SafeBreach v2
SafeBreach - Breach and Attack Simulation platform Pack.#
This Integration is part of theSupported versions
Supported Cortex XSOAR versions: 5.5.0 and later.
SafeBreach automatically executes thousands of breach methods from its extensive and growing Hacker’s Playbook™ to validate security control effectiveness. Simulations are automatically correlated with network, endpoint, and SIEM solutions providing data-driven SafeBreach Insights for holistic remediation to harden enterprise defenses.
#
Configure SafeBreach for Cortex XSOAR Integration- Open the Navigation bar → … → CLI Console
- Type config accounts to find out the account id
- Use the id as the accountId parameter in Cortex XSOAR configuration
- Type config apikeys to list existing API keys \ OR \ Add a new one by typing: config apikeys add --name <key_name>
- Use the generated API token as apiKey parameter in Cortex XSOAR configuration
- Use your SafeBreach Management URL as the url parameter in Cortex XSOAR configuration
#
Configure SafeBreach on Cortex XSOAR- Navigate to Settings > Integrations > Servers & Services.
- Search for SafeBreach v2.
- Click Add instance to create and configure a new integration instance.
- Click Test to validate the URLs, token, and connection.
Parameter | Description | Required |
---|---|---|
SafeBreach Managment URL | For example, https://yourorg.safebreach.com | True |
Account ID | Obtained with "config accounts" SafeBreach command | True |
API Key | Generated with "config apikeys add" SafeBreach command | True |
Insight Category | Network Access,Network Inspection,Endpoint,Email,Web,Data Leak | False |
Insight Data Type | Hash,Domain,URI,Command,Port,Protocol | False |
Indicators Limit | Amount of indicators to generate. Default = 1000 | False |
feed | Fetch indicators | False |
feedReputation | Indicator Reputation | False |
behavioralReputation | Behavioral Indicator Reputation | False |
feedReliability | Source Reliability | True |
tlp_color | The Traffic Light Protocol (TLP) designation to apply to indicators fetched from the feed. More information about the protocol can be found at https://us-cert.cisa.gov/tlp | False |
feedExpirationPolicy | False | |
feedFetchInterval | Feed Fetch Interval | False |
feedBypassExclusionList | Bypass exclusion list | False |
feedExpirationInterval | False | |
insecure | Trust any certificate (not secure) | False |
proxy | Use system proxy settings | False |
#
SafeBreach InsightsTable below summaries all available SafeBreach insights and their relative ids that should be used when calling the related commands. Every customer environment might have some of the insights depending on the simulation results that were not blocked in the environment.
Insight Id | Category | Data Type | Description |
---|---|---|---|
1 | Network Access | Port | Outbound traffic over non-standard ports |
2 | Network Access | Protocol | Outbound traffic over non-standard protocols |
3 | Network Access | Port | Outbound traffic over non-SSL protocols using secured ports |
4 | Network Access | Port | Outbound traffic over not matching ports and protocols |
19 | Network Access | Port | Inbound traffic over non-standard ports |
20 | Network Access | Protocol | Inbound traffic over non-standard protocols |
21 | Network Access | Port | Inbound traffic over non-SSL protocols using secured ports |
22 | Network Access | Port | Inbound traffic over not matching ports and protocols |
5 | Web | Domain | Malicious domain resolution |
6 | Web | URI | Malicious URL requests |
7 | Network Inspection | Hash | Malware transfer over standard ports |
10 | Network Inspection | Protocol | Brute force |
11 | Network Inspection | Other | Inbound C&C communication |
12 | Network Inspection | Other | Outbound C&C communication |
8 | Endpoint | Other | Execution of malware or code |
9 | Endpoint | Hash | Malware drop to disk |
13 | Endpoint | Other | Malicious host actions |
14 | Endpoint | Command | Data and host information gathering |
16 | Data Leak | Other | Exfiltration of sensitive data assets |
15 | Hash | Email with encrypted malicious attachments | |
24 | Hash | Email with non-encrypted malicious attachment |
#
Playbooks#
SafeBreach - Process Non-Behavioral Insights Feed- This playbook automatically remediates all non-behavioral indicators generated from SafeBreach Insights. To validate the remediation, it reruns the related insights and classifies the indicators as Remediated or Not Remediated. A special feed based triggered job is required to initiate this playbook for every new SafeBreach generated indicator.
#
SafeBreach - Process Behavioral Insights Feed (Premium)- This playbook processes all SafeBreach behavioral indicators. It creates an incident for each SafeBreach Insight, enriched with all the related indicators and additional SafeBreach contextual information. A special feed based triggered job is required to initiate this playbook for every new SafeBreach generated indicator.
#
SafeBreach - Rerun Insights- This is a sub-playbook reruns a list of SafeBreach insights based on Insight Id and waits until they complete. Used in main SafeBreach playbooks, such as "SafeBreach - Handle Insight Incident" and "SafeBreach - Process Non-Behavioral Insights Feed".
#
SafeBreach - Rerun Single Insight- This playbook uses the following sub-playbooks, integrations, and scripts.
#
SafeBreach - Compare and Validate Insight Indicators- This playbook compares SafeBreach Insight indicators before and after the processing. It receives an insight and it's indicators before validation, fetches updated indicators after rerunning the insight, and then compares the results to validate mitigation. Indicators are classified as Remediated or Not Remediated based on their validated status and the appropriate field (SafeBreach Remediation Status) is updated.
#
SafeBreach - SafeBreach Create Incidents per Insight and Associate Indicators- This is a sub-playbook that creates incidents per SafeBreach insight, enriched with all the related indicators and additional SafeBreach insight contextual information. Used in main SafeBreach playbooks, such as "SafeBreach - Process Behavioral Insights Feed" and "SafeBreach - Process Non-Behavioral Insights Feed".
#
SafeBreach - Handle Insight Incident (Premium)- This playbook is triggered automatically for each SafeBreach Insight incident:
- Adding insight information (including suggested remediation actions);
- Assigning it to an analyst to remediate and either “ignore” or “validate.” Validated incidents are rerun with the related SafeBreach Insight and the results are compared to the previous indicator results. The incident is closed once all the indicators are resolved or the analyst “ignores” the incident. Unresolved indicators wait for handling by the analyst.
#
Dashboard (Premium)SafeBreach Insights dashboard summarizes the current status of actionable insights and related indicators.
#
CommandsYou can execute these commands from the Cortex XSOAR CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.
#
safebreach-get-insightsGets SafeBreach Insights for all security control categories.
#
Base Commandsafebreach-get-insights
#
InputArgument Name | Description | Required |
---|---|---|
insightIds | Array of insight IDs to fetch. | Optional |
#
Context OutputPath | Type | Description |
---|---|---|
SafeBreach.Insight.Name | String | Insight name representing the action required to be taken. |
SafeBreach.Insight.Id | Number | Insight unique ID number. |
SafeBreach.Insight.DataType | String | Insight data type. Options are Hash, Domain, URI, Command, Port, or Protocol. |
SafeBreach.Insight.Category | String | Security control category name. |
SafeBreach.Insight.LatestSimulation | Date | Time of the latest simulation from the insight. |
SafeBreach.Insight.SimulationsCount | Number | Number of the related simulations. |
SafeBreach.Insight.RiskImpact | Number | Risk impact of the insight on the environment total risk score. |
SafeBreach.Insight.AffectedTargetsCount | Number | Number of affected targets. |
SafeBreach.Insight.SeverityScore | Number | Insight severity numeric value |
SafeBreach.Insight.Severity | String | Insight severity mapped to low/medium/high. |
SafeBreach.Insight.RemediationDataCount | Number | Number of the remediation data points. |
SafeBreach.Insight.RemediationDataType | String | Type of the remediation data. |
SafeBreach.Insight.ThreatGroups | Array | Array of APT names that are mapped to the insight. |
SafeBreach.Insight.NetworkDirection | String | Communication direction of Insight, relative to the target (inbound/outbound). |
SafeBreach.Insight.AttacksCount | Number | List of all insight related SafeBreach attack IDs. |
SafeBreach.Insight.AffectedTargets | Array | List of the affected targets including name, IP and number of the remediation points |
SafeBreach.Insight.RemediationAction | String | Description of an action to take for the remediation |
SafeBreach.Insight.ResultsLink | String | Link to the SafeBreach platform Results page filtered for the relevant simulation results |
SafeBreach.Insight.AttackIds | Array | SafeBreach Attack Ids |
#
Command Example!safebreach-get-insights insightIds=[5,9]
#
Context Example#
safebreach-get-remediation-dataGets remediation data for a specific SafeBreach Insight.
#
Base Commandsafebreach-get-remediation-data
#
InputArgument Name | Description | Required |
---|---|---|
insightId | The ID of the insight for which to fetch remediation data. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
SafeBreach.Insight.Id | Number | Insight unique ID number. |
SafeBreach.Insight.SHA256 | String | Malware SHA256 hash. |
SafeBreach.Insight.Domain | String | Malicious domains. |
SafeBreach.Insight.IP | String | Malicious IP addresses. |
SafeBreach.Insight.Port | Number | Ports used during the attack. |
SafeBreach.Insight.Protocol | String | Protocols used during the attack. |
SafeBreach.Insight.Proxy | String | Proxies used during the attack. |
SafeBreach.Insight.URI | String | Malicious URIs. |
SafeBreach.Insight.DropPath | String | Malware drop paths. |
SafeBreach.Insight.User | String | Impersonated users running the attacks. |
SafeBreach.Insight.Command | String | Attack executed commands. |
SafeBreach.Insight.Registry | String | Attack read/changed registry paths. |
SafeBreach.Insight.ClientHeader | String | Client HTTP headers used in the attacks. |
SafeBreach.Insight.ServerHeader | String | Server HTTP headers used in the attacks. |
URL.Data | String | Malicious domains, URLs, or IP addresses. |
File.SHA256 | String | Malicious SHA256 file hashes. |
Process.CommandLine | String | Suspicious commands. |
DBotScore.Indicator | String | Indicator value. Options are IP, SHA1, MD5, SHA256, Email, or Url. |
DBotScore.Type | String | Indicator type. Options are ip, file, email, or url. |
DBotScore.Vendor | String | SafeBreach. This is the vendor reporting the score of the indicator. |
DBotScore.Score | Number | 3 (Bad). The score of the indicator. |
SafeBreach.Insight.RemediationData.Splunk | String | Remediation data in a form of a Splunk query |
#
Command Example!safebreach-get-remediation-data insightId=5
#
Context Example#
safebreach-rerun-insightReruns a specific SafeBreach Insight related simulations in your environment.
#
Base Commandsafebreach-rerun-insight
#
InputArgument Name | Description | Required |
---|---|---|
insightIds | The IDs of the insight to rerun. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
SafeBreach.Insight.Id | Number | Insight unique ID. |
SafeBreach.Insight.Rerun.Name | String | Insight rerun test name. |
SafeBreach.Insight.Rerun.Id | String | ID of the rerun insight test. |
SafeBreach.Insight.Rerun.AttacksCount | Number | Count of the attacks executed in the insight rerun test. |
SafeBreach.Test.Id | String | ID of the test. |
SafeBreach.Test.Name | String | Name of the test. |
SafeBreach.Test.AttacksCount | Number | The number of attacks executed in the insight rerun test. |
SafeBreach.Test.Status | String | Test run status. For insight rerun, starts from PENDING. |
SafeBreach.Test.ScheduledTime | Date | Time when the test was triggered. |
#
Command Example!safebreach-rerun-insight insightIds=5
#
Context Example#
Human Readable Output#
Rerun SafeBreach Insight# Attacks | Insight Id | Name | Test Id |
---|---|---|---|
36 | 5 | Insight (Demisto) - Blacklist malicious domains | 1586684450523.75 |
#
safebreach-get-test-statusGets the status of a SafeBreach test for tracking progress of a run.
#
Base Commandsafebreach-get-test-status
#
InputArgument Name | Description | Required |
---|---|---|
testId | The ID of the test to track. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
SafeBreach.Test.Id | String | ID of the test. |
SafeBreach.Test.Name | String | Name of the test. |
SafeBreach.Test.Status | String | Test run status. Options are PENDING, RUNNING, CANCELED, or COMPLETED. |
SafeBreach.Test.StartTime | Date | Starting time of the test. |
SafeBreach.Test.EndTime | Date | Ending time of the test. |
SafeBreach.Test.TotalSimulationNumber | Number | Number of simulations for the test. |
#
Command Example!safebreach-get-test-status testId=1585757174467.23
#
Context Example#
Human Readable Output#
Test StatusTest Id | Name | Status | Start Time | End Time | Total Simulation Number |
---|---|---|---|---|---|
1585757174467.23 | Rerun (Demisto) - #(2122) Write SamSam Malware (AA18-337A) to Disk | CANCELED | 2020-04-01T16:06:14.471Z | 2020-04-01T16:10:36.389Z | 9 |
#
safebreach-get-simulationGet SafeBreach simulation
#
Base Commandsafebreach-get-simulation
#
InputArgument Name | Description | Required |
---|---|---|
simulationId | The ID of the simulation. By default, taken from the incident. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
SafeBreach.Simulation.Id | String | ID of the simulation result. |
SafeBreach.Simulation.FinalStatus | String | Simulation final status. Options are Missed, Detected, Stopped, Prevented, or Inconsistent. |
SafeBreach.Simulation.Result | String | Indicates whether the simulation was blocked. |
SafeBreach.Simulation.DetectedAction | String | Indicates the overall detected action taken by security controls. |
SafeBreach.Simulation.SimulationRunId | Number | The unique simulation run ID (changes between simulation runs). |
SafeBreach.Simulation.Time | Datetime | Latest simulation run time. |
SafeBreach.Simulation.LastChangeTime | Datetime | Time when the simulation result was changed. |
SafeBreach.Simulation.Labels | Array | Array of labels applied on the simulation. |
SafeBreach.Simulation.Attack.Id | String | ID of the simulated attack. |
SafeBreach.Simulation.Attack.Name | String | Name of the simulated attack. |
SafeBreach.Simulation.Attack.Description | String | Description of the attack flow. |
SafeBreach.Simulation.Attack.Phase | String | The phase of the attack. Option are Infiltration, Exfiltration ,Lateral Movement, or Host Level. |
SafeBreach.Simulation.Attack.Type | String | The type of the attack. For example, Real C2 Communication, Malware Transfer, or Malware Write to Disk. |
SafeBreach.Simulation.Attack.SecurityControl | String | Related security control category. |
SafeBreach.Simulation.Attack.IndicatorBased | Bool | True if this attack is based on an indicator. False if this is behavioral non-indicator based. |
SafeBreach.Simulation.Attacker.Name | String | Name of the attacker simulator. |
SafeBreach.Simulation.Attacker.OS | String | OS of the attacker simulator. |
SafeBreach.Simulation.Attacker.InternalIp | String | Internal IP address of the attacker simulator. |
SafeBreach.Simulation.Attacker.ExternalIp | String | External IP address of the attacker simulator. |
SafeBreach.Simulation.Attacker.SimulationDetails | JSON | Simulation run detailed logs from the attacker simulator. |
SafeBreach.Simulation.Target.Name | String | Name of the target simulator. |
SafeBreach.Simulation.Target.OS | String | OS of the target simulator. |
SafeBreach.Simulation.Target.InternalIp | String | Internal IP address of the target simulator. |
SafeBreach.Simulation.Target.ExternalIp | String | External IP address of the target simulator. |
SafeBreach.Simulation.Target.SimulationDetails | JSON | Simulation run detailed logs from the target simulator. |
SafeBreach.Simulation.Network.Direction | String | Attack network direction relative to the target - inbound/outbound. |
SafeBreach.Simulation.Network.SourceIp | String | The IP address that initiated the network communication. |
SafeBreach.Simulation.Network.DestinationIp | String | The IP address that received the network communication. |
SafeBreach.Simulation.Network.SourcePort | String | The source port of the network communication. |
SafeBreach.Simulation.Network.DestinationPort | String | The destination port of the network communication. |
SafeBreach.Simulation.Network.Protocol | String | The top-level protocol of the network communication. |
SafeBreach.Simulation.Network.Proxy | String | The proxy name used in the network communication. |
SafeBreach.Simulation.Classifications.MITRETechniques | Array | List of attack related MITRE techniques. |
SafeBreach.Simulation.Classifications.MITREGroups | Array | List of attack related MITRE threat groups. |
SafeBreach.Simulation.Classifications.MITRESoftware | Array | List of attack related MITRE software and tools. |
SafeBreach.Simulation.Parameters | JSON | Parameters of the simulation. |
#
Command Example!safebreach-get-simulation simulationId=d937cd0e5fd4e2c9266801b7bd17e097
#
Context Example#
Human Readable Output#
SafeBreach SimulationId | Name | Status | Result | Detected Action | Attacker | Target |
---|---|---|---|---|---|---|
d937cd0e5fd4e2c9266801b7bd17e097 | (#3055) Write wannacry malware to disk | Prevented | Fail | Prevent | Win10 - Cylance (172.31.42.76,172.31.42.76) | Win10 - Cylance (172.31.42.76,172.31.42.76) |
#
safebreach-rerun-simulationReruns a specific SafeBreach simulation in your environment.
#
Base Commandsafebreach-rerun-simulation
#
InputArgument Name | Description | Required |
---|---|---|
simulationId | The ID of the simulation to rerun. | Required |
#
Context OutputPath | Type | Description |
---|---|---|
SafeBreach.Simulation.Id | Number | Simulation unique ID. |
SafeBreach.Simulation.Rerun.Name | String | Simulation rerun test name. |
SafeBreach.Simulation.Rerun.Id | String | ID of the rerun test. |
SafeBreach.Simulation.Rerun.ScheduledTime | Datetime | Time when the rerun was triggered. |
SafeBreach.Test.Id | String | ID of the test. |
SafeBreach.Test.Name | String | Name of the test. |
SafeBreach.Test.AttacksCount | Number | The number of the attacks executed in the insight rerun test. |
SafeBreach.Test.Status | String | Test run status. For insight rerun - “PENDING” |
SafeBreach.Test.ScheduledTime | Datetime | Time when the test was triggered. |
#
Command Example!safebreach-rerun-simulation simulationId=d937cd0e5fd4e2c9266801b7bd17e097
#
Context Example#
Human Readable Output#
SafeBreach Rerun SimualtionSimulation Id | Test Id | Name |
---|---|---|
d937cd0e5fd4e2c9266801b7bd17e097 | 1586684466634.76 | Rerun (Demisto) - #(3055) Write wannacry malware to disk |
#
safebreach-get-indicatorsFetches SafeBreach Insights from which indicators are extracted, creating new indicators or updating existing indicators.
#
Base Commandsafebreach-get-indicators
#
InputArgument Name | Description | Required |
---|---|---|
limit | The maximum number of indicators to generate. The default is 1000. | Optional |
insightCategory | Multi-select option for the category of the insights to get remediation data for: Network Access, Network Inspection, Endpoint, Email, Web, Data Leak | Optional |
insightDataType | Multi-select option for the remediation data type to get: Hash, Domain, URI, Command, Port, Protocol, Registry | Optional |
#
Context OutputThere is no context output for this command.
#
Command Example!safebreach-get-indicators limit=10
#
Context Example#
Human Readable Output#
Indicators:Fields | Rawjson | Score | Type | Value |
---|---|---|---|---|
description: SafeBreach Insight - Prevent malware network transfer sha256: 0a2076b9d288411486a0c6367bccf75ea0fd6ba9aaaa9ff046ff3959f60ff35f tags: SafeBreachInsightId: 7 | value: 0a2076b9d288411486a0c6367bccf75ea0fd6ba9aaaa9ff046ff3959f60ff35f dataType: SHA256 insightId: 7 insightTime: 2020-04-07T15:54:01.256Z | 3 | File | 0a2076b9d288411486a0c6367bccf75ea0fd6ba9aaaa9ff046ff3959f60ff35f |
description: SafeBreach Insight - Prevent malware network transfer sha256: 0dcbb073b62f9ec1783d98d826bbfd1f938feb59e8e70180c00ecdfd903c0fe1 tags: SafeBreachInsightId: 7 | value: 0dcbb073b62f9ec1783d98d826bbfd1f938feb59e8e70180c00ecdfd903c0fe1 dataType: SHA256 insightId: 7 insightTime: 2020-04-07T15:54:01.256Z | 3 | File | 0dcbb073b62f9ec1783d98d826bbfd1f938feb59e8e70180c00ecdfd903c0fe1 |
description: SafeBreach Insight - Prevent malware network transfer sha256: f456baa4593272686b9e07c8d902868991423dddeb5587734985d676c06dc730 tags: SafeBreachInsightId: 7 | value: f456baa4593272686b9e07c8d902868991423dddeb5587734985d676c06dc730 dataType: SHA256 insightId: 7 insightTime: 2020-04-07T15:54:01.256Z | 3 | File | f456baa4593272686b9e07c8d902868991423dddeb5587734985d676c06dc730 |
description: SafeBreach Insight - Prevent malware network transfer sha256: e3c6ce5a57623cb0ea51f70322c312ccf23b9e4a7342680fd18f0cce556aaa0f tags: SafeBreachInsightId: 7 | value: e3c6ce5a57623cb0ea51f70322c312ccf23b9e4a7342680fd18f0cce556aaa0f dataType: SHA256 insightId: 7 insightTime: 2020-04-07T15:54:01.256Z | 3 | File | e3c6ce5a57623cb0ea51f70322c312ccf23b9e4a7342680fd18f0cce556aaa0f |
description: SafeBreach Insight - Prevent malware network transfer sha256: 327c968b4c381d7c8f051c78720610cbb115515a370924c0d414c403524d7a03 tags: SafeBreachInsightId: 7 | value: 327c968b4c381d7c8f051c78720610cbb115515a370924c0d414c403524d7a03 dataType: SHA256 insightId: 7 insightTime: 2020-04-07T15:54:01.256Z | 3 | File | 327c968b4c381d7c8f051c78720610cbb115515a370924c0d414c403524d7a03 |
description: SafeBreach Insight - Prevent malware network transfer sha256: 566ef062b86cc505fac48c50a80c65ae5f8bd19cdf6dc2a9d935045d08a37e60 tags: SafeBreachInsightId: 7 | value: 566ef062b86cc505fac48c50a80c65ae5f8bd19cdf6dc2a9d935045d08a37e60 dataType: SHA256 insightId: 7 insightTime: 2020-04-07T15:54:01.256Z | 3 | File | 566ef062b86cc505fac48c50a80c65ae5f8bd19cdf6dc2a9d935045d08a37e60 |
description: SafeBreach Insight - Prevent malware network transfer sha256: 620f756be7815e24dfb2724839dc616fe46b545fa13fd3a7e063db661e21d596 tags: SafeBreachInsightId: 7 | value: 620f756be7815e24dfb2724839dc616fe46b545fa13fd3a7e063db661e21d596 dataType: SHA256 insightId: 7 insightTime: 2020-04-07T15:54:01.256Z | 3 | File | 620f756be7815e24dfb2724839dc616fe46b545fa13fd3a7e063db661e21d596 |
description: SafeBreach Insight - Prevent malware network transfer sha256: 500f7f7b858b4bb4e4172361327ee8c340bc95442ebf713d60f892347e02af2f tags: SafeBreachInsightId: 7 | value: 500f7f7b858b4bb4e4172361327ee8c340bc95442ebf713d60f892347e02af2f dataType: SHA256 insightId: 7 insightTime: 2020-04-07T15:54:01.256Z | 3 | File | 500f7f7b858b4bb4e4172361327ee8c340bc95442ebf713d60f892347e02af2f |
description: SafeBreach Insight - Prevent malware network transfer sha256: 5fd54218d1c68562e0a98985f79cb03526aa97e95be020a2b8ceaa9c083f9c19 tags: SafeBreachInsightId: 7 | value: 5fd54218d1c68562e0a98985f79cb03526aa97e95be020a2b8ceaa9c083f9c19 dataType: SHA256 insightId: 7 insightTime: 2020-04-07T15:54:01.256Z | 3 | File | 5fd54218d1c68562e0a98985f79cb03526aa97e95be020a2b8ceaa9c083f9c19 |
description: SafeBreach Insight - Prevent malware network transfer sha256: 1711fbb363aebfe66f2d8dcbf8cddca8d2fd9fa9a6952da5873b7825e57f542d tags: SafeBreachInsightId: 7 | value: 1711fbb363aebfe66f2d8dcbf8cddca8d2fd9fa9a6952da5873b7825e57f542d dataType: SHA256 insightId: 7 insightTime: 2020-04-07T15:54:01.256Z | 3 | File | 1711fbb363aebfe66f2d8dcbf8cddca8d2fd9fa9a6952da5873b7825e57f542d |