-    service_account_email: null
-    timeouts: null
-  google_monitoring_alert_policy.chronicle_ingestion_alert[0]:
-    alert_strategy: []
-    combiner: OR
-    conditions:
-    - condition_absent: []
-      condition_matched_log: []
-      condition_monitoring_query_language: []
-      condition_prometheus_query_language:
-      - alert_rule: null
-        disable_metric_validation: null
-        duration: 120s
-        evaluation_interval: 60s
-        labels: null
-        query: 100 * sum(rate(chronicle_googleapis_com:ingestion_log_bytes_count{monitored_resource="chronicle.googleapis.com/Collector"}[10m]))
-          / min(min_over_time(chronicle_googleapis_com:ingestion_quota_limit{monitored_resource="chronicle.googleapis.com/Collector"}[10m]))
-          > 80
-        rule_group: null
-      condition_sql: []
-      condition_threshold: []
-      display_name: SecOps ingestion is over 80% of the quota
-    display_name: SecOps Ingestion Rate close to ingestion limit.
-    documentation:
-    - content: The SecOps data ingestion rate has exceeded 80% of the provisioned
-        quota. Please investigate the data sources to prevent potential data loss.
-      links: []
-      mime_type: text/markdown
-      subject: null
-    enabled: true
-    project: test-project
-    severity: null
-    timeouts: null
-    user_labels:
-      severity: warning
-  google_monitoring_alert_policy.secops_forwarder_silence[0]:
-    alert_strategy:
-    - auto_close: 604800s
-      notification_channel_strategy: []
-      notification_prompts: null
-      notification_rate_limit: []
-    combiner: OR
-    conditions:
-    - condition_absent:
-      - aggregations:
-        - alignment_period: 3600s
-          cross_series_reducer: REDUCE_MEAN
-          group_by_fields:
-          - resource.label.collector_id
-          per_series_aligner: ALIGN_MEAN
-        duration: 3600s
-        filter: metric.type="chronicle.googleapis.com/ingestion/log/record_count"
-          resource.type="chronicle.googleapis.com/Collector"
-        trigger:
-        - count: 1
-          percent: null
-      condition_matched_log: []
-      condition_monitoring_query_language: []
-      condition_prometheus_query_language: []
-      condition_sql: []
-      condition_threshold: []
-      display_name: No logs received from a SecOps forwarder for 60 minutes
-    display_name: Detect Silent Google SecOps Forwarders
-    documentation:
-    - content: 'This policy triggers an alert when a Google SecOps forwarder (collector_id:
-        ${resource.label.collector_id}) has not sent any logs for 60 minutes.'
-      links: []
-      mime_type: text/markdown
-      subject: null
-    enabled: true
-    project: test-project
-    severity: null
-    timeouts: null
-    user_labels:
-      severity: warning
-  google_monitoring_alert_policy.secops_normalized_events_drop[0]:
-    alert_strategy:
-    - auto_close: 604800s
-      notification_channel_strategy: []
-      notification_prompts: null
-      notification_rate_limit: []
-    combiner: OR
-    conditions:
-    - condition_absent: []
-      condition_matched_log: []
-      condition_monitoring_query_language: []
-      condition_prometheus_query_language:
-      - alert_rule: null
-        disable_metric_validation: null
-        duration: 3600s
-        evaluation_interval: 3600s
-        labels: null
-        query: 100 * abs(sum by (log_type) (chronicle_googleapis_com:ingestion_log_record_count{monitored_resource="chronicle.googleapis.com/Collector"})
-          - sum by (log_type) (chronicle_googleapis_com:normalizer_event_record_count{monitored_resource="chronicle.googleapis.com/Collector"}))
-          / sum by (log_type) (chronicle_googleapis_com:ingestion_log_record_count{monitored_resource="chronicle.googleapis.com/Collector"})
-          > 50
-        rule_group: null
-      condition_sql: []
-      condition_threshold: []
-      display_name: Decrease in ration between ingested raw logs and events normalized
-        per log type for 60 minutes
-    display_name: Detect drop in events normalized per raw loogs ingested in Google
-      SecOps
-    documentation:
-    - content: 'This policy triggers an alert when a Google SecOps forwarder (log_type:
-        ${resource.label.log_type}) has not sent any logs for 60 minutes.'
-      links: []
-      mime_type: text/markdown
-      subject: null
-    enabled: true
-    project: test-project
-    severity: null
-    timeouts: null
-    user_labels:
-      severity: warning
-  google_monitoring_notification_channel.email_notification["user@example.com"]:
-    description: null
-    display_name: SecOps Notification email
-    enabled: true
-    force_delete: false
-    labels:
-      email_address: user@example.com
-    project: test-project
-    sensitive_labels: []
-    timeouts: null
-    type: email
-    user_labels: null
-  google_service_account_key.workspace_integration_key[0]:
-    keepers: null
-    key_algorithm: KEY_ALG_RSA_2048
-    private_key_type: TYPE_GOOGLE_CREDENTIALS_FILE
-    public_key_data: null
-    public_key_type: TYPE_X509_PEM_FILE
-    service_account_id: workspace-integration@test-project.iam.gserviceaccount.com
-  module.project.google_org_policy_policy.default["iam.disableServiceAccountKeyCreation"]:
-    dry_run_spec: []
-    name: projects/test-project/policies/iam.disableServiceAccountKeyCreation
-    parent: projects/test-project
-    spec:
-    - inherit_from_parent: null
-      reset: null
-      rules:
-      - allow_all: null
-        condition: []
-        deny_all: null
-        enforce: 'FALSE'
-        parameters: null
-        values: []
-    timeouts: null
-  module.project.google_project.project[0]:
-    auto_create_network: false
-    billing_account: 12345-ABCDEF-12345
-    deletion_policy: DELETE
-    effective_labels:
-      goog-terraform-provisioned: 'true'
-    folder_id: '2345678901'
-    labels: null
-    name: test-project
-    org_id: null
-    project_id: test-project
-    tags: null
-    terraform_labels:
-      goog-terraform-provisioned: 'true'
-    timeouts: null
-  module.project.google_project_iam_binding.authoritative["roles/chronicle.viewer"]:
-    condition: []
-    members:
-    - group:gcp-secops-admins@example.com
-    project: test-project
-    role: roles/chronicle.viewer
-  module.project.google_project_iam_custom_role.roles["SecOpsDetectionEngineer"]:
-    description: Terraform-managed.
-    permissions:
-    - chronicle.ais.createFeedback
-    - chronicle.ais.translateUdmQuery
-    - chronicle.ais.translateYlRule
-    - chronicle.conversations.get
-    - chronicle.conversations.list
-    - chronicle.conversations.update
-    - chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections
-    - chronicle.curatedRuleSetCategories.get
-    - chronicle.curatedRuleSetCategories.list
-    - chronicle.curatedRuleSetDeployments.batchUpdate
-    - chronicle.curatedRuleSetDeployments.get
-    - chronicle.curatedRuleSetDeployments.list
-    - chronicle.curatedRuleSetDeployments.update
-    - chronicle.curatedRuleSets.countCuratedRuleSetDetections
-    - chronicle.curatedRuleSets.get
-    - chronicle.curatedRuleSets.list
-    - chronicle.curatedRules.get
-    - chronicle.curatedRules.list
-    - chronicle.dashboardCharts.get
-    - chronicle.dashboardCharts.list
-    - chronicle.dashboardQueries.execute
-    - chronicle.dashboardQueries.get
-    - chronicle.dashboardQueries.list
-    - chronicle.dashboards.copy
-    - chronicle.dashboards.create
-    - chronicle.dashboards.delete
-    - chronicle.dashboards.edit
-    - chronicle.dashboards.get
-    - chronicle.dashboards.list
-    - chronicle.dashboards.schedule
-    - chronicle.dataAccessLabels.get
-    - chronicle.dataAccessLabels.list
-    - chronicle.dataAccessLabels.update
-    - chronicle.dataAccessScopes.get
-    - chronicle.dataAccessScopes.list
-    - chronicle.dataAccessScopes.permit
-    - chronicle.dataAccessScopes.update
-    - chronicle.dataTableOperationErrors.get
-    - chronicle.dataTableRows.asyncBulkCreate
-    - chronicle.dataTableRows.asyncBulkReplace
-    - chronicle.dataTableRows.asyncBulkUpdate
-    - chronicle.dataTableRows.bulkCreate
-    - chronicle.dataTableRows.bulkReplace
-    - chronicle.dataTableRows.bulkUpdate
-    - chronicle.dataTableRows.create
-    - chronicle.dataTableRows.delete
-    - chronicle.dataTableRows.get
-    - chronicle.dataTableRows.list
-    - chronicle.dataTableRows.update
-    - chronicle.dataTables.bulkCreateDataTableAsync
-    - chronicle.dataTables.create
-    - chronicle.dataTables.delete
-    - chronicle.dataTables.get
-    - chronicle.dataTables.list
-    - chronicle.dataTables.update
-    - chronicle.enrichmentControls.create
-    - chronicle.enrichmentControls.delete
-    - chronicle.enrichmentControls.get
-    - chronicle.enrichmentControls.list
-    - chronicle.entities.batchCreate
-    - chronicle.entities.batchDelete
-    - chronicle.entities.batchValidate
-    - chronicle.entities.create
-    - chronicle.entities.delete
-    - chronicle.entities.find
-    - chronicle.entities.findRelatedEntities
-    - chronicle.entities.get
-    - chronicle.entities.import
-    - chronicle.entities.list
-    - chronicle.entities.modifyEntityRiskScore
-    - chronicle.entities.queryEntityRiskScoreModifications
-    - chronicle.entities.searchEntities
-    - chronicle.entities.summarize
-    - chronicle.entities.summarizeFromQuery
-    - chronicle.events.batchGet
-    - chronicle.events.findUdmFieldValues
-    - chronicle.events.get
-    - chronicle.events.import
-    - chronicle.events.queryProductSourceStats
-    - chronicle.events.searchRawLogs
-    - chronicle.events.udmSearch
-    - chronicle.events.validateQuery
-    - chronicle.featuredContentRules.list
-    - chronicle.findingsGraphs.exploreNode
-    - chronicle.findingsGraphs.initializeGraph
-    - chronicle.findingsRefinementDeployments.get
-    - chronicle.findingsRefinementDeployments.list
-    - chronicle.findingsRefinementDeployments.update
-    - chronicle.findingsRefinements.computeActivity
-    - chronicle.findingsRefinements.computeAllActivities
-    - chronicle.findingsRefinements.create
-    - chronicle.findingsRefinements.get
-    - chronicle.findingsRefinements.list
-    - chronicle.findingsRefinements.test
-    - chronicle.findingsRefinements.update
-    - chronicle.globalDataAccessScopes.permit
-    - chronicle.instances.generateCollectionAgentAuth
-    - chronicle.instances.generateSoarAuthJwt
-    - chronicle.instances.generateWorkspaceConnectionToken
-    - chronicle.instances.get
-    - chronicle.instances.graduatePocInstance
-    - chronicle.instances.logTypeClassifier
-    - chronicle.instances.report
-    - chronicle.instances.update
-    - chronicle.instances.verifyNonce
-    - chronicle.iocMatches.get
-    - chronicle.iocMatches.list
-    - chronicle.iocState.get
-    - chronicle.iocState.update
-    - chronicle.iocs.batchGet
-    - chronicle.iocs.findFirstAndLastSeen
-    - chronicle.iocs.get
-    - chronicle.iocs.searchCuratedDetectionsForIoc
-    - chronicle.legacies.legacyBatchGetCollections
-    - chronicle.legacies.legacyFetchAlertsView
-    - chronicle.legacies.legacyFetchUdmSearchCsv
-    - chronicle.legacies.legacyFetchUdmSearchView
-    - chronicle.legacies.legacyFindAssetEvents
-    - chronicle.legacies.legacyFindRawLogs
-    - chronicle.legacies.legacyFindUdmEvents
-    - chronicle.legacies.legacyGetAlert
-    - chronicle.legacies.legacyGetCuratedRulesTrends
-    - chronicle.legacies.legacyGetDetection
-    - chronicle.legacies.legacyGetEventForDetection
-    - chronicle.legacies.legacyGetRuleCounts
-    - chronicle.legacies.legacyGetRulesTrends
-    - chronicle.legacies.legacyRunTestRule
-    - chronicle.legacies.legacySearchArtifactEvents
-    - chronicle.legacies.legacySearchArtifactIoCDetails
-    - chronicle.legacies.legacySearchAssetEvents
-    - chronicle.legacies.legacySearchCuratedDetections
-    - chronicle.legacies.legacySearchCustomerStats
-    - chronicle.legacies.legacySearchDetections
-    - chronicle.legacies.legacySearchDomainsRecentlyRegistered
-    - chronicle.legacies.legacySearchDomainsTimingStats
-    - chronicle.legacies.legacySearchEnterpriseWideAlerts
-    - chronicle.legacies.legacySearchEnterpriseWideIoCs
-    - chronicle.legacies.legacySearchFindings
-    - chronicle.legacies.legacySearchIngestionStats
-    - chronicle.legacies.legacySearchIoCInsights
-    - chronicle.legacies.legacySearchRawLogs
-    - chronicle.legacies.legacySearchRuleDetectionCountBuckets
-    - chronicle.legacies.legacySearchRuleDetectionEvents
-    - chronicle.legacies.legacySearchRuleResults
-    - chronicle.legacies.legacySearchRulesAlerts
-    - chronicle.legacies.legacySearchUserEvents
-    - chronicle.legacies.legacyStreamDetectionAlerts
-    - chronicle.legacies.legacyTestRuleStreaming
-    - chronicle.messages.get
-    - chronicle.messages.list
-    - chronicle.messages.update
-    - chronicle.nativeDashboards.create
-    - chronicle.nativeDashboards.delete
-    - chronicle.nativeDashboards.duplicate
-    - chronicle.nativeDashboards.get
-    - chronicle.nativeDashboards.list
-    - chronicle.nativeDashboards.update
-    - chronicle.operations.cancel
-    - chronicle.operations.delete
-    - chronicle.operations.get
-    - chronicle.operations.list
-    - chronicle.operations.streamSearch
-    - chronicle.operations.wait
-    - chronicle.preferenceSets.get
-    - chronicle.preferenceSets.update
-    - chronicle.referenceLists.create
-    - chronicle.referenceLists.get
-    - chronicle.referenceLists.list
-    - chronicle.referenceLists.update
-    - chronicle.referenceLists.verifyReferenceList
-    - chronicle.retrohunts.create
-    - chronicle.retrohunts.get
-    - chronicle.retrohunts.list
-    - chronicle.riskConfigs.get
-    - chronicle.riskConfigs.update
-    - chronicle.ruleDeployments.get
-    - chronicle.ruleDeployments.list
-    - chronicle.ruleDeployments.update
-    - chronicle.ruleExecutionErrors.list
-    - chronicle.rules.create
-    - chronicle.rules.delete
-    - chronicle.rules.get
-    - chronicle.rules.list
-    - chronicle.rules.listRevisions
-    - chronicle.rules.update
-    - chronicle.rules.verifyRuleText
-    - chronicle.searchQueries.get
-    - chronicle.searchQueries.list
-    - chronicle.searchQueries.update
-    - chronicle.threatCollections.fetchIocMatchMetadata
-    - chronicle.threatCollections.fetchRuleMetadata
-    - chronicle.threatCollections.get
-    - chronicle.threatCollections.list
-    - chronicle.watchlists.create
-    - chronicle.watchlists.delete
-    - chronicle.watchlists.get
-    - chronicle.watchlists.list
-    - chronicle.watchlists.update
-    - resourcemanager.projects.get
-    project: test-project
-    role_id: SecOpsDetectionEngineer
-    stage: GA
-    title: Custom role SecOpsDetectionEngineer
-  module.project.google_project_iam_custom_role.roles["SecOpsIngestionAPI"]:
-    description: Terraform-managed.
-    permissions:
-    - chronicle.entities.import
-    - chronicle.events.import
-    - chronicle.logs.import
-    project: test-project
-    role_id: SecOpsIngestionAPI
-    stage: GA
-    title: Custom role SecOpsIngestionAPI
-  module.project.google_project_iam_custom_role.roles["SecOpsOnboardingEngineer"]:
-    description: Terraform-managed.
-    permissions:
-    - chronicle.ais.createFeedback
-    - chronicle.ais.translateUdmQuery
-    - chronicle.ais.translateYlRule
-    - chronicle.collectors.create
-    - chronicle.collectors.delete
-    - chronicle.collectors.get
-    - chronicle.collectors.list
-    - chronicle.collectors.update
-    - chronicle.conversations.get
-    - chronicle.conversations.list
-    - chronicle.conversations.update
-    - chronicle.dashboardCharts.get
-    - chronicle.dashboardCharts.list
-    - chronicle.dashboardQueries.execute
-    - chronicle.dashboardQueries.get
-    - chronicle.dashboardQueries.list
-    - chronicle.dashboards.copy
-    - chronicle.dashboards.create
-    - chronicle.dashboards.delete
-    - chronicle.dashboards.edit
-    - chronicle.dashboards.get
-    - chronicle.dashboards.list
-    - chronicle.dashboards.schedule
-    - chronicle.dataAccessLabels.get
-    - chronicle.dataAccessLabels.list
-    - chronicle.dataAccessLabels.update
-    - chronicle.dataAccessScopes.get
-    - chronicle.dataAccessScopes.list
-    - chronicle.dataAccessScopes.permit
-    - chronicle.dataAccessScopes.update
-    - chronicle.enrichmentControls.get
-    - chronicle.enrichmentControls.list
-    - chronicle.entities.batchCreate
-    - chronicle.entities.batchDelete
-    - chronicle.entities.batchValidate
-    - chronicle.entities.find
-    - chronicle.entities.findRelatedEntities
-    - chronicle.entities.get
-    - chronicle.entities.import
-    - chronicle.entities.list
-    - chronicle.entities.modifyEntityRiskScore
-    - chronicle.entities.queryEntityRiskScoreModifications
-    - chronicle.entities.searchEntities
-    - chronicle.entities.summarize
-    - chronicle.entities.summarizeFromQuery
-    - chronicle.events.batchGet
-    - chronicle.events.findUdmFieldValues
-    - chronicle.events.get
-    - chronicle.events.import
-    - chronicle.events.queryProductSourceStats
-    - chronicle.events.searchRawLogs
-    - chronicle.events.udmSearch
-    - chronicle.events.validateQuery
-    - chronicle.extensionValidationReports.get
-    - chronicle.extensionValidationReports.list
-    - chronicle.feedPacks.get
-    - chronicle.feedPacks.list
-    - chronicle.feedServiceAccounts.fetch
-    - chronicle.feedSourceTypeSchemas.list
-    - chronicle.feeds.create
-    - chronicle.feeds.delete
-    - chronicle.feeds.disable
-    - chronicle.feeds.enable
-    - chronicle.feeds.generateSecret
-    - chronicle.feeds.get
-    - chronicle.feeds.list
-    - chronicle.feeds.update
-    - chronicle.findingsGraphs.exploreNode
-    - chronicle.findingsGraphs.initializeGraph
-    - chronicle.forwarders.create
-    - chronicle.forwarders.delete
-    - chronicle.forwarders.generate
-    - chronicle.forwarders.get
-    - chronicle.forwarders.list
-    - chronicle.forwarders.update
-    - chronicle.globalDataAccessScopes.permit
-    - chronicle.ingestionLogLabels.get
-    - chronicle.ingestionLogLabels.list
-    - chronicle.ingestionLogNamespaces.get
-    - chronicle.ingestionLogNamespaces.list
-    - chronicle.instances.generateCollectionAgentAuth
-    - chronicle.instances.generateSoarAuthJwt
-    - chronicle.instances.generateWorkspaceConnectionToken
-    - chronicle.instances.get
-    - chronicle.instances.graduatePocInstance
-    - chronicle.instances.logTypeClassifier
-    - chronicle.instances.report
-    - chronicle.instances.update
-    - chronicle.instances.verifyNonce
-    - chronicle.legacies.legacyFetchUdmSearchCsv
-    - chronicle.legacies.legacyFetchUdmSearchView
-    - chronicle.legacies.legacyFindAssetEvents
-    - chronicle.legacies.legacyFindRawLogs
-    - chronicle.legacies.legacyFindUdmEvents
-    - chronicle.legacies.legacySearchArtifactEvents
-    - chronicle.legacies.legacySearchArtifactIoCDetails
-    - chronicle.legacies.legacySearchAssetEvents
-    - chronicle.legacies.legacySearchCustomerStats
-    - chronicle.legacies.legacySearchEnterpriseWideIoCs
-    - chronicle.legacies.legacySearchIngestionStats
-    - chronicle.legacies.legacySearchIoCInsights
-    - chronicle.legacies.legacySearchRawLogs
-    - chronicle.legacies.legacySearchUserEvents
-    - chronicle.logTypeSchemas.list
-    - chronicle.logTypeSettings.get
-    - chronicle.logTypeSettings.list
-    - chronicle.logTypeSettings.update
-    - chronicle.logTypes.create
-    - chronicle.logTypes.get
-    - chronicle.logTypes.list
-    - chronicle.logTypes.update
-    - chronicle.logs.get
-    - chronicle.logs.list
-    - chronicle.messages.get
-    - chronicle.messages.list
-    - chronicle.messages.update
-    - chronicle.nativeDashboards.create
-    - chronicle.nativeDashboards.delete
-    - chronicle.nativeDashboards.duplicate
-    - chronicle.nativeDashboards.get
-    - chronicle.nativeDashboards.list
-    - chronicle.nativeDashboards.update
-    - chronicle.operations.cancel
-    - chronicle.operations.delete
-    - chronicle.operations.get
-    - chronicle.operations.list
-    - chronicle.operations.streamSearch
-    - chronicle.operations.wait
-    - chronicle.parserExtensions.activate
-    - chronicle.parserExtensions.create
-    - chronicle.parserExtensions.delete
-    - chronicle.parserExtensions.generateKeyValueMappings
-    - chronicle.parserExtensions.get
-    - chronicle.parserExtensions.legacySubmitParserExtension
-    - chronicle.parserExtensions.list
-    - chronicle.parserExtensions.removeSyslog
-    - chronicle.parsers.activate
-    - chronicle.parsers.activateReleaseCandidate
-    - chronicle.parsers.copyPrebuiltParser
-    - chronicle.parsers.create
-    - chronicle.parsers.deactivate
-    - chronicle.parsers.delete
-    - chronicle.parsers.generateEventTypesSuggestions
-    - chronicle.parsers.get
-    - chronicle.parsers.list
-    - chronicle.parsers.runParser
-    - chronicle.parsingErrors.list
-    - chronicle.preferenceSets.get
-    - chronicle.preferenceSets.update
-    - chronicle.riskConfigs.get
-    - chronicle.riskConfigs.update
-    - chronicle.searchQueries.get
-    - chronicle.searchQueries.list
-    - chronicle.searchQueries.update
-    - chronicle.validationErrors.list
-    - chronicle.validationReports.get
-    - chronicle.watchlists.get
-    - chronicle.watchlists.list
-    - chronicle.watchlists.update
-    - resourcemanager.projects.get
-    project: test-project
-    role_id: SecOpsOnboardingEngineer
-    stage: GA
-    title: Custom role SecOpsOnboardingEngineer
-  module.project.google_project_iam_custom_role.roles["SecOpsSOCAnalyst"]:
-    description: Terraform-managed.
-    permissions:
-    - chronicle.ais.createFeedback
-    - chronicle.ais.translateUdmQuery
-    - chronicle.ais.translateYlRule
-    - chronicle.conversations.get
-    - chronicle.conversations.list
-    - chronicle.conversations.update
-    - chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections
-    - chronicle.curatedRuleSetCategories.get
-    - chronicle.curatedRuleSetCategories.list
-    - chronicle.curatedRuleSetDeployments.batchUpdate
-    - chronicle.curatedRuleSetDeployments.get
-    - chronicle.curatedRuleSetDeployments.list
-    - chronicle.curatedRuleSetDeployments.update
-    - chronicle.curatedRuleSets.countCuratedRuleSetDetections
-    - chronicle.curatedRuleSets.get
-    - chronicle.curatedRuleSets.list
-    - chronicle.curatedRules.get
-    - chronicle.curatedRules.list
-    - chronicle.dashboardCharts.get
-    - chronicle.dashboardCharts.list
-    - chronicle.dashboardQueries.execute
-    - chronicle.dashboardQueries.get
-    - chronicle.dashboardQueries.list
-    - chronicle.dashboards.copy
-    - chronicle.dashboards.edit
-    - chronicle.dashboards.get
-    - chronicle.dashboards.list
-    - chronicle.dashboards.schedule
-    - chronicle.dataAccessLabels.get
-    - chronicle.dataAccessLabels.list
-    - chronicle.dataAccessLabels.update
-    - chronicle.dataAccessScopes.get
-    - chronicle.dataAccessScopes.list
-    - chronicle.dataAccessScopes.permit
-    - chronicle.dataAccessScopes.update
-    - chronicle.dataTableOperationErrors.get
-    - chronicle.dataTableRows.asyncBulkCreate
-    - chronicle.dataTableRows.asyncBulkReplace
-    - chronicle.dataTableRows.asyncBulkUpdate
-    - chronicle.dataTableRows.bulkCreate
-    - chronicle.dataTableRows.bulkReplace
-    - chronicle.dataTableRows.bulkUpdate
-    - chronicle.dataTableRows.get
-    - chronicle.dataTableRows.list
-    - chronicle.dataTableRows.update
-    - chronicle.dataTables.bulkCreateDataTableAsync
-    - chronicle.dataTables.get
-    - chronicle.dataTables.list
-    - chronicle.dataTables.update
-    - chronicle.enrichmentControls.get
-    - chronicle.enrichmentControls.list
-    - chronicle.entities.batchCreate
-    - chronicle.entities.batchDelete
-    - chronicle.entities.batchValidate
-    - chronicle.entities.find
-    - chronicle.entities.findRelatedEntities
-    - chronicle.entities.get
-    - chronicle.entities.import
-    - chronicle.entities.list
-    - chronicle.entities.modifyEntityRiskScore
-    - chronicle.entities.queryEntityRiskScoreModifications
-    - chronicle.entities.searchEntities
-    - chronicle.entities.summarize
-    - chronicle.entities.summarizeFromQuery
-    - chronicle.events.batchGet
-    - chronicle.events.findUdmFieldValues
-    - chronicle.events.get
-    - chronicle.events.import
-    - chronicle.events.queryProductSourceStats
-    - chronicle.events.searchRawLogs
-    - chronicle.events.udmSearch
-    - chronicle.events.validateQuery
-    - chronicle.featuredContentRules.list
-    - chronicle.findingsGraphs.exploreNode
-    - chronicle.findingsGraphs.initializeGraph
-    - chronicle.findingsRefinementDeployments.get
-    - chronicle.findingsRefinementDeployments.list
-    - chronicle.findingsRefinementDeployments.update
-    - chronicle.findingsRefinements.computeActivity
-    - chronicle.findingsRefinements.computeAllActivities
-    - chronicle.findingsRefinements.get
-    - chronicle.findingsRefinements.list
-    - chronicle.findingsRefinements.test
-    - chronicle.findingsRefinements.update
-    - chronicle.globalDataAccessScopes.permit
-    - chronicle.instances.generateCollectionAgentAuth
-    - chronicle.instances.generateSoarAuthJwt
-    - chronicle.instances.generateWorkspaceConnectionToken
-    - chronicle.instances.get
-    - chronicle.instances.graduatePocInstance
-    - chronicle.instances.logTypeClassifier
-    - chronicle.instances.report
-    - chronicle.instances.update
-    - chronicle.instances.verifyNonce
-    - chronicle.iocMatches.get
-    - chronicle.iocMatches.list
-    - chronicle.iocState.get
-    - chronicle.iocState.update
-    - chronicle.iocs.batchGet
-    - chronicle.iocs.findFirstAndLastSeen
-    - chronicle.iocs.get
-    - chronicle.iocs.searchCuratedDetectionsForIoc
-    - chronicle.legacies.legacyBatchGetCollections
-    - chronicle.legacies.legacyFetchAlertsView
-    - chronicle.legacies.legacyFetchUdmSearchCsv
-    - chronicle.legacies.legacyFetchUdmSearchView
-    - chronicle.legacies.legacyFindAssetEvents
-    - chronicle.legacies.legacyFindRawLogs
-    - chronicle.legacies.legacyFindUdmEvents
-    - chronicle.legacies.legacyGetAlert
-    - chronicle.legacies.legacyGetCuratedRulesTrends
-    - chronicle.legacies.legacyGetDetection
-    - chronicle.legacies.legacyGetEventForDetection
-    - chronicle.legacies.legacyGetRuleCounts
-    - chronicle.legacies.legacyGetRulesTrends
-    - chronicle.legacies.legacyRunTestRule
-    - chronicle.legacies.legacySearchArtifactEvents
-    - chronicle.legacies.legacySearchArtifactIoCDetails
-    - chronicle.legacies.legacySearchAssetEvents
-    - chronicle.legacies.legacySearchCuratedDetections
-    - chronicle.legacies.legacySearchCustomerStats
-    - chronicle.legacies.legacySearchDetections
-    - chronicle.legacies.legacySearchDomainsRecentlyRegistered
-    - chronicle.legacies.legacySearchDomainsTimingStats
-    - chronicle.legacies.legacySearchEnterpriseWideAlerts
-    - chronicle.legacies.legacySearchEnterpriseWideIoCs
-    - chronicle.legacies.legacySearchFindings
-    - chronicle.legacies.legacySearchIngestionStats
-    - chronicle.legacies.legacySearchIoCInsights
-    - chronicle.legacies.legacySearchRawLogs
-    - chronicle.legacies.legacySearchRuleDetectionCountBuckets
-    - chronicle.legacies.legacySearchRuleDetectionEvents
-    - chronicle.legacies.legacySearchRuleResults
-    - chronicle.legacies.legacySearchRulesAlerts
-    - chronicle.legacies.legacySearchUserEvents
-    - chronicle.legacies.legacyStreamDetectionAlerts
-    - chronicle.legacies.legacyTestRuleStreaming
-    - chronicle.messages.get
-    - chronicle.messages.list
-    - chronicle.messages.update
-    - chronicle.nativeDashboards.duplicate
-    - chronicle.nativeDashboards.get
-    - chronicle.nativeDashboards.list
-    - chronicle.nativeDashboards.update
-    - chronicle.operations.cancel
-    - chronicle.operations.get
-    - chronicle.operations.list
-    - chronicle.operations.streamSearch
-    - chronicle.operations.wait
-    - chronicle.preferenceSets.get
-    - chronicle.preferenceSets.update
-    - chronicle.referenceLists.get
-    - chronicle.referenceLists.list
-    - chronicle.referenceLists.update
-    - chronicle.referenceLists.verifyReferenceList
-    - chronicle.retrohunts.get
-    - chronicle.retrohunts.list
-    - chronicle.riskConfigs.get
-    - chronicle.riskConfigs.update
-    - chronicle.ruleDeployments.get
-    - chronicle.ruleDeployments.list
-    - chronicle.ruleDeployments.update
-    - chronicle.ruleExecutionErrors.list
-    - chronicle.rules.get
-    - chronicle.rules.list
-    - chronicle.rules.listRevisions
-    - chronicle.rules.update
-    - chronicle.rules.verifyRuleText
-    - chronicle.searchQueries.get
-    - chronicle.searchQueries.list
-    - chronicle.searchQueries.update
-    - chronicle.threatCollections.fetchIocMatchMetadata
-    - chronicle.threatCollections.fetchRuleMetadata
-    - chronicle.threatCollections.get
-    - chronicle.threatCollections.list
-    - chronicle.watchlists.get
-    - chronicle.watchlists.list
-    - chronicle.watchlists.update
-    - resourcemanager.projects.get
-    project: test-project
-    role_id: SecOpsSOCAnalyst
-    stage: GA
-    title: Custom role SecOpsSOCAnalyst
-  module.project.google_project_iam_custom_role.roles["SecOpsScopedDetectionEngineer"]:
-    description: Terraform-managed.
-    permissions:
-    - chronicle.ais.createFeedback
-    - chronicle.ais.translateUdmQuery
-    - chronicle.ais.translateYlRule
-    - chronicle.conversations.get
-    - chronicle.conversations.list
-    - chronicle.conversations.update
-    - chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections
-    - chronicle.curatedRuleSetCategories.get
-    - chronicle.curatedRuleSetCategories.list
-    - chronicle.curatedRuleSetDeployments.batchUpdate
-    - chronicle.curatedRuleSetDeployments.get
-    - chronicle.curatedRuleSetDeployments.list
-    - chronicle.curatedRuleSetDeployments.update
-    - chronicle.curatedRuleSets.countCuratedRuleSetDetections
-    - chronicle.curatedRuleSets.get
-    - chronicle.curatedRuleSets.list
-    - chronicle.curatedRules.get
-    - chronicle.curatedRules.list
-    - chronicle.dashboardCharts.get
-    - chronicle.dashboardCharts.list
-    - chronicle.dashboardQueries.execute
-    - chronicle.dashboardQueries.get
-    - chronicle.dashboardQueries.list
-    - chronicle.dashboards.copy
-    - chronicle.dashboards.create
-    - chronicle.dashboards.delete
-    - chronicle.dashboards.edit
-    - chronicle.dashboards.get
-    - chronicle.dashboards.list
-    - chronicle.dashboards.schedule
-    - chronicle.dataAccessLabels.get
-    - chronicle.dataAccessLabels.list
-    - chronicle.dataAccessLabels.update
-    - chronicle.dataAccessScopes.get
-    - chronicle.dataAccessScopes.list
-    - chronicle.dataAccessScopes.permit
-    - chronicle.dataAccessScopes.update
-    - chronicle.dataTableOperationErrors.get
-    - chronicle.dataTableRows.asyncBulkCreate
-    - chronicle.dataTableRows.asyncBulkReplace
-    - chronicle.dataTableRows.asyncBulkUpdate
-    - chronicle.dataTableRows.bulkCreate
-    - chronicle.dataTableRows.bulkReplace
-    - chronicle.dataTableRows.bulkUpdate
-    - chronicle.dataTableRows.create
-    - chronicle.dataTableRows.delete
-    - chronicle.dataTableRows.get
-    - chronicle.dataTableRows.list
-    - chronicle.dataTableRows.update
-    - chronicle.dataTables.bulkCreateDataTableAsync
-    - chronicle.dataTables.create
-    - chronicle.dataTables.delete
-    - chronicle.dataTables.get
-    - chronicle.dataTables.list
-    - chronicle.dataTables.update
-    - chronicle.enrichmentControls.create
-    - chronicle.enrichmentControls.delete
-    - chronicle.enrichmentControls.get
-    - chronicle.enrichmentControls.list
-    - chronicle.entities.batchCreate
-    - chronicle.entities.batchDelete
-    - chronicle.entities.batchValidate
-    - chronicle.entities.create
-    - chronicle.entities.delete
-    - chronicle.entities.find
-    - chronicle.entities.findRelatedEntities
-    - chronicle.entities.get
-    - chronicle.entities.import
-    - chronicle.entities.list
-    - chronicle.entities.modifyEntityRiskScore
-    - chronicle.entities.queryEntityRiskScoreModifications
-    - chronicle.entities.searchEntities
-    - chronicle.entities.summarize
-    - chronicle.entities.summarizeFromQuery
-    - chronicle.events.batchGet
-    - chronicle.events.findUdmFieldValues
-    - chronicle.events.get
-    - chronicle.events.import
-    - chronicle.events.queryProductSourceStats
-    - chronicle.events.searchRawLogs
-    - chronicle.events.udmSearch
-    - chronicle.events.validateQuery
-    - chronicle.featuredContentRules.list
-    - chronicle.findingsGraphs.exploreNode
-    - chronicle.findingsGraphs.initializeGraph
-    - chronicle.findingsRefinementDeployments.get
-    - chronicle.findingsRefinementDeployments.list
-    - chronicle.findingsRefinementDeployments.update
-    - chronicle.findingsRefinements.computeActivity
-    - chronicle.findingsRefinements.computeAllActivities
-    - chronicle.findingsRefinements.create
-    - chronicle.findingsRefinements.get
-    - chronicle.findingsRefinements.list
-    - chronicle.findingsRefinements.test
-    - chronicle.findingsRefinements.update
-    - chronicle.instances.generateCollectionAgentAuth
-    - chronicle.instances.generateSoarAuthJwt
-    - chronicle.instances.generateWorkspaceConnectionToken
-    - chronicle.instances.get
-    - chronicle.instances.graduatePocInstance
-    - chronicle.instances.logTypeClassifier
-    - chronicle.instances.report
-    - chronicle.instances.update
-    - chronicle.instances.verifyNonce
-    - chronicle.iocMatches.get
-    - chronicle.iocMatches.list
-    - chronicle.iocState.get
-    - chronicle.iocState.update
-    - chronicle.iocs.batchGet
-    - chronicle.iocs.findFirstAndLastSeen
-    - chronicle.iocs.get
-    - chronicle.iocs.searchCuratedDetectionsForIoc
-    - chronicle.legacies.legacyBatchGetCollections
-    - chronicle.legacies.legacyFetchAlertsView
-    - chronicle.legacies.legacyFetchUdmSearchCsv
-    - chronicle.legacies.legacyFetchUdmSearchView
-    - chronicle.legacies.legacyFindAssetEvents
-    - chronicle.legacies.legacyFindRawLogs
-    - chronicle.legacies.legacyFindUdmEvents
-    - chronicle.legacies.legacyGetAlert
-    - chronicle.legacies.legacyGetCuratedRulesTrends
-    - chronicle.legacies.legacyGetDetection
-    - chronicle.legacies.legacyGetEventForDetection
-    - chronicle.legacies.legacyGetRuleCounts
-    - chronicle.legacies.legacyGetRulesTrends
-    - chronicle.legacies.legacyRunTestRule
-    - chronicle.legacies.legacySearchArtifactEvents
-    - chronicle.legacies.legacySearchArtifactIoCDetails
-    - chronicle.legacies.legacySearchAssetEvents
-    - chronicle.legacies.legacySearchCuratedDetections
-    - chronicle.legacies.legacySearchCustomerStats
-    - chronicle.legacies.legacySearchDetections
-    - chronicle.legacies.legacySearchDomainsRecentlyRegistered
-    - chronicle.legacies.legacySearchDomainsTimingStats
-    - chronicle.legacies.legacySearchEnterpriseWideAlerts
-    - chronicle.legacies.legacySearchEnterpriseWideIoCs
-    - chronicle.legacies.legacySearchFindings
-    - chronicle.legacies.legacySearchIngestionStats
-    - chronicle.legacies.legacySearchIoCInsights
-    - chronicle.legacies.legacySearchRawLogs
-    - chronicle.legacies.legacySearchRuleDetectionCountBuckets
-    - chronicle.legacies.legacySearchRuleDetectionEvents
-    - chronicle.legacies.legacySearchRuleResults
-    - chronicle.legacies.legacySearchRulesAlerts
-    - chronicle.legacies.legacySearchUserEvents
-    - chronicle.legacies.legacyStreamDetectionAlerts
-    - chronicle.legacies.legacyTestRuleStreaming
-    - chronicle.messages.get
-    - chronicle.messages.list
-    - chronicle.messages.update
-    - chronicle.nativeDashboards.create
-    - chronicle.nativeDashboards.delete
-    - chronicle.nativeDashboards.duplicate
-    - chronicle.nativeDashboards.get
-    - chronicle.nativeDashboards.list
-    - chronicle.nativeDashboards.update
-    - chronicle.operations.cancel
-    - chronicle.operations.delete
-    - chronicle.operations.get
-    - chronicle.operations.list
-    - chronicle.operations.streamSearch
-    - chronicle.operations.wait
-    - chronicle.preferenceSets.get
-    - chronicle.preferenceSets.update
-    - chronicle.referenceLists.create
-    - chronicle.referenceLists.get
-    - chronicle.referenceLists.list
-    - chronicle.referenceLists.update
-    - chronicle.referenceLists.verifyReferenceList
-    - chronicle.retrohunts.create
-    - chronicle.retrohunts.get
-    - chronicle.retrohunts.list
-    - chronicle.riskConfigs.get
-    - chronicle.riskConfigs.update
-    - chronicle.ruleDeployments.get
-    - chronicle.ruleDeployments.list
-    - chronicle.ruleDeployments.update
-    - chronicle.ruleExecutionErrors.list
-    - chronicle.rules.create
-    - chronicle.rules.delete
-    - chronicle.rules.get
-    - chronicle.rules.list
-    - chronicle.rules.listRevisions
-    - chronicle.rules.update
-    - chronicle.rules.verifyRuleText
-    - chronicle.searchQueries.get
-    - chronicle.searchQueries.list
-    - chronicle.searchQueries.update
-    - chronicle.threatCollections.fetchIocMatchMetadata
-    - chronicle.threatCollections.fetchRuleMetadata
-    - chronicle.threatCollections.get
-    - chronicle.threatCollections.list
-    - chronicle.watchlists.create
-    - chronicle.watchlists.delete
-    - chronicle.watchlists.get
-    - chronicle.watchlists.list
-    - chronicle.watchlists.update
-    - resourcemanager.projects.get
-    project: test-project
-    role_id: SecOpsScopedDetectionEngineer
-    stage: GA
-    title: Custom role SecOpsScopedDetectionEngineer
-  module.project.google_project_iam_custom_role.roles["SecOpsScopedOnboardingEngineer"]:
-    description: Terraform-managed.
-    permissions:
-    - chronicle.ais.createFeedback
-    - chronicle.ais.translateUdmQuery
-    - chronicle.ais.translateYlRule
-    - chronicle.collectors.create
-    - chronicle.collectors.delete
-    - chronicle.collectors.get
-    - chronicle.collectors.list
-    - chronicle.collectors.update
-    - chronicle.conversations.get
-    - chronicle.conversations.list
-    - chronicle.conversations.update
-    - chronicle.dashboardCharts.get
-    - chronicle.dashboardCharts.list
-    - chronicle.dashboardQueries.execute
-    - chronicle.dashboardQueries.get
-    - chronicle.dashboardQueries.list
-    - chronicle.dashboards.copy
-    - chronicle.dashboards.create
-    - chronicle.dashboards.delete
-    - chronicle.dashboards.edit
-    - chronicle.dashboards.get
-    - chronicle.dashboards.list
-    - chronicle.dashboards.schedule
-    - chronicle.dataAccessLabels.get
-    - chronicle.dataAccessLabels.list
-    - chronicle.dataAccessLabels.update
-    - chronicle.dataAccessScopes.get
-    - chronicle.dataAccessScopes.list
-    - chronicle.dataAccessScopes.permit
-    - chronicle.dataAccessScopes.update
-    - chronicle.enrichmentControls.get
-    - chronicle.enrichmentControls.list
-    - chronicle.entities.batchCreate
-    - chronicle.entities.batchDelete
-    - chronicle.entities.batchValidate
-    - chronicle.entities.find
-    - chronicle.entities.findRelatedEntities
-    - chronicle.entities.get
-    - chronicle.entities.import
-    - chronicle.entities.list
-    - chronicle.entities.modifyEntityRiskScore
-    - chronicle.entities.queryEntityRiskScoreModifications
-    - chronicle.entities.searchEntities
-    - chronicle.entities.summarize
-    - chronicle.entities.summarizeFromQuery
-    - chronicle.events.batchGet
-    - chronicle.events.findUdmFieldValues
-    - chronicle.events.get
-    - chronicle.events.import
-    - chronicle.events.queryProductSourceStats
-    - chronicle.events.searchRawLogs
-    - chronicle.events.udmSearch
-    - chronicle.events.validateQuery
-    - chronicle.extensionValidationReports.get
-    - chronicle.extensionValidationReports.list
-    - chronicle.feedPacks.get
-    - chronicle.feedPacks.list
-    - chronicle.feedServiceAccounts.fetch
-    - chronicle.feedSourceTypeSchemas.list
-    - chronicle.feeds.create
-    - chronicle.feeds.delete
-    - chronicle.feeds.disable
-    - chronicle.feeds.enable
-    - chronicle.feeds.generateSecret
-    - chronicle.feeds.get
-    - chronicle.feeds.list
-    - chronicle.feeds.update
-    - chronicle.findingsGraphs.exploreNode
-    - chronicle.findingsGraphs.initializeGraph
-    - chronicle.forwarders.create
-    - chronicle.forwarders.delete
-    - chronicle.forwarders.generate
-    - chronicle.forwarders.get
-    - chronicle.forwarders.list
-    - chronicle.forwarders.update
-    - chronicle.ingestionLogLabels.get
-    - chronicle.ingestionLogLabels.list
-    - chronicle.ingestionLogNamespaces.get
-    - chronicle.ingestionLogNamespaces.list
-    - chronicle.instances.generateCollectionAgentAuth
-    - chronicle.instances.generateSoarAuthJwt
-    - chronicle.instances.generateWorkspaceConnectionToken
-    - chronicle.instances.get
-    - chronicle.instances.graduatePocInstance
-    - chronicle.instances.logTypeClassifier
-    - chronicle.instances.report
-    - chronicle.instances.update
-    - chronicle.instances.verifyNonce
-    - chronicle.legacies.legacyFetchUdmSearchCsv
-    - chronicle.legacies.legacyFetchUdmSearchView
-    - chronicle.legacies.legacyFindAssetEvents
-    - chronicle.legacies.legacyFindRawLogs
-    - chronicle.legacies.legacyFindUdmEvents
-    - chronicle.legacies.legacySearchArtifactEvents
-    - chronicle.legacies.legacySearchArtifactIoCDetails
-    - chronicle.legacies.legacySearchAssetEvents
-    - chronicle.legacies.legacySearchCustomerStats
-    - chronicle.legacies.legacySearchEnterpriseWideIoCs
-    - chronicle.legacies.legacySearchIngestionStats
-    - chronicle.legacies.legacySearchIoCInsights
-    - chronicle.legacies.legacySearchRawLogs
-    - chronicle.legacies.legacySearchUserEvents
-    - chronicle.logTypeSchemas.list
-    - chronicle.logTypeSettings.get
-    - chronicle.logTypeSettings.list
-    - chronicle.logTypeSettings.update
-    - chronicle.logTypes.create
-    - chronicle.logTypes.get
-    - chronicle.logTypes.list
-    - chronicle.logTypes.update
-    - chronicle.logs.get
-    - chronicle.logs.list
-    - chronicle.messages.get
-    - chronicle.messages.list
-    - chronicle.messages.update
-    - chronicle.nativeDashboards.create
-    - chronicle.nativeDashboards.delete
-    - chronicle.nativeDashboards.duplicate
-    - chronicle.nativeDashboards.get
-    - chronicle.nativeDashboards.list
-    - chronicle.nativeDashboards.update
-    - chronicle.operations.cancel
-    - chronicle.operations.delete
-    - chronicle.operations.get
-    - chronicle.operations.list
-    - chronicle.operations.streamSearch
-    - chronicle.operations.wait
-    - chronicle.parserExtensions.activate
-    - chronicle.parserExtensions.create
-    - chronicle.parserExtensions.delete
-    - chronicle.parserExtensions.generateKeyValueMappings
-    - chronicle.parserExtensions.get
-    - chronicle.parserExtensions.legacySubmitParserExtension
-    - chronicle.parserExtensions.list
-    - chronicle.parserExtensions.removeSyslog
-    - chronicle.parsers.activate
-    - chronicle.parsers.activateReleaseCandidate
-    - chronicle.parsers.copyPrebuiltParser
-    - chronicle.parsers.create
-    - chronicle.parsers.deactivate
-    - chronicle.parsers.delete
-    - chronicle.parsers.generateEventTypesSuggestions
-    - chronicle.parsers.get
-    - chronicle.parsers.list
-    - chronicle.parsers.runParser
-    - chronicle.parsingErrors.list
-    - chronicle.preferenceSets.get
-    - chronicle.preferenceSets.update
-    - chronicle.riskConfigs.get
-    - chronicle.riskConfigs.update
-    - chronicle.searchQueries.get
-    - chronicle.searchQueries.list
-    - chronicle.searchQueries.update
-    - chronicle.validationErrors.list
-    - chronicle.validationReports.get
-    - chronicle.watchlists.get
-    - chronicle.watchlists.list
-    - chronicle.watchlists.update
-    - resourcemanager.projects.get
-    project: test-project
-    role_id: SecOpsScopedOnboardingEngineer
-    stage: GA
-    title: Custom role SecOpsScopedOnboardingEngineer
-  module.project.google_project_iam_custom_role.roles["SecOpsScopedSOCAnalyst"]:
-    description: Terraform-managed.
-    permissions:
-    - chronicle.ais.createFeedback
-    - chronicle.ais.translateUdmQuery
-    - chronicle.ais.translateYlRule
-    - chronicle.conversations.get
-    - chronicle.conversations.list
-    - chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections
-    - chronicle.curatedRuleSetCategories.get
-    - chronicle.curatedRuleSetCategories.list
-    - chronicle.curatedRuleSetDeployments.batchUpdate
-    - chronicle.curatedRuleSetDeployments.get
-    - chronicle.curatedRuleSetDeployments.list
-    - chronicle.curatedRuleSets.countCuratedRuleSetDetections
-    - chronicle.curatedRuleSets.get
-    - chronicle.curatedRuleSets.list
-    - chronicle.curatedRules.get
-    - chronicle.curatedRules.list
-    - chronicle.dashboardCharts.get
-    - chronicle.dashboardCharts.list
-    - chronicle.dashboardQueries.execute
-    - chronicle.dashboardQueries.get
-    - chronicle.dashboardQueries.list
-    - chronicle.dashboards.copy
-    - chronicle.dashboards.edit
-    - chronicle.dashboards.get
-    - chronicle.dashboards.list
-    - chronicle.dashboards.schedule
-    - chronicle.dataAccessLabels.get
-    - chronicle.dataAccessLabels.list
-    - chronicle.dataAccessScopes.get
-    - chronicle.dataAccessScopes.list
-    - chronicle.dataAccessScopes.permit
-    - chronicle.dataTableOperationErrors.get
-    - chronicle.dataTableRows.asyncBulkCreate
-    - chronicle.dataTableRows.asyncBulkReplace
-    - chronicle.dataTableRows.asyncBulkUpdate
-    - chronicle.dataTableRows.bulkCreate
-    - chronicle.dataTableRows.bulkReplace
-    - chronicle.dataTableRows.bulkUpdate
-    - chronicle.dataTableRows.get
-    - chronicle.dataTableRows.list
-    - chronicle.dataTables.bulkCreateDataTableAsync
-    - chronicle.dataTables.get
-    - chronicle.dataTables.list
-    - chronicle.enrichmentControls.get
-    - chronicle.enrichmentControls.list
-    - chronicle.entities.batchCreate
-    - chronicle.entities.batchDelete
-    - chronicle.entities.batchValidate
-    - chronicle.entities.find
-    - chronicle.entities.findRelatedEntities
-    - chronicle.entities.get
-    - chronicle.entities.import
-    - chronicle.entities.list
-    - chronicle.entities.modifyEntityRiskScore
-    - chronicle.entities.queryEntityRiskScoreModifications
-    - chronicle.entities.searchEntities
-    - chronicle.entities.summarize
-    - chronicle.entities.summarizeFromQuery
-    - chronicle.events.batchGet
-    - chronicle.events.findUdmFieldValues
-    - chronicle.events.get
-    - chronicle.events.import
-    - chronicle.events.queryProductSourceStats
-    - chronicle.events.searchRawLogs
-    - chronicle.events.udmSearch
-    - chronicle.events.validateQuery
-    - chronicle.featuredContentRules.list
-    - chronicle.findingsGraphs.exploreNode
-    - chronicle.findingsGraphs.initializeGraph
-    - chronicle.findingsRefinementDeployments.get
-    - chronicle.findingsRefinementDeployments.list
-    - chronicle.findingsRefinements.computeActivity
-    - chronicle.findingsRefinements.computeAllActivities
-    - chronicle.findingsRefinements.get
-    - chronicle.findingsRefinements.list
-    - chronicle.findingsRefinements.test
-    - chronicle.instances.generateCollectionAgentAuth
-    - chronicle.instances.generateSoarAuthJwt
-    - chronicle.instances.generateWorkspaceConnectionToken
-    - chronicle.instances.get
-    - chronicle.instances.graduatePocInstance
-    - chronicle.instances.logTypeClassifier
-    - chronicle.instances.report
-    - chronicle.instances.verifyNonce
-    - chronicle.iocMatches.get
-    - chronicle.iocMatches.list
-    - chronicle.iocState.get
-    - chronicle.iocs.batchGet
-    - chronicle.iocs.findFirstAndLastSeen
-    - chronicle.iocs.get
-    - chronicle.iocs.searchCuratedDetectionsForIoc
-    - chronicle.legacies.legacyBatchGetCollections
-    - chronicle.legacies.legacyFetchAlertsView
-    - chronicle.legacies.legacyFetchUdmSearchCsv
-    - chronicle.legacies.legacyFetchUdmSearchView
-    - chronicle.legacies.legacyFindAssetEvents
-    - chronicle.legacies.legacyFindRawLogs
-    - chronicle.legacies.legacyFindUdmEvents
-    - chronicle.legacies.legacyGetAlert
-    - chronicle.legacies.legacyGetCuratedRulesTrends
-    - chronicle.legacies.legacyGetDetection
-    - chronicle.legacies.legacyGetEventForDetection
-    - chronicle.legacies.legacyGetRuleCounts
-    - chronicle.legacies.legacyGetRulesTrends
-    - chronicle.legacies.legacyRunTestRule
-    - chronicle.legacies.legacySearchArtifactEvents
-    - chronicle.legacies.legacySearchArtifactIoCDetails
-    - chronicle.legacies.legacySearchAssetEvents
-    - chronicle.legacies.legacySearchCuratedDetections
-    - chronicle.legacies.legacySearchCustomerStats
-    - chronicle.legacies.legacySearchDetections
-    - chronicle.legacies.legacySearchDomainsRecentlyRegistered
-    - chronicle.legacies.legacySearchDomainsTimingStats
-    - chronicle.legacies.legacySearchEnterpriseWideAlerts
-    - chronicle.legacies.legacySearchEnterpriseWideIoCs
-    - chronicle.legacies.legacySearchFindings
-    - chronicle.legacies.legacySearchIngestionStats
-    - chronicle.legacies.legacySearchIoCInsights
-    - chronicle.legacies.legacySearchRawLogs
-    - chronicle.legacies.legacySearchRuleDetectionCountBuckets
-    - chronicle.legacies.legacySearchRuleDetectionEvents
-    - chronicle.legacies.legacySearchRuleResults
-    - chronicle.legacies.legacySearchRulesAlerts
-    - chronicle.legacies.legacySearchUserEvents
-    - chronicle.legacies.legacyStreamDetectionAlerts
-    - chronicle.legacies.legacyTestRuleStreaming
-    - chronicle.messages.get
-    - chronicle.messages.list
-    - chronicle.nativeDashboards.duplicate
-    - chronicle.nativeDashboards.get
-    - chronicle.nativeDashboards.list
-    - chronicle.operations.cancel
-    - chronicle.operations.get
-    - chronicle.operations.list
-    - chronicle.operations.streamSearch
-    - chronicle.operations.wait
-    - chronicle.preferenceSets.get
-    - chronicle.referenceLists.get
-    - chronicle.referenceLists.list
-    - chronicle.referenceLists.verifyReferenceList
-    - chronicle.retrohunts.get
-    - chronicle.retrohunts.list
-    - chronicle.riskConfigs.get
-    - chronicle.ruleDeployments.get
-    - chronicle.ruleDeployments.list
-    - chronicle.ruleExecutionErrors.list
-    - chronicle.rules.get
-    - chronicle.rules.list
-    - chronicle.rules.listRevisions
-    - chronicle.rules.verifyRuleText
-    - chronicle.searchQueries.get
-    - chronicle.searchQueries.list
-    - chronicle.threatCollections.fetchIocMatchMetadata
-    - chronicle.threatCollections.fetchRuleMetadata
-    - chronicle.threatCollections.get
-    - chronicle.threatCollections.list
-    - chronicle.watchlists.get
-    - chronicle.watchlists.list
-    - resourcemanager.projects.get
-    project: test-project
-    role_id: SecOpsScopedSOCAnalyst
-    stage: GA
-    title: Custom role SecOpsScopedSOCAnalyst
-  module.project.google_project_iam_member.bindings["iam-bpa:user:bruzzechesse@google.com-roles/chronicle.editor"]:
-    condition: []
-    member: user:bruzzechesse@google.com
-    project: test-project
-    role: roles/chronicle.editor
-  module.project.google_project_iam_member.bindings["user:bruzzechesse@google.com"]:
-    condition:
-    - description: datarbac
-      expression: resource.name.endsWith('/gscope')
-      title: datarbac
-    member: user:bruzzechesse@google.com
-    project: test-project
-    role: roles/chronicle.restrictedDataAccess
-  module.project.google_project_iam_member.service_agents["compute-system"]:
-    condition: []
-    project: test-project
-    role: roles/compute.serviceAgent
-  module.project.google_project_iam_member.service_agents["gcf-admin-robot"]:
-    condition: []
-    project: test-project
-    role: roles/cloudfunctions.serviceAgent
-  module.project.google_project_iam_member.service_agents["pubsub"]:
-    condition: []
-    project: test-project
-    role: roles/pubsub.serviceAgent
-  module.project.google_project_service.project_services["admin.googleapis.com"]:
-    disable_dependent_services: false
-    disable_on_destroy: false
-    project: test-project
-    service: admin.googleapis.com
-    timeouts: null
-  module.project.google_project_service.project_services["alertcenter.googleapis.com"]:
-    disable_dependent_services: false
-    disable_on_destroy: false
-    project: test-project
-    service: alertcenter.googleapis.com
-    timeouts: null
-  module.project.google_project_service.project_services["apikeys.googleapis.com"]:
-    disable_dependent_services: false
-    disable_on_destroy: false
-    project: test-project
-    service: apikeys.googleapis.com
-    timeouts: null
-  module.project.google_project_service.project_services["cloudfunctions.googleapis.com"]:
-    disable_dependent_services: false
-    disable_on_destroy: false
-    project: test-project
-    service: cloudfunctions.googleapis.com
-    timeouts: null
-  module.project.google_project_service.project_services["compute.googleapis.com"]:
-    disable_dependent_services: false
-    disable_on_destroy: false
-    project: test-project
-    service: compute.googleapis.com
-    timeouts: null
-  module.project.google_project_service.project_services["iap.googleapis.com"]:
-    disable_dependent_services: false
-    disable_on_destroy: false
-    project: test-project
-    service: iap.googleapis.com
-    timeouts: null
-  module.project.google_project_service.project_services["pubsub.googleapis.com"]:
-    disable_dependent_services: false
-    disable_on_destroy: false
-    project: test-project
-    service: pubsub.googleapis.com
-    timeouts: null
-  module.project.google_project_service.project_services["secretmanager.googleapis.com"]:
-    disable_dependent_services: false
-    disable_on_destroy: false
-    project: test-project
-    service: secretmanager.googleapis.com
-    timeouts: null
-  module.project.google_project_service.project_services["stackdriver.googleapis.com"]:
-    disable_dependent_services: false
-    disable_on_destroy: false
-    project: test-project
-    service: stackdriver.googleapis.com
-    timeouts: null
-  module.project.google_project_service_identity.default["apikeys.googleapis.com"]:
-    project: test-project
-    service: apikeys.googleapis.com
-    timeouts: null
-  module.project.google_project_service_identity.default["cloudfunctions.googleapis.com"]:
-    project: test-project
-    service: cloudfunctions.googleapis.com
-    timeouts: null
-  module.project.google_project_service_identity.default["iap.googleapis.com"]:
-    project: test-project
-    service: iap.googleapis.com
-    timeouts: null
-  module.project.google_project_service_identity.default["pubsub.googleapis.com"]:
-    project: test-project
-    service: pubsub.googleapis.com
-    timeouts: null
-  module.project.google_project_service_identity.default["secretmanager.googleapis.com"]:
-    project: test-project
-    service: secretmanager.googleapis.com
-    timeouts: null
-  module.secops-data-rbac.google_chronicle_data_access_label.labels["google"]:
-    data_access_label_id: google
-    description: Google logs
-    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
-    location: europe
-    project: test-project
-    timeouts: null
-    udm_query: principal.hostname="google.com"
-  module.secops-data-rbac.google_chronicle_data_access_scope.scopes["google"]:
-    allow_all: false
-    allowed_data_access_labels:
-    - asset_namespace: null
-      data_access_label: google
-      ingestion_label: []
-      log_type: null
-    data_access_scope_id: gscope
-    denied_data_access_labels: []
-    description: Google logs
-    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
-    location: europe
-    project: test-project
-    timeouts: null
-  module.secops-rules.google_chronicle_reference_list.default["test_2"]:
-    description: Private CIDR ranges
-    entries:
-    - value: 10.0.0.0/8
-    - value: 172.16.0.0/12
-    - value: 192.168.0.0/16
-    - value: 127.0.0.1/32
-    - value: ::1/128
-    - value: fc00::/7
-    - value: fe80::/10
-    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
-    location: europe
-    project: test-project
-    reference_list_id: test_2
-    scope_info: []
-    syntax_type: REFERENCE_LIST_SYNTAX_TYPE_CIDR
-    timeouts: null
-  module.secops-rules.google_chronicle_rule.default["network_traffic_to_specific_country"]:
-    deletion_policy: FORCE
-    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
-    location: europe
-    project: test-project
-    scope: null
-    text: "rule network_traffic_to_specific_country {\n\n  meta:\n    author = \"\
-      Google Cloud Security\"\n    description = \"Identify network traffic based\
-      \ on target country\"\n    type = \"alert\"\n    tags = \"geoip enrichment\"\
-      \n    data_source = \"microsoft windows events\"\n    severity = \"Low\"\n \
-      \   priority = \"Low\"\n\n  events:\n    $network.metadata.event_type = \"NETWORK_CONNECTION\"\
-      \n    //Specify a country of interest to monitor or add additional countries\
-      \ using an or statement\n    $network.target.ip_geo_artifact.location.country_or_region\
-      \ = \"France\" nocase\n    $network.target.ip = $ip\n\n  match:\n    $ip over\
-      \ 30m\n\n  outcome:\n    $risk_score = max(35)\n    $event_count = count_distinct($network.metadata.id)\n\
-      \n    // added to populate alert graph with additional context\n    $principal_ip\
-      \ = array_distinct($network.principal.ip)\n\n    // Commented out target.ip\
-      \ because it is already represented in graph as match variable. If match changes,\
-      \ can uncomment to add to results\n    //$target_ip = array_distinct($network.target.ip)\n\
-      \    $principal_process_pid = array_distinct($network.principal.process.pid)\n\
-      \    $principal_process_command_line = array_distinct($network.principal.process.command_line)\n\
-      \    $principal_process_file_sha256 = array_distinct($network.principal.process.file.sha256)\n\
-      \    $principal_process_file_full_path = array_distinct($network.principal.process.file.full_path)\n\
-      \    $principal_process_product_specfic_process_id = array_distinct($network.principal.process.product_specific_process_id)\n\
-      \    $principal_process_parent_process_product_specfic_process_id = array_distinct($network.principal.process.parent_process.product_specific_process_id)\n\
-      \    $target_process_pid = array_distinct($network.target.process.pid)\n   \
-      \ $target_process_command_line = array_distinct($network.target.process.command_line)\n\
-      \    $target_process_file_sha256 = array_distinct($network.target.process.file.sha256)\n\
-      \    $target_process_file_full_path = array_distinct($network.target.process.file.full_path)\n\
-      \    $target_process_product_specfic_process_id = array_distinct($network.target.process.product_specific_process_id)\n\
-      \    $target_process_parent_process_product_specfic_process_id = array_distinct($network.target.process.parent_process.product_specific_process_id)\n\
-      \    $principal_user_userid = array_distinct($network.principal.user.userid)\n\
-      \    $target_user_userid = array_distinct($network.target.user.userid)\n\n \
-      \ condition:\n    $network\n}\n"
-    timeouts: null
-  module.secops-rules.google_chronicle_rule_deployment.default["network_traffic_to_specific_country"]:
-    alerting: true
-    archived: false
-    enabled: true
-    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
-    location: europe
-    project: test-project
-    run_frequency: LIVE
-    timeouts: null
-  module.secops-tenant-secrets.google_secret_manager_secret.default["secops-feeds-api-key"]:
-    annotations: null
-    deletion_protection: false
-    effective_labels:
-      goog-terraform-provisioned: 'true'
-    labels: null
-    project: test-project
-    replication:
-    - auto:
-      - customer_managed_encryption: []
-      user_managed: []
-    rotation: []
-    secret_id: secops-feeds-api-key
-    tags: null
-    terraform_labels:
-      goog-terraform-provisioned: 'true'
-    timeouts: null
-    topics: []
-    ttl: null
-    version_aliases: null
-    version_destroy_ttl: null
-  module.secops-tenant-secrets.google_secret_manager_secret.default["secops-workspace-ing-sa-key"]:
-    annotations: null
-    deletion_protection: false
-    effective_labels:
-      goog-terraform-provisioned: 'true'
-    labels: null
-    project: test-project
-    replication:
-    - auto:
-      - customer_managed_encryption: []
-      user_managed: []
-    rotation: []
-    secret_id: secops-workspace-ing-sa-key
-    tags: null
-    terraform_labels:
-      goog-terraform-provisioned: 'true'
-    timeouts: null
-    topics: []
-    ttl: null
-    version_aliases: null
-    version_destroy_ttl: null
-  module.secops-tenant-secrets.google_secret_manager_secret_version.default["secops-feeds-api-key/latest"]:
-    deletion_policy: DELETE
-    enabled: true
-    is_secret_data_base64: false
-    secret_data_wo: null
-    secret_data_wo_version: 0
-    timeouts: null
-  module.secops-tenant-secrets.google_secret_manager_secret_version.default["secops-workspace-ing-sa-key/latest"]:
-    deletion_policy: DELETE
-    enabled: true
-    is_secret_data_base64: false
-    secret_data_wo: null
-    secret_data_wo_version: 0
-    timeouts: null
-  module.secops_data_tables.google_chronicle_data_table.default["sample_data_table_domains"]:
-    column_info:
-    - column_index: 0
-      column_type: STRING
-      key_column: null
-      mapped_column_path: null
-      original_column: rank
-      repeated_values: null
-    - column_index: 1
-      column_type: STRING
-      key_column: null
-      mapped_column_path: null
-      original_column: domain
-      repeated_values: null
-    data_table_id: sample_data_table_domains
-    deletion_policy: DEFAULT
-    description: Sample Data Table for domains
-    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
-    location: europe
-    project: test-project
-    row_time_to_live: null
-    scope_info: []
-    timeouts: null
-  module.secops_data_tables.google_chronicle_data_table_row.default["sample_data_table_domains_0"]:
-    data_table_id: sample_data_table_domains
-    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
-    location: europe
-    project: test-project
-    row_time_to_live: null
-    timeouts: null
-    values:
-    - '1'
-    - google.com
-  module.secops_data_tables.google_chronicle_data_table_row.default["sample_data_table_domains_1"]:
-    data_table_id: sample_data_table_domains
-    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
-    location: europe
-    project: test-project
-    row_time_to_live: null
-    timeouts: null
-    values:
-    - '2'
-    - www.google.com
-  module.workspace-integration-sa[0].google_service_account.service_account[0]:
-    account_id: workspace-integration
-    create_ignore_already_exists: null
-    description: null
-    disabled: false
-    display_name: Terraform-managed.
-    email: workspace-integration@test-project.iam.gserviceaccount.com
-    member: serviceAccount:workspace-integration@test-project.iam.gserviceaccount.com
-    project: test-project
-    timeouts: null
-  restful_operation.webhook_feeds_secret["okta"]:
-    body: null
-    delete_body: null
-    delete_header: null
-    delete_method: null
-    delete_path: null
-    delete_query: null
-    ephemeral_body: null
-    header: null
-    id_builder: null
-    method: POST
-    operation_header: null
-    operation_query: null
-    output_attrs: null
-    poll: null
-    poll_delete: null
-    precheck: null
-    precheck_delete: null
-    query: null
-  restful_resource.azure_ad_feeds["azure-ad"]:
-    body:
-      details:
-        azure_ad_settings:
-          auth_endpoint: login.microsoftonline.com
-          authentication:
-            client_id: xxxxxxx-xxxxx-xxxxx-xxxxxxx
-            client_secret: xxxxxxxxxxxxxxxxxxxxxxxxx
-          hostname: graph.microsoft.com/v1.0/auditLogs/signIns
-          tenant_id: xxxxxx-xxxxx-xxxxx-xxxxxxx
-        feed_source_type: API
-        log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/AZURE_AD
-      display_name: azure-ad
-      name: azure-ad
-    check_existance: false
-    create_header: null
-    create_method: POST
-    create_query: null
-    create_selector: null
-    delete_body: null
-    delete_body_raw: null
-    delete_header: null
-    delete_method: DELETE
-    delete_path: $query_unescape(body.name)
-    delete_query: null
-    ephemeral_body: null
-    force_new_attrs: null
-    header: null
-    merge_patch_disabled: null
-    output_attrs: null
-    path: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/feeds
-    poll_create: null
-    poll_delete: null
-    poll_update: null
-    precheck_create: null
-    precheck_delete: null
-    precheck_update: null
-    query: null
-    read_header: null
-    read_path: null
-    read_query: null
-    read_response_template: null
-    read_selector: feeds.#(displayName=="azure-ad")
-    update_body_patches: null
-    update_header: null
-    update_method: null
-    update_path: null
-    update_query: null
-    write_only_attrs:
-    - details
-  restful_resource.azure_ad_feeds["azure-ad-audit"]:
-    body:
-      details:
-        azure_ad_audit_settings:
-          auth_endpoint: login.microsoftonline.com
-          authentication:
-            client_id: xxxxxxx-xxxxx-xxxxx-xxxxxxx
-            client_secret: xxxxxxxxxxxxxxxxxxxxxxxxx
-          hostname: graph.microsoft.com/v1.0/auditLogs/directoryAudits
-          tenant_id: xxxxxx-xxxxx-xxxxx-xxxxxxx
-        feed_source_type: API
-        log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/AZURE_AD_AUDIT
-      display_name: azure-ad-audit
-      name: azure-ad-audit
-    check_existance: false
-    create_header: null
-    create_method: POST
-    create_query: null
-    create_selector: null
-    delete_body: null
-    delete_body_raw: null
-    delete_header: null
-    delete_method: DELETE
-    delete_path: $query_unescape(body.name)
-    delete_query: null
-    ephemeral_body: null
-    force_new_attrs: null
-    header: null
-    merge_patch_disabled: null
-    output_attrs: null
-    path: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/feeds
-    poll_create: null
-    poll_delete: null
-    poll_update: null
-    precheck_create: null
-    precheck_delete: null
-    precheck_update: null
-    query: null
-    read_header: null
-    read_path: null
-    read_query: null
-    read_response_template: null
-    read_selector: feeds.#(displayName=="azure-ad-audit")
-    update_body_patches: null
-    update_header: null
-    update_method: null
-    update_path: null
-    update_query: null
-    write_only_attrs:
-    - details
-  restful_resource.azure_ad_feeds["azure-ad-context"]:
-    body:
-      details:
-        azure_ad_context_settings:
-          auth_endpoint: login.microsoftonline.com
-          authentication:
-            client_id: xxxxxxx-xxxxx-xxxxx-xxxxxxx
-            client_secret: xxxxxxxxxxxxxxxxxxxxxxxxx
-          hostname: graph.microsoft.com/beta
-          retrieve_devices: true
-          retrieve_groups: true
-          tenant_id: xxxxxx-xxxxx-xxxxx-xxxxxxx
-        feed_source_type: API
-        log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/AZURE_AD_CONTEXT
-      display_name: azure-ad-context
-      name: azure-ad-context
-    check_existance: false
-    create_header: null
-    create_method: POST
-    create_query: null
-    create_selector: null
-    delete_body: null
-    delete_body_raw: null
-    delete_header: null
-    delete_method: DELETE
-    delete_path: $query_unescape(body.name)
-    delete_query: null
-    ephemeral_body: null
-    force_new_attrs: null
-    header: null
-    merge_patch_disabled: null
-    output_attrs: null
-    path: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/feeds
-    poll_create: null
-    poll_delete: null
-    poll_update: null
-    precheck_create: null
-    precheck_delete: null
-    precheck_update: null
-    query: null
-    read_header: null
-    read_path: null
-    read_query: null
-    read_response_template: null
-    read_selector: feeds.#(displayName=="azure-ad-context")
-    update_body_patches: null
-    update_header: null
-    update_method: null
-    update_path: null
-    update_query: null
-    write_only_attrs:
-    - details
-  restful_resource.okta_ad_feeds["okta"]:
-    body:
-      details:
-        feed_source_type: API
-        log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/OKTA
-        okta_settings:
-          authentication:
-            header_key_values:
-            - key: Authorization
-              value: XXXXXXXXXXXXX
-          hostname: xxxxx.okta.com
-      display_name: okta
-      name: okta
-    check_existance: false
-    create_header: null
-    create_method: POST
-    create_query: null
-    create_selector: null
-    delete_body: null
-    delete_body_raw: null
-    delete_header: null
-    delete_method: DELETE
-    delete_path: $query_unescape(body.name)
-    delete_query: null
-    ephemeral_body: null
-    force_new_attrs: null
-    header: null
-    merge_patch_disabled: null
-    output_attrs: null
-    path: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/feeds
-    poll_create: null
-    poll_delete: null
-    poll_update: null
-    precheck_create: null
-    precheck_delete: null
-    precheck_update: null
-    query: null
-    read_header: null
-    read_path: null
-    read_query: null
-    read_response_template: null
-    read_selector: feeds.#(displayName=="okta")
-    update_body_patches: null
-    update_header: null
-    update_method: null
-    update_path: null
-    update_query: null
-    write_only_attrs:
-    - details
-  restful_resource.okta_ad_feeds["okta-user-context"]:
-    body:
-      details:
-        feed_source_type: API
-        log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/OKTA_USER_CONTEXT
-        okta_user_context_settings:
-          authentication:
-            header_key_values:
-            - key: Authorization
-              value: XXXXXXXXXXXXX
-          hostname: xxxxx.okta.com
-          manager_id_reference_field: managerId
-      display_name: okta-user-context
-      name: okta-user-context
-    check_existance: false
-    create_header: null
-    create_method: POST
-    create_query: null
-    create_selector: null
-    delete_body: null
-    delete_body_raw: null
-    delete_header: null
-    delete_method: DELETE
-    delete_path: $query_unescape(body.name)
-    delete_query: null
-    ephemeral_body: null
-    force_new_attrs: null
-    header: null
-    merge_patch_disabled: null
-    output_attrs: null
-    path: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/feeds
-    poll_create: null
-    poll_delete: null
-    poll_update: null
-    precheck_create: null
-    precheck_delete: null
-    precheck_update: null
-    query: null
-    read_header: null
-    read_path: null
-    read_query: null
-    read_response_template: null
-    read_selector: feeds.#(displayName=="okta-user-context")
-    update_body_patches: null
-    update_header: null
-    update_method: null
-    update_path: null
-    update_query: null
-    write_only_attrs:
-    - details
-  restful_resource.webhook_feeds["okta"]:
-    body:
-      details:
-        feed_source_type: HTTPS_PUSH_WEBHOOK
-        httpsPushWebhookSettings: {}
-        log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/okta
-      display_name: webhook-okta
-      name: okta
-    check_existance: false
-    create_header: null
-    create_method: POST
-    create_query: null
-    create_selector: null
-    delete_body: null
-    delete_body_raw: null
-    delete_header: null
-    delete_method: DELETE
-    delete_path: $query_unescape(body.name)
-    delete_query: null
-    ephemeral_body: null
-    force_new_attrs: null
-    header: null
-    merge_patch_disabled: null
-    output_attrs: null
-    path: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/feeds
-    poll_create: null
-    poll_delete: null
-    poll_update: null
-    precheck_create: null
-    precheck_delete: null
-    precheck_update: null
-    query: null
-    read_header: null
-    read_path: null
-    read_query: null
-    read_response_template: null
-    read_selector: feeds.#(displayName=="okta")
-    update_body_patches: null
-    update_header: null
-    update_method: null
-    update_path: null
-    update_query: null
-    write_only_attrs:
-    - details
-  restful_resource.workspace_feeds["ws-activity"]:
-    body:
-      details:
-        asset_namespace: ''
-        feed_source_type: API
-        labels: {}
-        log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/WORKSPACE_ACTIVITY
-        workspace_activity_settings:
-          applications:
-          - access_transparency
-          - admin
-          - calendar
-          - chat
-          - drive
-          - gcp
-          - gplus
-          - groups
-          - groups_enterprise
-          - jamboard
-          - login
-          - meet
-          - mobile
-          - rules
-          - saml
-          - token
-          - user_accounts
-          - context_aware_access
-          - chrome
-          - data_studio
-          - keep
-          authentication:
-            claims:
-              audience: https://oauth2.googleapis.com/token
-              issuer: workspace-integration@test-project.iam.gserviceaccount.com
-              subject: secops-feed@example.com
-            rs_credentials: {}
-            token_endpoint: https://oauth2.googleapis.com/token
-          workspace_customer_id: CXXXXXXXX
-      display_name: ws-activity
-    check_existance: false
-    create_header: null
-    create_method: POST
-    create_query: null
-    create_selector: null
-    delete_body: null
-    delete_body_raw: null
-    delete_header: null
-    delete_method: DELETE
-    delete_path: $query_unescape(body.name)
-    delete_query: null
-    ephemeral_body: null
-    force_new_attrs: null
-    header: null
-    merge_patch_disabled: null
-    output_attrs: null
-    path: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/feeds
-    poll_create: null
-    poll_delete: null
-    poll_update: null
-    precheck_create: null
-    precheck_delete: null
-    precheck_update: null
-    query: null
-    read_header: null
-    read_path: null
-    read_query: null
-    read_response_template: null
-    read_selector: feeds.#(displayName=="ws-activity")
-    update_body_patches: null
-    update_header: null
-    update_method: null
-    update_path: null
-    update_query: null
-    write_only_attrs:
-    - details
-  restful_resource.workspace_feeds["ws-alerts"]:
-    body:
-      details:
-        asset_namespace: ''
-        feed_source_type: API
-        labels: {}
-        log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/WORKSPACE_ALERTS
-        workspace_alerts_settings:
-          authentication:
-            claims:
-              audience: https://oauth2.googleapis.com/token
-              issuer: workspace-integration@test-project.iam.gserviceaccount.com
-              subject: secops-feed@example.com
-            rs_credentials: {}
-            token_endpoint: https://oauth2.googleapis.com/token
-          workspace_customer_id: XXXXXXXX
-      display_name: ws-alerts
-    check_existance: false
-    create_header: null
-    create_method: POST
-    create_query: null
-    create_selector: null
-    delete_body: null
-    delete_body_raw: null
-    delete_header: null
-    delete_method: DELETE
-    delete_path: $query_unescape(body.name)
-    delete_query: null
-    ephemeral_body: null
-    force_new_attrs: null
-    header: null
-    merge_patch_disabled: null
-    output_attrs: null
-    path: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/feeds
-    poll_create: null
-    poll_delete: null
-    poll_update: null
-    precheck_create: null
-    precheck_delete: null
-    precheck_update: null
-    query: null
-    read_header: null
-    read_path: null
-    read_query: null
-    read_response_template: null
-    read_selector: feeds.#(displayName=="ws-alerts")
-    update_body_patches: null
-    update_header: null
-    update_method: null
-    update_path: null
-    update_query: null
-    write_only_attrs:
-    - details
-  restful_resource.workspace_feeds["ws-chrome"]:
-    body:
-      details:
-        asset_namespace: ''
-        feed_source_type: API
-        labels: {}
-        log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/WORKSPACE_CHROMEOS
-        workspace_chrome_os_settings:
-          authentication:
-            claims:
-              audience: https://oauth2.googleapis.com/token
-              issuer: workspace-integration@test-project.iam.gserviceaccount.com
-              subject: secops-feed@example.com
-            rs_credentials: {}
-            token_endpoint: https://oauth2.googleapis.com/token
-          workspace_customer_id: CXXXXXXXX
-      display_name: ws-chrome
-    check_existance: false
-    create_header: null
-    create_method: POST
-    create_query: null
-    create_selector: null
-    delete_body: null
-    delete_body_raw: null
-    delete_header: null
-    delete_method: DELETE
-    delete_path: $query_unescape(body.name)
-    delete_query: null
-    ephemeral_body: null
-    force_new_attrs: null
-    header: null
-    merge_patch_disabled: null
-    output_attrs: null
-    path: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/feeds
-    poll_create: null
-    poll_delete: null
-    poll_update: null
-    precheck_create: null
-    precheck_delete: null
-    precheck_update: null
-    query: null
-    read_header: null
-    read_path: null
-    read_query: null
-    read_response_template: null
-    read_selector: feeds.#(displayName=="ws-chrome")
-    update_body_patches: null
-    update_header: null
-    update_method: null
-    update_path: null
-    update_query: null
-    write_only_attrs:
-    - details
-  restful_resource.workspace_feeds["ws-group"]:
-    body:
-      details:
-        asset_namespace: ''
-        feed_source_type: API
-        labels: {}
-        log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/WORKSPACE_GROUPS
-        workspace_groups_settings:
-          authentication:
-            claims:
-              audience: https://oauth2.googleapis.com/token
-              issuer: workspace-integration@test-project.iam.gserviceaccount.com
-              subject: secops-feed@example.com
-            rs_credentials: {}
-            token_endpoint: https://oauth2.googleapis.com/token
-          workspace_customer_id: CXXXXXXXX
-      display_name: ws-group
-    check_existance: false
-    create_header: null
-    create_method: POST
-    create_query: null
-    create_selector: null
-    delete_body: null
-    delete_body_raw: null
-    delete_header: null
-    delete_method: DELETE
-    delete_path: $query_unescape(body.name)
-    delete_query: null
-    ephemeral_body: null
-    force_new_attrs: null
-    header: null
-    merge_patch_disabled: null
-    output_attrs: null
-    path: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/feeds
-    poll_create: null
-    poll_delete: null
-    poll_update: null
-    precheck_create: null
-    precheck_delete: null
-    precheck_update: null
-    query: null
-    read_header: null
-    read_path: null
-    read_query: null
-    read_response_template: null
-    read_selector: feeds.#(displayName=="ws-group")
-    update_body_patches: null
-    update_header: null
-    update_method: null
-    update_path: null
-    update_query: null
-    write_only_attrs:
-    - details
-  restful_resource.workspace_feeds["ws-mobile"]:
-    body:
-      details:
-        asset_namespace: ''
-        feed_source_type: API
-        labels: {}
-        log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/WORKSPACE_MOBILE
-        workspace_mobile_settings:
-          authentication:
-            claims:
-              audience: https://oauth2.googleapis.com/token
-              issuer: workspace-integration@test-project.iam.gserviceaccount.com
-              subject: secops-feed@example.com
-            rs_credentials: {}
-            token_endpoint: https://oauth2.googleapis.com/token
-          workspace_customer_id: CXXXXXXXX
-      display_name: ws-mobile
-    check_existance: false
-    create_header: null
-    create_method: POST
-    create_query: null
-    create_selector: null
-    delete_body: null
-    delete_body_raw: null
-    delete_header: null
-    delete_method: DELETE
-    delete_path: $query_unescape(body.name)
-    delete_query: null
-    ephemeral_body: null
-    force_new_attrs: null
-    header: null
-    merge_patch_disabled: null
-    output_attrs: null
-    path: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/feeds
-    poll_create: null
-    poll_delete: null
-    poll_update: null
-    precheck_create: null
-    precheck_delete: null
-    precheck_update: null
-    query: null
-    read_header: null
-    read_path: null
-    read_query: null
-    read_response_template: null
-    read_selector: feeds.#(displayName=="ws-mobile")
-    update_body_patches: null
-    update_header: null
-    update_method: null
-    update_path: null
-    update_query: null
-    write_only_attrs:
-    - details
-  restful_resource.workspace_feeds["ws-users"]:
-    body:
-      details:
-        asset_namespace: ''
-        feed_source_type: API
-        labels: {}
-        log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/WORKSPACE_USERS
-        workspace_users_settings:
-          authentication:
-            claims:
-              audience: https://oauth2.googleapis.com/token
-              issuer: workspace-integration@test-project.iam.gserviceaccount.com
-              subject: secops-feed@example.com
-            rs_credentials: {}
-            token_endpoint: https://oauth2.googleapis.com/token
-          workspace_customer_id: CXXXXXXXX
-      display_name: ws-users
-    check_existance: false
-    create_header: null
-    create_method: POST
-    create_query: null
-    create_selector: null
-    delete_body: null
-    delete_body_raw: null
-    delete_header: null
-    delete_method: DELETE
-    delete_path: $query_unescape(body.name)
-    delete_query: null
-    ephemeral_body: null
-    force_new_attrs: null
-    header: null
-    merge_patch_disabled: null
-    output_attrs: null
-    path: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/feeds
-    poll_create: null
-    poll_delete: null
-    poll_update: null
-    precheck_create: null
-    precheck_delete: null
-    precheck_update: null
-    query: null
-    read_header: null
-    read_path: null
-    read_query: null
-    read_response_template: null
-    read_selector: feeds.#(displayName=="ws-users")
-    update_body_patches: null
-    update_header: null
-    update_method: null
-    update_path: null
-    update_query: null
-    write_only_attrs:
-    - details
-
-counts:
-  google_apikeys_key: 1
-  google_chronicle_data_access_label: 1
-  google_chronicle_data_access_scope: 1
-  google_chronicle_data_table: 1
-  google_chronicle_data_table_row: 2
-  google_chronicle_reference_list: 1
-  google_chronicle_rule: 1
-  google_chronicle_rule_deployment: 1
-  google_monitoring_alert_policy: 3
-  google_monitoring_notification_channel: 1
-  google_org_policy_policy: 1
-  google_project: 1
-  google_project_iam_binding: 1
-  google_project_iam_custom_role: 7
-  google_project_iam_member: 5
-  google_project_service: 9
-  google_project_service_identity: 5
-  google_secret_manager_secret: 2
-  google_secret_manager_secret_version: 2
-  google_service_account: 1
-  google_service_account_key: 1
-  modules: 6
-  resources: 61
-  restful_operation: 1
-  restful_resource: 12
-
-outputs:
-  project_id: test-project
-
diff --git a/tests/modules/secops_feeds/examples/basic.yaml b/tests/modules/secops_feeds/examples/basic.yaml
new file mode 100644
index 0000000..25e5a29
--- /dev/null
+++ b/tests/modules/secops_feeds/examples/basic.yaml
@@ -0,0 +1,116 @@
+# Copyright 2026 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+values:
+  module.secops.google_chronicle_feed.feeds["azure-ad"]:
+    details:
+    - amazon_kinesis_firehose_settings: []
+      amazon_s3_settings: []
+      amazon_s3_v2_settings: []
+      amazon_sqs_settings: []
+      amazon_sqs_v2_settings: []
+      anomali_settings: []
+      asset_namespace: null
+      aws_ec2_hosts_settings: []
+      aws_ec2_instances_settings: []
+      aws_ec2_vpcs_settings: []
+      aws_iam_settings: []
+      azure_ad_audit_settings: []
+      azure_ad_context_settings: []
+      azure_ad_settings:
+      - auth_endpoint: login.microsoftonline.com
+        authentication:
+        - client_id: xxxxxxxxxxxxxxxx
+          client_secret: xxxxxxxxxxxxxxxx
+        hostname: graph.microsoft.com/v1.0/auditLogs/signIns
+        tenant_id: xxxxxxxxxxxxxxxx
+      azure_blob_store_settings: []
+      azure_blob_store_v2_settings: []
+      azure_event_hub_settings: []
+      azure_mdm_intune_settings: []
+      cloud_passage_settings: []
+      cortex_xdr_settings: []
+      crowdstrike_alerts_settings: []
+      crowdstrike_detects_settings: []
+      dummy_log_type_settings: []
+      duo_auth_settings: []
+      duo_user_context_settings: []
+      feed_source_type: API
+      fox_it_stix_settings: []
+      gcs_settings: []
+      gcs_v2_settings: []
+      google_cloud_identity_device_users_settings: []
+      google_cloud_identity_devices_settings: []
+      google_cloud_storage_event_driven_settings: []
+      http_settings: []
+      https_push_amazon_kinesis_firehose_settings: []
+      https_push_google_cloud_pubsub_settings: []
+      https_push_webhook_settings: []
+      imperva_waf_settings: []
+      labels: null
+      log_type: projects/project-id/locations/europe/instances/xxxxxxxxxxxxx/logTypes/AZURE_AD
+      mandiant_ioc_settings: []
+      microsoft_graph_alert_settings: []
+      microsoft_security_center_alert_settings: []
+      mimecast_mail_settings: []
+      mimecast_mail_v2_settings: []
+      netskope_alert_settings: []
+      netskope_alert_v2_settings: []
+      office365_settings: []
+      okta_settings: []
+      okta_user_context_settings: []
+      pan_ioc_settings: []
+      pan_prisma_cloud_settings: []
+      proofpoint_mail_settings: []
+      proofpoint_on_demand_settings: []
+      pubsub_settings: []
+      qualys_scan_settings: []
+      qualys_vm_settings: []
+      rapid7_insight_settings: []
+      recorded_future_ioc_settings: []
+      rh_isac_ioc_settings: []
+      salesforce_settings: []
+      sentinelone_alert_settings: []
+      service_now_cmdb_settings: []
+      sftp_settings: []
+      symantec_event_export_settings: []
+      thinkst_canary_settings: []
+      threat_connect_ioc_settings: []
+      threat_connect_ioc_v3_settings: []
+      trellix_hx_alerts_settings: []
+      trellix_hx_bulk_acqs_settings: []
+      trellix_hx_hosts_settings: []
+      webhook_settings: []
+      workday_settings: []
+      workspace_activity_settings: []
+      workspace_alerts_settings: []
+      workspace_chrome_os_settings: []
+      workspace_groups_settings: []
+      workspace_mobile_settings: []
+      workspace_privileges_settings: []
+      workspace_users_settings: []
+    display_name: Azure AD
+    enabled: null
+    failure_details: []
+    instance: xxxxxxxxxxxxx
+    location: europe
+    project: project-id
+    timeouts: null
+
+counts:
+  google_chronicle_feed: 1
+  modules: 1
+  resources: 1
+
+outputs: {}
\ No newline at end of file

From 8e49e8ba4444da4559055a3e036bf628dde387c2 Mon Sep 17 00:00:00 2001
From: bruzzechesse <bruzzechesse@google.com>
Date: Tue, 21 Apr 2026 14:58:52 +0200
Subject: [PATCH 2/5] fix

---
 modules/secops-feeds/README.md  | 2 +-
 modules/secops-feeds/outputs.tf | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/secops-feeds/README.md b/modules/secops-feeds/README.md
index ec05bad..99984a2 100644
--- a/modules/secops-feeds/README.md
+++ b/modules/secops-feeds/README.md
@@ -115,5 +115,5 @@ module "secops" {
 
 | name | description | sensitive |
 |---|---|:---:|
-| [feeds_id](outputs.tf#L17) |  |  |
+| [feeds_id](outputs.tf#L17) | A map of Chronicle feeds to create. |  |
 <!-- END TFDOC -->
diff --git a/modules/secops-feeds/outputs.tf b/modules/secops-feeds/outputs.tf
index 90f5e73..793c7e6 100644
--- a/modules/secops-feeds/outputs.tf
+++ b/modules/secops-feeds/outputs.tf
@@ -15,6 +15,7 @@
  */
 
 output "feeds_id" {
+  description = "A map of Chronicle feeds to create."
   value = {
     for key, value in google_chronicle_feed.feeds : key => element(split("/", value.id), length(split("/", value.id)) - 1)
   }

From b3a9c6be26e4af4f6d8d69c3e4e640640adc227c Mon Sep 17 00:00:00 2001
From: bruzzechesse <bruzzechesse@google.com>
Date: Tue, 21 Apr 2026 15:17:58 +0200
Subject: [PATCH 3/5] fix test

---
 modules/secops-feeds/main.tf                  |   14 +-
 tests/blueprints/bindplane-gke/basic.yaml     |    2 +-
 tests/blueprints/secops-instance/basic.tfvars |    4 +-
 tests/blueprints/secops-instance/basic.yaml   | 2838 +++++++++++++++++
 4 files changed, 2847 insertions(+), 11 deletions(-)

diff --git a/modules/secops-feeds/main.tf b/modules/secops-feeds/main.tf
index dced257..9c8ae3d 100644
--- a/modules/secops-feeds/main.tf
+++ b/modules/secops-feeds/main.tf
@@ -1293,7 +1293,7 @@ resource "google_chronicle_feed" "feeds" {
               }
             }
             rs_credentials {
-              private_key = try(data.google_secret_manager_secret_version.value.secret_data, lookup(rs_credentials.value, "private_key", null))
+              private_key = try(data.google_secret_manager_regional_secret_version.secops_secrets[each.key].secret_data, lookup(authentication.value.rs_credentials, "private_key", null))
             }
           }
         }
@@ -1317,7 +1317,7 @@ resource "google_chronicle_feed" "feeds" {
               }
             }
             rs_credentials {
-              private_key = try(data.google_secret_manager_secret_version.value.secret_data, lookup(rs_credentials.value, "private_key", null))
+              private_key = try(data.google_secret_manager_regional_secret_version.secops_secrets[each.key].secret_data, lookup(authentication.value.rs_credentials, "private_key", null))
             }
           }
         }
@@ -1341,7 +1341,7 @@ resource "google_chronicle_feed" "feeds" {
               }
             }
             rs_credentials {
-              private_key = try(data.google_secret_manager_secret_version.value.secret_data, lookup(rs_credentials.value, "private_key", null))
+              private_key = try(data.google_secret_manager_regional_secret_version.secops_secrets[each.key].secret_data, lookup(authentication.value.rs_credentials, "private_key", null))
             }
           }
         }
@@ -1365,7 +1365,7 @@ resource "google_chronicle_feed" "feeds" {
               }
             }
             rs_credentials {
-              private_key = try(data.google_secret_manager_secret_version.value.secret_data, lookup(rs_credentials.value, "private_key", null))
+              private_key = try(data.google_secret_manager_regional_secret_version.secops_secrets[each.key].secret_data, lookup(authentication.value.rs_credentials, "private_key", null))
             }
           }
         }
@@ -1389,7 +1389,7 @@ resource "google_chronicle_feed" "feeds" {
               }
             }
             rs_credentials {
-              private_key = try(data.google_secret_manager_secret_version.value.secret_data, lookup(rs_credentials.value, "private_key", null))
+              private_key = try(data.google_secret_manager_regional_secret_version.secops_secrets[each.key].secret_data, lookup(authentication.value.rs_credentials, "private_key", null))
             }
           }
         }
@@ -1413,7 +1413,7 @@ resource "google_chronicle_feed" "feeds" {
               }
             }
             rs_credentials {
-              private_key = try(data.google_secret_manager_secret_version.value.secret_data, lookup(rs_credentials.value, "private_key", null))
+              private_key = try(data.google_secret_manager_regional_secret_version.secops_secrets[each.key].secret_data, lookup(authentication.value.rs_credentials, "private_key", null))
             }
           }
         }
@@ -1438,7 +1438,7 @@ resource "google_chronicle_feed" "feeds" {
               }
             }
             rs_credentials {
-              private_key = try(data.google_secret_manager_secret_version.value.secret_data, lookup(rs_credentials.value, "private_key", null))
+              private_key = try(data.google_secret_manager_regional_secret_version.secops_secrets[each.key].secret_data, lookup(authentication.value.rs_credentials, "private_key", null))
             }
           }
         }
diff --git a/tests/blueprints/bindplane-gke/basic.yaml b/tests/blueprints/bindplane-gke/basic.yaml
index 2c0e727..fcb41f0 100644
--- a/tests/blueprints/bindplane-gke/basic.yaml
+++ b/tests/blueprints/bindplane-gke/basic.yaml
@@ -59,7 +59,7 @@ values:
     values:
     - null
     verify: false
-    version: 1.33.2
+    version: 1.34.0
     wait: true
     wait_for_jobs: false
   module.addresses.google_compute_address.internal["ingress"]:
diff --git a/tests/blueprints/secops-instance/basic.tfvars b/tests/blueprints/secops-instance/basic.tfvars
index 5b028b0..5d6fae2 100644
--- a/tests/blueprints/secops-instance/basic.tfvars
+++ b/tests/blueprints/secops-instance/basic.tfvars
@@ -45,9 +45,7 @@ third_party_integration_config = {
     customer_id    = "CXXXXXXXX"
   }
   okta = {
-    auth_header_key_values = {
-      "Authorization" : "XXXXXXXXXXXXX"
-    }
+    api_key = "XXXXXXXXXXXXX"
     hostname                   = "xxxxx.okta.com"
     manager_id_reference_field = "managerId"
   }
diff --git a/tests/blueprints/secops-instance/basic.yaml b/tests/blueprints/secops-instance/basic.yaml
index a087f1b..44bca29 100644
--- a/tests/blueprints/secops-instance/basic.yaml
+++ b/tests/blueprints/secops-instance/basic.yaml
@@ -12,3 +12,2841 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+values:
+  google_apikeys_key.feed_api_key[0]:
+    display_name: SecOps Feeds API Key
+    name: secops-feeds-key
+    project: test-project
+    restrictions:
+    - android_key_restrictions: []
+      api_targets:
+      - methods: null
+        service: chronicle.googleapis.com
+      browser_key_restrictions: []
+      ios_key_restrictions: []
+      server_key_restrictions: []
+    service_account_email: null
+    timeouts: null
+  google_monitoring_alert_policy.chronicle_ingestion_alert[0]:
+    alert_strategy: []
+    combiner: OR
+    conditions:
+    - condition_absent: []
+      condition_matched_log: []
+      condition_monitoring_query_language: []
+      condition_prometheus_query_language:
+      - alert_rule: null
+        disable_metric_validation: null
+        duration: 120s
+        evaluation_interval: 60s
+        labels: null
+        query: 100 * sum(rate(chronicle_googleapis_com:ingestion_log_bytes_count{monitored_resource="chronicle.googleapis.com/Collector"}[10m]))
+          / min(min_over_time(chronicle_googleapis_com:ingestion_quota_limit{monitored_resource="chronicle.googleapis.com/Collector"}[10m]))
+          > 80
+        rule_group: null
+      condition_sql: []
+      condition_threshold: []
+      display_name: SecOps ingestion is over 80% of the quota
+    display_name: SecOps Ingestion Rate close to ingestion limit.
+    documentation:
+    - content: The SecOps data ingestion rate has exceeded 80% of the provisioned
+        quota. Please investigate the data sources to prevent potential data loss.
+      links: []
+      mime_type: text/markdown
+      subject: null
+    enabled: true
+    project: test-project
+    severity: null
+    timeouts: null
+    user_labels:
+      severity: warning
+  google_monitoring_alert_policy.secops_forwarder_silence[0]:
+    alert_strategy:
+    - auto_close: 604800s
+      notification_channel_strategy: []
+      notification_prompts: null
+      notification_rate_limit: []
+    combiner: OR
+    conditions:
+    - condition_absent:
+      - aggregations:
+        - alignment_period: 3600s
+          cross_series_reducer: REDUCE_MEAN
+          group_by_fields:
+          - resource.label.collector_id
+          per_series_aligner: ALIGN_MEAN
+        duration: 3600s
+        filter: metric.type="chronicle.googleapis.com/ingestion/log/record_count"
+          resource.type="chronicle.googleapis.com/Collector"
+        trigger:
+        - count: 1
+          percent: null
+      condition_matched_log: []
+      condition_monitoring_query_language: []
+      condition_prometheus_query_language: []
+      condition_sql: []
+      condition_threshold: []
+      display_name: No logs received from a SecOps forwarder for 60 minutes
+    display_name: Detect Silent Google SecOps Forwarders
+    documentation:
+    - content: 'This policy triggers an alert when a Google SecOps forwarder (collector_id:
+        ${resource.label.collector_id}) has not sent any logs for 60 minutes.'
+      links: []
+      mime_type: text/markdown
+      subject: null
+    enabled: true
+    project: test-project
+    severity: null
+    timeouts: null
+    user_labels:
+      severity: warning
+  google_monitoring_alert_policy.secops_normalized_events_drop[0]:
+    alert_strategy:
+    - auto_close: 604800s
+      notification_channel_strategy: []
+      notification_prompts: null
+      notification_rate_limit: []
+    combiner: OR
+    conditions:
+    - condition_absent: []
+      condition_matched_log: []
+      condition_monitoring_query_language: []
+      condition_prometheus_query_language:
+      - alert_rule: null
+        disable_metric_validation: null
+        duration: 3600s
+        evaluation_interval: 3600s
+        labels: null
+        query: 100 * abs(sum by (log_type) (chronicle_googleapis_com:ingestion_log_record_count{monitored_resource="chronicle.googleapis.com/Collector"})
+          - sum by (log_type) (chronicle_googleapis_com:normalizer_event_record_count{monitored_resource="chronicle.googleapis.com/Collector"}))
+          / sum by (log_type) (chronicle_googleapis_com:ingestion_log_record_count{monitored_resource="chronicle.googleapis.com/Collector"})
+          > 50
+        rule_group: null
+      condition_sql: []
+      condition_threshold: []
+      display_name: Decrease in ration between ingested raw logs and events normalized
+        per log type for 60 minutes
+    display_name: Detect drop in events normalized per raw loogs ingested in Google
+      SecOps
+    documentation:
+    - content: 'This policy triggers an alert when a Google SecOps forwarder (log_type:
+        ${resource.label.log_type}) has not sent any logs for 60 minutes.'
+      links: []
+      mime_type: text/markdown
+      subject: null
+    enabled: true
+    project: test-project
+    severity: null
+    timeouts: null
+    user_labels:
+      severity: warning
+  google_monitoring_notification_channel.email_notification["user@example.com"]:
+    description: null
+    display_name: SecOps Notification email
+    enabled: true
+    force_delete: false
+    labels:
+      email_address: user@example.com
+    project: test-project
+    sensitive_labels: []
+    timeouts: null
+    type: email
+    user_labels: null
+  google_service_account_key.workspace_integration_key[0]:
+    keepers: null
+    key_algorithm: KEY_ALG_RSA_2048
+    private_key_type: TYPE_GOOGLE_CREDENTIALS_FILE
+    public_key_data: null
+    public_key_type: TYPE_X509_PEM_FILE
+    service_account_id: workspace-integration@test-project.iam.gserviceaccount.com
+  module.azure_ad_feeds[0].google_chronicle_feed.feeds["azure-ad"]:
+    details:
+    - amazon_kinesis_firehose_settings: []
+      amazon_s3_settings: []
+      amazon_s3_v2_settings: []
+      amazon_sqs_settings: []
+      amazon_sqs_v2_settings: []
+      anomali_settings: []
+      asset_namespace: null
+      aws_ec2_hosts_settings: []
+      aws_ec2_instances_settings: []
+      aws_ec2_vpcs_settings: []
+      aws_iam_settings: []
+      azure_ad_audit_settings: []
+      azure_ad_context_settings: []
+      azure_ad_settings:
+      - auth_endpoint: login.microsoftonline.com
+        authentication:
+        - client_id: xxxxxxx-xxxxx-xxxxx-xxxxxxx
+          client_secret: xxxxxxxxxxxxxxxxxxxxxxxxx
+        hostname: graph.microsoft.com/v1.0/auditLogs/signIns
+        tenant_id: xxxxxx-xxxxx-xxxxx-xxxxxxx
+      azure_blob_store_settings: []
+      azure_blob_store_v2_settings: []
+      azure_event_hub_settings: []
+      azure_mdm_intune_settings: []
+      cloud_passage_settings: []
+      cortex_xdr_settings: []
+      crowdstrike_alerts_settings: []
+      crowdstrike_detects_settings: []
+      dummy_log_type_settings: []
+      duo_auth_settings: []
+      duo_user_context_settings: []
+      feed_source_type: API
+      fox_it_stix_settings: []
+      gcs_settings: []
+      gcs_v2_settings: []
+      google_cloud_identity_device_users_settings: []
+      google_cloud_identity_devices_settings: []
+      google_cloud_storage_event_driven_settings: []
+      http_settings: []
+      https_push_amazon_kinesis_firehose_settings: []
+      https_push_google_cloud_pubsub_settings: []
+      https_push_webhook_settings: []
+      imperva_waf_settings: []
+      labels: null
+      log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/AZURE_AD
+      mandiant_ioc_settings: []
+      microsoft_graph_alert_settings: []
+      microsoft_security_center_alert_settings: []
+      mimecast_mail_settings: []
+      mimecast_mail_v2_settings: []
+      netskope_alert_settings: []
+      netskope_alert_v2_settings: []
+      office365_settings: []
+      okta_settings: []
+      okta_user_context_settings: []
+      pan_ioc_settings: []
+      pan_prisma_cloud_settings: []
+      proofpoint_mail_settings: []
+      proofpoint_on_demand_settings: []
+      pubsub_settings: []
+      qualys_scan_settings: []
+      qualys_vm_settings: []
+      rapid7_insight_settings: []
+      recorded_future_ioc_settings: []
+      rh_isac_ioc_settings: []
+      salesforce_settings: []
+      sentinelone_alert_settings: []
+      service_now_cmdb_settings: []
+      sftp_settings: []
+      symantec_event_export_settings: []
+      thinkst_canary_settings: []
+      threat_connect_ioc_settings: []
+      threat_connect_ioc_v3_settings: []
+      trellix_hx_alerts_settings: []
+      trellix_hx_bulk_acqs_settings: []
+      trellix_hx_hosts_settings: []
+      webhook_settings: []
+      workday_settings: []
+      workspace_activity_settings: []
+      workspace_alerts_settings: []
+      workspace_chrome_os_settings: []
+      workspace_groups_settings: []
+      workspace_mobile_settings: []
+      workspace_privileges_settings: []
+      workspace_users_settings: []
+    display_name: Azure AD
+    enabled: null
+    failure_details: []
+    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
+    location: europe
+    project: test-project
+    timeouts: null
+  module.azure_ad_feeds[0].google_chronicle_feed.feeds["azure-ad-audit"]:
+    details:
+    - amazon_kinesis_firehose_settings: []
+      amazon_s3_settings: []
+      amazon_s3_v2_settings: []
+      amazon_sqs_settings: []
+      amazon_sqs_v2_settings: []
+      anomali_settings: []
+      asset_namespace: null
+      aws_ec2_hosts_settings: []
+      aws_ec2_instances_settings: []
+      aws_ec2_vpcs_settings: []
+      aws_iam_settings: []
+      azure_ad_audit_settings:
+      - auth_endpoint: login.microsoftonline.com
+        authentication:
+        - client_id: xxxxxxx-xxxxx-xxxxx-xxxxxxx
+          client_secret: xxxxxxxxxxxxxxxxxxxxxxxxx
+        hostname: graph.microsoft.com/v1.0/auditLogs/directoryAudits
+        tenant_id: xxxxxx-xxxxx-xxxxx-xxxxxxx
+      azure_ad_context_settings: []
+      azure_ad_settings: []
+      azure_blob_store_settings: []
+      azure_blob_store_v2_settings: []
+      azure_event_hub_settings: []
+      azure_mdm_intune_settings: []
+      cloud_passage_settings: []
+      cortex_xdr_settings: []
+      crowdstrike_alerts_settings: []
+      crowdstrike_detects_settings: []
+      dummy_log_type_settings: []
+      duo_auth_settings: []
+      duo_user_context_settings: []
+      feed_source_type: API
+      fox_it_stix_settings: []
+      gcs_settings: []
+      gcs_v2_settings: []
+      google_cloud_identity_device_users_settings: []
+      google_cloud_identity_devices_settings: []
+      google_cloud_storage_event_driven_settings: []
+      http_settings: []
+      https_push_amazon_kinesis_firehose_settings: []
+      https_push_google_cloud_pubsub_settings: []
+      https_push_webhook_settings: []
+      imperva_waf_settings: []
+      labels: null
+      log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/AZURE_AD_AUDIT
+      mandiant_ioc_settings: []
+      microsoft_graph_alert_settings: []
+      microsoft_security_center_alert_settings: []
+      mimecast_mail_settings: []
+      mimecast_mail_v2_settings: []
+      netskope_alert_settings: []
+      netskope_alert_v2_settings: []
+      office365_settings: []
+      okta_settings: []
+      okta_user_context_settings: []
+      pan_ioc_settings: []
+      pan_prisma_cloud_settings: []
+      proofpoint_mail_settings: []
+      proofpoint_on_demand_settings: []
+      pubsub_settings: []
+      qualys_scan_settings: []
+      qualys_vm_settings: []
+      rapid7_insight_settings: []
+      recorded_future_ioc_settings: []
+      rh_isac_ioc_settings: []
+      salesforce_settings: []
+      sentinelone_alert_settings: []
+      service_now_cmdb_settings: []
+      sftp_settings: []
+      symantec_event_export_settings: []
+      thinkst_canary_settings: []
+      threat_connect_ioc_settings: []
+      threat_connect_ioc_v3_settings: []
+      trellix_hx_alerts_settings: []
+      trellix_hx_bulk_acqs_settings: []
+      trellix_hx_hosts_settings: []
+      webhook_settings: []
+      workday_settings: []
+      workspace_activity_settings: []
+      workspace_alerts_settings: []
+      workspace_chrome_os_settings: []
+      workspace_groups_settings: []
+      workspace_mobile_settings: []
+      workspace_privileges_settings: []
+      workspace_users_settings: []
+    display_name: Azure AD Audit
+    enabled: null
+    failure_details: []
+    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
+    location: europe
+    project: test-project
+    timeouts: null
+  module.azure_ad_feeds[0].google_chronicle_feed.feeds["azure-ad-context"]:
+    details:
+    - amazon_kinesis_firehose_settings: []
+      amazon_s3_settings: []
+      amazon_s3_v2_settings: []
+      amazon_sqs_settings: []
+      amazon_sqs_v2_settings: []
+      anomali_settings: []
+      asset_namespace: null
+      aws_ec2_hosts_settings: []
+      aws_ec2_instances_settings: []
+      aws_ec2_vpcs_settings: []
+      aws_iam_settings: []
+      azure_ad_audit_settings: []
+      azure_ad_context_settings:
+      - auth_endpoint: login.microsoftonline.com
+        authentication:
+        - client_id: xxxxxxx-xxxxx-xxxxx-xxxxxxx
+          client_secret: xxxxxxxxxxxxxxxxxxxxxxxxx
+        hostname: graph.microsoft.com/beta
+        retrieve_devices: null
+        retrieve_groups: null
+        tenant_id: xxxxxx-xxxxx-xxxxx-xxxxxxx
+      azure_ad_settings: []
+      azure_blob_store_settings: []
+      azure_blob_store_v2_settings: []
+      azure_event_hub_settings: []
+      azure_mdm_intune_settings: []
+      cloud_passage_settings: []
+      cortex_xdr_settings: []
+      crowdstrike_alerts_settings: []
+      crowdstrike_detects_settings: []
+      dummy_log_type_settings: []
+      duo_auth_settings: []
+      duo_user_context_settings: []
+      feed_source_type: API
+      fox_it_stix_settings: []
+      gcs_settings: []
+      gcs_v2_settings: []
+      google_cloud_identity_device_users_settings: []
+      google_cloud_identity_devices_settings: []
+      google_cloud_storage_event_driven_settings: []
+      http_settings: []
+      https_push_amazon_kinesis_firehose_settings: []
+      https_push_google_cloud_pubsub_settings: []
+      https_push_webhook_settings: []
+      imperva_waf_settings: []
+      labels: null
+      log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/AZURE_AD_CONTEXT
+      mandiant_ioc_settings: []
+      microsoft_graph_alert_settings: []
+      microsoft_security_center_alert_settings: []
+      mimecast_mail_settings: []
+      mimecast_mail_v2_settings: []
+      netskope_alert_settings: []
+      netskope_alert_v2_settings: []
+      office365_settings: []
+      okta_settings: []
+      okta_user_context_settings: []
+      pan_ioc_settings: []
+      pan_prisma_cloud_settings: []
+      proofpoint_mail_settings: []
+      proofpoint_on_demand_settings: []
+      pubsub_settings: []
+      qualys_scan_settings: []
+      qualys_vm_settings: []
+      rapid7_insight_settings: []
+      recorded_future_ioc_settings: []
+      rh_isac_ioc_settings: []
+      salesforce_settings: []
+      sentinelone_alert_settings: []
+      service_now_cmdb_settings: []
+      sftp_settings: []
+      symantec_event_export_settings: []
+      thinkst_canary_settings: []
+      threat_connect_ioc_settings: []
+      threat_connect_ioc_v3_settings: []
+      trellix_hx_alerts_settings: []
+      trellix_hx_bulk_acqs_settings: []
+      trellix_hx_hosts_settings: []
+      webhook_settings: []
+      workday_settings: []
+      workspace_activity_settings: []
+      workspace_alerts_settings: []
+      workspace_chrome_os_settings: []
+      workspace_groups_settings: []
+      workspace_mobile_settings: []
+      workspace_privileges_settings: []
+      workspace_users_settings: []
+    display_name: Azure AD Context
+    enabled: null
+    failure_details: []
+    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
+    location: europe
+    project: test-project
+    timeouts: null
+  module.okta_feeds[0].google_chronicle_feed.feeds["okta"]:
+    details:
+    - amazon_kinesis_firehose_settings: []
+      amazon_s3_settings: []
+      amazon_s3_v2_settings: []
+      amazon_sqs_settings: []
+      amazon_sqs_v2_settings: []
+      anomali_settings: []
+      asset_namespace: null
+      aws_ec2_hosts_settings: []
+      aws_ec2_instances_settings: []
+      aws_ec2_vpcs_settings: []
+      aws_iam_settings: []
+      azure_ad_audit_settings: []
+      azure_ad_context_settings: []
+      azure_ad_settings: []
+      azure_blob_store_settings: []
+      azure_blob_store_v2_settings: []
+      azure_event_hub_settings: []
+      azure_mdm_intune_settings: []
+      cloud_passage_settings: []
+      cortex_xdr_settings: []
+      crowdstrike_alerts_settings: []
+      crowdstrike_detects_settings: []
+      dummy_log_type_settings: []
+      duo_auth_settings: []
+      duo_user_context_settings: []
+      feed_source_type: API
+      fox_it_stix_settings: []
+      gcs_settings: []
+      gcs_v2_settings: []
+      google_cloud_identity_device_users_settings: []
+      google_cloud_identity_devices_settings: []
+      google_cloud_storage_event_driven_settings: []
+      http_settings: []
+      https_push_amazon_kinesis_firehose_settings: []
+      https_push_google_cloud_pubsub_settings: []
+      https_push_webhook_settings: []
+      imperva_waf_settings: []
+      labels: null
+      log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/OKTA
+      mandiant_ioc_settings: []
+      microsoft_graph_alert_settings: []
+      microsoft_security_center_alert_settings: []
+      mimecast_mail_settings: []
+      mimecast_mail_v2_settings: []
+      netskope_alert_settings: []
+      netskope_alert_v2_settings: []
+      office365_settings: []
+      okta_settings:
+      - authentication:
+        - header_key_values:
+          - key: Authorization
+            value: XXXXXXXXXXXXX
+        hostname: xxxxx.okta.com
+      okta_user_context_settings: []
+      pan_ioc_settings: []
+      pan_prisma_cloud_settings: []
+      proofpoint_mail_settings: []
+      proofpoint_on_demand_settings: []
+      pubsub_settings: []
+      qualys_scan_settings: []
+      qualys_vm_settings: []
+      rapid7_insight_settings: []
+      recorded_future_ioc_settings: []
+      rh_isac_ioc_settings: []
+      salesforce_settings: []
+      sentinelone_alert_settings: []
+      service_now_cmdb_settings: []
+      sftp_settings: []
+      symantec_event_export_settings: []
+      thinkst_canary_settings: []
+      threat_connect_ioc_settings: []
+      threat_connect_ioc_v3_settings: []
+      trellix_hx_alerts_settings: []
+      trellix_hx_bulk_acqs_settings: []
+      trellix_hx_hosts_settings: []
+      webhook_settings: []
+      workday_settings: []
+      workspace_activity_settings: []
+      workspace_alerts_settings: []
+      workspace_chrome_os_settings: []
+      workspace_groups_settings: []
+      workspace_mobile_settings: []
+      workspace_privileges_settings: []
+      workspace_users_settings: []
+    display_name: Okta
+    enabled: null
+    failure_details: []
+    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
+    location: europe
+    project: test-project
+    timeouts: null
+  module.okta_feeds[0].google_chronicle_feed.feeds["okta-user-context"]:
+    details:
+    - amazon_kinesis_firehose_settings: []
+      amazon_s3_settings: []
+      amazon_s3_v2_settings: []
+      amazon_sqs_settings: []
+      amazon_sqs_v2_settings: []
+      anomali_settings: []
+      asset_namespace: null
+      aws_ec2_hosts_settings: []
+      aws_ec2_instances_settings: []
+      aws_ec2_vpcs_settings: []
+      aws_iam_settings: []
+      azure_ad_audit_settings: []
+      azure_ad_context_settings: []
+      azure_ad_settings: []
+      azure_blob_store_settings: []
+      azure_blob_store_v2_settings: []
+      azure_event_hub_settings: []
+      azure_mdm_intune_settings: []
+      cloud_passage_settings: []
+      cortex_xdr_settings: []
+      crowdstrike_alerts_settings: []
+      crowdstrike_detects_settings: []
+      dummy_log_type_settings: []
+      duo_auth_settings: []
+      duo_user_context_settings: []
+      feed_source_type: API
+      fox_it_stix_settings: []
+      gcs_settings: []
+      gcs_v2_settings: []
+      google_cloud_identity_device_users_settings: []
+      google_cloud_identity_devices_settings: []
+      google_cloud_storage_event_driven_settings: []
+      http_settings: []
+      https_push_amazon_kinesis_firehose_settings: []
+      https_push_google_cloud_pubsub_settings: []
+      https_push_webhook_settings: []
+      imperva_waf_settings: []
+      labels: null
+      log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/OKTA_USER_CONTEXT
+      mandiant_ioc_settings: []
+      microsoft_graph_alert_settings: []
+      microsoft_security_center_alert_settings: []
+      mimecast_mail_settings: []
+      mimecast_mail_v2_settings: []
+      netskope_alert_settings: []
+      netskope_alert_v2_settings: []
+      office365_settings: []
+      okta_settings: []
+      okta_user_context_settings:
+      - authentication:
+        - header_key_values:
+          - key: Authorization
+            value: XXXXXXXXXXXXX
+        hostname: xxxxx.okta.com
+        manager_id_reference_field: managerId
+      pan_ioc_settings: []
+      pan_prisma_cloud_settings: []
+      proofpoint_mail_settings: []
+      proofpoint_on_demand_settings: []
+      pubsub_settings: []
+      qualys_scan_settings: []
+      qualys_vm_settings: []
+      rapid7_insight_settings: []
+      recorded_future_ioc_settings: []
+      rh_isac_ioc_settings: []
+      salesforce_settings: []
+      sentinelone_alert_settings: []
+      service_now_cmdb_settings: []
+      sftp_settings: []
+      symantec_event_export_settings: []
+      thinkst_canary_settings: []
+      threat_connect_ioc_settings: []
+      threat_connect_ioc_v3_settings: []
+      trellix_hx_alerts_settings: []
+      trellix_hx_bulk_acqs_settings: []
+      trellix_hx_hosts_settings: []
+      webhook_settings: []
+      workday_settings: []
+      workspace_activity_settings: []
+      workspace_alerts_settings: []
+      workspace_chrome_os_settings: []
+      workspace_groups_settings: []
+      workspace_mobile_settings: []
+      workspace_privileges_settings: []
+      workspace_users_settings: []
+    display_name: Okta User Context
+    enabled: null
+    failure_details: []
+    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
+    location: europe
+    project: test-project
+    timeouts: null
+  module.project.google_org_policy_policy.default["iam.disableServiceAccountKeyCreation"]:
+    dry_run_spec: []
+    name: projects/test-project/policies/iam.disableServiceAccountKeyCreation
+    parent: projects/test-project
+    spec:
+    - inherit_from_parent: null
+      reset: null
+      rules:
+      - allow_all: null
+        condition: []
+        deny_all: null
+        enforce: 'FALSE'
+        parameters: null
+        values: []
+    timeouts: null
+  module.project.google_project.project[0]:
+    auto_create_network: false
+    billing_account: 12345-ABCDEF-12345
+    deletion_policy: DELETE
+    effective_labels:
+      goog-terraform-provisioned: 'true'
+    folder_id: '2345678901'
+    labels: null
+    name: test-project
+    org_id: null
+    project_id: test-project
+    tags: null
+    terraform_labels:
+      goog-terraform-provisioned: 'true'
+    timeouts: null
+  module.project.google_project_iam_binding.authoritative["roles/chronicle.viewer"]:
+    condition: []
+    members:
+    - group:gcp-secops-admins@example.com
+    project: test-project
+    role: roles/chronicle.viewer
+  module.project.google_project_iam_custom_role.roles["SecOpsDetectionEngineer"]:
+    description: Terraform-managed.
+    permissions:
+    - chronicle.ais.createFeedback
+    - chronicle.ais.translateUdmQuery
+    - chronicle.ais.translateYlRule
+    - chronicle.conversations.get
+    - chronicle.conversations.list
+    - chronicle.conversations.update
+    - chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections
+    - chronicle.curatedRuleSetCategories.get
+    - chronicle.curatedRuleSetCategories.list
+    - chronicle.curatedRuleSetDeployments.batchUpdate
+    - chronicle.curatedRuleSetDeployments.get
+    - chronicle.curatedRuleSetDeployments.list
+    - chronicle.curatedRuleSetDeployments.update
+    - chronicle.curatedRuleSets.countCuratedRuleSetDetections
+    - chronicle.curatedRuleSets.get
+    - chronicle.curatedRuleSets.list
+    - chronicle.curatedRules.get
+    - chronicle.curatedRules.list
+    - chronicle.dashboardCharts.get
+    - chronicle.dashboardCharts.list
+    - chronicle.dashboardQueries.execute
+    - chronicle.dashboardQueries.get
+    - chronicle.dashboardQueries.list
+    - chronicle.dashboards.copy
+    - chronicle.dashboards.create
+    - chronicle.dashboards.delete
+    - chronicle.dashboards.edit
+    - chronicle.dashboards.get
+    - chronicle.dashboards.list
+    - chronicle.dashboards.schedule
+    - chronicle.dataAccessLabels.get
+    - chronicle.dataAccessLabels.list
+    - chronicle.dataAccessLabels.update
+    - chronicle.dataAccessScopes.get
+    - chronicle.dataAccessScopes.list
+    - chronicle.dataAccessScopes.permit
+    - chronicle.dataAccessScopes.update
+    - chronicle.dataTableOperationErrors.get
+    - chronicle.dataTableRows.asyncBulkCreate
+    - chronicle.dataTableRows.asyncBulkReplace
+    - chronicle.dataTableRows.asyncBulkUpdate
+    - chronicle.dataTableRows.bulkCreate
+    - chronicle.dataTableRows.bulkReplace
+    - chronicle.dataTableRows.bulkUpdate
+    - chronicle.dataTableRows.create
+    - chronicle.dataTableRows.delete
+    - chronicle.dataTableRows.get
+    - chronicle.dataTableRows.list
+    - chronicle.dataTableRows.update
+    - chronicle.dataTables.bulkCreateDataTableAsync
+    - chronicle.dataTables.create
+    - chronicle.dataTables.delete
+    - chronicle.dataTables.get
+    - chronicle.dataTables.list
+    - chronicle.dataTables.update
+    - chronicle.enrichmentControls.create
+    - chronicle.enrichmentControls.delete
+    - chronicle.enrichmentControls.get
+    - chronicle.enrichmentControls.list
+    - chronicle.entities.batchCreate
+    - chronicle.entities.batchDelete
+    - chronicle.entities.batchValidate
+    - chronicle.entities.create
+    - chronicle.entities.delete
+    - chronicle.entities.find
+    - chronicle.entities.findRelatedEntities
+    - chronicle.entities.get
+    - chronicle.entities.import
+    - chronicle.entities.list
+    - chronicle.entities.modifyEntityRiskScore
+    - chronicle.entities.queryEntityRiskScoreModifications
+    - chronicle.entities.searchEntities
+    - chronicle.entities.summarize
+    - chronicle.entities.summarizeFromQuery
+    - chronicle.events.batchGet
+    - chronicle.events.findUdmFieldValues
+    - chronicle.events.get
+    - chronicle.events.import
+    - chronicle.events.queryProductSourceStats
+    - chronicle.events.searchRawLogs
+    - chronicle.events.udmSearch
+    - chronicle.events.validateQuery
+    - chronicle.featuredContentRules.list
+    - chronicle.findingsGraphs.exploreNode
+    - chronicle.findingsGraphs.initializeGraph
+    - chronicle.findingsRefinementDeployments.get
+    - chronicle.findingsRefinementDeployments.list
+    - chronicle.findingsRefinementDeployments.update
+    - chronicle.findingsRefinements.computeActivity
+    - chronicle.findingsRefinements.computeAllActivities
+    - chronicle.findingsRefinements.create
+    - chronicle.findingsRefinements.get
+    - chronicle.findingsRefinements.list
+    - chronicle.findingsRefinements.test
+    - chronicle.findingsRefinements.update
+    - chronicle.globalDataAccessScopes.permit
+    - chronicle.instances.generateCollectionAgentAuth
+    - chronicle.instances.generateSoarAuthJwt
+    - chronicle.instances.generateWorkspaceConnectionToken
+    - chronicle.instances.get
+    - chronicle.instances.graduatePocInstance
+    - chronicle.instances.logTypeClassifier
+    - chronicle.instances.report
+    - chronicle.instances.update
+    - chronicle.instances.verifyNonce
+    - chronicle.iocMatches.get
+    - chronicle.iocMatches.list
+    - chronicle.iocState.get
+    - chronicle.iocState.update
+    - chronicle.iocs.batchGet
+    - chronicle.iocs.findFirstAndLastSeen
+    - chronicle.iocs.get
+    - chronicle.iocs.searchCuratedDetectionsForIoc
+    - chronicle.legacies.legacyBatchGetCollections
+    - chronicle.legacies.legacyFetchAlertsView
+    - chronicle.legacies.legacyFetchUdmSearchCsv
+    - chronicle.legacies.legacyFetchUdmSearchView
+    - chronicle.legacies.legacyFindAssetEvents
+    - chronicle.legacies.legacyFindRawLogs
+    - chronicle.legacies.legacyFindUdmEvents
+    - chronicle.legacies.legacyGetAlert
+    - chronicle.legacies.legacyGetCuratedRulesTrends
+    - chronicle.legacies.legacyGetDetection
+    - chronicle.legacies.legacyGetEventForDetection
+    - chronicle.legacies.legacyGetRuleCounts
+    - chronicle.legacies.legacyGetRulesTrends
+    - chronicle.legacies.legacyRunTestRule
+    - chronicle.legacies.legacySearchArtifactEvents
+    - chronicle.legacies.legacySearchArtifactIoCDetails
+    - chronicle.legacies.legacySearchAssetEvents
+    - chronicle.legacies.legacySearchCuratedDetections
+    - chronicle.legacies.legacySearchCustomerStats
+    - chronicle.legacies.legacySearchDetections
+    - chronicle.legacies.legacySearchDomainsRecentlyRegistered
+    - chronicle.legacies.legacySearchDomainsTimingStats
+    - chronicle.legacies.legacySearchEnterpriseWideAlerts
+    - chronicle.legacies.legacySearchEnterpriseWideIoCs
+    - chronicle.legacies.legacySearchFindings
+    - chronicle.legacies.legacySearchIngestionStats
+    - chronicle.legacies.legacySearchIoCInsights
+    - chronicle.legacies.legacySearchRawLogs
+    - chronicle.legacies.legacySearchRuleDetectionCountBuckets
+    - chronicle.legacies.legacySearchRuleDetectionEvents
+    - chronicle.legacies.legacySearchRuleResults
+    - chronicle.legacies.legacySearchRulesAlerts
+    - chronicle.legacies.legacySearchUserEvents
+    - chronicle.legacies.legacyStreamDetectionAlerts
+    - chronicle.legacies.legacyTestRuleStreaming
+    - chronicle.messages.get
+    - chronicle.messages.list
+    - chronicle.messages.update
+    - chronicle.nativeDashboards.create
+    - chronicle.nativeDashboards.delete
+    - chronicle.nativeDashboards.duplicate
+    - chronicle.nativeDashboards.get
+    - chronicle.nativeDashboards.list
+    - chronicle.nativeDashboards.update
+    - chronicle.operations.cancel
+    - chronicle.operations.delete
+    - chronicle.operations.get
+    - chronicle.operations.list
+    - chronicle.operations.streamSearch
+    - chronicle.operations.wait
+    - chronicle.preferenceSets.get
+    - chronicle.preferenceSets.update
+    - chronicle.referenceLists.create
+    - chronicle.referenceLists.get
+    - chronicle.referenceLists.list
+    - chronicle.referenceLists.update
+    - chronicle.referenceLists.verifyReferenceList
+    - chronicle.retrohunts.create
+    - chronicle.retrohunts.get
+    - chronicle.retrohunts.list
+    - chronicle.riskConfigs.get
+    - chronicle.riskConfigs.update
+    - chronicle.ruleDeployments.get
+    - chronicle.ruleDeployments.list
+    - chronicle.ruleDeployments.update
+    - chronicle.ruleExecutionErrors.list
+    - chronicle.rules.create
+    - chronicle.rules.delete
+    - chronicle.rules.get
+    - chronicle.rules.list
+    - chronicle.rules.listRevisions
+    - chronicle.rules.update
+    - chronicle.rules.verifyRuleText
+    - chronicle.searchQueries.get
+    - chronicle.searchQueries.list
+    - chronicle.searchQueries.update
+    - chronicle.threatCollections.fetchIocMatchMetadata
+    - chronicle.threatCollections.fetchRuleMetadata
+    - chronicle.threatCollections.get
+    - chronicle.threatCollections.list
+    - chronicle.watchlists.create
+    - chronicle.watchlists.delete
+    - chronicle.watchlists.get
+    - chronicle.watchlists.list
+    - chronicle.watchlists.update
+    - resourcemanager.projects.get
+    project: test-project
+    role_id: SecOpsDetectionEngineer
+    stage: GA
+    title: Custom role SecOpsDetectionEngineer
+  module.project.google_project_iam_custom_role.roles["SecOpsIngestionAPI"]:
+    description: Terraform-managed.
+    permissions:
+    - chronicle.entities.import
+    - chronicle.events.import
+    - chronicle.logs.import
+    project: test-project
+    role_id: SecOpsIngestionAPI
+    stage: GA
+    title: Custom role SecOpsIngestionAPI
+  module.project.google_project_iam_custom_role.roles["SecOpsOnboardingEngineer"]:
+    description: Terraform-managed.
+    permissions:
+    - chronicle.ais.createFeedback
+    - chronicle.ais.translateUdmQuery
+    - chronicle.ais.translateYlRule
+    - chronicle.collectors.create
+    - chronicle.collectors.delete
+    - chronicle.collectors.get
+    - chronicle.collectors.list
+    - chronicle.collectors.update
+    - chronicle.conversations.get
+    - chronicle.conversations.list
+    - chronicle.conversations.update
+    - chronicle.dashboardCharts.get
+    - chronicle.dashboardCharts.list
+    - chronicle.dashboardQueries.execute
+    - chronicle.dashboardQueries.get
+    - chronicle.dashboardQueries.list
+    - chronicle.dashboards.copy
+    - chronicle.dashboards.create
+    - chronicle.dashboards.delete
+    - chronicle.dashboards.edit
+    - chronicle.dashboards.get
+    - chronicle.dashboards.list
+    - chronicle.dashboards.schedule
+    - chronicle.dataAccessLabels.get
+    - chronicle.dataAccessLabels.list
+    - chronicle.dataAccessLabels.update
+    - chronicle.dataAccessScopes.get
+    - chronicle.dataAccessScopes.list
+    - chronicle.dataAccessScopes.permit
+    - chronicle.dataAccessScopes.update
+    - chronicle.enrichmentControls.get
+    - chronicle.enrichmentControls.list
+    - chronicle.entities.batchCreate
+    - chronicle.entities.batchDelete
+    - chronicle.entities.batchValidate
+    - chronicle.entities.find
+    - chronicle.entities.findRelatedEntities
+    - chronicle.entities.get
+    - chronicle.entities.import
+    - chronicle.entities.list
+    - chronicle.entities.modifyEntityRiskScore
+    - chronicle.entities.queryEntityRiskScoreModifications
+    - chronicle.entities.searchEntities
+    - chronicle.entities.summarize
+    - chronicle.entities.summarizeFromQuery
+    - chronicle.events.batchGet
+    - chronicle.events.findUdmFieldValues
+    - chronicle.events.get
+    - chronicle.events.import
+    - chronicle.events.queryProductSourceStats
+    - chronicle.events.searchRawLogs
+    - chronicle.events.udmSearch
+    - chronicle.events.validateQuery
+    - chronicle.extensionValidationReports.get
+    - chronicle.extensionValidationReports.list
+    - chronicle.feedPacks.get
+    - chronicle.feedPacks.list
+    - chronicle.feedServiceAccounts.fetch
+    - chronicle.feedSourceTypeSchemas.list
+    - chronicle.feeds.create
+    - chronicle.feeds.delete
+    - chronicle.feeds.disable
+    - chronicle.feeds.enable
+    - chronicle.feeds.generateSecret
+    - chronicle.feeds.get
+    - chronicle.feeds.list
+    - chronicle.feeds.update
+    - chronicle.findingsGraphs.exploreNode
+    - chronicle.findingsGraphs.initializeGraph
+    - chronicle.forwarders.create
+    - chronicle.forwarders.delete
+    - chronicle.forwarders.generate
+    - chronicle.forwarders.get
+    - chronicle.forwarders.list
+    - chronicle.forwarders.update
+    - chronicle.globalDataAccessScopes.permit
+    - chronicle.ingestionLogLabels.get
+    - chronicle.ingestionLogLabels.list
+    - chronicle.ingestionLogNamespaces.get
+    - chronicle.ingestionLogNamespaces.list
+    - chronicle.instances.generateCollectionAgentAuth
+    - chronicle.instances.generateSoarAuthJwt
+    - chronicle.instances.generateWorkspaceConnectionToken
+    - chronicle.instances.get
+    - chronicle.instances.graduatePocInstance
+    - chronicle.instances.logTypeClassifier
+    - chronicle.instances.report
+    - chronicle.instances.update
+    - chronicle.instances.verifyNonce
+    - chronicle.legacies.legacyFetchUdmSearchCsv
+    - chronicle.legacies.legacyFetchUdmSearchView
+    - chronicle.legacies.legacyFindAssetEvents
+    - chronicle.legacies.legacyFindRawLogs
+    - chronicle.legacies.legacyFindUdmEvents
+    - chronicle.legacies.legacySearchArtifactEvents
+    - chronicle.legacies.legacySearchArtifactIoCDetails
+    - chronicle.legacies.legacySearchAssetEvents
+    - chronicle.legacies.legacySearchCustomerStats
+    - chronicle.legacies.legacySearchEnterpriseWideIoCs
+    - chronicle.legacies.legacySearchIngestionStats
+    - chronicle.legacies.legacySearchIoCInsights
+    - chronicle.legacies.legacySearchRawLogs
+    - chronicle.legacies.legacySearchUserEvents
+    - chronicle.logTypeSchemas.list
+    - chronicle.logTypeSettings.get
+    - chronicle.logTypeSettings.list
+    - chronicle.logTypeSettings.update
+    - chronicle.logTypes.create
+    - chronicle.logTypes.get
+    - chronicle.logTypes.list
+    - chronicle.logTypes.update
+    - chronicle.logs.get
+    - chronicle.logs.list
+    - chronicle.messages.get
+    - chronicle.messages.list
+    - chronicle.messages.update
+    - chronicle.nativeDashboards.create
+    - chronicle.nativeDashboards.delete
+    - chronicle.nativeDashboards.duplicate
+    - chronicle.nativeDashboards.get
+    - chronicle.nativeDashboards.list
+    - chronicle.nativeDashboards.update
+    - chronicle.operations.cancel
+    - chronicle.operations.delete
+    - chronicle.operations.get
+    - chronicle.operations.list
+    - chronicle.operations.streamSearch
+    - chronicle.operations.wait
+    - chronicle.parserExtensions.activate
+    - chronicle.parserExtensions.create
+    - chronicle.parserExtensions.delete
+    - chronicle.parserExtensions.generateKeyValueMappings
+    - chronicle.parserExtensions.get
+    - chronicle.parserExtensions.legacySubmitParserExtension
+    - chronicle.parserExtensions.list
+    - chronicle.parserExtensions.removeSyslog
+    - chronicle.parsers.activate
+    - chronicle.parsers.activateReleaseCandidate
+    - chronicle.parsers.copyPrebuiltParser
+    - chronicle.parsers.create
+    - chronicle.parsers.deactivate
+    - chronicle.parsers.delete
+    - chronicle.parsers.generateEventTypesSuggestions
+    - chronicle.parsers.get
+    - chronicle.parsers.list
+    - chronicle.parsers.runParser
+    - chronicle.parsingErrors.list
+    - chronicle.preferenceSets.get
+    - chronicle.preferenceSets.update
+    - chronicle.riskConfigs.get
+    - chronicle.riskConfigs.update
+    - chronicle.searchQueries.get
+    - chronicle.searchQueries.list
+    - chronicle.searchQueries.update
+    - chronicle.validationErrors.list
+    - chronicle.validationReports.get
+    - chronicle.watchlists.get
+    - chronicle.watchlists.list
+    - chronicle.watchlists.update
+    - resourcemanager.projects.get
+    project: test-project
+    role_id: SecOpsOnboardingEngineer
+    stage: GA
+    title: Custom role SecOpsOnboardingEngineer
+  module.project.google_project_iam_custom_role.roles["SecOpsSOCAnalyst"]:
+    description: Terraform-managed.
+    permissions:
+    - chronicle.ais.createFeedback
+    - chronicle.ais.translateUdmQuery
+    - chronicle.ais.translateYlRule
+    - chronicle.conversations.get
+    - chronicle.conversations.list
+    - chronicle.conversations.update
+    - chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections
+    - chronicle.curatedRuleSetCategories.get
+    - chronicle.curatedRuleSetCategories.list
+    - chronicle.curatedRuleSetDeployments.batchUpdate
+    - chronicle.curatedRuleSetDeployments.get
+    - chronicle.curatedRuleSetDeployments.list
+    - chronicle.curatedRuleSetDeployments.update
+    - chronicle.curatedRuleSets.countCuratedRuleSetDetections
+    - chronicle.curatedRuleSets.get
+    - chronicle.curatedRuleSets.list
+    - chronicle.curatedRules.get
+    - chronicle.curatedRules.list
+    - chronicle.dashboardCharts.get
+    - chronicle.dashboardCharts.list
+    - chronicle.dashboardQueries.execute
+    - chronicle.dashboardQueries.get
+    - chronicle.dashboardQueries.list
+    - chronicle.dashboards.copy
+    - chronicle.dashboards.edit
+    - chronicle.dashboards.get
+    - chronicle.dashboards.list
+    - chronicle.dashboards.schedule
+    - chronicle.dataAccessLabels.get
+    - chronicle.dataAccessLabels.list
+    - chronicle.dataAccessLabels.update
+    - chronicle.dataAccessScopes.get
+    - chronicle.dataAccessScopes.list
+    - chronicle.dataAccessScopes.permit
+    - chronicle.dataAccessScopes.update
+    - chronicle.dataTableOperationErrors.get
+    - chronicle.dataTableRows.asyncBulkCreate
+    - chronicle.dataTableRows.asyncBulkReplace
+    - chronicle.dataTableRows.asyncBulkUpdate
+    - chronicle.dataTableRows.bulkCreate
+    - chronicle.dataTableRows.bulkReplace
+    - chronicle.dataTableRows.bulkUpdate
+    - chronicle.dataTableRows.get
+    - chronicle.dataTableRows.list
+    - chronicle.dataTableRows.update
+    - chronicle.dataTables.bulkCreateDataTableAsync
+    - chronicle.dataTables.get
+    - chronicle.dataTables.list
+    - chronicle.dataTables.update
+    - chronicle.enrichmentControls.get
+    - chronicle.enrichmentControls.list
+    - chronicle.entities.batchCreate
+    - chronicle.entities.batchDelete
+    - chronicle.entities.batchValidate
+    - chronicle.entities.find
+    - chronicle.entities.findRelatedEntities
+    - chronicle.entities.get
+    - chronicle.entities.import
+    - chronicle.entities.list
+    - chronicle.entities.modifyEntityRiskScore
+    - chronicle.entities.queryEntityRiskScoreModifications
+    - chronicle.entities.searchEntities
+    - chronicle.entities.summarize
+    - chronicle.entities.summarizeFromQuery
+    - chronicle.events.batchGet
+    - chronicle.events.findUdmFieldValues
+    - chronicle.events.get
+    - chronicle.events.import
+    - chronicle.events.queryProductSourceStats
+    - chronicle.events.searchRawLogs
+    - chronicle.events.udmSearch
+    - chronicle.events.validateQuery
+    - chronicle.featuredContentRules.list
+    - chronicle.findingsGraphs.exploreNode
+    - chronicle.findingsGraphs.initializeGraph
+    - chronicle.findingsRefinementDeployments.get
+    - chronicle.findingsRefinementDeployments.list
+    - chronicle.findingsRefinementDeployments.update
+    - chronicle.findingsRefinements.computeActivity
+    - chronicle.findingsRefinements.computeAllActivities
+    - chronicle.findingsRefinements.get
+    - chronicle.findingsRefinements.list
+    - chronicle.findingsRefinements.test
+    - chronicle.findingsRefinements.update
+    - chronicle.globalDataAccessScopes.permit
+    - chronicle.instances.generateCollectionAgentAuth
+    - chronicle.instances.generateSoarAuthJwt
+    - chronicle.instances.generateWorkspaceConnectionToken
+    - chronicle.instances.get
+    - chronicle.instances.graduatePocInstance
+    - chronicle.instances.logTypeClassifier
+    - chronicle.instances.report
+    - chronicle.instances.update
+    - chronicle.instances.verifyNonce
+    - chronicle.iocMatches.get
+    - chronicle.iocMatches.list
+    - chronicle.iocState.get
+    - chronicle.iocState.update
+    - chronicle.iocs.batchGet
+    - chronicle.iocs.findFirstAndLastSeen
+    - chronicle.iocs.get
+    - chronicle.iocs.searchCuratedDetectionsForIoc
+    - chronicle.legacies.legacyBatchGetCollections
+    - chronicle.legacies.legacyFetchAlertsView
+    - chronicle.legacies.legacyFetchUdmSearchCsv
+    - chronicle.legacies.legacyFetchUdmSearchView
+    - chronicle.legacies.legacyFindAssetEvents
+    - chronicle.legacies.legacyFindRawLogs
+    - chronicle.legacies.legacyFindUdmEvents
+    - chronicle.legacies.legacyGetAlert
+    - chronicle.legacies.legacyGetCuratedRulesTrends
+    - chronicle.legacies.legacyGetDetection
+    - chronicle.legacies.legacyGetEventForDetection
+    - chronicle.legacies.legacyGetRuleCounts
+    - chronicle.legacies.legacyGetRulesTrends
+    - chronicle.legacies.legacyRunTestRule
+    - chronicle.legacies.legacySearchArtifactEvents
+    - chronicle.legacies.legacySearchArtifactIoCDetails
+    - chronicle.legacies.legacySearchAssetEvents
+    - chronicle.legacies.legacySearchCuratedDetections
+    - chronicle.legacies.legacySearchCustomerStats
+    - chronicle.legacies.legacySearchDetections
+    - chronicle.legacies.legacySearchDomainsRecentlyRegistered
+    - chronicle.legacies.legacySearchDomainsTimingStats
+    - chronicle.legacies.legacySearchEnterpriseWideAlerts
+    - chronicle.legacies.legacySearchEnterpriseWideIoCs
+    - chronicle.legacies.legacySearchFindings
+    - chronicle.legacies.legacySearchIngestionStats
+    - chronicle.legacies.legacySearchIoCInsights
+    - chronicle.legacies.legacySearchRawLogs
+    - chronicle.legacies.legacySearchRuleDetectionCountBuckets
+    - chronicle.legacies.legacySearchRuleDetectionEvents
+    - chronicle.legacies.legacySearchRuleResults
+    - chronicle.legacies.legacySearchRulesAlerts
+    - chronicle.legacies.legacySearchUserEvents
+    - chronicle.legacies.legacyStreamDetectionAlerts
+    - chronicle.legacies.legacyTestRuleStreaming
+    - chronicle.messages.get
+    - chronicle.messages.list
+    - chronicle.messages.update
+    - chronicle.nativeDashboards.duplicate
+    - chronicle.nativeDashboards.get
+    - chronicle.nativeDashboards.list
+    - chronicle.nativeDashboards.update
+    - chronicle.operations.cancel
+    - chronicle.operations.get
+    - chronicle.operations.list
+    - chronicle.operations.streamSearch
+    - chronicle.operations.wait
+    - chronicle.preferenceSets.get
+    - chronicle.preferenceSets.update
+    - chronicle.referenceLists.get
+    - chronicle.referenceLists.list
+    - chronicle.referenceLists.update
+    - chronicle.referenceLists.verifyReferenceList
+    - chronicle.retrohunts.get
+    - chronicle.retrohunts.list
+    - chronicle.riskConfigs.get
+    - chronicle.riskConfigs.update
+    - chronicle.ruleDeployments.get
+    - chronicle.ruleDeployments.list
+    - chronicle.ruleDeployments.update
+    - chronicle.ruleExecutionErrors.list
+    - chronicle.rules.get
+    - chronicle.rules.list
+    - chronicle.rules.listRevisions
+    - chronicle.rules.update
+    - chronicle.rules.verifyRuleText
+    - chronicle.searchQueries.get
+    - chronicle.searchQueries.list
+    - chronicle.searchQueries.update
+    - chronicle.threatCollections.fetchIocMatchMetadata
+    - chronicle.threatCollections.fetchRuleMetadata
+    - chronicle.threatCollections.get
+    - chronicle.threatCollections.list
+    - chronicle.watchlists.get
+    - chronicle.watchlists.list
+    - chronicle.watchlists.update
+    - resourcemanager.projects.get
+    project: test-project
+    role_id: SecOpsSOCAnalyst
+    stage: GA
+    title: Custom role SecOpsSOCAnalyst
+  module.project.google_project_iam_custom_role.roles["SecOpsScopedDetectionEngineer"]:
+    description: Terraform-managed.
+    permissions:
+    - chronicle.ais.createFeedback
+    - chronicle.ais.translateUdmQuery
+    - chronicle.ais.translateYlRule
+    - chronicle.conversations.get
+    - chronicle.conversations.list
+    - chronicle.conversations.update
+    - chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections
+    - chronicle.curatedRuleSetCategories.get
+    - chronicle.curatedRuleSetCategories.list
+    - chronicle.curatedRuleSetDeployments.batchUpdate
+    - chronicle.curatedRuleSetDeployments.get
+    - chronicle.curatedRuleSetDeployments.list
+    - chronicle.curatedRuleSetDeployments.update
+    - chronicle.curatedRuleSets.countCuratedRuleSetDetections
+    - chronicle.curatedRuleSets.get
+    - chronicle.curatedRuleSets.list
+    - chronicle.curatedRules.get
+    - chronicle.curatedRules.list
+    - chronicle.dashboardCharts.get
+    - chronicle.dashboardCharts.list
+    - chronicle.dashboardQueries.execute
+    - chronicle.dashboardQueries.get
+    - chronicle.dashboardQueries.list
+    - chronicle.dashboards.copy
+    - chronicle.dashboards.create
+    - chronicle.dashboards.delete
+    - chronicle.dashboards.edit
+    - chronicle.dashboards.get
+    - chronicle.dashboards.list
+    - chronicle.dashboards.schedule
+    - chronicle.dataAccessLabels.get
+    - chronicle.dataAccessLabels.list
+    - chronicle.dataAccessLabels.update
+    - chronicle.dataAccessScopes.get
+    - chronicle.dataAccessScopes.list
+    - chronicle.dataAccessScopes.permit
+    - chronicle.dataAccessScopes.update
+    - chronicle.dataTableOperationErrors.get
+    - chronicle.dataTableRows.asyncBulkCreate
+    - chronicle.dataTableRows.asyncBulkReplace
+    - chronicle.dataTableRows.asyncBulkUpdate
+    - chronicle.dataTableRows.bulkCreate
+    - chronicle.dataTableRows.bulkReplace
+    - chronicle.dataTableRows.bulkUpdate
+    - chronicle.dataTableRows.create
+    - chronicle.dataTableRows.delete
+    - chronicle.dataTableRows.get
+    - chronicle.dataTableRows.list
+    - chronicle.dataTableRows.update
+    - chronicle.dataTables.bulkCreateDataTableAsync
+    - chronicle.dataTables.create
+    - chronicle.dataTables.delete
+    - chronicle.dataTables.get
+    - chronicle.dataTables.list
+    - chronicle.dataTables.update
+    - chronicle.enrichmentControls.create
+    - chronicle.enrichmentControls.delete
+    - chronicle.enrichmentControls.get
+    - chronicle.enrichmentControls.list
+    - chronicle.entities.batchCreate
+    - chronicle.entities.batchDelete
+    - chronicle.entities.batchValidate
+    - chronicle.entities.create
+    - chronicle.entities.delete
+    - chronicle.entities.find
+    - chronicle.entities.findRelatedEntities
+    - chronicle.entities.get
+    - chronicle.entities.import
+    - chronicle.entities.list
+    - chronicle.entities.modifyEntityRiskScore
+    - chronicle.entities.queryEntityRiskScoreModifications
+    - chronicle.entities.searchEntities
+    - chronicle.entities.summarize
+    - chronicle.entities.summarizeFromQuery
+    - chronicle.events.batchGet
+    - chronicle.events.findUdmFieldValues
+    - chronicle.events.get
+    - chronicle.events.import
+    - chronicle.events.queryProductSourceStats
+    - chronicle.events.searchRawLogs
+    - chronicle.events.udmSearch
+    - chronicle.events.validateQuery
+    - chronicle.featuredContentRules.list
+    - chronicle.findingsGraphs.exploreNode
+    - chronicle.findingsGraphs.initializeGraph
+    - chronicle.findingsRefinementDeployments.get
+    - chronicle.findingsRefinementDeployments.list
+    - chronicle.findingsRefinementDeployments.update
+    - chronicle.findingsRefinements.computeActivity
+    - chronicle.findingsRefinements.computeAllActivities
+    - chronicle.findingsRefinements.create
+    - chronicle.findingsRefinements.get
+    - chronicle.findingsRefinements.list
+    - chronicle.findingsRefinements.test
+    - chronicle.findingsRefinements.update
+    - chronicle.instances.generateCollectionAgentAuth
+    - chronicle.instances.generateSoarAuthJwt
+    - chronicle.instances.generateWorkspaceConnectionToken
+    - chronicle.instances.get
+    - chronicle.instances.graduatePocInstance
+    - chronicle.instances.logTypeClassifier
+    - chronicle.instances.report
+    - chronicle.instances.update
+    - chronicle.instances.verifyNonce
+    - chronicle.iocMatches.get
+    - chronicle.iocMatches.list
+    - chronicle.iocState.get
+    - chronicle.iocState.update
+    - chronicle.iocs.batchGet
+    - chronicle.iocs.findFirstAndLastSeen
+    - chronicle.iocs.get
+    - chronicle.iocs.searchCuratedDetectionsForIoc
+    - chronicle.legacies.legacyBatchGetCollections
+    - chronicle.legacies.legacyFetchAlertsView
+    - chronicle.legacies.legacyFetchUdmSearchCsv
+    - chronicle.legacies.legacyFetchUdmSearchView
+    - chronicle.legacies.legacyFindAssetEvents
+    - chronicle.legacies.legacyFindRawLogs
+    - chronicle.legacies.legacyFindUdmEvents
+    - chronicle.legacies.legacyGetAlert
+    - chronicle.legacies.legacyGetCuratedRulesTrends
+    - chronicle.legacies.legacyGetDetection
+    - chronicle.legacies.legacyGetEventForDetection
+    - chronicle.legacies.legacyGetRuleCounts
+    - chronicle.legacies.legacyGetRulesTrends
+    - chronicle.legacies.legacyRunTestRule
+    - chronicle.legacies.legacySearchArtifactEvents
+    - chronicle.legacies.legacySearchArtifactIoCDetails
+    - chronicle.legacies.legacySearchAssetEvents
+    - chronicle.legacies.legacySearchCuratedDetections
+    - chronicle.legacies.legacySearchCustomerStats
+    - chronicle.legacies.legacySearchDetections
+    - chronicle.legacies.legacySearchDomainsRecentlyRegistered
+    - chronicle.legacies.legacySearchDomainsTimingStats
+    - chronicle.legacies.legacySearchEnterpriseWideAlerts
+    - chronicle.legacies.legacySearchEnterpriseWideIoCs
+    - chronicle.legacies.legacySearchFindings
+    - chronicle.legacies.legacySearchIngestionStats
+    - chronicle.legacies.legacySearchIoCInsights
+    - chronicle.legacies.legacySearchRawLogs
+    - chronicle.legacies.legacySearchRuleDetectionCountBuckets
+    - chronicle.legacies.legacySearchRuleDetectionEvents
+    - chronicle.legacies.legacySearchRuleResults
+    - chronicle.legacies.legacySearchRulesAlerts
+    - chronicle.legacies.legacySearchUserEvents
+    - chronicle.legacies.legacyStreamDetectionAlerts
+    - chronicle.legacies.legacyTestRuleStreaming
+    - chronicle.messages.get
+    - chronicle.messages.list
+    - chronicle.messages.update
+    - chronicle.nativeDashboards.create
+    - chronicle.nativeDashboards.delete
+    - chronicle.nativeDashboards.duplicate
+    - chronicle.nativeDashboards.get
+    - chronicle.nativeDashboards.list
+    - chronicle.nativeDashboards.update
+    - chronicle.operations.cancel
+    - chronicle.operations.delete
+    - chronicle.operations.get
+    - chronicle.operations.list
+    - chronicle.operations.streamSearch
+    - chronicle.operations.wait
+    - chronicle.preferenceSets.get
+    - chronicle.preferenceSets.update
+    - chronicle.referenceLists.create
+    - chronicle.referenceLists.get
+    - chronicle.referenceLists.list
+    - chronicle.referenceLists.update
+    - chronicle.referenceLists.verifyReferenceList
+    - chronicle.retrohunts.create
+    - chronicle.retrohunts.get
+    - chronicle.retrohunts.list
+    - chronicle.riskConfigs.get
+    - chronicle.riskConfigs.update
+    - chronicle.ruleDeployments.get
+    - chronicle.ruleDeployments.list
+    - chronicle.ruleDeployments.update
+    - chronicle.ruleExecutionErrors.list
+    - chronicle.rules.create
+    - chronicle.rules.delete
+    - chronicle.rules.get
+    - chronicle.rules.list
+    - chronicle.rules.listRevisions
+    - chronicle.rules.update
+    - chronicle.rules.verifyRuleText
+    - chronicle.searchQueries.get
+    - chronicle.searchQueries.list
+    - chronicle.searchQueries.update
+    - chronicle.threatCollections.fetchIocMatchMetadata
+    - chronicle.threatCollections.fetchRuleMetadata
+    - chronicle.threatCollections.get
+    - chronicle.threatCollections.list
+    - chronicle.watchlists.create
+    - chronicle.watchlists.delete
+    - chronicle.watchlists.get
+    - chronicle.watchlists.list
+    - chronicle.watchlists.update
+    - resourcemanager.projects.get
+    project: test-project
+    role_id: SecOpsScopedDetectionEngineer
+    stage: GA
+    title: Custom role SecOpsScopedDetectionEngineer
+  module.project.google_project_iam_custom_role.roles["SecOpsScopedOnboardingEngineer"]:
+    description: Terraform-managed.
+    permissions:
+    - chronicle.ais.createFeedback
+    - chronicle.ais.translateUdmQuery
+    - chronicle.ais.translateYlRule
+    - chronicle.collectors.create
+    - chronicle.collectors.delete
+    - chronicle.collectors.get
+    - chronicle.collectors.list
+    - chronicle.collectors.update
+    - chronicle.conversations.get
+    - chronicle.conversations.list
+    - chronicle.conversations.update
+    - chronicle.dashboardCharts.get
+    - chronicle.dashboardCharts.list
+    - chronicle.dashboardQueries.execute
+    - chronicle.dashboardQueries.get
+    - chronicle.dashboardQueries.list
+    - chronicle.dashboards.copy
+    - chronicle.dashboards.create
+    - chronicle.dashboards.delete
+    - chronicle.dashboards.edit
+    - chronicle.dashboards.get
+    - chronicle.dashboards.list
+    - chronicle.dashboards.schedule
+    - chronicle.dataAccessLabels.get
+    - chronicle.dataAccessLabels.list
+    - chronicle.dataAccessLabels.update
+    - chronicle.dataAccessScopes.get
+    - chronicle.dataAccessScopes.list
+    - chronicle.dataAccessScopes.permit
+    - chronicle.dataAccessScopes.update
+    - chronicle.enrichmentControls.get
+    - chronicle.enrichmentControls.list
+    - chronicle.entities.batchCreate
+    - chronicle.entities.batchDelete
+    - chronicle.entities.batchValidate
+    - chronicle.entities.find
+    - chronicle.entities.findRelatedEntities
+    - chronicle.entities.get
+    - chronicle.entities.import
+    - chronicle.entities.list
+    - chronicle.entities.modifyEntityRiskScore
+    - chronicle.entities.queryEntityRiskScoreModifications
+    - chronicle.entities.searchEntities
+    - chronicle.entities.summarize
+    - chronicle.entities.summarizeFromQuery
+    - chronicle.events.batchGet
+    - chronicle.events.findUdmFieldValues
+    - chronicle.events.get
+    - chronicle.events.import
+    - chronicle.events.queryProductSourceStats
+    - chronicle.events.searchRawLogs
+    - chronicle.events.udmSearch
+    - chronicle.events.validateQuery
+    - chronicle.extensionValidationReports.get
+    - chronicle.extensionValidationReports.list
+    - chronicle.feedPacks.get
+    - chronicle.feedPacks.list
+    - chronicle.feedServiceAccounts.fetch
+    - chronicle.feedSourceTypeSchemas.list
+    - chronicle.feeds.create
+    - chronicle.feeds.delete
+    - chronicle.feeds.disable
+    - chronicle.feeds.enable
+    - chronicle.feeds.generateSecret
+    - chronicle.feeds.get
+    - chronicle.feeds.list
+    - chronicle.feeds.update
+    - chronicle.findingsGraphs.exploreNode
+    - chronicle.findingsGraphs.initializeGraph
+    - chronicle.forwarders.create
+    - chronicle.forwarders.delete
+    - chronicle.forwarders.generate
+    - chronicle.forwarders.get
+    - chronicle.forwarders.list
+    - chronicle.forwarders.update
+    - chronicle.ingestionLogLabels.get
+    - chronicle.ingestionLogLabels.list
+    - chronicle.ingestionLogNamespaces.get
+    - chronicle.ingestionLogNamespaces.list
+    - chronicle.instances.generateCollectionAgentAuth
+    - chronicle.instances.generateSoarAuthJwt
+    - chronicle.instances.generateWorkspaceConnectionToken
+    - chronicle.instances.get
+    - chronicle.instances.graduatePocInstance
+    - chronicle.instances.logTypeClassifier
+    - chronicle.instances.report
+    - chronicle.instances.update
+    - chronicle.instances.verifyNonce
+    - chronicle.legacies.legacyFetchUdmSearchCsv
+    - chronicle.legacies.legacyFetchUdmSearchView
+    - chronicle.legacies.legacyFindAssetEvents
+    - chronicle.legacies.legacyFindRawLogs
+    - chronicle.legacies.legacyFindUdmEvents
+    - chronicle.legacies.legacySearchArtifactEvents
+    - chronicle.legacies.legacySearchArtifactIoCDetails
+    - chronicle.legacies.legacySearchAssetEvents
+    - chronicle.legacies.legacySearchCustomerStats
+    - chronicle.legacies.legacySearchEnterpriseWideIoCs
+    - chronicle.legacies.legacySearchIngestionStats
+    - chronicle.legacies.legacySearchIoCInsights
+    - chronicle.legacies.legacySearchRawLogs
+    - chronicle.legacies.legacySearchUserEvents
+    - chronicle.logTypeSchemas.list
+    - chronicle.logTypeSettings.get
+    - chronicle.logTypeSettings.list
+    - chronicle.logTypeSettings.update
+    - chronicle.logTypes.create
+    - chronicle.logTypes.get
+    - chronicle.logTypes.list
+    - chronicle.logTypes.update
+    - chronicle.logs.get
+    - chronicle.logs.list
+    - chronicle.messages.get
+    - chronicle.messages.list
+    - chronicle.messages.update
+    - chronicle.nativeDashboards.create
+    - chronicle.nativeDashboards.delete
+    - chronicle.nativeDashboards.duplicate
+    - chronicle.nativeDashboards.get
+    - chronicle.nativeDashboards.list
+    - chronicle.nativeDashboards.update
+    - chronicle.operations.cancel
+    - chronicle.operations.delete
+    - chronicle.operations.get
+    - chronicle.operations.list
+    - chronicle.operations.streamSearch
+    - chronicle.operations.wait
+    - chronicle.parserExtensions.activate
+    - chronicle.parserExtensions.create
+    - chronicle.parserExtensions.delete
+    - chronicle.parserExtensions.generateKeyValueMappings
+    - chronicle.parserExtensions.get
+    - chronicle.parserExtensions.legacySubmitParserExtension
+    - chronicle.parserExtensions.list
+    - chronicle.parserExtensions.removeSyslog
+    - chronicle.parsers.activate
+    - chronicle.parsers.activateReleaseCandidate
+    - chronicle.parsers.copyPrebuiltParser
+    - chronicle.parsers.create
+    - chronicle.parsers.deactivate
+    - chronicle.parsers.delete
+    - chronicle.parsers.generateEventTypesSuggestions
+    - chronicle.parsers.get
+    - chronicle.parsers.list
+    - chronicle.parsers.runParser
+    - chronicle.parsingErrors.list
+    - chronicle.preferenceSets.get
+    - chronicle.preferenceSets.update
+    - chronicle.riskConfigs.get
+    - chronicle.riskConfigs.update
+    - chronicle.searchQueries.get
+    - chronicle.searchQueries.list
+    - chronicle.searchQueries.update
+    - chronicle.validationErrors.list
+    - chronicle.validationReports.get
+    - chronicle.watchlists.get
+    - chronicle.watchlists.list
+    - chronicle.watchlists.update
+    - resourcemanager.projects.get
+    project: test-project
+    role_id: SecOpsScopedOnboardingEngineer
+    stage: GA
+    title: Custom role SecOpsScopedOnboardingEngineer
+  module.project.google_project_iam_custom_role.roles["SecOpsScopedSOCAnalyst"]:
+    description: Terraform-managed.
+    permissions:
+    - chronicle.ais.createFeedback
+    - chronicle.ais.translateUdmQuery
+    - chronicle.ais.translateYlRule
+    - chronicle.conversations.get
+    - chronicle.conversations.list
+    - chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections
+    - chronicle.curatedRuleSetCategories.get
+    - chronicle.curatedRuleSetCategories.list
+    - chronicle.curatedRuleSetDeployments.batchUpdate
+    - chronicle.curatedRuleSetDeployments.get
+    - chronicle.curatedRuleSetDeployments.list
+    - chronicle.curatedRuleSets.countCuratedRuleSetDetections
+    - chronicle.curatedRuleSets.get
+    - chronicle.curatedRuleSets.list
+    - chronicle.curatedRules.get
+    - chronicle.curatedRules.list
+    - chronicle.dashboardCharts.get
+    - chronicle.dashboardCharts.list
+    - chronicle.dashboardQueries.execute
+    - chronicle.dashboardQueries.get
+    - chronicle.dashboardQueries.list
+    - chronicle.dashboards.copy
+    - chronicle.dashboards.edit
+    - chronicle.dashboards.get
+    - chronicle.dashboards.list
+    - chronicle.dashboards.schedule
+    - chronicle.dataAccessLabels.get
+    - chronicle.dataAccessLabels.list
+    - chronicle.dataAccessScopes.get
+    - chronicle.dataAccessScopes.list
+    - chronicle.dataAccessScopes.permit
+    - chronicle.dataTableOperationErrors.get
+    - chronicle.dataTableRows.asyncBulkCreate
+    - chronicle.dataTableRows.asyncBulkReplace
+    - chronicle.dataTableRows.asyncBulkUpdate
+    - chronicle.dataTableRows.bulkCreate
+    - chronicle.dataTableRows.bulkReplace
+    - chronicle.dataTableRows.bulkUpdate
+    - chronicle.dataTableRows.get
+    - chronicle.dataTableRows.list
+    - chronicle.dataTables.bulkCreateDataTableAsync
+    - chronicle.dataTables.get
+    - chronicle.dataTables.list
+    - chronicle.enrichmentControls.get
+    - chronicle.enrichmentControls.list
+    - chronicle.entities.batchCreate
+    - chronicle.entities.batchDelete
+    - chronicle.entities.batchValidate
+    - chronicle.entities.find
+    - chronicle.entities.findRelatedEntities
+    - chronicle.entities.get
+    - chronicle.entities.import
+    - chronicle.entities.list
+    - chronicle.entities.modifyEntityRiskScore
+    - chronicle.entities.queryEntityRiskScoreModifications
+    - chronicle.entities.searchEntities
+    - chronicle.entities.summarize
+    - chronicle.entities.summarizeFromQuery
+    - chronicle.events.batchGet
+    - chronicle.events.findUdmFieldValues
+    - chronicle.events.get
+    - chronicle.events.import
+    - chronicle.events.queryProductSourceStats
+    - chronicle.events.searchRawLogs
+    - chronicle.events.udmSearch
+    - chronicle.events.validateQuery
+    - chronicle.featuredContentRules.list
+    - chronicle.findingsGraphs.exploreNode
+    - chronicle.findingsGraphs.initializeGraph
+    - chronicle.findingsRefinementDeployments.get
+    - chronicle.findingsRefinementDeployments.list
+    - chronicle.findingsRefinements.computeActivity
+    - chronicle.findingsRefinements.computeAllActivities
+    - chronicle.findingsRefinements.get
+    - chronicle.findingsRefinements.list
+    - chronicle.findingsRefinements.test
+    - chronicle.instances.generateCollectionAgentAuth
+    - chronicle.instances.generateSoarAuthJwt
+    - chronicle.instances.generateWorkspaceConnectionToken
+    - chronicle.instances.get
+    - chronicle.instances.graduatePocInstance
+    - chronicle.instances.logTypeClassifier
+    - chronicle.instances.report
+    - chronicle.instances.verifyNonce
+    - chronicle.iocMatches.get
+    - chronicle.iocMatches.list
+    - chronicle.iocState.get
+    - chronicle.iocs.batchGet
+    - chronicle.iocs.findFirstAndLastSeen
+    - chronicle.iocs.get
+    - chronicle.iocs.searchCuratedDetectionsForIoc
+    - chronicle.legacies.legacyBatchGetCollections
+    - chronicle.legacies.legacyFetchAlertsView
+    - chronicle.legacies.legacyFetchUdmSearchCsv
+    - chronicle.legacies.legacyFetchUdmSearchView
+    - chronicle.legacies.legacyFindAssetEvents
+    - chronicle.legacies.legacyFindRawLogs
+    - chronicle.legacies.legacyFindUdmEvents
+    - chronicle.legacies.legacyGetAlert
+    - chronicle.legacies.legacyGetCuratedRulesTrends
+    - chronicle.legacies.legacyGetDetection
+    - chronicle.legacies.legacyGetEventForDetection
+    - chronicle.legacies.legacyGetRuleCounts
+    - chronicle.legacies.legacyGetRulesTrends
+    - chronicle.legacies.legacyRunTestRule
+    - chronicle.legacies.legacySearchArtifactEvents
+    - chronicle.legacies.legacySearchArtifactIoCDetails
+    - chronicle.legacies.legacySearchAssetEvents
+    - chronicle.legacies.legacySearchCuratedDetections
+    - chronicle.legacies.legacySearchCustomerStats
+    - chronicle.legacies.legacySearchDetections
+    - chronicle.legacies.legacySearchDomainsRecentlyRegistered
+    - chronicle.legacies.legacySearchDomainsTimingStats
+    - chronicle.legacies.legacySearchEnterpriseWideAlerts
+    - chronicle.legacies.legacySearchEnterpriseWideIoCs
+    - chronicle.legacies.legacySearchFindings
+    - chronicle.legacies.legacySearchIngestionStats
+    - chronicle.legacies.legacySearchIoCInsights
+    - chronicle.legacies.legacySearchRawLogs
+    - chronicle.legacies.legacySearchRuleDetectionCountBuckets
+    - chronicle.legacies.legacySearchRuleDetectionEvents
+    - chronicle.legacies.legacySearchRuleResults
+    - chronicle.legacies.legacySearchRulesAlerts
+    - chronicle.legacies.legacySearchUserEvents
+    - chronicle.legacies.legacyStreamDetectionAlerts
+    - chronicle.legacies.legacyTestRuleStreaming
+    - chronicle.messages.get
+    - chronicle.messages.list
+    - chronicle.nativeDashboards.duplicate
+    - chronicle.nativeDashboards.get
+    - chronicle.nativeDashboards.list
+    - chronicle.operations.cancel
+    - chronicle.operations.get
+    - chronicle.operations.list
+    - chronicle.operations.streamSearch
+    - chronicle.operations.wait
+    - chronicle.preferenceSets.get
+    - chronicle.referenceLists.get
+    - chronicle.referenceLists.list
+    - chronicle.referenceLists.verifyReferenceList
+    - chronicle.retrohunts.get
+    - chronicle.retrohunts.list
+    - chronicle.riskConfigs.get
+    - chronicle.ruleDeployments.get
+    - chronicle.ruleDeployments.list
+    - chronicle.ruleExecutionErrors.list
+    - chronicle.rules.get
+    - chronicle.rules.list
+    - chronicle.rules.listRevisions
+    - chronicle.rules.verifyRuleText
+    - chronicle.searchQueries.get
+    - chronicle.searchQueries.list
+    - chronicle.threatCollections.fetchIocMatchMetadata
+    - chronicle.threatCollections.fetchRuleMetadata
+    - chronicle.threatCollections.get
+    - chronicle.threatCollections.list
+    - chronicle.watchlists.get
+    - chronicle.watchlists.list
+    - resourcemanager.projects.get
+    project: test-project
+    role_id: SecOpsScopedSOCAnalyst
+    stage: GA
+    title: Custom role SecOpsScopedSOCAnalyst
+  module.project.google_project_iam_member.bindings["iam-bpa:user:bruzzechesse@google.com-roles/chronicle.editor"]:
+    condition: []
+    member: user:bruzzechesse@google.com
+    project: test-project
+    role: roles/chronicle.editor
+  module.project.google_project_iam_member.bindings["user:bruzzechesse@google.com"]:
+    condition:
+    - description: datarbac
+      expression: resource.name.endsWith('/gscope')
+      title: datarbac
+    member: user:bruzzechesse@google.com
+    project: test-project
+    role: roles/chronicle.restrictedDataAccess
+  module.project.google_project_iam_member.service_agents["compute-system"]:
+    condition: []
+    project: test-project
+    role: roles/compute.serviceAgent
+  module.project.google_project_iam_member.service_agents["gcf-admin-robot"]:
+    condition: []
+    project: test-project
+    role: roles/cloudfunctions.serviceAgent
+  module.project.google_project_iam_member.service_agents["pubsub"]:
+    condition: []
+    project: test-project
+    role: roles/pubsub.serviceAgent
+  module.project.google_project_service.project_services["admin.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: test-project
+    service: admin.googleapis.com
+    timeouts: null
+  module.project.google_project_service.project_services["alertcenter.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: test-project
+    service: alertcenter.googleapis.com
+    timeouts: null
+  module.project.google_project_service.project_services["apikeys.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: test-project
+    service: apikeys.googleapis.com
+    timeouts: null
+  module.project.google_project_service.project_services["cloudfunctions.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: test-project
+    service: cloudfunctions.googleapis.com
+    timeouts: null
+  module.project.google_project_service.project_services["compute.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: test-project
+    service: compute.googleapis.com
+    timeouts: null
+  module.project.google_project_service.project_services["iap.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: test-project
+    service: iap.googleapis.com
+    timeouts: null
+  module.project.google_project_service.project_services["pubsub.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: test-project
+    service: pubsub.googleapis.com
+    timeouts: null
+  module.project.google_project_service.project_services["secretmanager.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: test-project
+    service: secretmanager.googleapis.com
+    timeouts: null
+  module.project.google_project_service.project_services["stackdriver.googleapis.com"]:
+    disable_dependent_services: false
+    disable_on_destroy: false
+    project: test-project
+    service: stackdriver.googleapis.com
+    timeouts: null
+  module.project.google_project_service_identity.default["apikeys.googleapis.com"]:
+    project: test-project
+    service: apikeys.googleapis.com
+    timeouts: null
+  module.project.google_project_service_identity.default["cloudfunctions.googleapis.com"]:
+    project: test-project
+    service: cloudfunctions.googleapis.com
+    timeouts: null
+  module.project.google_project_service_identity.default["iap.googleapis.com"]:
+    project: test-project
+    service: iap.googleapis.com
+    timeouts: null
+  module.project.google_project_service_identity.default["pubsub.googleapis.com"]:
+    project: test-project
+    service: pubsub.googleapis.com
+    timeouts: null
+  module.project.google_project_service_identity.default["secretmanager.googleapis.com"]:
+    project: test-project
+    service: secretmanager.googleapis.com
+    timeouts: null
+  module.secops-data-rbac.google_chronicle_data_access_label.labels["google"]:
+    data_access_label_id: google
+    description: Google logs
+    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
+    location: europe
+    project: test-project
+    timeouts: null
+    udm_query: principal.hostname="google.com"
+  module.secops-data-rbac.google_chronicle_data_access_scope.scopes["google"]:
+    allow_all: false
+    allowed_data_access_labels:
+    - asset_namespace: null
+      data_access_label: google
+      ingestion_label: []
+      log_type: null
+    data_access_scope_id: gscope
+    denied_data_access_labels: []
+    description: Google logs
+    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
+    location: europe
+    project: test-project
+    timeouts: null
+  module.secops-rules.google_chronicle_reference_list.default["test_2"]:
+    description: Private CIDR ranges
+    entries:
+    - value: 10.0.0.0/8
+    - value: 172.16.0.0/12
+    - value: 192.168.0.0/16
+    - value: 127.0.0.1/32
+    - value: ::1/128
+    - value: fc00::/7
+    - value: fe80::/10
+    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
+    location: europe
+    project: test-project
+    reference_list_id: test_2
+    scope_info: []
+    syntax_type: REFERENCE_LIST_SYNTAX_TYPE_CIDR
+    timeouts: null
+  module.secops-rules.google_chronicle_rule.default["network_traffic_to_specific_country"]:
+    deletion_policy: FORCE
+    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
+    location: europe
+    project: test-project
+    scope: null
+    text: "rule network_traffic_to_specific_country {\n\n  meta:\n    author = \"\
+      Google Cloud Security\"\n    description = \"Identify network traffic based\
+      \ on target country\"\n    type = \"alert\"\n    tags = \"geoip enrichment\"\
+      \n    data_source = \"microsoft windows events\"\n    severity = \"Low\"\n \
+      \   priority = \"Low\"\n\n  events:\n    $network.metadata.event_type = \"NETWORK_CONNECTION\"\
+      \n    //Specify a country of interest to monitor or add additional countries\
+      \ using an or statement\n    $network.target.ip_geo_artifact.location.country_or_region\
+      \ = \"France\" nocase\n    $network.target.ip = $ip\n\n  match:\n    $ip over\
+      \ 30m\n\n  outcome:\n    $risk_score = max(35)\n    $event_count = count_distinct($network.metadata.id)\n\
+      \n    // added to populate alert graph with additional context\n    $principal_ip\
+      \ = array_distinct($network.principal.ip)\n\n    // Commented out target.ip\
+      \ because it is already represented in graph as match variable. If match changes,\
+      \ can uncomment to add to results\n    //$target_ip = array_distinct($network.target.ip)\n\
+      \    $principal_process_pid = array_distinct($network.principal.process.pid)\n\
+      \    $principal_process_command_line = array_distinct($network.principal.process.command_line)\n\
+      \    $principal_process_file_sha256 = array_distinct($network.principal.process.file.sha256)\n\
+      \    $principal_process_file_full_path = array_distinct($network.principal.process.file.full_path)\n\
+      \    $principal_process_product_specfic_process_id = array_distinct($network.principal.process.product_specific_process_id)\n\
+      \    $principal_process_parent_process_product_specfic_process_id = array_distinct($network.principal.process.parent_process.product_specific_process_id)\n\
+      \    $target_process_pid = array_distinct($network.target.process.pid)\n   \
+      \ $target_process_command_line = array_distinct($network.target.process.command_line)\n\
+      \    $target_process_file_sha256 = array_distinct($network.target.process.file.sha256)\n\
+      \    $target_process_file_full_path = array_distinct($network.target.process.file.full_path)\n\
+      \    $target_process_product_specfic_process_id = array_distinct($network.target.process.product_specific_process_id)\n\
+      \    $target_process_parent_process_product_specfic_process_id = array_distinct($network.target.process.parent_process.product_specific_process_id)\n\
+      \    $principal_user_userid = array_distinct($network.principal.user.userid)\n\
+      \    $target_user_userid = array_distinct($network.target.user.userid)\n\n \
+      \ condition:\n    $network\n}\n"
+    timeouts: null
+  module.secops-rules.google_chronicle_rule_deployment.default["network_traffic_to_specific_country"]:
+    alerting: true
+    archived: false
+    enabled: true
+    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
+    location: europe
+    project: test-project
+    run_frequency: LIVE
+    timeouts: null
+  module.secops-tenant-secrets.google_secret_manager_secret.default["secops-feeds-api-key"]:
+    annotations: null
+    deletion_protection: false
+    effective_labels:
+      goog-terraform-provisioned: 'true'
+    labels: null
+    project: test-project
+    replication:
+    - auto:
+      - customer_managed_encryption: []
+      user_managed: []
+    rotation: []
+    secret_id: secops-feeds-api-key
+    tags: null
+    terraform_labels:
+      goog-terraform-provisioned: 'true'
+    timeouts: null
+    topics: []
+    ttl: null
+    version_aliases: null
+    version_destroy_ttl: null
+  module.secops-tenant-secrets.google_secret_manager_secret.default["secops-workspace-ing-sa-key"]:
+    annotations: null
+    deletion_protection: false
+    effective_labels:
+      goog-terraform-provisioned: 'true'
+    labels: null
+    project: test-project
+    replication:
+    - auto:
+      - customer_managed_encryption: []
+      user_managed: []
+    rotation: []
+    secret_id: secops-workspace-ing-sa-key
+    tags: null
+    terraform_labels:
+      goog-terraform-provisioned: 'true'
+    timeouts: null
+    topics: []
+    ttl: null
+    version_aliases: null
+    version_destroy_ttl: null
+  module.secops-tenant-secrets.google_secret_manager_secret_version.default["secops-feeds-api-key/latest"]:
+    deletion_policy: DELETE
+    enabled: true
+    is_secret_data_base64: false
+    secret_data_wo: null
+    secret_data_wo_version: 0
+    timeouts: null
+  module.secops-tenant-secrets.google_secret_manager_secret_version.default["secops-workspace-ing-sa-key/latest"]:
+    deletion_policy: DELETE
+    enabled: true
+    is_secret_data_base64: false
+    secret_data_wo: null
+    secret_data_wo_version: 0
+    timeouts: null
+  module.secops_data_tables.google_chronicle_data_table.default["sample_data_table_domains"]:
+    column_info:
+    - column_index: 0
+      column_type: STRING
+      key_column: null
+      mapped_column_path: null
+      original_column: rank
+      repeated_values: null
+    - column_index: 1
+      column_type: STRING
+      key_column: null
+      mapped_column_path: null
+      original_column: domain
+      repeated_values: null
+    data_table_id: sample_data_table_domains
+    deletion_policy: DEFAULT
+    description: Sample Data Table for domains
+    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
+    location: europe
+    project: test-project
+    row_time_to_live: null
+    scope_info: []
+    timeouts: null
+  module.secops_data_tables.google_chronicle_data_table_row.default["sample_data_table_domains_0"]:
+    data_table_id: sample_data_table_domains
+    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
+    location: europe
+    project: test-project
+    row_time_to_live: null
+    timeouts: null
+    values:
+    - '1'
+    - google.com
+  module.secops_data_tables.google_chronicle_data_table_row.default["sample_data_table_domains_1"]:
+    data_table_id: sample_data_table_domains
+    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
+    location: europe
+    project: test-project
+    row_time_to_live: null
+    timeouts: null
+    values:
+    - '2'
+    - www.google.com
+  module.webhook_feeds.google_chronicle_feed.feeds["okta"]:
+    details:
+    - amazon_kinesis_firehose_settings: []
+      amazon_s3_settings: []
+      amazon_s3_v2_settings: []
+      amazon_sqs_settings: []
+      amazon_sqs_v2_settings: []
+      anomali_settings: []
+      asset_namespace: null
+      aws_ec2_hosts_settings: []
+      aws_ec2_instances_settings: []
+      aws_ec2_vpcs_settings: []
+      aws_iam_settings: []
+      azure_ad_audit_settings: []
+      azure_ad_context_settings: []
+      azure_ad_settings: []
+      azure_blob_store_settings: []
+      azure_blob_store_v2_settings: []
+      azure_event_hub_settings: []
+      azure_mdm_intune_settings: []
+      cloud_passage_settings: []
+      cortex_xdr_settings: []
+      crowdstrike_alerts_settings: []
+      crowdstrike_detects_settings: []
+      dummy_log_type_settings: []
+      duo_auth_settings: []
+      duo_user_context_settings: []
+      feed_source_type: HTTPS_PUSH_WEBHOOK
+      fox_it_stix_settings: []
+      gcs_settings: []
+      gcs_v2_settings: []
+      google_cloud_identity_device_users_settings: []
+      google_cloud_identity_devices_settings: []
+      google_cloud_storage_event_driven_settings: []
+      http_settings: []
+      https_push_amazon_kinesis_firehose_settings: []
+      https_push_google_cloud_pubsub_settings: []
+      https_push_webhook_settings:
+      - split_delimiter: null
+      imperva_waf_settings: []
+      labels: null
+      log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/OKTA
+      mandiant_ioc_settings: []
+      microsoft_graph_alert_settings: []
+      microsoft_security_center_alert_settings: []
+      mimecast_mail_settings: []
+      mimecast_mail_v2_settings: []
+      netskope_alert_settings: []
+      netskope_alert_v2_settings: []
+      office365_settings: []
+      okta_settings: []
+      okta_user_context_settings: []
+      pan_ioc_settings: []
+      pan_prisma_cloud_settings: []
+      proofpoint_mail_settings: []
+      proofpoint_on_demand_settings: []
+      pubsub_settings: []
+      qualys_scan_settings: []
+      qualys_vm_settings: []
+      rapid7_insight_settings: []
+      recorded_future_ioc_settings: []
+      rh_isac_ioc_settings: []
+      salesforce_settings: []
+      sentinelone_alert_settings: []
+      service_now_cmdb_settings: []
+      sftp_settings: []
+      symantec_event_export_settings: []
+      thinkst_canary_settings: []
+      threat_connect_ioc_settings: []
+      threat_connect_ioc_v3_settings: []
+      trellix_hx_alerts_settings: []
+      trellix_hx_bulk_acqs_settings: []
+      trellix_hx_hosts_settings: []
+      webhook_settings: []
+      workday_settings: []
+      workspace_activity_settings: []
+      workspace_alerts_settings: []
+      workspace_chrome_os_settings: []
+      workspace_groups_settings: []
+      workspace_mobile_settings: []
+      workspace_privileges_settings: []
+      workspace_users_settings: []
+    display_name: webhook-okta
+    enabled: null
+    failure_details: []
+    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
+    location: europe
+    project: test-project
+    timeouts: null
+  module.workspace-feeds[0].google_chronicle_feed.feeds["ws-activity"]:
+    details:
+    - amazon_kinesis_firehose_settings: []
+      amazon_s3_settings: []
+      amazon_s3_v2_settings: []
+      amazon_sqs_settings: []
+      amazon_sqs_v2_settings: []
+      anomali_settings: []
+      asset_namespace: null
+      aws_ec2_hosts_settings: []
+      aws_ec2_instances_settings: []
+      aws_ec2_vpcs_settings: []
+      aws_iam_settings: []
+      azure_ad_audit_settings: []
+      azure_ad_context_settings: []
+      azure_ad_settings: []
+      azure_blob_store_settings: []
+      azure_blob_store_v2_settings: []
+      azure_event_hub_settings: []
+      azure_mdm_intune_settings: []
+      cloud_passage_settings: []
+      cortex_xdr_settings: []
+      crowdstrike_alerts_settings: []
+      crowdstrike_detects_settings: []
+      dummy_log_type_settings: []
+      duo_auth_settings: []
+      duo_user_context_settings: []
+      feed_source_type: API
+      fox_it_stix_settings: []
+      gcs_settings: []
+      gcs_v2_settings: []
+      google_cloud_identity_device_users_settings: []
+      google_cloud_identity_devices_settings: []
+      google_cloud_storage_event_driven_settings: []
+      http_settings: []
+      https_push_amazon_kinesis_firehose_settings: []
+      https_push_google_cloud_pubsub_settings: []
+      https_push_webhook_settings: []
+      imperva_waf_settings: []
+      labels: null
+      log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/WORKSPACE_ACTIVITY
+      mandiant_ioc_settings: []
+      microsoft_graph_alert_settings: []
+      microsoft_security_center_alert_settings: []
+      mimecast_mail_settings: []
+      mimecast_mail_v2_settings: []
+      netskope_alert_settings: []
+      netskope_alert_v2_settings: []
+      office365_settings: []
+      okta_settings: []
+      okta_user_context_settings: []
+      pan_ioc_settings: []
+      pan_prisma_cloud_settings: []
+      proofpoint_mail_settings: []
+      proofpoint_on_demand_settings: []
+      pubsub_settings: []
+      qualys_scan_settings: []
+      qualys_vm_settings: []
+      rapid7_insight_settings: []
+      recorded_future_ioc_settings: []
+      rh_isac_ioc_settings: []
+      salesforce_settings: []
+      sentinelone_alert_settings: []
+      service_now_cmdb_settings: []
+      sftp_settings: []
+      symantec_event_export_settings: []
+      thinkst_canary_settings: []
+      threat_connect_ioc_settings: []
+      threat_connect_ioc_v3_settings: []
+      trellix_hx_alerts_settings: []
+      trellix_hx_bulk_acqs_settings: []
+      trellix_hx_hosts_settings: []
+      webhook_settings: []
+      workday_settings: []
+      workspace_activity_settings:
+      - applications:
+        - access_transparency
+        - admin
+        - calendar
+        - chat
+        - drive
+        - gcp
+        - gplus
+        - groups
+        - groups_enterprise
+        - jamboard
+        - login
+        - meet
+        - mobile
+        - rules
+        - saml
+        - token
+        - user_accounts
+        - context_aware_access
+        - chrome
+        - data_studio
+        - keep
+        authentication:
+        - claims:
+          - audience: https://oauth2.googleapis.com/token
+            issuer: workspace-integration@test-project.iam.gserviceaccount.com
+            subject: secops-feed@example.com
+          rs_credentials:
+          - {}
+          token_endpoint: https://oauth2.googleapis.com/token
+        workspace_customer_id: CXXXXXXXX
+      workspace_alerts_settings: []
+      workspace_chrome_os_settings: []
+      workspace_groups_settings: []
+      workspace_mobile_settings: []
+      workspace_privileges_settings: []
+      workspace_users_settings: []
+    display_name: Workspace Activity
+    enabled: null
+    failure_details: []
+    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
+    location: europe
+    project: test-project
+    timeouts: null
+  module.workspace-feeds[0].google_chronicle_feed.feeds["ws-alerts"]:
+    details:
+    - amazon_kinesis_firehose_settings: []
+      amazon_s3_settings: []
+      amazon_s3_v2_settings: []
+      amazon_sqs_settings: []
+      amazon_sqs_v2_settings: []
+      anomali_settings: []
+      asset_namespace: null
+      aws_ec2_hosts_settings: []
+      aws_ec2_instances_settings: []
+      aws_ec2_vpcs_settings: []
+      aws_iam_settings: []
+      azure_ad_audit_settings: []
+      azure_ad_context_settings: []
+      azure_ad_settings: []
+      azure_blob_store_settings: []
+      azure_blob_store_v2_settings: []
+      azure_event_hub_settings: []
+      azure_mdm_intune_settings: []
+      cloud_passage_settings: []
+      cortex_xdr_settings: []
+      crowdstrike_alerts_settings: []
+      crowdstrike_detects_settings: []
+      dummy_log_type_settings: []
+      duo_auth_settings: []
+      duo_user_context_settings: []
+      feed_source_type: API
+      fox_it_stix_settings: []
+      gcs_settings: []
+      gcs_v2_settings: []
+      google_cloud_identity_device_users_settings: []
+      google_cloud_identity_devices_settings: []
+      google_cloud_storage_event_driven_settings: []
+      http_settings: []
+      https_push_amazon_kinesis_firehose_settings: []
+      https_push_google_cloud_pubsub_settings: []
+      https_push_webhook_settings: []
+      imperva_waf_settings: []
+      labels: null
+      log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/WORKSPACE_ALERTS
+      mandiant_ioc_settings: []
+      microsoft_graph_alert_settings: []
+      microsoft_security_center_alert_settings: []
+      mimecast_mail_settings: []
+      mimecast_mail_v2_settings: []
+      netskope_alert_settings: []
+      netskope_alert_v2_settings: []
+      office365_settings: []
+      okta_settings: []
+      okta_user_context_settings: []
+      pan_ioc_settings: []
+      pan_prisma_cloud_settings: []
+      proofpoint_mail_settings: []
+      proofpoint_on_demand_settings: []
+      pubsub_settings: []
+      qualys_scan_settings: []
+      qualys_vm_settings: []
+      rapid7_insight_settings: []
+      recorded_future_ioc_settings: []
+      rh_isac_ioc_settings: []
+      salesforce_settings: []
+      sentinelone_alert_settings: []
+      service_now_cmdb_settings: []
+      sftp_settings: []
+      symantec_event_export_settings: []
+      thinkst_canary_settings: []
+      threat_connect_ioc_settings: []
+      threat_connect_ioc_v3_settings: []
+      trellix_hx_alerts_settings: []
+      trellix_hx_bulk_acqs_settings: []
+      trellix_hx_hosts_settings: []
+      webhook_settings: []
+      workday_settings: []
+      workspace_activity_settings: []
+      workspace_alerts_settings:
+      - authentication:
+        - claims:
+          - audience: https://oauth2.googleapis.com/token
+            issuer: workspace-integration@test-project.iam.gserviceaccount.com
+            subject: secops-feed@example.com
+          rs_credentials:
+          - {}
+          token_endpoint: https://oauth2.googleapis.com/token
+        workspace_customer_id: CXXXXXXXX
+      workspace_chrome_os_settings: []
+      workspace_groups_settings: []
+      workspace_mobile_settings: []
+      workspace_privileges_settings: []
+      workspace_users_settings: []
+    display_name: Workspace Alerts
+    enabled: null
+    failure_details: []
+    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
+    location: europe
+    project: test-project
+    timeouts: null
+  module.workspace-feeds[0].google_chronicle_feed.feeds["ws-chrome"]:
+    details:
+    - amazon_kinesis_firehose_settings: []
+      amazon_s3_settings: []
+      amazon_s3_v2_settings: []
+      amazon_sqs_settings: []
+      amazon_sqs_v2_settings: []
+      anomali_settings: []
+      asset_namespace: null
+      aws_ec2_hosts_settings: []
+      aws_ec2_instances_settings: []
+      aws_ec2_vpcs_settings: []
+      aws_iam_settings: []
+      azure_ad_audit_settings: []
+      azure_ad_context_settings: []
+      azure_ad_settings: []
+      azure_blob_store_settings: []
+      azure_blob_store_v2_settings: []
+      azure_event_hub_settings: []
+      azure_mdm_intune_settings: []
+      cloud_passage_settings: []
+      cortex_xdr_settings: []
+      crowdstrike_alerts_settings: []
+      crowdstrike_detects_settings: []
+      dummy_log_type_settings: []
+      duo_auth_settings: []
+      duo_user_context_settings: []
+      feed_source_type: API
+      fox_it_stix_settings: []
+      gcs_settings: []
+      gcs_v2_settings: []
+      google_cloud_identity_device_users_settings: []
+      google_cloud_identity_devices_settings: []
+      google_cloud_storage_event_driven_settings: []
+      http_settings: []
+      https_push_amazon_kinesis_firehose_settings: []
+      https_push_google_cloud_pubsub_settings: []
+      https_push_webhook_settings: []
+      imperva_waf_settings: []
+      labels: null
+      log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/WORKSPACE_CHROMEOS
+      mandiant_ioc_settings: []
+      microsoft_graph_alert_settings: []
+      microsoft_security_center_alert_settings: []
+      mimecast_mail_settings: []
+      mimecast_mail_v2_settings: []
+      netskope_alert_settings: []
+      netskope_alert_v2_settings: []
+      office365_settings: []
+      okta_settings: []
+      okta_user_context_settings: []
+      pan_ioc_settings: []
+      pan_prisma_cloud_settings: []
+      proofpoint_mail_settings: []
+      proofpoint_on_demand_settings: []
+      pubsub_settings: []
+      qualys_scan_settings: []
+      qualys_vm_settings: []
+      rapid7_insight_settings: []
+      recorded_future_ioc_settings: []
+      rh_isac_ioc_settings: []
+      salesforce_settings: []
+      sentinelone_alert_settings: []
+      service_now_cmdb_settings: []
+      sftp_settings: []
+      symantec_event_export_settings: []
+      thinkst_canary_settings: []
+      threat_connect_ioc_settings: []
+      threat_connect_ioc_v3_settings: []
+      trellix_hx_alerts_settings: []
+      trellix_hx_bulk_acqs_settings: []
+      trellix_hx_hosts_settings: []
+      webhook_settings: []
+      workday_settings: []
+      workspace_activity_settings: []
+      workspace_alerts_settings: []
+      workspace_chrome_os_settings:
+      - authentication:
+        - claims:
+          - audience: https://oauth2.googleapis.com/token
+            issuer: workspace-integration@test-project.iam.gserviceaccount.com
+            subject: secops-feed@example.com
+          rs_credentials:
+          - {}
+          token_endpoint: https://oauth2.googleapis.com/token
+        workspace_customer_id: CXXXXXXXX
+      workspace_groups_settings: []
+      workspace_mobile_settings: []
+      workspace_privileges_settings: []
+      workspace_users_settings: []
+    display_name: Workspace ChromeOS
+    enabled: null
+    failure_details: []
+    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
+    location: europe
+    project: test-project
+    timeouts: null
+  module.workspace-feeds[0].google_chronicle_feed.feeds["ws-group"]:
+    details:
+    - amazon_kinesis_firehose_settings: []
+      amazon_s3_settings: []
+      amazon_s3_v2_settings: []
+      amazon_sqs_settings: []
+      amazon_sqs_v2_settings: []
+      anomali_settings: []
+      asset_namespace: null
+      aws_ec2_hosts_settings: []
+      aws_ec2_instances_settings: []
+      aws_ec2_vpcs_settings: []
+      aws_iam_settings: []
+      azure_ad_audit_settings: []
+      azure_ad_context_settings: []
+      azure_ad_settings: []
+      azure_blob_store_settings: []
+      azure_blob_store_v2_settings: []
+      azure_event_hub_settings: []
+      azure_mdm_intune_settings: []
+      cloud_passage_settings: []
+      cortex_xdr_settings: []
+      crowdstrike_alerts_settings: []
+      crowdstrike_detects_settings: []
+      dummy_log_type_settings: []
+      duo_auth_settings: []
+      duo_user_context_settings: []
+      feed_source_type: API
+      fox_it_stix_settings: []
+      gcs_settings: []
+      gcs_v2_settings: []
+      google_cloud_identity_device_users_settings: []
+      google_cloud_identity_devices_settings: []
+      google_cloud_storage_event_driven_settings: []
+      http_settings: []
+      https_push_amazon_kinesis_firehose_settings: []
+      https_push_google_cloud_pubsub_settings: []
+      https_push_webhook_settings: []
+      imperva_waf_settings: []
+      labels: null
+      log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/WORKSPACE_GROUPS
+      mandiant_ioc_settings: []
+      microsoft_graph_alert_settings: []
+      microsoft_security_center_alert_settings: []
+      mimecast_mail_settings: []
+      mimecast_mail_v2_settings: []
+      netskope_alert_settings: []
+      netskope_alert_v2_settings: []
+      office365_settings: []
+      okta_settings: []
+      okta_user_context_settings: []
+      pan_ioc_settings: []
+      pan_prisma_cloud_settings: []
+      proofpoint_mail_settings: []
+      proofpoint_on_demand_settings: []
+      pubsub_settings: []
+      qualys_scan_settings: []
+      qualys_vm_settings: []
+      rapid7_insight_settings: []
+      recorded_future_ioc_settings: []
+      rh_isac_ioc_settings: []
+      salesforce_settings: []
+      sentinelone_alert_settings: []
+      service_now_cmdb_settings: []
+      sftp_settings: []
+      symantec_event_export_settings: []
+      thinkst_canary_settings: []
+      threat_connect_ioc_settings: []
+      threat_connect_ioc_v3_settings: []
+      trellix_hx_alerts_settings: []
+      trellix_hx_bulk_acqs_settings: []
+      trellix_hx_hosts_settings: []
+      webhook_settings: []
+      workday_settings: []
+      workspace_activity_settings: []
+      workspace_alerts_settings: []
+      workspace_chrome_os_settings: []
+      workspace_groups_settings:
+      - authentication:
+        - claims:
+          - audience: https://oauth2.googleapis.com/token
+            issuer: workspace-integration@test-project.iam.gserviceaccount.com
+            subject: secops-feed@example.com
+          rs_credentials:
+          - {}
+          token_endpoint: https://oauth2.googleapis.com/token
+        workspace_customer_id: CXXXXXXXX
+      workspace_mobile_settings: []
+      workspace_privileges_settings: []
+      workspace_users_settings: []
+    display_name: Workspace Groups
+    enabled: null
+    failure_details: []
+    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
+    location: europe
+    project: test-project
+    timeouts: null
+  module.workspace-feeds[0].google_chronicle_feed.feeds["ws-mobile"]:
+    details:
+    - amazon_kinesis_firehose_settings: []
+      amazon_s3_settings: []
+      amazon_s3_v2_settings: []
+      amazon_sqs_settings: []
+      amazon_sqs_v2_settings: []
+      anomali_settings: []
+      asset_namespace: null
+      aws_ec2_hosts_settings: []
+      aws_ec2_instances_settings: []
+      aws_ec2_vpcs_settings: []
+      aws_iam_settings: []
+      azure_ad_audit_settings: []
+      azure_ad_context_settings: []
+      azure_ad_settings: []
+      azure_blob_store_settings: []
+      azure_blob_store_v2_settings: []
+      azure_event_hub_settings: []
+      azure_mdm_intune_settings: []
+      cloud_passage_settings: []
+      cortex_xdr_settings: []
+      crowdstrike_alerts_settings: []
+      crowdstrike_detects_settings: []
+      dummy_log_type_settings: []
+      duo_auth_settings: []
+      duo_user_context_settings: []
+      feed_source_type: API
+      fox_it_stix_settings: []
+      gcs_settings: []
+      gcs_v2_settings: []
+      google_cloud_identity_device_users_settings: []
+      google_cloud_identity_devices_settings: []
+      google_cloud_storage_event_driven_settings: []
+      http_settings: []
+      https_push_amazon_kinesis_firehose_settings: []
+      https_push_google_cloud_pubsub_settings: []
+      https_push_webhook_settings: []
+      imperva_waf_settings: []
+      labels: null
+      log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/WORKSPACE_MOBILE
+      mandiant_ioc_settings: []
+      microsoft_graph_alert_settings: []
+      microsoft_security_center_alert_settings: []
+      mimecast_mail_settings: []
+      mimecast_mail_v2_settings: []
+      netskope_alert_settings: []
+      netskope_alert_v2_settings: []
+      office365_settings: []
+      okta_settings: []
+      okta_user_context_settings: []
+      pan_ioc_settings: []
+      pan_prisma_cloud_settings: []
+      proofpoint_mail_settings: []
+      proofpoint_on_demand_settings: []
+      pubsub_settings: []
+      qualys_scan_settings: []
+      qualys_vm_settings: []
+      rapid7_insight_settings: []
+      recorded_future_ioc_settings: []
+      rh_isac_ioc_settings: []
+      salesforce_settings: []
+      sentinelone_alert_settings: []
+      service_now_cmdb_settings: []
+      sftp_settings: []
+      symantec_event_export_settings: []
+      thinkst_canary_settings: []
+      threat_connect_ioc_settings: []
+      threat_connect_ioc_v3_settings: []
+      trellix_hx_alerts_settings: []
+      trellix_hx_bulk_acqs_settings: []
+      trellix_hx_hosts_settings: []
+      webhook_settings: []
+      workday_settings: []
+      workspace_activity_settings: []
+      workspace_alerts_settings: []
+      workspace_chrome_os_settings: []
+      workspace_groups_settings: []
+      workspace_mobile_settings:
+      - authentication:
+        - claims:
+          - audience: https://oauth2.googleapis.com/token
+            issuer: workspace-integration@test-project.iam.gserviceaccount.com
+            subject: secops-feed@example.com
+          rs_credentials:
+          - {}
+          token_endpoint: https://oauth2.googleapis.com/token
+        workspace_customer_id: CXXXXXXXX
+      workspace_privileges_settings: []
+      workspace_users_settings: []
+    display_name: Workspace Mobile
+    enabled: null
+    failure_details: []
+    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
+    location: europe
+    project: test-project
+    timeouts: null
+  module.workspace-feeds[0].google_chronicle_feed.feeds["ws-users"]:
+    details:
+    - amazon_kinesis_firehose_settings: []
+      amazon_s3_settings: []
+      amazon_s3_v2_settings: []
+      amazon_sqs_settings: []
+      amazon_sqs_v2_settings: []
+      anomali_settings: []
+      asset_namespace: null
+      aws_ec2_hosts_settings: []
+      aws_ec2_instances_settings: []
+      aws_ec2_vpcs_settings: []
+      aws_iam_settings: []
+      azure_ad_audit_settings: []
+      azure_ad_context_settings: []
+      azure_ad_settings: []
+      azure_blob_store_settings: []
+      azure_blob_store_v2_settings: []
+      azure_event_hub_settings: []
+      azure_mdm_intune_settings: []
+      cloud_passage_settings: []
+      cortex_xdr_settings: []
+      crowdstrike_alerts_settings: []
+      crowdstrike_detects_settings: []
+      dummy_log_type_settings: []
+      duo_auth_settings: []
+      duo_user_context_settings: []
+      feed_source_type: API
+      fox_it_stix_settings: []
+      gcs_settings: []
+      gcs_v2_settings: []
+      google_cloud_identity_device_users_settings: []
+      google_cloud_identity_devices_settings: []
+      google_cloud_storage_event_driven_settings: []
+      http_settings: []
+      https_push_amazon_kinesis_firehose_settings: []
+      https_push_google_cloud_pubsub_settings: []
+      https_push_webhook_settings: []
+      imperva_waf_settings: []
+      labels: null
+      log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/WORKSPACE_USERS
+      mandiant_ioc_settings: []
+      microsoft_graph_alert_settings: []
+      microsoft_security_center_alert_settings: []
+      mimecast_mail_settings: []
+      mimecast_mail_v2_settings: []
+      netskope_alert_settings: []
+      netskope_alert_v2_settings: []
+      office365_settings: []
+      okta_settings: []
+      okta_user_context_settings: []
+      pan_ioc_settings: []
+      pan_prisma_cloud_settings: []
+      proofpoint_mail_settings: []
+      proofpoint_on_demand_settings: []
+      pubsub_settings: []
+      qualys_scan_settings: []
+      qualys_vm_settings: []
+      rapid7_insight_settings: []
+      recorded_future_ioc_settings: []
+      rh_isac_ioc_settings: []
+      salesforce_settings: []
+      sentinelone_alert_settings: []
+      service_now_cmdb_settings: []
+      sftp_settings: []
+      symantec_event_export_settings: []
+      thinkst_canary_settings: []
+      threat_connect_ioc_settings: []
+      threat_connect_ioc_v3_settings: []
+      trellix_hx_alerts_settings: []
+      trellix_hx_bulk_acqs_settings: []
+      trellix_hx_hosts_settings: []
+      webhook_settings: []
+      workday_settings: []
+      workspace_activity_settings: []
+      workspace_alerts_settings: []
+      workspace_chrome_os_settings: []
+      workspace_groups_settings: []
+      workspace_mobile_settings: []
+      workspace_privileges_settings: []
+      workspace_users_settings:
+      - authentication:
+        - claims:
+          - audience: https://oauth2.googleapis.com/token
+            issuer: workspace-integration@test-project.iam.gserviceaccount.com
+            subject: secops-feed@example.com
+          rs_credentials:
+          - {}
+          token_endpoint: https://oauth2.googleapis.com/token
+        projection_type: FULL_PROJECTION
+        workspace_customer_id: CXXXXXXXX
+    display_name: Workspace Users
+    enabled: null
+    failure_details: []
+    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
+    location: europe
+    project: test-project
+    timeouts: null
+  module.workspace-integration-sa[0].google_service_account.service_account[0]:
+    account_id: workspace-integration
+    create_ignore_already_exists: null
+    description: null
+    disabled: false
+    display_name: Terraform-managed.
+    email: workspace-integration@test-project.iam.gserviceaccount.com
+    member: serviceAccount:workspace-integration@test-project.iam.gserviceaccount.com
+    project: test-project
+    timeouts: null
+  restful_operation.webhook_feeds_secret["okta"]:
+    body: null
+    delete_body: null
+    delete_header: null
+    delete_method: null
+    delete_path: null
+    delete_query: null
+    ephemeral_body: null
+    header: null
+    id_builder: null
+    method: POST
+    operation_header: null
+    operation_query: null
+    output_attrs: null
+    poll: null
+    poll_delete: null
+    precheck: null
+    precheck_delete: null
+    query: null
+  restful_resource.secops_log_type["cloudrun"]:
+    body:
+      customLogTypeLabel: CLOUDRUN_CUSTOM
+      displayName: Cloud Run
+      hasCustomParser: true
+      isCustom: true
+      productSource: Cloud Run Custom
+    check_existance: null
+    create_header: null
+    create_method: POST
+    create_query: null
+    create_selector: null
+    delete_body: null
+    delete_body_raw: null
+    delete_header: null
+    delete_method: null
+    delete_path: null
+    delete_query: null
+    ephemeral_body: null
+    force_new_attrs: null
+    header: null
+    merge_patch_disabled: null
+    output_attrs: null
+    path: /projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes?logTypeId=cloudrun
+    poll_create: null
+    poll_delete: null
+    poll_update: null
+    precheck_create: null
+    precheck_delete: null
+    precheck_update: null
+    query: null
+    read_header: null
+    read_path: /projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx
+    read_query: null
+    read_response_template: null
+    read_selector: null
+    update_body_patches: null
+    update_header: null
+    update_method: null
+    update_path: null
+    update_query: null
+    write_only_attrs: null
+
+counts:
+  google_apikeys_key: 1
+  google_chronicle_data_access_label: 1
+  google_chronicle_data_access_scope: 1
+  google_chronicle_data_table: 1
+  google_chronicle_data_table_row: 2
+  google_chronicle_feed: 12
+  google_chronicle_reference_list: 1
+  google_chronicle_rule: 1
+  google_chronicle_rule_deployment: 1
+  google_monitoring_alert_policy: 3
+  google_monitoring_notification_channel: 1
+  google_org_policy_policy: 1
+  google_project: 1
+  google_project_iam_binding: 1
+  google_project_iam_custom_role: 7
+  google_project_iam_member: 5
+  google_project_service: 9
+  google_project_service_identity: 5
+  google_secret_manager_secret: 2
+  google_secret_manager_secret_version: 2
+  google_service_account: 1
+  google_service_account_key: 1
+  modules: 10
+  resources: 62
+  restful_operation: 1
+  restful_resource: 1
+
+outputs:
+  project_id: test-project
+

From b94e47c976d2c6797c9547b24469232cd523c900 Mon Sep 17 00:00:00 2001
From: bruzzechesse <bruzzechesse@google.com>
Date: Tue, 21 Apr 2026 15:19:11 +0200
Subject: [PATCH 4/5] fix

---
 tests/blueprints/secops-instance/basic.tfvars | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/blueprints/secops-instance/basic.tfvars b/tests/blueprints/secops-instance/basic.tfvars
index 5d6fae2..5ff1398 100644
--- a/tests/blueprints/secops-instance/basic.tfvars
+++ b/tests/blueprints/secops-instance/basic.tfvars
@@ -45,7 +45,7 @@ third_party_integration_config = {
     customer_id    = "CXXXXXXXX"
   }
   okta = {
-    api_key = "XXXXXXXXXXXXX"
+    api_key                    = "XXXXXXXXXXXXX"
     hostname                   = "xxxxx.okta.com"
     manager_id_reference_field = "managerId"
   }

From f522abcf22665fb2300124f39eac5f253500ea7f Mon Sep 17 00:00:00 2001
From: bruzzechesse <bruzzechesse@google.com>
Date: Tue, 21 Apr 2026 15:24:19 +0200
Subject: [PATCH 5/5] fix

---
 tests/blueprints/secops-instance/basic.yaml | 2382 +------------------
 1 file changed, 1 insertion(+), 2381 deletions(-)

diff --git a/tests/blueprints/secops-instance/basic.yaml b/tests/blueprints/secops-instance/basic.yaml
index 44bca29..0adfd8f 100644
--- a/tests/blueprints/secops-instance/basic.yaml
+++ b/tests/blueprints/secops-instance/basic.yaml
@@ -469,2384 +469,4 @@ values:
       crowdstrike_detects_settings: []
       dummy_log_type_settings: []
       duo_auth_settings: []
-      duo_user_context_settings: []
-      feed_source_type: API
-      fox_it_stix_settings: []
-      gcs_settings: []
-      gcs_v2_settings: []
-      google_cloud_identity_device_users_settings: []
-      google_cloud_identity_devices_settings: []
-      google_cloud_storage_event_driven_settings: []
-      http_settings: []
-      https_push_amazon_kinesis_firehose_settings: []
-      https_push_google_cloud_pubsub_settings: []
-      https_push_webhook_settings: []
-      imperva_waf_settings: []
-      labels: null
-      log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/OKTA
-      mandiant_ioc_settings: []
-      microsoft_graph_alert_settings: []
-      microsoft_security_center_alert_settings: []
-      mimecast_mail_settings: []
-      mimecast_mail_v2_settings: []
-      netskope_alert_settings: []
-      netskope_alert_v2_settings: []
-      office365_settings: []
-      okta_settings:
-      - authentication:
-        - header_key_values:
-          - key: Authorization
-            value: XXXXXXXXXXXXX
-        hostname: xxxxx.okta.com
-      okta_user_context_settings: []
-      pan_ioc_settings: []
-      pan_prisma_cloud_settings: []
-      proofpoint_mail_settings: []
-      proofpoint_on_demand_settings: []
-      pubsub_settings: []
-      qualys_scan_settings: []
-      qualys_vm_settings: []
-      rapid7_insight_settings: []
-      recorded_future_ioc_settings: []
-      rh_isac_ioc_settings: []
-      salesforce_settings: []
-      sentinelone_alert_settings: []
-      service_now_cmdb_settings: []
-      sftp_settings: []
-      symantec_event_export_settings: []
-      thinkst_canary_settings: []
-      threat_connect_ioc_settings: []
-      threat_connect_ioc_v3_settings: []
-      trellix_hx_alerts_settings: []
-      trellix_hx_bulk_acqs_settings: []
-      trellix_hx_hosts_settings: []
-      webhook_settings: []
-      workday_settings: []
-      workspace_activity_settings: []
-      workspace_alerts_settings: []
-      workspace_chrome_os_settings: []
-      workspace_groups_settings: []
-      workspace_mobile_settings: []
-      workspace_privileges_settings: []
-      workspace_users_settings: []
-    display_name: Okta
-    enabled: null
-    failure_details: []
-    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
-    location: europe
-    project: test-project
-    timeouts: null
-  module.okta_feeds[0].google_chronicle_feed.feeds["okta-user-context"]:
-    details:
-    - amazon_kinesis_firehose_settings: []
-      amazon_s3_settings: []
-      amazon_s3_v2_settings: []
-      amazon_sqs_settings: []
-      amazon_sqs_v2_settings: []
-      anomali_settings: []
-      asset_namespace: null
-      aws_ec2_hosts_settings: []
-      aws_ec2_instances_settings: []
-      aws_ec2_vpcs_settings: []
-      aws_iam_settings: []
-      azure_ad_audit_settings: []
-      azure_ad_context_settings: []
-      azure_ad_settings: []
-      azure_blob_store_settings: []
-      azure_blob_store_v2_settings: []
-      azure_event_hub_settings: []
-      azure_mdm_intune_settings: []
-      cloud_passage_settings: []
-      cortex_xdr_settings: []
-      crowdstrike_alerts_settings: []
-      crowdstrike_detects_settings: []
-      dummy_log_type_settings: []
-      duo_auth_settings: []
-      duo_user_context_settings: []
-      feed_source_type: API
-      fox_it_stix_settings: []
-      gcs_settings: []
-      gcs_v2_settings: []
-      google_cloud_identity_device_users_settings: []
-      google_cloud_identity_devices_settings: []
-      google_cloud_storage_event_driven_settings: []
-      http_settings: []
-      https_push_amazon_kinesis_firehose_settings: []
-      https_push_google_cloud_pubsub_settings: []
-      https_push_webhook_settings: []
-      imperva_waf_settings: []
-      labels: null
-      log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/OKTA_USER_CONTEXT
-      mandiant_ioc_settings: []
-      microsoft_graph_alert_settings: []
-      microsoft_security_center_alert_settings: []
-      mimecast_mail_settings: []
-      mimecast_mail_v2_settings: []
-      netskope_alert_settings: []
-      netskope_alert_v2_settings: []
-      office365_settings: []
-      okta_settings: []
-      okta_user_context_settings:
-      - authentication:
-        - header_key_values:
-          - key: Authorization
-            value: XXXXXXXXXXXXX
-        hostname: xxxxx.okta.com
-        manager_id_reference_field: managerId
-      pan_ioc_settings: []
-      pan_prisma_cloud_settings: []
-      proofpoint_mail_settings: []
-      proofpoint_on_demand_settings: []
-      pubsub_settings: []
-      qualys_scan_settings: []
-      qualys_vm_settings: []
-      rapid7_insight_settings: []
-      recorded_future_ioc_settings: []
-      rh_isac_ioc_settings: []
-      salesforce_settings: []
-      sentinelone_alert_settings: []
-      service_now_cmdb_settings: []
-      sftp_settings: []
-      symantec_event_export_settings: []
-      thinkst_canary_settings: []
-      threat_connect_ioc_settings: []
-      threat_connect_ioc_v3_settings: []
-      trellix_hx_alerts_settings: []
-      trellix_hx_bulk_acqs_settings: []
-      trellix_hx_hosts_settings: []
-      webhook_settings: []
-      workday_settings: []
-      workspace_activity_settings: []
-      workspace_alerts_settings: []
-      workspace_chrome_os_settings: []
-      workspace_groups_settings: []
-      workspace_mobile_settings: []
-      workspace_privileges_settings: []
-      workspace_users_settings: []
-    display_name: Okta User Context
-    enabled: null
-    failure_details: []
-    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
-    location: europe
-    project: test-project
-    timeouts: null
-  module.project.google_org_policy_policy.default["iam.disableServiceAccountKeyCreation"]:
-    dry_run_spec: []
-    name: projects/test-project/policies/iam.disableServiceAccountKeyCreation
-    parent: projects/test-project
-    spec:
-    - inherit_from_parent: null
-      reset: null
-      rules:
-      - allow_all: null
-        condition: []
-        deny_all: null
-        enforce: 'FALSE'
-        parameters: null
-        values: []
-    timeouts: null
-  module.project.google_project.project[0]:
-    auto_create_network: false
-    billing_account: 12345-ABCDEF-12345
-    deletion_policy: DELETE
-    effective_labels:
-      goog-terraform-provisioned: 'true'
-    folder_id: '2345678901'
-    labels: null
-    name: test-project
-    org_id: null
-    project_id: test-project
-    tags: null
-    terraform_labels:
-      goog-terraform-provisioned: 'true'
-    timeouts: null
-  module.project.google_project_iam_binding.authoritative["roles/chronicle.viewer"]:
-    condition: []
-    members:
-    - group:gcp-secops-admins@example.com
-    project: test-project
-    role: roles/chronicle.viewer
-  module.project.google_project_iam_custom_role.roles["SecOpsDetectionEngineer"]:
-    description: Terraform-managed.
-    permissions:
-    - chronicle.ais.createFeedback
-    - chronicle.ais.translateUdmQuery
-    - chronicle.ais.translateYlRule
-    - chronicle.conversations.get
-    - chronicle.conversations.list
-    - chronicle.conversations.update
-    - chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections
-    - chronicle.curatedRuleSetCategories.get
-    - chronicle.curatedRuleSetCategories.list
-    - chronicle.curatedRuleSetDeployments.batchUpdate
-    - chronicle.curatedRuleSetDeployments.get
-    - chronicle.curatedRuleSetDeployments.list
-    - chronicle.curatedRuleSetDeployments.update
-    - chronicle.curatedRuleSets.countCuratedRuleSetDetections
-    - chronicle.curatedRuleSets.get
-    - chronicle.curatedRuleSets.list
-    - chronicle.curatedRules.get
-    - chronicle.curatedRules.list
-    - chronicle.dashboardCharts.get
-    - chronicle.dashboardCharts.list
-    - chronicle.dashboardQueries.execute
-    - chronicle.dashboardQueries.get
-    - chronicle.dashboardQueries.list
-    - chronicle.dashboards.copy
-    - chronicle.dashboards.create
-    - chronicle.dashboards.delete
-    - chronicle.dashboards.edit
-    - chronicle.dashboards.get
-    - chronicle.dashboards.list
-    - chronicle.dashboards.schedule
-    - chronicle.dataAccessLabels.get
-    - chronicle.dataAccessLabels.list
-    - chronicle.dataAccessLabels.update
-    - chronicle.dataAccessScopes.get
-    - chronicle.dataAccessScopes.list
-    - chronicle.dataAccessScopes.permit
-    - chronicle.dataAccessScopes.update
-    - chronicle.dataTableOperationErrors.get
-    - chronicle.dataTableRows.asyncBulkCreate
-    - chronicle.dataTableRows.asyncBulkReplace
-    - chronicle.dataTableRows.asyncBulkUpdate
-    - chronicle.dataTableRows.bulkCreate
-    - chronicle.dataTableRows.bulkReplace
-    - chronicle.dataTableRows.bulkUpdate
-    - chronicle.dataTableRows.create
-    - chronicle.dataTableRows.delete
-    - chronicle.dataTableRows.get
-    - chronicle.dataTableRows.list
-    - chronicle.dataTableRows.update
-    - chronicle.dataTables.bulkCreateDataTableAsync
-    - chronicle.dataTables.create
-    - chronicle.dataTables.delete
-    - chronicle.dataTables.get
-    - chronicle.dataTables.list
-    - chronicle.dataTables.update
-    - chronicle.enrichmentControls.create
-    - chronicle.enrichmentControls.delete
-    - chronicle.enrichmentControls.get
-    - chronicle.enrichmentControls.list
-    - chronicle.entities.batchCreate
-    - chronicle.entities.batchDelete
-    - chronicle.entities.batchValidate
-    - chronicle.entities.create
-    - chronicle.entities.delete
-    - chronicle.entities.find
-    - chronicle.entities.findRelatedEntities
-    - chronicle.entities.get
-    - chronicle.entities.import
-    - chronicle.entities.list
-    - chronicle.entities.modifyEntityRiskScore
-    - chronicle.entities.queryEntityRiskScoreModifications
-    - chronicle.entities.searchEntities
-    - chronicle.entities.summarize
-    - chronicle.entities.summarizeFromQuery
-    - chronicle.events.batchGet
-    - chronicle.events.findUdmFieldValues
-    - chronicle.events.get
-    - chronicle.events.import
-    - chronicle.events.queryProductSourceStats
-    - chronicle.events.searchRawLogs
-    - chronicle.events.udmSearch
-    - chronicle.events.validateQuery
-    - chronicle.featuredContentRules.list
-    - chronicle.findingsGraphs.exploreNode
-    - chronicle.findingsGraphs.initializeGraph
-    - chronicle.findingsRefinementDeployments.get
-    - chronicle.findingsRefinementDeployments.list
-    - chronicle.findingsRefinementDeployments.update
-    - chronicle.findingsRefinements.computeActivity
-    - chronicle.findingsRefinements.computeAllActivities
-    - chronicle.findingsRefinements.create
-    - chronicle.findingsRefinements.get
-    - chronicle.findingsRefinements.list
-    - chronicle.findingsRefinements.test
-    - chronicle.findingsRefinements.update
-    - chronicle.globalDataAccessScopes.permit
-    - chronicle.instances.generateCollectionAgentAuth
-    - chronicle.instances.generateSoarAuthJwt
-    - chronicle.instances.generateWorkspaceConnectionToken
-    - chronicle.instances.get
-    - chronicle.instances.graduatePocInstance
-    - chronicle.instances.logTypeClassifier
-    - chronicle.instances.report
-    - chronicle.instances.update
-    - chronicle.instances.verifyNonce
-    - chronicle.iocMatches.get
-    - chronicle.iocMatches.list
-    - chronicle.iocState.get
-    - chronicle.iocState.update
-    - chronicle.iocs.batchGet
-    - chronicle.iocs.findFirstAndLastSeen
-    - chronicle.iocs.get
-    - chronicle.iocs.searchCuratedDetectionsForIoc
-    - chronicle.legacies.legacyBatchGetCollections
-    - chronicle.legacies.legacyFetchAlertsView
-    - chronicle.legacies.legacyFetchUdmSearchCsv
-    - chronicle.legacies.legacyFetchUdmSearchView
-    - chronicle.legacies.legacyFindAssetEvents
-    - chronicle.legacies.legacyFindRawLogs
-    - chronicle.legacies.legacyFindUdmEvents
-    - chronicle.legacies.legacyGetAlert
-    - chronicle.legacies.legacyGetCuratedRulesTrends
-    - chronicle.legacies.legacyGetDetection
-    - chronicle.legacies.legacyGetEventForDetection
-    - chronicle.legacies.legacyGetRuleCounts
-    - chronicle.legacies.legacyGetRulesTrends
-    - chronicle.legacies.legacyRunTestRule
-    - chronicle.legacies.legacySearchArtifactEvents
-    - chronicle.legacies.legacySearchArtifactIoCDetails
-    - chronicle.legacies.legacySearchAssetEvents
-    - chronicle.legacies.legacySearchCuratedDetections
-    - chronicle.legacies.legacySearchCustomerStats
-    - chronicle.legacies.legacySearchDetections
-    - chronicle.legacies.legacySearchDomainsRecentlyRegistered
-    - chronicle.legacies.legacySearchDomainsTimingStats
-    - chronicle.legacies.legacySearchEnterpriseWideAlerts
-    - chronicle.legacies.legacySearchEnterpriseWideIoCs
-    - chronicle.legacies.legacySearchFindings
-    - chronicle.legacies.legacySearchIngestionStats
-    - chronicle.legacies.legacySearchIoCInsights
-    - chronicle.legacies.legacySearchRawLogs
-    - chronicle.legacies.legacySearchRuleDetectionCountBuckets
-    - chronicle.legacies.legacySearchRuleDetectionEvents
-    - chronicle.legacies.legacySearchRuleResults
-    - chronicle.legacies.legacySearchRulesAlerts
-    - chronicle.legacies.legacySearchUserEvents
-    - chronicle.legacies.legacyStreamDetectionAlerts
-    - chronicle.legacies.legacyTestRuleStreaming
-    - chronicle.messages.get
-    - chronicle.messages.list
-    - chronicle.messages.update
-    - chronicle.nativeDashboards.create
-    - chronicle.nativeDashboards.delete
-    - chronicle.nativeDashboards.duplicate
-    - chronicle.nativeDashboards.get
-    - chronicle.nativeDashboards.list
-    - chronicle.nativeDashboards.update
-    - chronicle.operations.cancel
-    - chronicle.operations.delete
-    - chronicle.operations.get
-    - chronicle.operations.list
-    - chronicle.operations.streamSearch
-    - chronicle.operations.wait
-    - chronicle.preferenceSets.get
-    - chronicle.preferenceSets.update
-    - chronicle.referenceLists.create
-    - chronicle.referenceLists.get
-    - chronicle.referenceLists.list
-    - chronicle.referenceLists.update
-    - chronicle.referenceLists.verifyReferenceList
-    - chronicle.retrohunts.create
-    - chronicle.retrohunts.get
-    - chronicle.retrohunts.list
-    - chronicle.riskConfigs.get
-    - chronicle.riskConfigs.update
-    - chronicle.ruleDeployments.get
-    - chronicle.ruleDeployments.list
-    - chronicle.ruleDeployments.update
-    - chronicle.ruleExecutionErrors.list
-    - chronicle.rules.create
-    - chronicle.rules.delete
-    - chronicle.rules.get
-    - chronicle.rules.list
-    - chronicle.rules.listRevisions
-    - chronicle.rules.update
-    - chronicle.rules.verifyRuleText
-    - chronicle.searchQueries.get
-    - chronicle.searchQueries.list
-    - chronicle.searchQueries.update
-    - chronicle.threatCollections.fetchIocMatchMetadata
-    - chronicle.threatCollections.fetchRuleMetadata
-    - chronicle.threatCollections.get
-    - chronicle.threatCollections.list
-    - chronicle.watchlists.create
-    - chronicle.watchlists.delete
-    - chronicle.watchlists.get
-    - chronicle.watchlists.list
-    - chronicle.watchlists.update
-    - resourcemanager.projects.get
-    project: test-project
-    role_id: SecOpsDetectionEngineer
-    stage: GA
-    title: Custom role SecOpsDetectionEngineer
-  module.project.google_project_iam_custom_role.roles["SecOpsIngestionAPI"]:
-    description: Terraform-managed.
-    permissions:
-    - chronicle.entities.import
-    - chronicle.events.import
-    - chronicle.logs.import
-    project: test-project
-    role_id: SecOpsIngestionAPI
-    stage: GA
-    title: Custom role SecOpsIngestionAPI
-  module.project.google_project_iam_custom_role.roles["SecOpsOnboardingEngineer"]:
-    description: Terraform-managed.
-    permissions:
-    - chronicle.ais.createFeedback
-    - chronicle.ais.translateUdmQuery
-    - chronicle.ais.translateYlRule
-    - chronicle.collectors.create
-    - chronicle.collectors.delete
-    - chronicle.collectors.get
-    - chronicle.collectors.list
-    - chronicle.collectors.update
-    - chronicle.conversations.get
-    - chronicle.conversations.list
-    - chronicle.conversations.update
-    - chronicle.dashboardCharts.get
-    - chronicle.dashboardCharts.list
-    - chronicle.dashboardQueries.execute
-    - chronicle.dashboardQueries.get
-    - chronicle.dashboardQueries.list
-    - chronicle.dashboards.copy
-    - chronicle.dashboards.create
-    - chronicle.dashboards.delete
-    - chronicle.dashboards.edit
-    - chronicle.dashboards.get
-    - chronicle.dashboards.list
-    - chronicle.dashboards.schedule
-    - chronicle.dataAccessLabels.get
-    - chronicle.dataAccessLabels.list
-    - chronicle.dataAccessLabels.update
-    - chronicle.dataAccessScopes.get
-    - chronicle.dataAccessScopes.list
-    - chronicle.dataAccessScopes.permit
-    - chronicle.dataAccessScopes.update
-    - chronicle.enrichmentControls.get
-    - chronicle.enrichmentControls.list
-    - chronicle.entities.batchCreate
-    - chronicle.entities.batchDelete
-    - chronicle.entities.batchValidate
-    - chronicle.entities.find
-    - chronicle.entities.findRelatedEntities
-    - chronicle.entities.get
-    - chronicle.entities.import
-    - chronicle.entities.list
-    - chronicle.entities.modifyEntityRiskScore
-    - chronicle.entities.queryEntityRiskScoreModifications
-    - chronicle.entities.searchEntities
-    - chronicle.entities.summarize
-    - chronicle.entities.summarizeFromQuery
-    - chronicle.events.batchGet
-    - chronicle.events.findUdmFieldValues
-    - chronicle.events.get
-    - chronicle.events.import
-    - chronicle.events.queryProductSourceStats
-    - chronicle.events.searchRawLogs
-    - chronicle.events.udmSearch
-    - chronicle.events.validateQuery
-    - chronicle.extensionValidationReports.get
-    - chronicle.extensionValidationReports.list
-    - chronicle.feedPacks.get
-    - chronicle.feedPacks.list
-    - chronicle.feedServiceAccounts.fetch
-    - chronicle.feedSourceTypeSchemas.list
-    - chronicle.feeds.create
-    - chronicle.feeds.delete
-    - chronicle.feeds.disable
-    - chronicle.feeds.enable
-    - chronicle.feeds.generateSecret
-    - chronicle.feeds.get
-    - chronicle.feeds.list
-    - chronicle.feeds.update
-    - chronicle.findingsGraphs.exploreNode
-    - chronicle.findingsGraphs.initializeGraph
-    - chronicle.forwarders.create
-    - chronicle.forwarders.delete
-    - chronicle.forwarders.generate
-    - chronicle.forwarders.get
-    - chronicle.forwarders.list
-    - chronicle.forwarders.update
-    - chronicle.globalDataAccessScopes.permit
-    - chronicle.ingestionLogLabels.get
-    - chronicle.ingestionLogLabels.list
-    - chronicle.ingestionLogNamespaces.get
-    - chronicle.ingestionLogNamespaces.list
-    - chronicle.instances.generateCollectionAgentAuth
-    - chronicle.instances.generateSoarAuthJwt
-    - chronicle.instances.generateWorkspaceConnectionToken
-    - chronicle.instances.get
-    - chronicle.instances.graduatePocInstance
-    - chronicle.instances.logTypeClassifier
-    - chronicle.instances.report
-    - chronicle.instances.update
-    - chronicle.instances.verifyNonce
-    - chronicle.legacies.legacyFetchUdmSearchCsv
-    - chronicle.legacies.legacyFetchUdmSearchView
-    - chronicle.legacies.legacyFindAssetEvents
-    - chronicle.legacies.legacyFindRawLogs
-    - chronicle.legacies.legacyFindUdmEvents
-    - chronicle.legacies.legacySearchArtifactEvents
-    - chronicle.legacies.legacySearchArtifactIoCDetails
-    - chronicle.legacies.legacySearchAssetEvents
-    - chronicle.legacies.legacySearchCustomerStats
-    - chronicle.legacies.legacySearchEnterpriseWideIoCs
-    - chronicle.legacies.legacySearchIngestionStats
-    - chronicle.legacies.legacySearchIoCInsights
-    - chronicle.legacies.legacySearchRawLogs
-    - chronicle.legacies.legacySearchUserEvents
-    - chronicle.logTypeSchemas.list
-    - chronicle.logTypeSettings.get
-    - chronicle.logTypeSettings.list
-    - chronicle.logTypeSettings.update
-    - chronicle.logTypes.create
-    - chronicle.logTypes.get
-    - chronicle.logTypes.list
-    - chronicle.logTypes.update
-    - chronicle.logs.get
-    - chronicle.logs.list
-    - chronicle.messages.get
-    - chronicle.messages.list
-    - chronicle.messages.update
-    - chronicle.nativeDashboards.create
-    - chronicle.nativeDashboards.delete
-    - chronicle.nativeDashboards.duplicate
-    - chronicle.nativeDashboards.get
-    - chronicle.nativeDashboards.list
-    - chronicle.nativeDashboards.update
-    - chronicle.operations.cancel
-    - chronicle.operations.delete
-    - chronicle.operations.get
-    - chronicle.operations.list
-    - chronicle.operations.streamSearch
-    - chronicle.operations.wait
-    - chronicle.parserExtensions.activate
-    - chronicle.parserExtensions.create
-    - chronicle.parserExtensions.delete
-    - chronicle.parserExtensions.generateKeyValueMappings
-    - chronicle.parserExtensions.get
-    - chronicle.parserExtensions.legacySubmitParserExtension
-    - chronicle.parserExtensions.list
-    - chronicle.parserExtensions.removeSyslog
-    - chronicle.parsers.activate
-    - chronicle.parsers.activateReleaseCandidate
-    - chronicle.parsers.copyPrebuiltParser
-    - chronicle.parsers.create
-    - chronicle.parsers.deactivate
-    - chronicle.parsers.delete
-    - chronicle.parsers.generateEventTypesSuggestions
-    - chronicle.parsers.get
-    - chronicle.parsers.list
-    - chronicle.parsers.runParser
-    - chronicle.parsingErrors.list
-    - chronicle.preferenceSets.get
-    - chronicle.preferenceSets.update
-    - chronicle.riskConfigs.get
-    - chronicle.riskConfigs.update
-    - chronicle.searchQueries.get
-    - chronicle.searchQueries.list
-    - chronicle.searchQueries.update
-    - chronicle.validationErrors.list
-    - chronicle.validationReports.get
-    - chronicle.watchlists.get
-    - chronicle.watchlists.list
-    - chronicle.watchlists.update
-    - resourcemanager.projects.get
-    project: test-project
-    role_id: SecOpsOnboardingEngineer
-    stage: GA
-    title: Custom role SecOpsOnboardingEngineer
-  module.project.google_project_iam_custom_role.roles["SecOpsSOCAnalyst"]:
-    description: Terraform-managed.
-    permissions:
-    - chronicle.ais.createFeedback
-    - chronicle.ais.translateUdmQuery
-    - chronicle.ais.translateYlRule
-    - chronicle.conversations.get
-    - chronicle.conversations.list
-    - chronicle.conversations.update
-    - chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections
-    - chronicle.curatedRuleSetCategories.get
-    - chronicle.curatedRuleSetCategories.list
-    - chronicle.curatedRuleSetDeployments.batchUpdate
-    - chronicle.curatedRuleSetDeployments.get
-    - chronicle.curatedRuleSetDeployments.list
-    - chronicle.curatedRuleSetDeployments.update
-    - chronicle.curatedRuleSets.countCuratedRuleSetDetections
-    - chronicle.curatedRuleSets.get
-    - chronicle.curatedRuleSets.list
-    - chronicle.curatedRules.get
-    - chronicle.curatedRules.list
-    - chronicle.dashboardCharts.get
-    - chronicle.dashboardCharts.list
-    - chronicle.dashboardQueries.execute
-    - chronicle.dashboardQueries.get
-    - chronicle.dashboardQueries.list
-    - chronicle.dashboards.copy
-    - chronicle.dashboards.edit
-    - chronicle.dashboards.get
-    - chronicle.dashboards.list
-    - chronicle.dashboards.schedule
-    - chronicle.dataAccessLabels.get
-    - chronicle.dataAccessLabels.list
-    - chronicle.dataAccessLabels.update
-    - chronicle.dataAccessScopes.get
-    - chronicle.dataAccessScopes.list
-    - chronicle.dataAccessScopes.permit
-    - chronicle.dataAccessScopes.update
-    - chronicle.dataTableOperationErrors.get
-    - chronicle.dataTableRows.asyncBulkCreate
-    - chronicle.dataTableRows.asyncBulkReplace
-    - chronicle.dataTableRows.asyncBulkUpdate
-    - chronicle.dataTableRows.bulkCreate
-    - chronicle.dataTableRows.bulkReplace
-    - chronicle.dataTableRows.bulkUpdate
-    - chronicle.dataTableRows.get
-    - chronicle.dataTableRows.list
-    - chronicle.dataTableRows.update
-    - chronicle.dataTables.bulkCreateDataTableAsync
-    - chronicle.dataTables.get
-    - chronicle.dataTables.list
-    - chronicle.dataTables.update
-    - chronicle.enrichmentControls.get
-    - chronicle.enrichmentControls.list
-    - chronicle.entities.batchCreate
-    - chronicle.entities.batchDelete
-    - chronicle.entities.batchValidate
-    - chronicle.entities.find
-    - chronicle.entities.findRelatedEntities
-    - chronicle.entities.get
-    - chronicle.entities.import
-    - chronicle.entities.list
-    - chronicle.entities.modifyEntityRiskScore
-    - chronicle.entities.queryEntityRiskScoreModifications
-    - chronicle.entities.searchEntities
-    - chronicle.entities.summarize
-    - chronicle.entities.summarizeFromQuery
-    - chronicle.events.batchGet
-    - chronicle.events.findUdmFieldValues
-    - chronicle.events.get
-    - chronicle.events.import
-    - chronicle.events.queryProductSourceStats
-    - chronicle.events.searchRawLogs
-    - chronicle.events.udmSearch
-    - chronicle.events.validateQuery
-    - chronicle.featuredContentRules.list
-    - chronicle.findingsGraphs.exploreNode
-    - chronicle.findingsGraphs.initializeGraph
-    - chronicle.findingsRefinementDeployments.get
-    - chronicle.findingsRefinementDeployments.list
-    - chronicle.findingsRefinementDeployments.update
-    - chronicle.findingsRefinements.computeActivity
-    - chronicle.findingsRefinements.computeAllActivities
-    - chronicle.findingsRefinements.get
-    - chronicle.findingsRefinements.list
-    - chronicle.findingsRefinements.test
-    - chronicle.findingsRefinements.update
-    - chronicle.globalDataAccessScopes.permit
-    - chronicle.instances.generateCollectionAgentAuth
-    - chronicle.instances.generateSoarAuthJwt
-    - chronicle.instances.generateWorkspaceConnectionToken
-    - chronicle.instances.get
-    - chronicle.instances.graduatePocInstance
-    - chronicle.instances.logTypeClassifier
-    - chronicle.instances.report
-    - chronicle.instances.update
-    - chronicle.instances.verifyNonce
-    - chronicle.iocMatches.get
-    - chronicle.iocMatches.list
-    - chronicle.iocState.get
-    - chronicle.iocState.update
-    - chronicle.iocs.batchGet
-    - chronicle.iocs.findFirstAndLastSeen
-    - chronicle.iocs.get
-    - chronicle.iocs.searchCuratedDetectionsForIoc
-    - chronicle.legacies.legacyBatchGetCollections
-    - chronicle.legacies.legacyFetchAlertsView
-    - chronicle.legacies.legacyFetchUdmSearchCsv
-    - chronicle.legacies.legacyFetchUdmSearchView
-    - chronicle.legacies.legacyFindAssetEvents
-    - chronicle.legacies.legacyFindRawLogs
-    - chronicle.legacies.legacyFindUdmEvents
-    - chronicle.legacies.legacyGetAlert
-    - chronicle.legacies.legacyGetCuratedRulesTrends
-    - chronicle.legacies.legacyGetDetection
-    - chronicle.legacies.legacyGetEventForDetection
-    - chronicle.legacies.legacyGetRuleCounts
-    - chronicle.legacies.legacyGetRulesTrends
-    - chronicle.legacies.legacyRunTestRule
-    - chronicle.legacies.legacySearchArtifactEvents
-    - chronicle.legacies.legacySearchArtifactIoCDetails
-    - chronicle.legacies.legacySearchAssetEvents
-    - chronicle.legacies.legacySearchCuratedDetections
-    - chronicle.legacies.legacySearchCustomerStats
-    - chronicle.legacies.legacySearchDetections
-    - chronicle.legacies.legacySearchDomainsRecentlyRegistered
-    - chronicle.legacies.legacySearchDomainsTimingStats
-    - chronicle.legacies.legacySearchEnterpriseWideAlerts
-    - chronicle.legacies.legacySearchEnterpriseWideIoCs
-    - chronicle.legacies.legacySearchFindings
-    - chronicle.legacies.legacySearchIngestionStats
-    - chronicle.legacies.legacySearchIoCInsights
-    - chronicle.legacies.legacySearchRawLogs
-    - chronicle.legacies.legacySearchRuleDetectionCountBuckets
-    - chronicle.legacies.legacySearchRuleDetectionEvents
-    - chronicle.legacies.legacySearchRuleResults
-    - chronicle.legacies.legacySearchRulesAlerts
-    - chronicle.legacies.legacySearchUserEvents
-    - chronicle.legacies.legacyStreamDetectionAlerts
-    - chronicle.legacies.legacyTestRuleStreaming
-    - chronicle.messages.get
-    - chronicle.messages.list
-    - chronicle.messages.update
-    - chronicle.nativeDashboards.duplicate
-    - chronicle.nativeDashboards.get
-    - chronicle.nativeDashboards.list
-    - chronicle.nativeDashboards.update
-    - chronicle.operations.cancel
-    - chronicle.operations.get
-    - chronicle.operations.list
-    - chronicle.operations.streamSearch
-    - chronicle.operations.wait
-    - chronicle.preferenceSets.get
-    - chronicle.preferenceSets.update
-    - chronicle.referenceLists.get
-    - chronicle.referenceLists.list
-    - chronicle.referenceLists.update
-    - chronicle.referenceLists.verifyReferenceList
-    - chronicle.retrohunts.get
-    - chronicle.retrohunts.list
-    - chronicle.riskConfigs.get
-    - chronicle.riskConfigs.update
-    - chronicle.ruleDeployments.get
-    - chronicle.ruleDeployments.list
-    - chronicle.ruleDeployments.update
-    - chronicle.ruleExecutionErrors.list
-    - chronicle.rules.get
-    - chronicle.rules.list
-    - chronicle.rules.listRevisions
-    - chronicle.rules.update
-    - chronicle.rules.verifyRuleText
-    - chronicle.searchQueries.get
-    - chronicle.searchQueries.list
-    - chronicle.searchQueries.update
-    - chronicle.threatCollections.fetchIocMatchMetadata
-    - chronicle.threatCollections.fetchRuleMetadata
-    - chronicle.threatCollections.get
-    - chronicle.threatCollections.list
-    - chronicle.watchlists.get
-    - chronicle.watchlists.list
-    - chronicle.watchlists.update
-    - resourcemanager.projects.get
-    project: test-project
-    role_id: SecOpsSOCAnalyst
-    stage: GA
-    title: Custom role SecOpsSOCAnalyst
-  module.project.google_project_iam_custom_role.roles["SecOpsScopedDetectionEngineer"]:
-    description: Terraform-managed.
-    permissions:
-    - chronicle.ais.createFeedback
-    - chronicle.ais.translateUdmQuery
-    - chronicle.ais.translateYlRule
-    - chronicle.conversations.get
-    - chronicle.conversations.list
-    - chronicle.conversations.update
-    - chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections
-    - chronicle.curatedRuleSetCategories.get
-    - chronicle.curatedRuleSetCategories.list
-    - chronicle.curatedRuleSetDeployments.batchUpdate
-    - chronicle.curatedRuleSetDeployments.get
-    - chronicle.curatedRuleSetDeployments.list
-    - chronicle.curatedRuleSetDeployments.update
-    - chronicle.curatedRuleSets.countCuratedRuleSetDetections
-    - chronicle.curatedRuleSets.get
-    - chronicle.curatedRuleSets.list
-    - chronicle.curatedRules.get
-    - chronicle.curatedRules.list
-    - chronicle.dashboardCharts.get
-    - chronicle.dashboardCharts.list
-    - chronicle.dashboardQueries.execute
-    - chronicle.dashboardQueries.get
-    - chronicle.dashboardQueries.list
-    - chronicle.dashboards.copy
-    - chronicle.dashboards.create
-    - chronicle.dashboards.delete
-    - chronicle.dashboards.edit
-    - chronicle.dashboards.get
-    - chronicle.dashboards.list
-    - chronicle.dashboards.schedule
-    - chronicle.dataAccessLabels.get
-    - chronicle.dataAccessLabels.list
-    - chronicle.dataAccessLabels.update
-    - chronicle.dataAccessScopes.get
-    - chronicle.dataAccessScopes.list
-    - chronicle.dataAccessScopes.permit
-    - chronicle.dataAccessScopes.update
-    - chronicle.dataTableOperationErrors.get
-    - chronicle.dataTableRows.asyncBulkCreate
-    - chronicle.dataTableRows.asyncBulkReplace
-    - chronicle.dataTableRows.asyncBulkUpdate
-    - chronicle.dataTableRows.bulkCreate
-    - chronicle.dataTableRows.bulkReplace
-    - chronicle.dataTableRows.bulkUpdate
-    - chronicle.dataTableRows.create
-    - chronicle.dataTableRows.delete
-    - chronicle.dataTableRows.get
-    - chronicle.dataTableRows.list
-    - chronicle.dataTableRows.update
-    - chronicle.dataTables.bulkCreateDataTableAsync
-    - chronicle.dataTables.create
-    - chronicle.dataTables.delete
-    - chronicle.dataTables.get
-    - chronicle.dataTables.list
-    - chronicle.dataTables.update
-    - chronicle.enrichmentControls.create
-    - chronicle.enrichmentControls.delete
-    - chronicle.enrichmentControls.get
-    - chronicle.enrichmentControls.list
-    - chronicle.entities.batchCreate
-    - chronicle.entities.batchDelete
-    - chronicle.entities.batchValidate
-    - chronicle.entities.create
-    - chronicle.entities.delete
-    - chronicle.entities.find
-    - chronicle.entities.findRelatedEntities
-    - chronicle.entities.get
-    - chronicle.entities.import
-    - chronicle.entities.list
-    - chronicle.entities.modifyEntityRiskScore
-    - chronicle.entities.queryEntityRiskScoreModifications
-    - chronicle.entities.searchEntities
-    - chronicle.entities.summarize
-    - chronicle.entities.summarizeFromQuery
-    - chronicle.events.batchGet
-    - chronicle.events.findUdmFieldValues
-    - chronicle.events.get
-    - chronicle.events.import
-    - chronicle.events.queryProductSourceStats
-    - chronicle.events.searchRawLogs
-    - chronicle.events.udmSearch
-    - chronicle.events.validateQuery
-    - chronicle.featuredContentRules.list
-    - chronicle.findingsGraphs.exploreNode
-    - chronicle.findingsGraphs.initializeGraph
-    - chronicle.findingsRefinementDeployments.get
-    - chronicle.findingsRefinementDeployments.list
-    - chronicle.findingsRefinementDeployments.update
-    - chronicle.findingsRefinements.computeActivity
-    - chronicle.findingsRefinements.computeAllActivities
-    - chronicle.findingsRefinements.create
-    - chronicle.findingsRefinements.get
-    - chronicle.findingsRefinements.list
-    - chronicle.findingsRefinements.test
-    - chronicle.findingsRefinements.update
-    - chronicle.instances.generateCollectionAgentAuth
-    - chronicle.instances.generateSoarAuthJwt
-    - chronicle.instances.generateWorkspaceConnectionToken
-    - chronicle.instances.get
-    - chronicle.instances.graduatePocInstance
-    - chronicle.instances.logTypeClassifier
-    - chronicle.instances.report
-    - chronicle.instances.update
-    - chronicle.instances.verifyNonce
-    - chronicle.iocMatches.get
-    - chronicle.iocMatches.list
-    - chronicle.iocState.get
-    - chronicle.iocState.update
-    - chronicle.iocs.batchGet
-    - chronicle.iocs.findFirstAndLastSeen
-    - chronicle.iocs.get
-    - chronicle.iocs.searchCuratedDetectionsForIoc
-    - chronicle.legacies.legacyBatchGetCollections
-    - chronicle.legacies.legacyFetchAlertsView
-    - chronicle.legacies.legacyFetchUdmSearchCsv
-    - chronicle.legacies.legacyFetchUdmSearchView
-    - chronicle.legacies.legacyFindAssetEvents
-    - chronicle.legacies.legacyFindRawLogs
-    - chronicle.legacies.legacyFindUdmEvents
-    - chronicle.legacies.legacyGetAlert
-    - chronicle.legacies.legacyGetCuratedRulesTrends
-    - chronicle.legacies.legacyGetDetection
-    - chronicle.legacies.legacyGetEventForDetection
-    - chronicle.legacies.legacyGetRuleCounts
-    - chronicle.legacies.legacyGetRulesTrends
-    - chronicle.legacies.legacyRunTestRule
-    - chronicle.legacies.legacySearchArtifactEvents
-    - chronicle.legacies.legacySearchArtifactIoCDetails
-    - chronicle.legacies.legacySearchAssetEvents
-    - chronicle.legacies.legacySearchCuratedDetections
-    - chronicle.legacies.legacySearchCustomerStats
-    - chronicle.legacies.legacySearchDetections
-    - chronicle.legacies.legacySearchDomainsRecentlyRegistered
-    - chronicle.legacies.legacySearchDomainsTimingStats
-    - chronicle.legacies.legacySearchEnterpriseWideAlerts
-    - chronicle.legacies.legacySearchEnterpriseWideIoCs
-    - chronicle.legacies.legacySearchFindings
-    - chronicle.legacies.legacySearchIngestionStats
-    - chronicle.legacies.legacySearchIoCInsights
-    - chronicle.legacies.legacySearchRawLogs
-    - chronicle.legacies.legacySearchRuleDetectionCountBuckets
-    - chronicle.legacies.legacySearchRuleDetectionEvents
-    - chronicle.legacies.legacySearchRuleResults
-    - chronicle.legacies.legacySearchRulesAlerts
-    - chronicle.legacies.legacySearchUserEvents
-    - chronicle.legacies.legacyStreamDetectionAlerts
-    - chronicle.legacies.legacyTestRuleStreaming
-    - chronicle.messages.get
-    - chronicle.messages.list
-    - chronicle.messages.update
-    - chronicle.nativeDashboards.create
-    - chronicle.nativeDashboards.delete
-    - chronicle.nativeDashboards.duplicate
-    - chronicle.nativeDashboards.get
-    - chronicle.nativeDashboards.list
-    - chronicle.nativeDashboards.update
-    - chronicle.operations.cancel
-    - chronicle.operations.delete
-    - chronicle.operations.get
-    - chronicle.operations.list
-    - chronicle.operations.streamSearch
-    - chronicle.operations.wait
-    - chronicle.preferenceSets.get
-    - chronicle.preferenceSets.update
-    - chronicle.referenceLists.create
-    - chronicle.referenceLists.get
-    - chronicle.referenceLists.list
-    - chronicle.referenceLists.update
-    - chronicle.referenceLists.verifyReferenceList
-    - chronicle.retrohunts.create
-    - chronicle.retrohunts.get
-    - chronicle.retrohunts.list
-    - chronicle.riskConfigs.get
-    - chronicle.riskConfigs.update
-    - chronicle.ruleDeployments.get
-    - chronicle.ruleDeployments.list
-    - chronicle.ruleDeployments.update
-    - chronicle.ruleExecutionErrors.list
-    - chronicle.rules.create
-    - chronicle.rules.delete
-    - chronicle.rules.get
-    - chronicle.rules.list
-    - chronicle.rules.listRevisions
-    - chronicle.rules.update
-    - chronicle.rules.verifyRuleText
-    - chronicle.searchQueries.get
-    - chronicle.searchQueries.list
-    - chronicle.searchQueries.update
-    - chronicle.threatCollections.fetchIocMatchMetadata
-    - chronicle.threatCollections.fetchRuleMetadata
-    - chronicle.threatCollections.get
-    - chronicle.threatCollections.list
-    - chronicle.watchlists.create
-    - chronicle.watchlists.delete
-    - chronicle.watchlists.get
-    - chronicle.watchlists.list
-    - chronicle.watchlists.update
-    - resourcemanager.projects.get
-    project: test-project
-    role_id: SecOpsScopedDetectionEngineer
-    stage: GA
-    title: Custom role SecOpsScopedDetectionEngineer
-  module.project.google_project_iam_custom_role.roles["SecOpsScopedOnboardingEngineer"]:
-    description: Terraform-managed.
-    permissions:
-    - chronicle.ais.createFeedback
-    - chronicle.ais.translateUdmQuery
-    - chronicle.ais.translateYlRule
-    - chronicle.collectors.create
-    - chronicle.collectors.delete
-    - chronicle.collectors.get
-    - chronicle.collectors.list
-    - chronicle.collectors.update
-    - chronicle.conversations.get
-    - chronicle.conversations.list
-    - chronicle.conversations.update
-    - chronicle.dashboardCharts.get
-    - chronicle.dashboardCharts.list
-    - chronicle.dashboardQueries.execute
-    - chronicle.dashboardQueries.get
-    - chronicle.dashboardQueries.list
-    - chronicle.dashboards.copy
-    - chronicle.dashboards.create
-    - chronicle.dashboards.delete
-    - chronicle.dashboards.edit
-    - chronicle.dashboards.get
-    - chronicle.dashboards.list
-    - chronicle.dashboards.schedule
-    - chronicle.dataAccessLabels.get
-    - chronicle.dataAccessLabels.list
-    - chronicle.dataAccessLabels.update
-    - chronicle.dataAccessScopes.get
-    - chronicle.dataAccessScopes.list
-    - chronicle.dataAccessScopes.permit
-    - chronicle.dataAccessScopes.update
-    - chronicle.enrichmentControls.get
-    - chronicle.enrichmentControls.list
-    - chronicle.entities.batchCreate
-    - chronicle.entities.batchDelete
-    - chronicle.entities.batchValidate
-    - chronicle.entities.find
-    - chronicle.entities.findRelatedEntities
-    - chronicle.entities.get
-    - chronicle.entities.import
-    - chronicle.entities.list
-    - chronicle.entities.modifyEntityRiskScore
-    - chronicle.entities.queryEntityRiskScoreModifications
-    - chronicle.entities.searchEntities
-    - chronicle.entities.summarize
-    - chronicle.entities.summarizeFromQuery
-    - chronicle.events.batchGet
-    - chronicle.events.findUdmFieldValues
-    - chronicle.events.get
-    - chronicle.events.import
-    - chronicle.events.queryProductSourceStats
-    - chronicle.events.searchRawLogs
-    - chronicle.events.udmSearch
-    - chronicle.events.validateQuery
-    - chronicle.extensionValidationReports.get
-    - chronicle.extensionValidationReports.list
-    - chronicle.feedPacks.get
-    - chronicle.feedPacks.list
-    - chronicle.feedServiceAccounts.fetch
-    - chronicle.feedSourceTypeSchemas.list
-    - chronicle.feeds.create
-    - chronicle.feeds.delete
-    - chronicle.feeds.disable
-    - chronicle.feeds.enable
-    - chronicle.feeds.generateSecret
-    - chronicle.feeds.get
-    - chronicle.feeds.list
-    - chronicle.feeds.update
-    - chronicle.findingsGraphs.exploreNode
-    - chronicle.findingsGraphs.initializeGraph
-    - chronicle.forwarders.create
-    - chronicle.forwarders.delete
-    - chronicle.forwarders.generate
-    - chronicle.forwarders.get
-    - chronicle.forwarders.list
-    - chronicle.forwarders.update
-    - chronicle.ingestionLogLabels.get
-    - chronicle.ingestionLogLabels.list
-    - chronicle.ingestionLogNamespaces.get
-    - chronicle.ingestionLogNamespaces.list
-    - chronicle.instances.generateCollectionAgentAuth
-    - chronicle.instances.generateSoarAuthJwt
-    - chronicle.instances.generateWorkspaceConnectionToken
-    - chronicle.instances.get
-    - chronicle.instances.graduatePocInstance
-    - chronicle.instances.logTypeClassifier
-    - chronicle.instances.report
-    - chronicle.instances.update
-    - chronicle.instances.verifyNonce
-    - chronicle.legacies.legacyFetchUdmSearchCsv
-    - chronicle.legacies.legacyFetchUdmSearchView
-    - chronicle.legacies.legacyFindAssetEvents
-    - chronicle.legacies.legacyFindRawLogs
-    - chronicle.legacies.legacyFindUdmEvents
-    - chronicle.legacies.legacySearchArtifactEvents
-    - chronicle.legacies.legacySearchArtifactIoCDetails
-    - chronicle.legacies.legacySearchAssetEvents
-    - chronicle.legacies.legacySearchCustomerStats
-    - chronicle.legacies.legacySearchEnterpriseWideIoCs
-    - chronicle.legacies.legacySearchIngestionStats
-    - chronicle.legacies.legacySearchIoCInsights
-    - chronicle.legacies.legacySearchRawLogs
-    - chronicle.legacies.legacySearchUserEvents
-    - chronicle.logTypeSchemas.list
-    - chronicle.logTypeSettings.get
-    - chronicle.logTypeSettings.list
-    - chronicle.logTypeSettings.update
-    - chronicle.logTypes.create
-    - chronicle.logTypes.get
-    - chronicle.logTypes.list
-    - chronicle.logTypes.update
-    - chronicle.logs.get
-    - chronicle.logs.list
-    - chronicle.messages.get
-    - chronicle.messages.list
-    - chronicle.messages.update
-    - chronicle.nativeDashboards.create
-    - chronicle.nativeDashboards.delete
-    - chronicle.nativeDashboards.duplicate
-    - chronicle.nativeDashboards.get
-    - chronicle.nativeDashboards.list
-    - chronicle.nativeDashboards.update
-    - chronicle.operations.cancel
-    - chronicle.operations.delete
-    - chronicle.operations.get
-    - chronicle.operations.list
-    - chronicle.operations.streamSearch
-    - chronicle.operations.wait
-    - chronicle.parserExtensions.activate
-    - chronicle.parserExtensions.create
-    - chronicle.parserExtensions.delete
-    - chronicle.parserExtensions.generateKeyValueMappings
-    - chronicle.parserExtensions.get
-    - chronicle.parserExtensions.legacySubmitParserExtension
-    - chronicle.parserExtensions.list
-    - chronicle.parserExtensions.removeSyslog
-    - chronicle.parsers.activate
-    - chronicle.parsers.activateReleaseCandidate
-    - chronicle.parsers.copyPrebuiltParser
-    - chronicle.parsers.create
-    - chronicle.parsers.deactivate
-    - chronicle.parsers.delete
-    - chronicle.parsers.generateEventTypesSuggestions
-    - chronicle.parsers.get
-    - chronicle.parsers.list
-    - chronicle.parsers.runParser
-    - chronicle.parsingErrors.list
-    - chronicle.preferenceSets.get
-    - chronicle.preferenceSets.update
-    - chronicle.riskConfigs.get
-    - chronicle.riskConfigs.update
-    - chronicle.searchQueries.get
-    - chronicle.searchQueries.list
-    - chronicle.searchQueries.update
-    - chronicle.validationErrors.list
-    - chronicle.validationReports.get
-    - chronicle.watchlists.get
-    - chronicle.watchlists.list
-    - chronicle.watchlists.update
-    - resourcemanager.projects.get
-    project: test-project
-    role_id: SecOpsScopedOnboardingEngineer
-    stage: GA
-    title: Custom role SecOpsScopedOnboardingEngineer
-  module.project.google_project_iam_custom_role.roles["SecOpsScopedSOCAnalyst"]:
-    description: Terraform-managed.
-    permissions:
-    - chronicle.ais.createFeedback
-    - chronicle.ais.translateUdmQuery
-    - chronicle.ais.translateYlRule
-    - chronicle.conversations.get
-    - chronicle.conversations.list
-    - chronicle.curatedRuleSetCategories.countAllCuratedRuleSetDetections
-    - chronicle.curatedRuleSetCategories.get
-    - chronicle.curatedRuleSetCategories.list
-    - chronicle.curatedRuleSetDeployments.batchUpdate
-    - chronicle.curatedRuleSetDeployments.get
-    - chronicle.curatedRuleSetDeployments.list
-    - chronicle.curatedRuleSets.countCuratedRuleSetDetections
-    - chronicle.curatedRuleSets.get
-    - chronicle.curatedRuleSets.list
-    - chronicle.curatedRules.get
-    - chronicle.curatedRules.list
-    - chronicle.dashboardCharts.get
-    - chronicle.dashboardCharts.list
-    - chronicle.dashboardQueries.execute
-    - chronicle.dashboardQueries.get
-    - chronicle.dashboardQueries.list
-    - chronicle.dashboards.copy
-    - chronicle.dashboards.edit
-    - chronicle.dashboards.get
-    - chronicle.dashboards.list
-    - chronicle.dashboards.schedule
-    - chronicle.dataAccessLabels.get
-    - chronicle.dataAccessLabels.list
-    - chronicle.dataAccessScopes.get
-    - chronicle.dataAccessScopes.list
-    - chronicle.dataAccessScopes.permit
-    - chronicle.dataTableOperationErrors.get
-    - chronicle.dataTableRows.asyncBulkCreate
-    - chronicle.dataTableRows.asyncBulkReplace
-    - chronicle.dataTableRows.asyncBulkUpdate
-    - chronicle.dataTableRows.bulkCreate
-    - chronicle.dataTableRows.bulkReplace
-    - chronicle.dataTableRows.bulkUpdate
-    - chronicle.dataTableRows.get
-    - chronicle.dataTableRows.list
-    - chronicle.dataTables.bulkCreateDataTableAsync
-    - chronicle.dataTables.get
-    - chronicle.dataTables.list
-    - chronicle.enrichmentControls.get
-    - chronicle.enrichmentControls.list
-    - chronicle.entities.batchCreate
-    - chronicle.entities.batchDelete
-    - chronicle.entities.batchValidate
-    - chronicle.entities.find
-    - chronicle.entities.findRelatedEntities
-    - chronicle.entities.get
-    - chronicle.entities.import
-    - chronicle.entities.list
-    - chronicle.entities.modifyEntityRiskScore
-    - chronicle.entities.queryEntityRiskScoreModifications
-    - chronicle.entities.searchEntities
-    - chronicle.entities.summarize
-    - chronicle.entities.summarizeFromQuery
-    - chronicle.events.batchGet
-    - chronicle.events.findUdmFieldValues
-    - chronicle.events.get
-    - chronicle.events.import
-    - chronicle.events.queryProductSourceStats
-    - chronicle.events.searchRawLogs
-    - chronicle.events.udmSearch
-    - chronicle.events.validateQuery
-    - chronicle.featuredContentRules.list
-    - chronicle.findingsGraphs.exploreNode
-    - chronicle.findingsGraphs.initializeGraph
-    - chronicle.findingsRefinementDeployments.get
-    - chronicle.findingsRefinementDeployments.list
-    - chronicle.findingsRefinements.computeActivity
-    - chronicle.findingsRefinements.computeAllActivities
-    - chronicle.findingsRefinements.get
-    - chronicle.findingsRefinements.list
-    - chronicle.findingsRefinements.test
-    - chronicle.instances.generateCollectionAgentAuth
-    - chronicle.instances.generateSoarAuthJwt
-    - chronicle.instances.generateWorkspaceConnectionToken
-    - chronicle.instances.get
-    - chronicle.instances.graduatePocInstance
-    - chronicle.instances.logTypeClassifier
-    - chronicle.instances.report
-    - chronicle.instances.verifyNonce
-    - chronicle.iocMatches.get
-    - chronicle.iocMatches.list
-    - chronicle.iocState.get
-    - chronicle.iocs.batchGet
-    - chronicle.iocs.findFirstAndLastSeen
-    - chronicle.iocs.get
-    - chronicle.iocs.searchCuratedDetectionsForIoc
-    - chronicle.legacies.legacyBatchGetCollections
-    - chronicle.legacies.legacyFetchAlertsView
-    - chronicle.legacies.legacyFetchUdmSearchCsv
-    - chronicle.legacies.legacyFetchUdmSearchView
-    - chronicle.legacies.legacyFindAssetEvents
-    - chronicle.legacies.legacyFindRawLogs
-    - chronicle.legacies.legacyFindUdmEvents
-    - chronicle.legacies.legacyGetAlert
-    - chronicle.legacies.legacyGetCuratedRulesTrends
-    - chronicle.legacies.legacyGetDetection
-    - chronicle.legacies.legacyGetEventForDetection
-    - chronicle.legacies.legacyGetRuleCounts
-    - chronicle.legacies.legacyGetRulesTrends
-    - chronicle.legacies.legacyRunTestRule
-    - chronicle.legacies.legacySearchArtifactEvents
-    - chronicle.legacies.legacySearchArtifactIoCDetails
-    - chronicle.legacies.legacySearchAssetEvents
-    - chronicle.legacies.legacySearchCuratedDetections
-    - chronicle.legacies.legacySearchCustomerStats
-    - chronicle.legacies.legacySearchDetections
-    - chronicle.legacies.legacySearchDomainsRecentlyRegistered
-    - chronicle.legacies.legacySearchDomainsTimingStats
-    - chronicle.legacies.legacySearchEnterpriseWideAlerts
-    - chronicle.legacies.legacySearchEnterpriseWideIoCs
-    - chronicle.legacies.legacySearchFindings
-    - chronicle.legacies.legacySearchIngestionStats
-    - chronicle.legacies.legacySearchIoCInsights
-    - chronicle.legacies.legacySearchRawLogs
-    - chronicle.legacies.legacySearchRuleDetectionCountBuckets
-    - chronicle.legacies.legacySearchRuleDetectionEvents
-    - chronicle.legacies.legacySearchRuleResults
-    - chronicle.legacies.legacySearchRulesAlerts
-    - chronicle.legacies.legacySearchUserEvents
-    - chronicle.legacies.legacyStreamDetectionAlerts
-    - chronicle.legacies.legacyTestRuleStreaming
-    - chronicle.messages.get
-    - chronicle.messages.list
-    - chronicle.nativeDashboards.duplicate
-    - chronicle.nativeDashboards.get
-    - chronicle.nativeDashboards.list
-    - chronicle.operations.cancel
-    - chronicle.operations.get
-    - chronicle.operations.list
-    - chronicle.operations.streamSearch
-    - chronicle.operations.wait
-    - chronicle.preferenceSets.get
-    - chronicle.referenceLists.get
-    - chronicle.referenceLists.list
-    - chronicle.referenceLists.verifyReferenceList
-    - chronicle.retrohunts.get
-    - chronicle.retrohunts.list
-    - chronicle.riskConfigs.get
-    - chronicle.ruleDeployments.get
-    - chronicle.ruleDeployments.list
-    - chronicle.ruleExecutionErrors.list
-    - chronicle.rules.get
-    - chronicle.rules.list
-    - chronicle.rules.listRevisions
-    - chronicle.rules.verifyRuleText
-    - chronicle.searchQueries.get
-    - chronicle.searchQueries.list
-    - chronicle.threatCollections.fetchIocMatchMetadata
-    - chronicle.threatCollections.fetchRuleMetadata
-    - chronicle.threatCollections.get
-    - chronicle.threatCollections.list
-    - chronicle.watchlists.get
-    - chronicle.watchlists.list
-    - resourcemanager.projects.get
-    project: test-project
-    role_id: SecOpsScopedSOCAnalyst
-    stage: GA
-    title: Custom role SecOpsScopedSOCAnalyst
-  module.project.google_project_iam_member.bindings["iam-bpa:user:bruzzechesse@google.com-roles/chronicle.editor"]:
-    condition: []
-    member: user:bruzzechesse@google.com
-    project: test-project
-    role: roles/chronicle.editor
-  module.project.google_project_iam_member.bindings["user:bruzzechesse@google.com"]:
-    condition:
-    - description: datarbac
-      expression: resource.name.endsWith('/gscope')
-      title: datarbac
-    member: user:bruzzechesse@google.com
-    project: test-project
-    role: roles/chronicle.restrictedDataAccess
-  module.project.google_project_iam_member.service_agents["compute-system"]:
-    condition: []
-    project: test-project
-    role: roles/compute.serviceAgent
-  module.project.google_project_iam_member.service_agents["gcf-admin-robot"]:
-    condition: []
-    project: test-project
-    role: roles/cloudfunctions.serviceAgent
-  module.project.google_project_iam_member.service_agents["pubsub"]:
-    condition: []
-    project: test-project
-    role: roles/pubsub.serviceAgent
-  module.project.google_project_service.project_services["admin.googleapis.com"]:
-    disable_dependent_services: false
-    disable_on_destroy: false
-    project: test-project
-    service: admin.googleapis.com
-    timeouts: null
-  module.project.google_project_service.project_services["alertcenter.googleapis.com"]:
-    disable_dependent_services: false
-    disable_on_destroy: false
-    project: test-project
-    service: alertcenter.googleapis.com
-    timeouts: null
-  module.project.google_project_service.project_services["apikeys.googleapis.com"]:
-    disable_dependent_services: false
-    disable_on_destroy: false
-    project: test-project
-    service: apikeys.googleapis.com
-    timeouts: null
-  module.project.google_project_service.project_services["cloudfunctions.googleapis.com"]:
-    disable_dependent_services: false
-    disable_on_destroy: false
-    project: test-project
-    service: cloudfunctions.googleapis.com
-    timeouts: null
-  module.project.google_project_service.project_services["compute.googleapis.com"]:
-    disable_dependent_services: false
-    disable_on_destroy: false
-    project: test-project
-    service: compute.googleapis.com
-    timeouts: null
-  module.project.google_project_service.project_services["iap.googleapis.com"]:
-    disable_dependent_services: false
-    disable_on_destroy: false
-    project: test-project
-    service: iap.googleapis.com
-    timeouts: null
-  module.project.google_project_service.project_services["pubsub.googleapis.com"]:
-    disable_dependent_services: false
-    disable_on_destroy: false
-    project: test-project
-    service: pubsub.googleapis.com
-    timeouts: null
-  module.project.google_project_service.project_services["secretmanager.googleapis.com"]:
-    disable_dependent_services: false
-    disable_on_destroy: false
-    project: test-project
-    service: secretmanager.googleapis.com
-    timeouts: null
-  module.project.google_project_service.project_services["stackdriver.googleapis.com"]:
-    disable_dependent_services: false
-    disable_on_destroy: false
-    project: test-project
-    service: stackdriver.googleapis.com
-    timeouts: null
-  module.project.google_project_service_identity.default["apikeys.googleapis.com"]:
-    project: test-project
-    service: apikeys.googleapis.com
-    timeouts: null
-  module.project.google_project_service_identity.default["cloudfunctions.googleapis.com"]:
-    project: test-project
-    service: cloudfunctions.googleapis.com
-    timeouts: null
-  module.project.google_project_service_identity.default["iap.googleapis.com"]:
-    project: test-project
-    service: iap.googleapis.com
-    timeouts: null
-  module.project.google_project_service_identity.default["pubsub.googleapis.com"]:
-    project: test-project
-    service: pubsub.googleapis.com
-    timeouts: null
-  module.project.google_project_service_identity.default["secretmanager.googleapis.com"]:
-    project: test-project
-    service: secretmanager.googleapis.com
-    timeouts: null
-  module.secops-data-rbac.google_chronicle_data_access_label.labels["google"]:
-    data_access_label_id: google
-    description: Google logs
-    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
-    location: europe
-    project: test-project
-    timeouts: null
-    udm_query: principal.hostname="google.com"
-  module.secops-data-rbac.google_chronicle_data_access_scope.scopes["google"]:
-    allow_all: false
-    allowed_data_access_labels:
-    - asset_namespace: null
-      data_access_label: google
-      ingestion_label: []
-      log_type: null
-    data_access_scope_id: gscope
-    denied_data_access_labels: []
-    description: Google logs
-    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
-    location: europe
-    project: test-project
-    timeouts: null
-  module.secops-rules.google_chronicle_reference_list.default["test_2"]:
-    description: Private CIDR ranges
-    entries:
-    - value: 10.0.0.0/8
-    - value: 172.16.0.0/12
-    - value: 192.168.0.0/16
-    - value: 127.0.0.1/32
-    - value: ::1/128
-    - value: fc00::/7
-    - value: fe80::/10
-    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
-    location: europe
-    project: test-project
-    reference_list_id: test_2
-    scope_info: []
-    syntax_type: REFERENCE_LIST_SYNTAX_TYPE_CIDR
-    timeouts: null
-  module.secops-rules.google_chronicle_rule.default["network_traffic_to_specific_country"]:
-    deletion_policy: FORCE
-    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
-    location: europe
-    project: test-project
-    scope: null
-    text: "rule network_traffic_to_specific_country {\n\n  meta:\n    author = \"\
-      Google Cloud Security\"\n    description = \"Identify network traffic based\
-      \ on target country\"\n    type = \"alert\"\n    tags = \"geoip enrichment\"\
-      \n    data_source = \"microsoft windows events\"\n    severity = \"Low\"\n \
-      \   priority = \"Low\"\n\n  events:\n    $network.metadata.event_type = \"NETWORK_CONNECTION\"\
-      \n    //Specify a country of interest to monitor or add additional countries\
-      \ using an or statement\n    $network.target.ip_geo_artifact.location.country_or_region\
-      \ = \"France\" nocase\n    $network.target.ip = $ip\n\n  match:\n    $ip over\
-      \ 30m\n\n  outcome:\n    $risk_score = max(35)\n    $event_count = count_distinct($network.metadata.id)\n\
-      \n    // added to populate alert graph with additional context\n    $principal_ip\
-      \ = array_distinct($network.principal.ip)\n\n    // Commented out target.ip\
-      \ because it is already represented in graph as match variable. If match changes,\
-      \ can uncomment to add to results\n    //$target_ip = array_distinct($network.target.ip)\n\
-      \    $principal_process_pid = array_distinct($network.principal.process.pid)\n\
-      \    $principal_process_command_line = array_distinct($network.principal.process.command_line)\n\
-      \    $principal_process_file_sha256 = array_distinct($network.principal.process.file.sha256)\n\
-      \    $principal_process_file_full_path = array_distinct($network.principal.process.file.full_path)\n\
-      \    $principal_process_product_specfic_process_id = array_distinct($network.principal.process.product_specific_process_id)\n\
-      \    $principal_process_parent_process_product_specfic_process_id = array_distinct($network.principal.process.parent_process.product_specific_process_id)\n\
-      \    $target_process_pid = array_distinct($network.target.process.pid)\n   \
-      \ $target_process_command_line = array_distinct($network.target.process.command_line)\n\
-      \    $target_process_file_sha256 = array_distinct($network.target.process.file.sha256)\n\
-      \    $target_process_file_full_path = array_distinct($network.target.process.file.full_path)\n\
-      \    $target_process_product_specfic_process_id = array_distinct($network.target.process.product_specific_process_id)\n\
-      \    $target_process_parent_process_product_specfic_process_id = array_distinct($network.target.process.parent_process.product_specific_process_id)\n\
-      \    $principal_user_userid = array_distinct($network.principal.user.userid)\n\
-      \    $target_user_userid = array_distinct($network.target.user.userid)\n\n \
-      \ condition:\n    $network\n}\n"
-    timeouts: null
-  module.secops-rules.google_chronicle_rule_deployment.default["network_traffic_to_specific_country"]:
-    alerting: true
-    archived: false
-    enabled: true
-    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
-    location: europe
-    project: test-project
-    run_frequency: LIVE
-    timeouts: null
-  module.secops-tenant-secrets.google_secret_manager_secret.default["secops-feeds-api-key"]:
-    annotations: null
-    deletion_protection: false
-    effective_labels:
-      goog-terraform-provisioned: 'true'
-    labels: null
-    project: test-project
-    replication:
-    - auto:
-      - customer_managed_encryption: []
-      user_managed: []
-    rotation: []
-    secret_id: secops-feeds-api-key
-    tags: null
-    terraform_labels:
-      goog-terraform-provisioned: 'true'
-    timeouts: null
-    topics: []
-    ttl: null
-    version_aliases: null
-    version_destroy_ttl: null
-  module.secops-tenant-secrets.google_secret_manager_secret.default["secops-workspace-ing-sa-key"]:
-    annotations: null
-    deletion_protection: false
-    effective_labels:
-      goog-terraform-provisioned: 'true'
-    labels: null
-    project: test-project
-    replication:
-    - auto:
-      - customer_managed_encryption: []
-      user_managed: []
-    rotation: []
-    secret_id: secops-workspace-ing-sa-key
-    tags: null
-    terraform_labels:
-      goog-terraform-provisioned: 'true'
-    timeouts: null
-    topics: []
-    ttl: null
-    version_aliases: null
-    version_destroy_ttl: null
-  module.secops-tenant-secrets.google_secret_manager_secret_version.default["secops-feeds-api-key/latest"]:
-    deletion_policy: DELETE
-    enabled: true
-    is_secret_data_base64: false
-    secret_data_wo: null
-    secret_data_wo_version: 0
-    timeouts: null
-  module.secops-tenant-secrets.google_secret_manager_secret_version.default["secops-workspace-ing-sa-key/latest"]:
-    deletion_policy: DELETE
-    enabled: true
-    is_secret_data_base64: false
-    secret_data_wo: null
-    secret_data_wo_version: 0
-    timeouts: null
-  module.secops_data_tables.google_chronicle_data_table.default["sample_data_table_domains"]:
-    column_info:
-    - column_index: 0
-      column_type: STRING
-      key_column: null
-      mapped_column_path: null
-      original_column: rank
-      repeated_values: null
-    - column_index: 1
-      column_type: STRING
-      key_column: null
-      mapped_column_path: null
-      original_column: domain
-      repeated_values: null
-    data_table_id: sample_data_table_domains
-    deletion_policy: DEFAULT
-    description: Sample Data Table for domains
-    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
-    location: europe
-    project: test-project
-    row_time_to_live: null
-    scope_info: []
-    timeouts: null
-  module.secops_data_tables.google_chronicle_data_table_row.default["sample_data_table_domains_0"]:
-    data_table_id: sample_data_table_domains
-    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
-    location: europe
-    project: test-project
-    row_time_to_live: null
-    timeouts: null
-    values:
-    - '1'
-    - google.com
-  module.secops_data_tables.google_chronicle_data_table_row.default["sample_data_table_domains_1"]:
-    data_table_id: sample_data_table_domains
-    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
-    location: europe
-    project: test-project
-    row_time_to_live: null
-    timeouts: null
-    values:
-    - '2'
-    - www.google.com
-  module.webhook_feeds.google_chronicle_feed.feeds["okta"]:
-    details:
-    - amazon_kinesis_firehose_settings: []
-      amazon_s3_settings: []
-      amazon_s3_v2_settings: []
-      amazon_sqs_settings: []
-      amazon_sqs_v2_settings: []
-      anomali_settings: []
-      asset_namespace: null
-      aws_ec2_hosts_settings: []
-      aws_ec2_instances_settings: []
-      aws_ec2_vpcs_settings: []
-      aws_iam_settings: []
-      azure_ad_audit_settings: []
-      azure_ad_context_settings: []
-      azure_ad_settings: []
-      azure_blob_store_settings: []
-      azure_blob_store_v2_settings: []
-      azure_event_hub_settings: []
-      azure_mdm_intune_settings: []
-      cloud_passage_settings: []
-      cortex_xdr_settings: []
-      crowdstrike_alerts_settings: []
-      crowdstrike_detects_settings: []
-      dummy_log_type_settings: []
-      duo_auth_settings: []
-      duo_user_context_settings: []
-      feed_source_type: HTTPS_PUSH_WEBHOOK
-      fox_it_stix_settings: []
-      gcs_settings: []
-      gcs_v2_settings: []
-      google_cloud_identity_device_users_settings: []
-      google_cloud_identity_devices_settings: []
-      google_cloud_storage_event_driven_settings: []
-      http_settings: []
-      https_push_amazon_kinesis_firehose_settings: []
-      https_push_google_cloud_pubsub_settings: []
-      https_push_webhook_settings:
-      - split_delimiter: null
-      imperva_waf_settings: []
-      labels: null
-      log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/OKTA
-      mandiant_ioc_settings: []
-      microsoft_graph_alert_settings: []
-      microsoft_security_center_alert_settings: []
-      mimecast_mail_settings: []
-      mimecast_mail_v2_settings: []
-      netskope_alert_settings: []
-      netskope_alert_v2_settings: []
-      office365_settings: []
-      okta_settings: []
-      okta_user_context_settings: []
-      pan_ioc_settings: []
-      pan_prisma_cloud_settings: []
-      proofpoint_mail_settings: []
-      proofpoint_on_demand_settings: []
-      pubsub_settings: []
-      qualys_scan_settings: []
-      qualys_vm_settings: []
-      rapid7_insight_settings: []
-      recorded_future_ioc_settings: []
-      rh_isac_ioc_settings: []
-      salesforce_settings: []
-      sentinelone_alert_settings: []
-      service_now_cmdb_settings: []
-      sftp_settings: []
-      symantec_event_export_settings: []
-      thinkst_canary_settings: []
-      threat_connect_ioc_settings: []
-      threat_connect_ioc_v3_settings: []
-      trellix_hx_alerts_settings: []
-      trellix_hx_bulk_acqs_settings: []
-      trellix_hx_hosts_settings: []
-      webhook_settings: []
-      workday_settings: []
-      workspace_activity_settings: []
-      workspace_alerts_settings: []
-      workspace_chrome_os_settings: []
-      workspace_groups_settings: []
-      workspace_mobile_settings: []
-      workspace_privileges_settings: []
-      workspace_users_settings: []
-    display_name: webhook-okta
-    enabled: null
-    failure_details: []
-    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
-    location: europe
-    project: test-project
-    timeouts: null
-  module.workspace-feeds[0].google_chronicle_feed.feeds["ws-activity"]:
-    details:
-    - amazon_kinesis_firehose_settings: []
-      amazon_s3_settings: []
-      amazon_s3_v2_settings: []
-      amazon_sqs_settings: []
-      amazon_sqs_v2_settings: []
-      anomali_settings: []
-      asset_namespace: null
-      aws_ec2_hosts_settings: []
-      aws_ec2_instances_settings: []
-      aws_ec2_vpcs_settings: []
-      aws_iam_settings: []
-      azure_ad_audit_settings: []
-      azure_ad_context_settings: []
-      azure_ad_settings: []
-      azure_blob_store_settings: []
-      azure_blob_store_v2_settings: []
-      azure_event_hub_settings: []
-      azure_mdm_intune_settings: []
-      cloud_passage_settings: []
-      cortex_xdr_settings: []
-      crowdstrike_alerts_settings: []
-      crowdstrike_detects_settings: []
-      dummy_log_type_settings: []
-      duo_auth_settings: []
-      duo_user_context_settings: []
-      feed_source_type: API
-      fox_it_stix_settings: []
-      gcs_settings: []
-      gcs_v2_settings: []
-      google_cloud_identity_device_users_settings: []
-      google_cloud_identity_devices_settings: []
-      google_cloud_storage_event_driven_settings: []
-      http_settings: []
-      https_push_amazon_kinesis_firehose_settings: []
-      https_push_google_cloud_pubsub_settings: []
-      https_push_webhook_settings: []
-      imperva_waf_settings: []
-      labels: null
-      log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/WORKSPACE_ACTIVITY
-      mandiant_ioc_settings: []
-      microsoft_graph_alert_settings: []
-      microsoft_security_center_alert_settings: []
-      mimecast_mail_settings: []
-      mimecast_mail_v2_settings: []
-      netskope_alert_settings: []
-      netskope_alert_v2_settings: []
-      office365_settings: []
-      okta_settings: []
-      okta_user_context_settings: []
-      pan_ioc_settings: []
-      pan_prisma_cloud_settings: []
-      proofpoint_mail_settings: []
-      proofpoint_on_demand_settings: []
-      pubsub_settings: []
-      qualys_scan_settings: []
-      qualys_vm_settings: []
-      rapid7_insight_settings: []
-      recorded_future_ioc_settings: []
-      rh_isac_ioc_settings: []
-      salesforce_settings: []
-      sentinelone_alert_settings: []
-      service_now_cmdb_settings: []
-      sftp_settings: []
-      symantec_event_export_settings: []
-      thinkst_canary_settings: []
-      threat_connect_ioc_settings: []
-      threat_connect_ioc_v3_settings: []
-      trellix_hx_alerts_settings: []
-      trellix_hx_bulk_acqs_settings: []
-      trellix_hx_hosts_settings: []
-      webhook_settings: []
-      workday_settings: []
-      workspace_activity_settings:
-      - applications:
-        - access_transparency
-        - admin
-        - calendar
-        - chat
-        - drive
-        - gcp
-        - gplus
-        - groups
-        - groups_enterprise
-        - jamboard
-        - login
-        - meet
-        - mobile
-        - rules
-        - saml
-        - token
-        - user_accounts
-        - context_aware_access
-        - chrome
-        - data_studio
-        - keep
-        authentication:
-        - claims:
-          - audience: https://oauth2.googleapis.com/token
-            issuer: workspace-integration@test-project.iam.gserviceaccount.com
-            subject: secops-feed@example.com
-          rs_credentials:
-          - {}
-          token_endpoint: https://oauth2.googleapis.com/token
-        workspace_customer_id: CXXXXXXXX
-      workspace_alerts_settings: []
-      workspace_chrome_os_settings: []
-      workspace_groups_settings: []
-      workspace_mobile_settings: []
-      workspace_privileges_settings: []
-      workspace_users_settings: []
-    display_name: Workspace Activity
-    enabled: null
-    failure_details: []
-    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
-    location: europe
-    project: test-project
-    timeouts: null
-  module.workspace-feeds[0].google_chronicle_feed.feeds["ws-alerts"]:
-    details:
-    - amazon_kinesis_firehose_settings: []
-      amazon_s3_settings: []
-      amazon_s3_v2_settings: []
-      amazon_sqs_settings: []
-      amazon_sqs_v2_settings: []
-      anomali_settings: []
-      asset_namespace: null
-      aws_ec2_hosts_settings: []
-      aws_ec2_instances_settings: []
-      aws_ec2_vpcs_settings: []
-      aws_iam_settings: []
-      azure_ad_audit_settings: []
-      azure_ad_context_settings: []
-      azure_ad_settings: []
-      azure_blob_store_settings: []
-      azure_blob_store_v2_settings: []
-      azure_event_hub_settings: []
-      azure_mdm_intune_settings: []
-      cloud_passage_settings: []
-      cortex_xdr_settings: []
-      crowdstrike_alerts_settings: []
-      crowdstrike_detects_settings: []
-      dummy_log_type_settings: []
-      duo_auth_settings: []
-      duo_user_context_settings: []
-      feed_source_type: API
-      fox_it_stix_settings: []
-      gcs_settings: []
-      gcs_v2_settings: []
-      google_cloud_identity_device_users_settings: []
-      google_cloud_identity_devices_settings: []
-      google_cloud_storage_event_driven_settings: []
-      http_settings: []
-      https_push_amazon_kinesis_firehose_settings: []
-      https_push_google_cloud_pubsub_settings: []
-      https_push_webhook_settings: []
-      imperva_waf_settings: []
-      labels: null
-      log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/WORKSPACE_ALERTS
-      mandiant_ioc_settings: []
-      microsoft_graph_alert_settings: []
-      microsoft_security_center_alert_settings: []
-      mimecast_mail_settings: []
-      mimecast_mail_v2_settings: []
-      netskope_alert_settings: []
-      netskope_alert_v2_settings: []
-      office365_settings: []
-      okta_settings: []
-      okta_user_context_settings: []
-      pan_ioc_settings: []
-      pan_prisma_cloud_settings: []
-      proofpoint_mail_settings: []
-      proofpoint_on_demand_settings: []
-      pubsub_settings: []
-      qualys_scan_settings: []
-      qualys_vm_settings: []
-      rapid7_insight_settings: []
-      recorded_future_ioc_settings: []
-      rh_isac_ioc_settings: []
-      salesforce_settings: []
-      sentinelone_alert_settings: []
-      service_now_cmdb_settings: []
-      sftp_settings: []
-      symantec_event_export_settings: []
-      thinkst_canary_settings: []
-      threat_connect_ioc_settings: []
-      threat_connect_ioc_v3_settings: []
-      trellix_hx_alerts_settings: []
-      trellix_hx_bulk_acqs_settings: []
-      trellix_hx_hosts_settings: []
-      webhook_settings: []
-      workday_settings: []
-      workspace_activity_settings: []
-      workspace_alerts_settings:
-      - authentication:
-        - claims:
-          - audience: https://oauth2.googleapis.com/token
-            issuer: workspace-integration@test-project.iam.gserviceaccount.com
-            subject: secops-feed@example.com
-          rs_credentials:
-          - {}
-          token_endpoint: https://oauth2.googleapis.com/token
-        workspace_customer_id: CXXXXXXXX
-      workspace_chrome_os_settings: []
-      workspace_groups_settings: []
-      workspace_mobile_settings: []
-      workspace_privileges_settings: []
-      workspace_users_settings: []
-    display_name: Workspace Alerts
-    enabled: null
-    failure_details: []
-    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
-    location: europe
-    project: test-project
-    timeouts: null
-  module.workspace-feeds[0].google_chronicle_feed.feeds["ws-chrome"]:
-    details:
-    - amazon_kinesis_firehose_settings: []
-      amazon_s3_settings: []
-      amazon_s3_v2_settings: []
-      amazon_sqs_settings: []
-      amazon_sqs_v2_settings: []
-      anomali_settings: []
-      asset_namespace: null
-      aws_ec2_hosts_settings: []
-      aws_ec2_instances_settings: []
-      aws_ec2_vpcs_settings: []
-      aws_iam_settings: []
-      azure_ad_audit_settings: []
-      azure_ad_context_settings: []
-      azure_ad_settings: []
-      azure_blob_store_settings: []
-      azure_blob_store_v2_settings: []
-      azure_event_hub_settings: []
-      azure_mdm_intune_settings: []
-      cloud_passage_settings: []
-      cortex_xdr_settings: []
-      crowdstrike_alerts_settings: []
-      crowdstrike_detects_settings: []
-      dummy_log_type_settings: []
-      duo_auth_settings: []
-      duo_user_context_settings: []
-      feed_source_type: API
-      fox_it_stix_settings: []
-      gcs_settings: []
-      gcs_v2_settings: []
-      google_cloud_identity_device_users_settings: []
-      google_cloud_identity_devices_settings: []
-      google_cloud_storage_event_driven_settings: []
-      http_settings: []
-      https_push_amazon_kinesis_firehose_settings: []
-      https_push_google_cloud_pubsub_settings: []
-      https_push_webhook_settings: []
-      imperva_waf_settings: []
-      labels: null
-      log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/WORKSPACE_CHROMEOS
-      mandiant_ioc_settings: []
-      microsoft_graph_alert_settings: []
-      microsoft_security_center_alert_settings: []
-      mimecast_mail_settings: []
-      mimecast_mail_v2_settings: []
-      netskope_alert_settings: []
-      netskope_alert_v2_settings: []
-      office365_settings: []
-      okta_settings: []
-      okta_user_context_settings: []
-      pan_ioc_settings: []
-      pan_prisma_cloud_settings: []
-      proofpoint_mail_settings: []
-      proofpoint_on_demand_settings: []
-      pubsub_settings: []
-      qualys_scan_settings: []
-      qualys_vm_settings: []
-      rapid7_insight_settings: []
-      recorded_future_ioc_settings: []
-      rh_isac_ioc_settings: []
-      salesforce_settings: []
-      sentinelone_alert_settings: []
-      service_now_cmdb_settings: []
-      sftp_settings: []
-      symantec_event_export_settings: []
-      thinkst_canary_settings: []
-      threat_connect_ioc_settings: []
-      threat_connect_ioc_v3_settings: []
-      trellix_hx_alerts_settings: []
-      trellix_hx_bulk_acqs_settings: []
-      trellix_hx_hosts_settings: []
-      webhook_settings: []
-      workday_settings: []
-      workspace_activity_settings: []
-      workspace_alerts_settings: []
-      workspace_chrome_os_settings:
-      - authentication:
-        - claims:
-          - audience: https://oauth2.googleapis.com/token
-            issuer: workspace-integration@test-project.iam.gserviceaccount.com
-            subject: secops-feed@example.com
-          rs_credentials:
-          - {}
-          token_endpoint: https://oauth2.googleapis.com/token
-        workspace_customer_id: CXXXXXXXX
-      workspace_groups_settings: []
-      workspace_mobile_settings: []
-      workspace_privileges_settings: []
-      workspace_users_settings: []
-    display_name: Workspace ChromeOS
-    enabled: null
-    failure_details: []
-    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
-    location: europe
-    project: test-project
-    timeouts: null
-  module.workspace-feeds[0].google_chronicle_feed.feeds["ws-group"]:
-    details:
-    - amazon_kinesis_firehose_settings: []
-      amazon_s3_settings: []
-      amazon_s3_v2_settings: []
-      amazon_sqs_settings: []
-      amazon_sqs_v2_settings: []
-      anomali_settings: []
-      asset_namespace: null
-      aws_ec2_hosts_settings: []
-      aws_ec2_instances_settings: []
-      aws_ec2_vpcs_settings: []
-      aws_iam_settings: []
-      azure_ad_audit_settings: []
-      azure_ad_context_settings: []
-      azure_ad_settings: []
-      azure_blob_store_settings: []
-      azure_blob_store_v2_settings: []
-      azure_event_hub_settings: []
-      azure_mdm_intune_settings: []
-      cloud_passage_settings: []
-      cortex_xdr_settings: []
-      crowdstrike_alerts_settings: []
-      crowdstrike_detects_settings: []
-      dummy_log_type_settings: []
-      duo_auth_settings: []
-      duo_user_context_settings: []
-      feed_source_type: API
-      fox_it_stix_settings: []
-      gcs_settings: []
-      gcs_v2_settings: []
-      google_cloud_identity_device_users_settings: []
-      google_cloud_identity_devices_settings: []
-      google_cloud_storage_event_driven_settings: []
-      http_settings: []
-      https_push_amazon_kinesis_firehose_settings: []
-      https_push_google_cloud_pubsub_settings: []
-      https_push_webhook_settings: []
-      imperva_waf_settings: []
-      labels: null
-      log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/WORKSPACE_GROUPS
-      mandiant_ioc_settings: []
-      microsoft_graph_alert_settings: []
-      microsoft_security_center_alert_settings: []
-      mimecast_mail_settings: []
-      mimecast_mail_v2_settings: []
-      netskope_alert_settings: []
-      netskope_alert_v2_settings: []
-      office365_settings: []
-      okta_settings: []
-      okta_user_context_settings: []
-      pan_ioc_settings: []
-      pan_prisma_cloud_settings: []
-      proofpoint_mail_settings: []
-      proofpoint_on_demand_settings: []
-      pubsub_settings: []
-      qualys_scan_settings: []
-      qualys_vm_settings: []
-      rapid7_insight_settings: []
-      recorded_future_ioc_settings: []
-      rh_isac_ioc_settings: []
-      salesforce_settings: []
-      sentinelone_alert_settings: []
-      service_now_cmdb_settings: []
-      sftp_settings: []
-      symantec_event_export_settings: []
-      thinkst_canary_settings: []
-      threat_connect_ioc_settings: []
-      threat_connect_ioc_v3_settings: []
-      trellix_hx_alerts_settings: []
-      trellix_hx_bulk_acqs_settings: []
-      trellix_hx_hosts_settings: []
-      webhook_settings: []
-      workday_settings: []
-      workspace_activity_settings: []
-      workspace_alerts_settings: []
-      workspace_chrome_os_settings: []
-      workspace_groups_settings:
-      - authentication:
-        - claims:
-          - audience: https://oauth2.googleapis.com/token
-            issuer: workspace-integration@test-project.iam.gserviceaccount.com
-            subject: secops-feed@example.com
-          rs_credentials:
-          - {}
-          token_endpoint: https://oauth2.googleapis.com/token
-        workspace_customer_id: CXXXXXXXX
-      workspace_mobile_settings: []
-      workspace_privileges_settings: []
-      workspace_users_settings: []
-    display_name: Workspace Groups
-    enabled: null
-    failure_details: []
-    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
-    location: europe
-    project: test-project
-    timeouts: null
-  module.workspace-feeds[0].google_chronicle_feed.feeds["ws-mobile"]:
-    details:
-    - amazon_kinesis_firehose_settings: []
-      amazon_s3_settings: []
-      amazon_s3_v2_settings: []
-      amazon_sqs_settings: []
-      amazon_sqs_v2_settings: []
-      anomali_settings: []
-      asset_namespace: null
-      aws_ec2_hosts_settings: []
-      aws_ec2_instances_settings: []
-      aws_ec2_vpcs_settings: []
-      aws_iam_settings: []
-      azure_ad_audit_settings: []
-      azure_ad_context_settings: []
-      azure_ad_settings: []
-      azure_blob_store_settings: []
-      azure_blob_store_v2_settings: []
-      azure_event_hub_settings: []
-      azure_mdm_intune_settings: []
-      cloud_passage_settings: []
-      cortex_xdr_settings: []
-      crowdstrike_alerts_settings: []
-      crowdstrike_detects_settings: []
-      dummy_log_type_settings: []
-      duo_auth_settings: []
-      duo_user_context_settings: []
-      feed_source_type: API
-      fox_it_stix_settings: []
-      gcs_settings: []
-      gcs_v2_settings: []
-      google_cloud_identity_device_users_settings: []
-      google_cloud_identity_devices_settings: []
-      google_cloud_storage_event_driven_settings: []
-      http_settings: []
-      https_push_amazon_kinesis_firehose_settings: []
-      https_push_google_cloud_pubsub_settings: []
-      https_push_webhook_settings: []
-      imperva_waf_settings: []
-      labels: null
-      log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/WORKSPACE_MOBILE
-      mandiant_ioc_settings: []
-      microsoft_graph_alert_settings: []
-      microsoft_security_center_alert_settings: []
-      mimecast_mail_settings: []
-      mimecast_mail_v2_settings: []
-      netskope_alert_settings: []
-      netskope_alert_v2_settings: []
-      office365_settings: []
-      okta_settings: []
-      okta_user_context_settings: []
-      pan_ioc_settings: []
-      pan_prisma_cloud_settings: []
-      proofpoint_mail_settings: []
-      proofpoint_on_demand_settings: []
-      pubsub_settings: []
-      qualys_scan_settings: []
-      qualys_vm_settings: []
-      rapid7_insight_settings: []
-      recorded_future_ioc_settings: []
-      rh_isac_ioc_settings: []
-      salesforce_settings: []
-      sentinelone_alert_settings: []
-      service_now_cmdb_settings: []
-      sftp_settings: []
-      symantec_event_export_settings: []
-      thinkst_canary_settings: []
-      threat_connect_ioc_settings: []
-      threat_connect_ioc_v3_settings: []
-      trellix_hx_alerts_settings: []
-      trellix_hx_bulk_acqs_settings: []
-      trellix_hx_hosts_settings: []
-      webhook_settings: []
-      workday_settings: []
-      workspace_activity_settings: []
-      workspace_alerts_settings: []
-      workspace_chrome_os_settings: []
-      workspace_groups_settings: []
-      workspace_mobile_settings:
-      - authentication:
-        - claims:
-          - audience: https://oauth2.googleapis.com/token
-            issuer: workspace-integration@test-project.iam.gserviceaccount.com
-            subject: secops-feed@example.com
-          rs_credentials:
-          - {}
-          token_endpoint: https://oauth2.googleapis.com/token
-        workspace_customer_id: CXXXXXXXX
-      workspace_privileges_settings: []
-      workspace_users_settings: []
-    display_name: Workspace Mobile
-    enabled: null
-    failure_details: []
-    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
-    location: europe
-    project: test-project
-    timeouts: null
-  module.workspace-feeds[0].google_chronicle_feed.feeds["ws-users"]:
-    details:
-    - amazon_kinesis_firehose_settings: []
-      amazon_s3_settings: []
-      amazon_s3_v2_settings: []
-      amazon_sqs_settings: []
-      amazon_sqs_v2_settings: []
-      anomali_settings: []
-      asset_namespace: null
-      aws_ec2_hosts_settings: []
-      aws_ec2_instances_settings: []
-      aws_ec2_vpcs_settings: []
-      aws_iam_settings: []
-      azure_ad_audit_settings: []
-      azure_ad_context_settings: []
-      azure_ad_settings: []
-      azure_blob_store_settings: []
-      azure_blob_store_v2_settings: []
-      azure_event_hub_settings: []
-      azure_mdm_intune_settings: []
-      cloud_passage_settings: []
-      cortex_xdr_settings: []
-      crowdstrike_alerts_settings: []
-      crowdstrike_detects_settings: []
-      dummy_log_type_settings: []
-      duo_auth_settings: []
-      duo_user_context_settings: []
-      feed_source_type: API
-      fox_it_stix_settings: []
-      gcs_settings: []
-      gcs_v2_settings: []
-      google_cloud_identity_device_users_settings: []
-      google_cloud_identity_devices_settings: []
-      google_cloud_storage_event_driven_settings: []
-      http_settings: []
-      https_push_amazon_kinesis_firehose_settings: []
-      https_push_google_cloud_pubsub_settings: []
-      https_push_webhook_settings: []
-      imperva_waf_settings: []
-      labels: null
-      log_type: projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes/WORKSPACE_USERS
-      mandiant_ioc_settings: []
-      microsoft_graph_alert_settings: []
-      microsoft_security_center_alert_settings: []
-      mimecast_mail_settings: []
-      mimecast_mail_v2_settings: []
-      netskope_alert_settings: []
-      netskope_alert_v2_settings: []
-      office365_settings: []
-      okta_settings: []
-      okta_user_context_settings: []
-      pan_ioc_settings: []
-      pan_prisma_cloud_settings: []
-      proofpoint_mail_settings: []
-      proofpoint_on_demand_settings: []
-      pubsub_settings: []
-      qualys_scan_settings: []
-      qualys_vm_settings: []
-      rapid7_insight_settings: []
-      recorded_future_ioc_settings: []
-      rh_isac_ioc_settings: []
-      salesforce_settings: []
-      sentinelone_alert_settings: []
-      service_now_cmdb_settings: []
-      sftp_settings: []
-      symantec_event_export_settings: []
-      thinkst_canary_settings: []
-      threat_connect_ioc_settings: []
-      threat_connect_ioc_v3_settings: []
-      trellix_hx_alerts_settings: []
-      trellix_hx_bulk_acqs_settings: []
-      trellix_hx_hosts_settings: []
-      webhook_settings: []
-      workday_settings: []
-      workspace_activity_settings: []
-      workspace_alerts_settings: []
-      workspace_chrome_os_settings: []
-      workspace_groups_settings: []
-      workspace_mobile_settings: []
-      workspace_privileges_settings: []
-      workspace_users_settings:
-      - authentication:
-        - claims:
-          - audience: https://oauth2.googleapis.com/token
-            issuer: workspace-integration@test-project.iam.gserviceaccount.com
-            subject: secops-feed@example.com
-          rs_credentials:
-          - {}
-          token_endpoint: https://oauth2.googleapis.com/token
-        projection_type: FULL_PROJECTION
-        workspace_customer_id: CXXXXXXXX
-    display_name: Workspace Users
-    enabled: null
-    failure_details: []
-    instance: xxxxxxx-xxxxx-xxxxxx-xxxxxxx
-    location: europe
-    project: test-project
-    timeouts: null
-  module.workspace-integration-sa[0].google_service_account.service_account[0]:
-    account_id: workspace-integration
-    create_ignore_already_exists: null
-    description: null
-    disabled: false
-    display_name: Terraform-managed.
-    email: workspace-integration@test-project.iam.gserviceaccount.com
-    member: serviceAccount:workspace-integration@test-project.iam.gserviceaccount.com
-    project: test-project
-    timeouts: null
-  restful_operation.webhook_feeds_secret["okta"]:
-    body: null
-    delete_body: null
-    delete_header: null
-    delete_method: null
-    delete_path: null
-    delete_query: null
-    ephemeral_body: null
-    header: null
-    id_builder: null
-    method: POST
-    operation_header: null
-    operation_query: null
-    output_attrs: null
-    poll: null
-    poll_delete: null
-    precheck: null
-    precheck_delete: null
-    query: null
-  restful_resource.secops_log_type["cloudrun"]:
-    body:
-      customLogTypeLabel: CLOUDRUN_CUSTOM
-      displayName: Cloud Run
-      hasCustomParser: true
-      isCustom: true
-      productSource: Cloud Run Custom
-    check_existance: null
-    create_header: null
-    create_method: POST
-    create_query: null
-    create_selector: null
-    delete_body: null
-    delete_body_raw: null
-    delete_header: null
-    delete_method: null
-    delete_path: null
-    delete_query: null
-    ephemeral_body: null
-    force_new_attrs: null
-    header: null
-    merge_patch_disabled: null
-    output_attrs: null
-    path: /projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx/logTypes?logTypeId=cloudrun
-    poll_create: null
-    poll_delete: null
-    poll_update: null
-    precheck_create: null
-    precheck_delete: null
-    precheck_update: null
-    query: null
-    read_header: null
-    read_path: /projects/test-project/locations/europe/instances/xxxxxxx-xxxxx-xxxxxx-xxxxxxx
-    read_query: null
-    read_response_template: null
-    read_selector: null
-    update_body_patches: null
-    update_header: null
-    update_method: null
-    update_path: null
-    update_query: null
-    write_only_attrs: null
-
-counts:
-  google_apikeys_key: 1
-  google_chronicle_data_access_label: 1
-  google_chronicle_data_access_scope: 1
-  google_chronicle_data_table: 1
-  google_chronicle_data_table_row: 2
-  google_chronicle_feed: 12
-  google_chronicle_reference_list: 1
-  google_chronicle_rule: 1
-  google_chronicle_rule_deployment: 1
-  google_monitoring_alert_policy: 3
-  google_monitoring_notification_channel: 1
-  google_org_policy_policy: 1
-  google_project: 1
-  google_project_iam_binding: 1
-  google_project_iam_custom_role: 7
-  google_project_iam_member: 5
-  google_project_service: 9
-  google_project_service_identity: 5
-  google_secret_manager_secret: 2
-  google_secret_manager_secret_version: 2
-  google_service_account: 1
-  google_service_account_key: 1
-  modules: 10
-  resources: 62
-  restful_operation: 1
-  restful_resource: 1
-
-outputs:
-  project_id: test-project
-
+      duo_user_context_settings: []
\ No newline at end of file