[{"data":1,"prerenderedAt":2084},["ShallowReactive",2],{"recent-post":3,"trending-post":1319},[4,379,699],{"id":5,"title":6,"body":7,"description":363,"extension":364,"meta":365,"navigation":374,"ogImage":367,"path":375,"seo":376,"stem":377,"__hash__":378},"content/blogs/14. prisma-cloud-vs-cortex-cloud-enterprise-comparison.md","Prisma Cloud vs. Cortex Cloud: The Ultimate Enterprise Security Comparison",{"type":8,"value":9,"toc":352},"minimark",[10,15,28,31,34,38,45,50,72,74,78,85,89,109,111,115,267,269,273,279,284,289,293,298,302,307,309,313,327,345,347],[11,12,14],"h3",{"id":13},"introduction-securing-the-modern-enterprise","Introduction: Securing the Modern Enterprise",[16,17,18,19,23,24,27],"p",{},"As enterprises move from legacy data centers to hybrid and multi-cloud environments, the \"perimeter\" has effectively disappeared. Palo Alto Networks offers two primary powerhouses to tackle this: ",[20,21,22],"strong",{},"Prisma Cloud"," and ",[20,25,26],{},"Cortex Cloud"," (often referred to through its flagship, Cortex XDR).",[16,29,30],{},"While both are industry leaders, they solve fundamentally different problems. If you are pitching to a CISO or a Cloud Architect, understanding where these products overlap—and where they diverge—is critical for a successful security strategy.",[32,33],"hr",{},[11,35,37],{"id":36},"prisma-cloud-the-cloud-native-architect-cnapp","Prisma Cloud: The Cloud-Native Architect (CNAPP)",[16,39,40,41,44],{},"Prisma Cloud is a ",[20,42,43],{},"Cloud-Native Application Protection Platform (CNAPP)",". Its mission is \"Code-to-Cloud.\" It focuses on the security posture and protection of your cloud infrastructure (AWS, Azure, GCP) and the applications running on them (Kubernetes, Serverless, Containers).",[16,46,47],{},[20,48,49],{},"Key Focus:",[51,52,53,60,66],"ul",{},[54,55,56,59],"li",{},[20,57,58],{},"Shift-Left Security:"," Scanning Infrastructure-as-Code (IaC) templates before they are deployed.",[54,61,62,65],{},[20,63,64],{},"Posture Management (CSPM):"," Ensuring your S3 buckets aren't public and you're meeting compliance (NIST, SOC2).",[54,67,68,71],{},[20,69,70],{},"Workload Protection (CWPP):"," Protecting the host, the container, and the function at runtime.",[32,73],{},[11,75,77],{"id":76},"cortex-cloud-the-soc-powerhouse-xdrasm","Cortex Cloud: The SOC Powerhouse (XDR/ASM)",[16,79,80,81,84],{},"Cortex Cloud is the brain of the ",[20,82,83],{},"Security Operations Center (SOC)",". It is designed for detection, investigation, and response. It doesn't just care about the cloud; it integrates data across Endpoints, Network, and Cloud to provide a holistic view of an attack.",[16,86,87],{},[20,88,49],{},[51,90,91,97,103],{},[54,92,93,96],{},[20,94,95],{},"Visibility & Response (XDR):"," Stitching together logs to find \"low and slow\" attacks that a single tool would miss.",[54,98,99,102],{},[20,100,101],{},"Attack Surface Management (Xpanse):"," Finding the \"Shadow IT\"—assets you didn't even know were connected to the internet.",[54,104,105,108],{},[20,106,107],{},"Automation (XSOAR):"," Using playbooks to automate the response to thousands of daily alerts.",[32,110],{},[11,112,114],{"id":113},"enterprise-comparison-table","Enterprise Comparison Table",[116,117,118,138],"table",{},[119,120,121],"thead",{},[122,123,124,129,132,135],"tr",{},[125,126,128],"th",{"align":127},"left","Feature",[125,130,131],{"align":127},"Prisma Cloud (CNAPP)",[125,133,134],{"align":127},"Cortex Cloud (XDR/XPANSE)",[125,136,137],{"align":127},"Strategic Enterprise Value",[139,140,141,161,186,205,229,248],"tbody",{},[122,142,143,149,152,155],{},[144,145,146],"td",{"align":127},[20,147,148],{},"Primary Domain",[144,150,151],{"align":127},"Public/Hybrid Cloud (AWS, GCP, Azure, K8s).",[144,153,154],{"align":127},"Cross-Platform (Endpoint, Network, Identity, Cloud).",[144,156,157,160],{"align":127},[20,158,159],{},"Unified Visibility:"," Cortex provides the \"big picture,\" while Prisma provides \"deep cloud\" depth.",[122,162,163,168,174,180],{},[144,164,165],{"align":127},[20,166,167],{},"Security Philosophy",[144,169,170,173],{"align":127},[20,171,172],{},"Preventative & Posture-based."," Focuses on \"Is it configured correctly?\"",[144,175,176,179],{"align":127},[20,177,178],{},"Detective & Reactive."," Focuses on \"Is there an active threat?\"",[144,181,182,185],{"align":127},[20,183,184],{},"Risk Mitigation:"," Use Prisma to reduce the attack surface and Cortex to catch those who get through.",[122,187,188,193,196,199],{},[144,189,190],{"align":127},[20,191,192],{},"Primary Users",[144,194,195],{"align":127},"Cloud Security Engineers, DevOps, Platform Teams.",[144,197,198],{"align":127},"SOC Analysts, Incident Responders, CISO.",[144,200,201,204],{"align":127},[20,202,203],{},"Operational Efficiency:"," Breaks silos between the DevOps \"builders\" and the SecOps \"defenders.\"",[122,206,207,212,215,218],{},[144,208,209],{"align":127},[20,210,211],{},"Compliance Focus",[144,213,214],{"align":127},"Automated audits (PCI-DSS, HIPAA, GDPR) for cloud assets.",[144,216,217],{"align":127},"Forensic logs and audit trails for incident investigation.",[144,219,220,223,224,228],{"align":127},[20,221,222],{},"Governance:"," Prisma ensures you ",[225,226,227],"em",{},"stay"," compliant; Cortex proves what happened during a breach.",[122,230,231,236,239,242],{},[144,232,233],{"align":127},[20,234,235],{},"Integration Point",[144,237,238],{"align":127},"Deep API integration with Cloud Service Providers.",[144,240,241],{"align":127},"Agent-based (XDR Agents) + Log Ingestion from firewalls/identity.",[144,243,244,247],{"align":127},[20,245,246],{},"TCO (Total Cost of Ownership):"," Both leverage \"Platformization\"—sharing data to reduce the need for 3rd party tools.",[122,249,250,255,258,261],{},[144,251,252],{"align":127},[20,253,254],{},"Licensing Model",[144,256,257],{"align":127},"Credit-based (Dynamic allocation across cloud resources).",[144,259,260],{"align":127},"Volume-based (TB of data or per-endpoint).",[144,262,263,266],{"align":127},[20,264,265],{},"Predictable Scaling:"," Enterprises can scale cloud security credits as their infrastructure grows.",[32,268],{},[11,270,272],{"id":271},"pitching-to-the-client-the-better-together-strategy","Pitching to the Client: The \"Better Together\" Strategy",[16,274,275,276],{},"If you are pitching these to an enterprise client, don't frame it as an \"Either/Or\" choice. Frame it as ",[20,277,278],{},"The Multi-Layered Defense.",[280,281,283],"h4",{"id":282},"_1-the-prevention-first-pitch-prisma-cloud","1. The \"Prevention First\" Pitch (Prisma Cloud)",[16,285,286],{},[225,287,288],{},"\"Mr. Client, your developers are moving fast. Prisma Cloud ensures that security isn't a bottleneck. We shift security left into the IDE and CI/CD pipeline, catching vulnerabilities before they reach production. It's about building a secure foundation.\"",[280,290,292],{"id":291},"_2-the-detection-excellence-pitch-cortex-cloud","2. The \"Detection Excellence\" Pitch (Cortex Cloud)",[16,294,295],{},[225,296,297],{},"\"Once your apps are running, you need a watchdog. Cortex XDR acts as your SOC's eyes and ears. It finds the zero-day threats and lateral movement that traditional antivirus misses. It reduces your 'Mean Time to Respond' from days to minutes.\"",[280,299,301],{"id":300},"_3-the-platform-advantage","3. The \"Platform Advantage\"",[16,303,304],{},[225,305,306],{},"\"By using both, Prisma Cloud sends its runtime alerts directly into Cortex XDR. Your SOC analyst doesn't have to learn a new tool to investigate a cloud alert—it's all in one pane of glass.\"",[32,308],{},[11,310,312],{"id":311},"summary-which-one-does-the-client-need","Summary: Which One Does the Client Need?",[51,314,315,321],{},[54,316,317,320],{},[20,318,319],{},"Choose Prisma Cloud first if:"," The organization is heavily migrating to the cloud, using Kubernetes, and needs to automate compliance and IaC security.",[54,322,323,326],{},[20,324,325],{},"Choose Cortex Cloud first if:"," The organization has a dedicated SOC, is struggling with alert fatigue, or needs to replace legacy EDR/Antivirus across the whole company.",[16,328,329,332,333,336,337,340,341,344],{},[20,330,331],{},"Enterprise Recommendation:"," For a Tier-1 enterprise, the recommendation is always the ",[20,334,335],{},"Integrated Platform."," Secure the ",[225,338,339],{},"infrastructure"," with Prisma and secure the ",[225,342,343],{},"operations"," with Cortex.",[32,346],{},[16,348,349],{},[225,350,351],{},"Deep dive into our other blog posts for more XQL and Cloud Security tips!",{"title":353,"searchDepth":354,"depth":354,"links":355},"",2,[356,358,359,360,361,362],{"id":13,"depth":357,"text":14},3,{"id":36,"depth":357,"text":37},{"id":76,"depth":357,"text":77},{"id":113,"depth":357,"text":114},{"id":271,"depth":357,"text":272},{"id":311,"depth":357,"text":312},"An enterprise-grade breakdown of Palo Alto Networks' two cloud giants. Learn when to use Prisma Cloud for CNAPP and when to leverage Cortex for SOC visibility.","md",{"date":366,"image":367,"alt":368,"tags":369,"published":374},"18th Apr 2026","/blogs-img/blog.jpg","Prisma Cloud vs Cortex Comparison",[22,370,371,372,373],"Cortex XDR","CNAPP","Cybersecurity","Enterprise Tech",true,"/blogs/prisma-cloud-vs-cortex-cloud-enterprise-comparison",{"title":6,"description":363},"blogs/14. prisma-cloud-vs-cortex-cloud-enterprise-comparison","7bxWyeJCweauOr6J8CldisGJE9bqwxbkewUsjHVHjXw",{"id":380,"title":381,"body":382,"description":685,"extension":364,"meta":686,"navigation":374,"ogImage":688,"path":695,"seo":696,"stem":697,"__hash__":698},"content/blogs/11. advanced-threat-hunting-xql.md","Advanced Threat Hunting with Cortex XQL",{"type":8,"value":383,"toc":671},[384,388,400,407,413,417,420,452,459,462,466,496,503,506,510,513,542,546,549,553,582,590,596,620,624,657,661,664,667],[11,385,387],{"id":386},"taking-xql-further","Taking XQL Further",[16,389,390,391,394,395,399],{},"In our previous guide, we covered the basics of ",[20,392,393],{},"Cortex XQL",". Now, it's time to dive into the advanced features that turn a simple search into a powerful threat-hunting tool. We'll focus on data transformation, advanced filtering, and the elusive ",[396,397,398],"code",{},"join"," operation.",[11,401,403,404],{"id":402},"_1-complex-data-transformation-with-alter","1. Complex Data Transformation with ",[396,405,406],{},"alter",[16,408,409,410,412],{},"Sometimes the data in your logs isn't in the format you need. The ",[396,411,406],{}," stage allows you to create new fields on the fly.",[280,414,416],{"id":415},"extracting-substrings","Extracting Substrings",[16,418,419],{},"If you have a file path and you only want the file name:",[421,422,426],"pre",{"className":423,"code":424,"language":425,"meta":353,"style":353},"language-xql shiki shiki-themes dracula","dataset = xdr_data\n| filter action_file_path != null\n| alter file_name = arraylast(split(action_file_path, \"\\\"))\n| fields file_name, action_file_path\n","xql",[396,427,428,436,441,446],{"__ignoreMap":353},[429,430,433],"span",{"class":431,"line":432},"line",1,[429,434,435],{},"dataset = xdr_data\n",[429,437,438],{"class":431,"line":354},[429,439,440],{},"| filter action_file_path != null\n",[429,442,443],{"class":431,"line":357},[429,444,445],{},"| alter file_name = arraylast(split(action_file_path, \"\\\"))\n",[429,447,449],{"class":431,"line":448},4,[429,450,451],{},"| fields file_name, action_file_path\n",[11,453,455,456],{"id":454},"_2-advanced-aggregations-with-comp","2. Advanced Aggregations with ",[396,457,458],{},"comp",[16,460,461],{},"Aggregations are vital for identifying anomalies (e.g., a single user logging into 50 different machines).",[280,463,465],{"id":464},"detecting-horizontal-movement","Detecting Horizontal Movement",[421,467,469],{"className":423,"code":468,"language":425,"meta":353,"style":353},"dataset = xdr_data\n| filter event_type = \"LOGIN\"\n| comp count(endpoint_name) as distinct_login_count by actor_effective_username\n| filter distinct_login_count > 10\n| sort desc distinct_login_count\n",[396,470,471,475,480,485,490],{"__ignoreMap":353},[429,472,473],{"class":431,"line":432},[429,474,435],{},[429,476,477],{"class":431,"line":354},[429,478,479],{},"| filter event_type = \"LOGIN\"\n",[429,481,482],{"class":431,"line":357},[429,483,484],{},"| comp count(endpoint_name) as distinct_login_count by actor_effective_username\n",[429,486,487],{"class":431,"line":448},[429,488,489],{},"| filter distinct_login_count > 10\n",[429,491,493],{"class":431,"line":492},5,[429,494,495],{},"| sort desc distinct_login_count\n",[11,497,499,500,502],{"id":498},"_3-mastering-the-join-operation","3. Mastering the ",[396,501,398],{}," Operation",[16,504,505],{},"Joins allow you to correlate data across different datasets. This is where XQL truly shines.",[280,507,509],{"id":508},"correlating-process-activity-with-network-traffic","Correlating Process Activity with Network Traffic",[16,511,512],{},"Suppose you find a suspicious process and want to see if it communicated externally:",[421,514,516],{"className":423,"code":515,"language":425,"meta":353,"style":353},"dataset = xdr_data\n| filter actor_process_image_name == \"powershell.exe\"\n| join (dataset = pan_traffic_raw) as traffic on traffic.source_ip = xdr_data.endpoint_ip\n| filter traffic.destination_port == 443\n| fields xdr_data.endpoint_name, xdr_data.actor_process_command_line, traffic.destination_ip\n",[396,517,518,522,527,532,537],{"__ignoreMap":353},[429,519,520],{"class":431,"line":432},[429,521,435],{},[429,523,524],{"class":431,"line":354},[429,525,526],{},"| filter actor_process_image_name == \"powershell.exe\"\n",[429,528,529],{"class":431,"line":357},[429,530,531],{},"| join (dataset = pan_traffic_raw) as traffic on traffic.source_ip = xdr_data.endpoint_ip\n",[429,533,534],{"class":431,"line":448},[429,535,536],{},"| filter traffic.destination_port == 443\n",[429,538,539],{"class":431,"line":492},[429,540,541],{},"| fields xdr_data.endpoint_name, xdr_data.actor_process_command_line, traffic.destination_ip\n",[11,543,545],{"id":544},"_4-advanced-window-functions","4. Advanced Window Functions",[16,547,548],{},"Window functions allow you to perform calculations across a set of rows related to the current row.",[280,550,552],{"id":551},"calculating-time-deltas-between-events","Calculating Time Deltas between Events",[421,554,556],{"className":423,"code":555,"language":425,"meta":353,"style":353},"dataset = xdr_data\n| filter actor_effective_username = \"admin\"\n| sort asc _time\n| alter time_diff = _time - prev(_time)\n| filter time_diff \u003C 5000 // events occurring within 5 seconds of each other\n",[396,557,558,562,567,572,577],{"__ignoreMap":353},[429,559,560],{"class":431,"line":432},[429,561,435],{},[429,563,564],{"class":431,"line":354},[429,565,566],{},"| filter actor_effective_username = \"admin\"\n",[429,568,569],{"class":431,"line":357},[429,570,571],{},"| sort asc _time\n",[429,573,574],{"class":431,"line":448},[429,575,576],{},"| alter time_diff = _time - prev(_time)\n",[429,578,579],{"class":431,"line":492},[429,580,581],{},"| filter time_diff \u003C 5000 // events occurring within 5 seconds of each other\n",[11,583,585,586,589],{"id":584},"_5-using-bin-for-time-series-analysis","5. Using ",[396,587,588],{},"bin"," for Time-Series Analysis",[16,591,592,593,595],{},"If you want to visualize data over time, use ",[396,594,588],{}," to group timestamps.",[421,597,599],{"className":423,"code":598,"language":425,"meta":353,"style":353},"dataset = xdr_data\n| filter event_type = \"FILE\"\n| alter time_bucket = bin(_time, 1h)\n| comp count(event_id) as file_ops_per_hour by time_bucket\n",[396,600,601,605,610,615],{"__ignoreMap":353},[429,602,603],{"class":431,"line":432},[429,604,435],{},[429,606,607],{"class":431,"line":354},[429,608,609],{},"| filter event_type = \"FILE\"\n",[429,611,612],{"class":431,"line":357},[429,613,614],{},"| alter time_bucket = bin(_time, 1h)\n",[429,616,617],{"class":431,"line":448},[429,618,619],{},"| comp count(event_id) as file_ops_per_hour by time_bucket\n",[11,621,623],{"id":622},"best-practices-for-performance","Best Practices for Performance",[625,626,627,641,651],"ol",{},[54,628,629,632,633,636,637,640],{},[20,630,631],{},"Filter Early",": Use ",[396,634,635],{},"filter"," as close to the ",[396,638,639],{},"dataset"," line as possible to reduce the amount of data processed.",[54,642,643,646,647,650],{},[20,644,645],{},"Be Specific",": Avoid ",[396,648,649],{},"dataset = *"," if you know exactly which log source you need.",[54,652,653,656],{},[20,654,655],{},"Limit Fields",": Only use the fields you actually need to see in the final output.",[11,658,660],{"id":659},"conclusion","Conclusion",[16,662,663],{},"Advanced XQL is about more than just finding data—it's about manipulating and correlating it to tell a complete story of what happened in your environment. These advanced techniques are what separate a standard security analyst from an elite threat hunter.",[16,665,666],{},"Happy Hunting!",[668,669,670],"style",{},"html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}",{"title":353,"searchDepth":354,"depth":354,"links":672},[673,674,676,678,680,681,683,684],{"id":386,"depth":357,"text":387},{"id":402,"depth":357,"text":675},"1. Complex Data Transformation with alter",{"id":454,"depth":357,"text":677},"2. Advanced Aggregations with comp",{"id":498,"depth":357,"text":679},"3. Mastering the join Operation",{"id":544,"depth":357,"text":545},{"id":584,"depth":357,"text":682},"5. Using bin for Time-Series Analysis",{"id":622,"depth":357,"text":623},{"id":659,"depth":357,"text":660},"Take your XQL skills to the next level with advanced joins, data transformation, and complex aggregations.",{"date":687,"image":688,"alt":689,"tags":690,"published":374},"16th Apr 2026","/blogs-img/blog3.jpg","Advanced Cortex XQL",[691,692,693,694],"Cortex","XQL","AdvancedQuerying","ThreatHunting","/blogs/advanced-threat-hunting-xql",{"title":381,"description":685},"blogs/11. advanced-threat-hunting-xql","dxp1wYP9uTJrMWv4eup4EoEk-43w9S5cRKJi91ERBmY",{"id":700,"title":701,"body":702,"description":1308,"extension":364,"meta":1309,"navigation":374,"ogImage":1310,"path":1315,"seo":1316,"stem":1317,"__hash__":1318},"content/blogs/12. ultimate-xql-cheat-sheet.md","The Ultimate XQL Cheat Sheet - 25+ Essential Queries for Cortex XDR",{"type":8,"value":703,"toc":1303},[704,715,717,721,729,733,762,766,781,785,800,804,833,837,855,859,881,885,904,908,927,931,945,949,968,970,974,979,983,997,1001,1020,1024,1043,1047,1061,1065,1084,1088,1102,1106,1125,1129,1143,1147,1171,1175,1189,1193,1207,1211,1230,1234,1248,1252,1267,1271,1290,1292,1294,1301],[16,705,706,707,710,711,714],{},"Having a solid library of XQL queries is essential for any Palo Alto Cortex analyst. This cheat sheet provides 25+ queries divided into ",[20,708,709],{},"Dashboard Widget"," queries (optimized for visualization) and ",[20,712,713],{},"Investigation"," queries (optimized for threat hunting).",[32,716],{},[11,718,720],{"id":719},"part-1-widget-visualization-queries","Part 1: Widget & Visualization Queries",[16,722,723],{},[225,724,725,726,728],{},"These queries use ",[396,727,458],{}," to aggregate data, making them perfect for Pie charts, Bar charts, and dashboards.",[280,730,732],{"id":731},"_1-top-10-users-with-failed-logins-bar-chart","1. Top 10 Users with Failed Logins (Bar Chart)",[421,734,736],{"className":423,"code":735,"language":425,"meta":353,"style":353},"dataset = xdr_data\n| filter event_type = \"LOGIN\" and outcome = \"FAILURE\"\n| comp count(event_id) as failure_count by actor_effective_username\n| sort desc failure_count\n| limit 10\n",[396,737,738,742,747,752,757],{"__ignoreMap":353},[429,739,740],{"class":431,"line":432},[429,741,435],{},[429,743,744],{"class":431,"line":354},[429,745,746],{},"| filter event_type = \"LOGIN\" and outcome = \"FAILURE\"\n",[429,748,749],{"class":431,"line":357},[429,750,751],{},"| comp count(event_id) as failure_count by actor_effective_username\n",[429,753,754],{"class":431,"line":448},[429,755,756],{},"| sort desc failure_count\n",[429,758,759],{"class":431,"line":492},[429,760,761],{},"| limit 10\n",[280,763,765],{"id":764},"_2-incident-severity-distribution-pie-chart","2. Incident Severity Distribution (Pie Chart)",[421,767,769],{"className":423,"code":768,"language":425,"meta":353,"style":353},"dataset = incidents\n| comp count(incident_id) as total by severity\n",[396,770,771,776],{"__ignoreMap":353},[429,772,773],{"class":431,"line":432},[429,774,775],{},"dataset = incidents\n",[429,777,778],{"class":431,"line":354},[429,779,780],{},"| comp count(incident_id) as total by severity\n",[280,782,784],{"id":783},"_3-endpoint-os-distribution-donut-chart","3. Endpoint OS Distribution (Donut Chart)",[421,786,788],{"className":423,"code":787,"language":425,"meta":353,"style":353},"dataset = endpoints\n| comp count(endpoint_id) as total by os_type\n",[396,789,790,795],{"__ignoreMap":353},[429,791,792],{"class":431,"line":432},[429,793,794],{},"dataset = endpoints\n",[429,796,797],{"class":431,"line":354},[429,798,799],{},"| comp count(endpoint_id) as total by os_type\n",[280,801,803],{"id":802},"_4-top-10-malicious-domains-blocked-table-widget","4. Top 10 Malicious Domains Blocked (Table Widget)",[421,805,807],{"className":423,"code":806,"language":425,"meta":353,"style":353},"dataset = pan_traffic_raw\n| filter action = \"deny\" and category = \"malware\"\n| comp count(event_id) as blocks by destination_hostname\n| sort desc blocks\n| limit 10\n",[396,808,809,814,819,824,829],{"__ignoreMap":353},[429,810,811],{"class":431,"line":432},[429,812,813],{},"dataset = pan_traffic_raw\n",[429,815,816],{"class":431,"line":354},[429,817,818],{},"| filter action = \"deny\" and category = \"malware\"\n",[429,820,821],{"class":431,"line":357},[429,822,823],{},"| comp count(event_id) as blocks by destination_hostname\n",[429,825,826],{"class":431,"line":448},[429,827,828],{},"| sort desc blocks\n",[429,830,831],{"class":431,"line":492},[429,832,761],{},[280,834,836],{"id":835},"_5-network-traffic-volume-by-app-area-chart","5. Network Traffic Volume by App (Area Chart)",[421,838,840],{"className":423,"code":839,"language":425,"meta":353,"style":353},"dataset = pan_traffic_raw\n| alter time_bucket = bin(_time, 1h)\n| comp sum(bytes_sent + bytes_received) as total_bytes by time_bucket, app\n",[396,841,842,846,850],{"__ignoreMap":353},[429,843,844],{"class":431,"line":432},[429,845,813],{},[429,847,848],{"class":431,"line":354},[429,849,614],{},[429,851,852],{"class":431,"line":357},[429,853,854],{},"| comp sum(bytes_sent + bytes_received) as total_bytes by time_bucket, app\n",[280,856,858],{"id":857},"_6-suspicious-powershell-executions-over-time-line-chart","6. Suspicious Powershell Executions over Time (Line Chart)",[421,860,862],{"className":423,"code":861,"language":425,"meta":353,"style":353},"dataset = xdr_data\n| filter actor_process_image_name == \"powershell.exe\"\n| alter time_bucket = bin(_time, 1h)\n| comp count(event_id) as executions by time_bucket\n",[396,863,864,868,872,876],{"__ignoreMap":353},[429,865,866],{"class":431,"line":432},[429,867,435],{},[429,869,870],{"class":431,"line":354},[429,871,526],{},[429,873,874],{"class":431,"line":357},[429,875,614],{},[429,877,878],{"class":431,"line":448},[429,879,880],{},"| comp count(event_id) as executions by time_bucket\n",[280,882,884],{"id":883},"_7-top-attack-sources-by-country-map-widget","7. Top Attack Sources by Country (Map Widget)",[421,886,888],{"className":423,"code":887,"language":425,"meta":353,"style":353},"dataset = pan_traffic_raw\n| filter action = \"deny\"\n| comp count(event_id) as attacks by source_country\n",[396,889,890,894,899],{"__ignoreMap":353},[429,891,892],{"class":431,"line":432},[429,893,813],{},[429,895,896],{"class":431,"line":354},[429,897,898],{},"| filter action = \"deny\"\n",[429,900,901],{"class":431,"line":357},[429,902,903],{},"| comp count(event_id) as attacks by source_country\n",[280,905,907],{"id":906},"_8-data-exfiltration-alert-threshold-widget","8. Data Exfiltration Alert (Threshold Widget)",[421,909,911],{"className":423,"code":910,"language":425,"meta":353,"style":353},"dataset = pan_traffic_raw\n| comp sum(bytes_sent) as uploads by source_ip\n| filter uploads > 1000000000 // 1GB Threshold\n",[396,912,913,917,922],{"__ignoreMap":353},[429,914,915],{"class":431,"line":432},[429,916,813],{},[429,918,919],{"class":431,"line":354},[429,920,921],{},"| comp sum(bytes_sent) as uploads by source_ip\n",[429,923,924],{"class":431,"line":357},[429,925,926],{},"| filter uploads > 1000000000 // 1GB Threshold\n",[280,928,930],{"id":929},"_9-agent-health-status-summary-widget","9. Agent Health Status (Summary Widget)",[421,932,934],{"className":423,"code":933,"language":425,"meta":353,"style":353},"dataset = endpoints\n| comp count(endpoint_id) as count by endpoint_status\n",[396,935,936,940],{"__ignoreMap":353},[429,937,938],{"class":431,"line":432},[429,939,794],{},[429,941,942],{"class":431,"line":354},[429,943,944],{},"| comp count(endpoint_id) as count by endpoint_status\n",[280,946,948],{"id":947},"_10-most-common-malware-signatures-bar-chart","10. Most Common Malware Signatures (Bar Chart)",[421,950,952],{"className":423,"code":951,"language":425,"meta":353,"style":353},"dataset = xdr_data\n| filter event_type = \"MALWARE_DETECTED\"\n| comp count(event_id) as detections by threat_name\n",[396,953,954,958,963],{"__ignoreMap":353},[429,955,956],{"class":431,"line":432},[429,957,435],{},[429,959,960],{"class":431,"line":354},[429,961,962],{},"| filter event_type = \"MALWARE_DETECTED\"\n",[429,964,965],{"class":431,"line":357},[429,966,967],{},"| comp count(event_id) as detections by threat_name\n",[32,969],{},[11,971,973],{"id":972},"part-2-normal-search-investigation-queries","Part 2: Normal Search & Investigation Queries",[16,975,976],{},[225,977,978],{},"These queries return detailed rows, useful for deep-dive forensic investigations.",[280,980,982],{"id":981},"_11-find-all-executions-from-usb-drives","11. Find All Executions from USB Drives",[421,984,986],{"className":423,"code":985,"language":425,"meta":353,"style":353},"dataset = xdr_data\n| filter actor_process_image_path contains \":\\RECYCLER\\\" or actor_process_image_path contains \"Removable\"\n",[396,987,988,992],{"__ignoreMap":353},[429,989,990],{"class":431,"line":432},[429,991,435],{},[429,993,994],{"class":431,"line":354},[429,995,996],{},"| filter actor_process_image_path contains \":\\RECYCLER\\\" or actor_process_image_path contains \"Removable\"\n",[280,998,1000],{"id":999},"_12-locate-specific-file-hash-across-network","12. Locate Specific File Hash across Network",[421,1002,1004],{"className":423,"code":1003,"language":425,"meta":353,"style":353},"dataset = xdr_data\n| filter action_file_sha256 = \"your_hash_here\"\n| fields _time, endpoint_name, actor_process_image_name, action_file_path\n",[396,1005,1006,1010,1015],{"__ignoreMap":353},[429,1007,1008],{"class":431,"line":432},[429,1009,435],{},[429,1011,1012],{"class":431,"line":354},[429,1013,1014],{},"| filter action_file_sha256 = \"your_hash_here\"\n",[429,1016,1017],{"class":431,"line":357},[429,1018,1019],{},"| fields _time, endpoint_name, actor_process_image_name, action_file_path\n",[280,1021,1023],{"id":1022},"_13-trace-rdp-connections-to-internal-ips","13. Trace RDP Connections to Internal IPs",[421,1025,1027],{"className":423,"code":1026,"language":425,"meta":353,"style":353},"dataset = pan_traffic_raw\n| filter destination_port = 3389 and destination_ip_internal = true\n| fields _time, source_ip, destination_ip, user\n",[396,1028,1029,1033,1038],{"__ignoreMap":353},[429,1030,1031],{"class":431,"line":432},[429,1032,813],{},[429,1034,1035],{"class":431,"line":354},[429,1036,1037],{},"| filter destination_port = 3389 and destination_ip_internal = true\n",[429,1039,1040],{"class":431,"line":357},[429,1041,1042],{},"| fields _time, source_ip, destination_ip, user\n",[280,1044,1046],{"id":1045},"_14-identify-living-off-the-land-binaries-lolbins","14. Identify \"Living off the Land\" Binaries (Lolbins)",[421,1048,1050],{"className":423,"code":1049,"language":425,"meta":353,"style":353},"dataset = xdr_data\n| filter actor_process_image_name in (\"certutil.exe\", \"bitsadmin.exe\", \"mshta.exe\")\n",[396,1051,1052,1056],{"__ignoreMap":353},[429,1053,1054],{"class":431,"line":432},[429,1055,435],{},[429,1057,1058],{"class":431,"line":354},[429,1059,1060],{},"| filter actor_process_image_name in (\"certutil.exe\", \"bitsadmin.exe\", \"mshta.exe\")\n",[280,1062,1064],{"id":1063},"_15-detect-base64-commands-in-powershell","15. Detect Base64 Commands in PowerShell",[421,1066,1068],{"className":423,"code":1067,"language":425,"meta":353,"style":353},"dataset = xdr_data\n| filter actor_process_image_name == \"powershell.exe\" \n| filter actor_process_command_line contains \"-enc\" or actor_process_command_line contains \"Base64\"\n",[396,1069,1070,1074,1079],{"__ignoreMap":353},[429,1071,1072],{"class":431,"line":432},[429,1073,435],{},[429,1075,1076],{"class":431,"line":354},[429,1077,1078],{},"| filter actor_process_image_name == \"powershell.exe\" \n",[429,1080,1081],{"class":431,"line":357},[429,1082,1083],{},"| filter actor_process_command_line contains \"-enc\" or actor_process_command_line contains \"Base64\"\n",[280,1085,1087],{"id":1086},"_16-search-for-newly-created-local-accounts","16. Search for Newly Created Local Accounts",[421,1089,1091],{"className":423,"code":1090,"language":425,"meta":353,"style":353},"dataset = xdr_data\n| filter event_type = \"USER_MANAGEMENT\" and action_type = \"CREATE\"\n",[396,1092,1093,1097],{"__ignoreMap":353},[429,1094,1095],{"class":431,"line":432},[429,1096,435],{},[429,1098,1099],{"class":431,"line":354},[429,1100,1101],{},"| filter event_type = \"USER_MANAGEMENT\" and action_type = \"CREATE\"\n",[280,1103,1105],{"id":1104},"_17-monitor-modification-of-sensitive-registry-keys","17. Monitor Modification of Sensitive Registry Keys",[421,1107,1109],{"className":423,"code":1108,"language":425,"meta":353,"style":353},"dataset = xdr_data\n| filter event_type = \"REGISTRY\" \n| filter action_registry_key_name contains \"CurrentVersion\\Run\"\n",[396,1110,1111,1115,1120],{"__ignoreMap":353},[429,1112,1113],{"class":431,"line":432},[429,1114,435],{},[429,1116,1117],{"class":431,"line":354},[429,1118,1119],{},"| filter event_type = \"REGISTRY\" \n",[429,1121,1122],{"class":431,"line":357},[429,1123,1124],{},"| filter action_registry_key_name contains \"CurrentVersion\\Run\"\n",[280,1126,1128],{"id":1127},"_18-find-suspicious-parent-child-process-relationships-eg-word-cmd","18. Find Suspicious Parent-Child Process Relationships (e.g. Word -> CMD)",[421,1130,1132],{"className":423,"code":1131,"language":425,"meta":353,"style":353},"dataset = xdr_data\n| filter actor_process_image_name == \"winword.exe\" and action_process_image_name == \"cmd.exe\"\n",[396,1133,1134,1138],{"__ignoreMap":353},[429,1135,1136],{"class":431,"line":432},[429,1137,435],{},[429,1139,1140],{"class":431,"line":354},[429,1141,1142],{},"| filter actor_process_image_name == \"winword.exe\" and action_process_image_name == \"cmd.exe\"\n",[280,1144,1146],{"id":1145},"_19-identify-excessive-dns-queries-potential-tunneling","19. Identify Excessive DNS Queries (Potential Tunneling)",[421,1148,1150],{"className":423,"code":1149,"language":425,"meta":353,"style":353},"dataset = pan_traffic_raw\n| filter destination_port = 53\n| comp count(event_id) as dns_queries by source_ip, destination_hostname\n| filter dns_queries > 500\n",[396,1151,1152,1156,1161,1166],{"__ignoreMap":353},[429,1153,1154],{"class":431,"line":432},[429,1155,813],{},[429,1157,1158],{"class":431,"line":354},[429,1159,1160],{},"| filter destination_port = 53\n",[429,1162,1163],{"class":431,"line":357},[429,1164,1165],{},"| comp count(event_id) as dns_queries by source_ip, destination_hostname\n",[429,1167,1168],{"class":431,"line":448},[429,1169,1170],{},"| filter dns_queries > 500\n",[280,1172,1174],{"id":1173},"_20-list-processes-listening-on-non-standard-ports","20. List Processes listening on non-standard ports",[421,1176,1178],{"className":423,"code":1177,"language":425,"meta":353,"style":353},"dataset = xdr_data\n| filter event_type = \"NETWORK\" and action_local_port not in (80, 443, 8080)\n",[396,1179,1180,1184],{"__ignoreMap":353},[429,1181,1182],{"class":431,"line":432},[429,1183,435],{},[429,1185,1186],{"class":431,"line":354},[429,1187,1188],{},"| filter event_type = \"NETWORK\" and action_local_port not in (80, 443, 8080)\n",[280,1190,1192],{"id":1191},"_21-detect-lsass-memory-dumping","21. Detect LSASS Memory Dumping",[421,1194,1196],{"className":423,"code":1195,"language":425,"meta":353,"style":353},"dataset = xdr_data\n| filter action_process_image_name == \"lsass.exe\" and action_type = \"OPEN_PROCESS\"\n",[396,1197,1198,1202],{"__ignoreMap":353},[429,1199,1200],{"class":431,"line":432},[429,1201,435],{},[429,1203,1204],{"class":431,"line":354},[429,1205,1206],{},"| filter action_process_image_name == \"lsass.exe\" and action_type = \"OPEN_PROCESS\"\n",[280,1208,1210],{"id":1209},"_22-find-files-downloaded-via-browser-then-executed","22. Find Files Downloaded via Browser then Executed",[421,1212,1214],{"className":423,"code":1213,"language":425,"meta":353,"style":353},"dataset = xdr_data\n| filter actor_process_image_name in (\"chrome.exe\", \"firefox.exe\", \"msedge.exe\")\n| filter action_type = \"FILE_WRITE\"\n",[396,1215,1216,1220,1225],{"__ignoreMap":353},[429,1217,1218],{"class":431,"line":432},[429,1219,435],{},[429,1221,1222],{"class":431,"line":354},[429,1223,1224],{},"| filter actor_process_image_name in (\"chrome.exe\", \"firefox.exe\", \"msedge.exe\")\n",[429,1226,1227],{"class":431,"line":357},[429,1228,1229],{},"| filter action_type = \"FILE_WRITE\"\n",[280,1231,1233],{"id":1232},"_23-investigate-ssh-logins-from-external-ips","23. Investigate SSH Logins from External IPs",[421,1235,1237],{"className":423,"code":1236,"language":425,"meta":353,"style":353},"dataset = xdr_data\n| filter event_type = \"LOGIN\" and auth_method = \"ssh\" and source_ip_internal = false\n",[396,1238,1239,1243],{"__ignoreMap":353},[429,1240,1241],{"class":431,"line":432},[429,1242,435],{},[429,1244,1245],{"class":431,"line":354},[429,1246,1247],{},"| filter event_type = \"LOGIN\" and auth_method = \"ssh\" and source_ip_internal = false\n",[280,1249,1251],{"id":1250},"_24-audit-admin-activity-in-the-cloud-console","24. Audit Admin Activity in the Cloud Console",[421,1253,1255],{"className":423,"code":1254,"language":425,"meta":353,"style":353},"dataset = cloud_audit_logs\n| filter user_role = \"Admin\" and action_type != \"GET\"\n",[396,1256,1257,1262],{"__ignoreMap":353},[429,1258,1259],{"class":431,"line":432},[429,1260,1261],{},"dataset = cloud_audit_logs\n",[429,1263,1264],{"class":431,"line":354},[429,1265,1266],{},"| filter user_role = \"Admin\" and action_type != \"GET\"\n",[280,1268,1270],{"id":1269},"_25-spot-hidden-filesdirectories-being-accesses","25. Spot Hidden Files/Directories being Accesses",[421,1272,1274],{"className":423,"code":1273,"language":425,"meta":353,"style":353},"dataset = xdr_data\n| filter action_file_path contains \"\\.\" // Unix style hidden\n| filter action_file_path contains \"$RECYCLE.BIN\" // Windows style\n",[396,1275,1276,1280,1285],{"__ignoreMap":353},[429,1277,1278],{"class":431,"line":432},[429,1279,435],{},[429,1281,1282],{"class":431,"line":354},[429,1283,1284],{},"| filter action_file_path contains \"\\.\" // Unix style hidden\n",[429,1286,1287],{"class":431,"line":357},[429,1288,1289],{},"| filter action_file_path contains \"$RECYCLE.BIN\" // Windows style\n",[32,1291],{},[11,1293,660],{"id":659},[16,1295,1296,1297,1300],{},"Whether you are building a NOC dashboard or hunting for an advanced persistent threat (APT), these queries provide a solid foundation. Remember to always ",[20,1298,1299],{},"test your queries on a small time range"," before scaling up to ensure performance!",[668,1302,670],{},{"title":353,"searchDepth":354,"depth":354,"links":1304},[1305,1306,1307],{"id":719,"depth":357,"text":720},{"id":972,"depth":357,"text":973},{"id":659,"depth":357,"text":660},"A comprehensive collection of XQL queries for threat hunting, investigation, and dashboard widgets.",{"date":687,"image":1310,"alt":1311,"tags":1312,"published":374},"/blogs-img/blog4.jpg","XQL Cheat Sheet",[691,692,1313,1314],"CheatSheet","SecurityOps","/blogs/ultimate-xql-cheat-sheet",{"title":701,"description":1308},"blogs/12. ultimate-xql-cheat-sheet","UqbAG2xiEGF4fCYSaUQopU2NoTN_8zLb1kVhwZ506Yw",[1320,1399,1609],{"id":1321,"title":1322,"body":1323,"description":1388,"extension":364,"meta":1389,"navigation":374,"ogImage":1391,"path":1395,"seo":1396,"stem":1397,"__hash__":1398},"content/blogs/1. connect-namecheap-to-vercel.md","How To Connect You Namecheap Domain With Vercel Deployed App",{"type":8,"value":1324,"toc":1380},[1325,1329,1332,1336,1339,1343,1346,1349,1353,1356,1359,1362,1365,1369,1372,1375,1377],[11,1326,1328],{"id":1327},"introduction","Introduction",[16,1330,1331],{},"If you've purchased a domain from Namecheap and you want to connect it to your Vercel app, there are a few steps you need to follow. In this blog, we'll guide you through the process of connecting your Namecheap domain with your Vercel app.",[11,1333,1335],{"id":1334},"step-1-add-a-custom-domain-to-your-vercel-app","Step 1: Add a custom domain to your Vercel app",[16,1337,1338],{},"The first step is to add your custom domain to your Vercel app. To do this, log in to your Vercel account and go to your app dashboard. Click on \"Settings\" and then \"Domains\". Click on \"Add Domain\" and enter your custom domain name. Then click on \"Add\".",[11,1340,1342],{"id":1341},"step-2-get-the-dns-records-from-vercel","Step 2: Get the DNS records from Vercel",[16,1344,1345],{},"Once you've added your custom domain to your Vercel app, you'll need to get the DNS records from Vercel. To do this, go back to the \"Domains\" section and click on the custom domain you just added. Then click on \"DNS Records\".",[16,1347,1348],{},"You'll see a list of DNS records that you need to add to your Namecheap account. These include the A record, the CNAME record, and the TXT record.",[11,1350,1352],{"id":1351},"step-3-add-dns-records-to-namecheap","Step 3: Add DNS records to Namecheap",[16,1354,1355],{},"Now that you have the DNS records from Vercel, you need to add them to your Namecheap account. To do this, log in to your Namecheap account and go to your domain dashboard. Click on \"Advanced DNS\" and then \"Add New Record\".",[16,1357,1358],{},"Add the A record first. In the \"Type\" dropdown menu, select \"A (Address)\". In the \"Host\" field, enter \"@\" (without the quotes). In the \"Value\" field, enter the IP address from the Vercel DNS records.",[16,1360,1361],{},"Next, add the CNAME record. In the \"Type\" dropdown menu, select \"CNAME (Alias)\". In the \"Host\" field, enter \"www\" (without the quotes). In the \"Value\" field, enter the value from the Vercel DNS records.",[16,1363,1364],{},"Finally, add the TXT record. In the \"Type\" dropdown menu, select \"TXT (Text)\". In the \"Host\" field, enter \"@\" (without the quotes). In the \"Value\" field, enter the value from the Vercel DNS records.",[11,1366,1368],{"id":1367},"step-4-verify-dns-records","Step 4: Verify DNS records",[16,1370,1371],{},"Once you've added the DNS records to your Namecheap account, you need to verify that they're correct. To do this, go back to your Vercel app dashboard and click on the custom domain. Then click on \"Verify DNS Configuration\". Vercel will check if the DNS records have been set up correctly.",[16,1373,1374],{},"It may take some time for the DNS records to propagate, so be patient. Once the DNS records have propagated, Vercel will verify them and your custom domain will be connected to your Vercel app.",[11,1376,660],{"id":659},[16,1378,1379],{},"Connecting your Namecheap domain to your Vercel app is a relatively simple process. By following the steps outlined in this blog, you'll be able to connect your custom domain in no time. Remember to be patient as it may take some time for the DNS records to propagate. If you run into any issues, don't hesitate to reach out to Vercel support for assistance.",{"title":353,"searchDepth":354,"depth":354,"links":1381},[1382,1383,1384,1385,1386,1387],{"id":1327,"depth":357,"text":1328},{"id":1334,"depth":357,"text":1335},{"id":1341,"depth":357,"text":1342},{"id":1351,"depth":357,"text":1352},{"id":1367,"depth":357,"text":1368},{"id":659,"depth":357,"text":660},"Here you will lean how to connect your namecheap domain to vercel deployed app.",{"date":1390,"image":1391,"alt":1322,"tags":1392,"published":374},"1st Mar 2023","/blogs-img/blog1.jpg",[1393,1394],"namecheap","vercel","/blogs/connect-namecheap-to-vercel",{"title":1322,"description":1388},"blogs/1. connect-namecheap-to-vercel","6bP1Z3akUdkPDUNMFvzPGAroM_E6rx4Ix4BL2YTQTa4",{"id":380,"title":381,"body":1400,"description":685,"extension":364,"meta":1606,"navigation":374,"ogImage":688,"path":695,"seo":1608,"stem":697,"__hash__":698},{"type":8,"value":1401,"toc":1596},[1402,1404,1410,1414,1418,1420,1422,1442,1446,1448,1450,1474,1478,1480,1482,1484,1508,1510,1512,1514,1538,1542,1546,1566,1568,1588,1590,1592,1594],[11,1403,387],{"id":386},[16,1405,390,1406,394,1408,399],{},[20,1407,393],{},[396,1409,398],{},[11,1411,403,1412],{"id":402},[396,1413,406],{},[16,1415,409,1416,412],{},[396,1417,406],{},[280,1419,416],{"id":415},[16,1421,419],{},[421,1423,1424],{"className":423,"code":424,"language":425,"meta":353,"style":353},[396,1425,1426,1430,1434,1438],{"__ignoreMap":353},[429,1427,1428],{"class":431,"line":432},[429,1429,435],{},[429,1431,1432],{"class":431,"line":354},[429,1433,440],{},[429,1435,1436],{"class":431,"line":357},[429,1437,445],{},[429,1439,1440],{"class":431,"line":448},[429,1441,451],{},[11,1443,455,1444],{"id":454},[396,1445,458],{},[16,1447,461],{},[280,1449,465],{"id":464},[421,1451,1452],{"className":423,"code":468,"language":425,"meta":353,"style":353},[396,1453,1454,1458,1462,1466,1470],{"__ignoreMap":353},[429,1455,1456],{"class":431,"line":432},[429,1457,435],{},[429,1459,1460],{"class":431,"line":354},[429,1461,479],{},[429,1463,1464],{"class":431,"line":357},[429,1465,484],{},[429,1467,1468],{"class":431,"line":448},[429,1469,489],{},[429,1471,1472],{"class":431,"line":492},[429,1473,495],{},[11,1475,499,1476,502],{"id":498},[396,1477,398],{},[16,1479,505],{},[280,1481,509],{"id":508},[16,1483,512],{},[421,1485,1486],{"className":423,"code":515,"language":425,"meta":353,"style":353},[396,1487,1488,1492,1496,1500,1504],{"__ignoreMap":353},[429,1489,1490],{"class":431,"line":432},[429,1491,435],{},[429,1493,1494],{"class":431,"line":354},[429,1495,526],{},[429,1497,1498],{"class":431,"line":357},[429,1499,531],{},[429,1501,1502],{"class":431,"line":448},[429,1503,536],{},[429,1505,1506],{"class":431,"line":492},[429,1507,541],{},[11,1509,545],{"id":544},[16,1511,548],{},[280,1513,552],{"id":551},[421,1515,1516],{"className":423,"code":555,"language":425,"meta":353,"style":353},[396,1517,1518,1522,1526,1530,1534],{"__ignoreMap":353},[429,1519,1520],{"class":431,"line":432},[429,1521,435],{},[429,1523,1524],{"class":431,"line":354},[429,1525,566],{},[429,1527,1528],{"class":431,"line":357},[429,1529,571],{},[429,1531,1532],{"class":431,"line":448},[429,1533,576],{},[429,1535,1536],{"class":431,"line":492},[429,1537,581],{},[11,1539,585,1540,589],{"id":584},[396,1541,588],{},[16,1543,592,1544,595],{},[396,1545,588],{},[421,1547,1548],{"className":423,"code":598,"language":425,"meta":353,"style":353},[396,1549,1550,1554,1558,1562],{"__ignoreMap":353},[429,1551,1552],{"class":431,"line":432},[429,1553,435],{},[429,1555,1556],{"class":431,"line":354},[429,1557,609],{},[429,1559,1560],{"class":431,"line":357},[429,1561,614],{},[429,1563,1564],{"class":431,"line":448},[429,1565,619],{},[11,1567,623],{"id":622},[625,1569,1570,1578,1584],{},[54,1571,1572,632,1574,636,1576,640],{},[20,1573,631],{},[396,1575,635],{},[396,1577,639],{},[54,1579,1580,646,1582,650],{},[20,1581,645],{},[396,1583,649],{},[54,1585,1586,656],{},[20,1587,655],{},[11,1589,660],{"id":659},[16,1591,663],{},[16,1593,666],{},[668,1595,670],{},{"title":353,"searchDepth":354,"depth":354,"links":1597},[1598,1599,1600,1601,1602,1603,1604,1605],{"id":386,"depth":357,"text":387},{"id":402,"depth":357,"text":675},{"id":454,"depth":357,"text":677},{"id":498,"depth":357,"text":679},{"id":544,"depth":357,"text":545},{"id":584,"depth":357,"text":682},{"id":622,"depth":357,"text":623},{"id":659,"depth":357,"text":660},{"date":687,"image":688,"alt":689,"tags":1607,"published":374},[691,692,693,694],{"title":381,"description":685},{"id":700,"title":701,"body":1610,"description":1308,"extension":364,"meta":2081,"navigation":374,"ogImage":1310,"path":1315,"seo":2083,"stem":1317,"__hash__":1318},{"type":8,"value":1611,"toc":2076},[1612,1618,1620,1622,1628,1630,1654,1656,1668,1670,1682,1684,1708,1710,1726,1728,1748,1750,1766,1768,1784,1786,1798,1800,1816,1818,1820,1824,1826,1838,1840,1856,1858,1874,1876,1888,1890,1906,1908,1920,1922,1938,1940,1952,1954,1974,1976,1988,1990,2002,2004,2020,2022,2034,2036,2048,2050,2066,2068,2070,2074],[16,1613,706,1614,710,1616,714],{},[20,1615,709],{},[20,1617,713],{},[32,1619],{},[11,1621,720],{"id":719},[16,1623,1624],{},[225,1625,725,1626,728],{},[396,1627,458],{},[280,1629,732],{"id":731},[421,1631,1632],{"className":423,"code":735,"language":425,"meta":353,"style":353},[396,1633,1634,1638,1642,1646,1650],{"__ignoreMap":353},[429,1635,1636],{"class":431,"line":432},[429,1637,435],{},[429,1639,1640],{"class":431,"line":354},[429,1641,746],{},[429,1643,1644],{"class":431,"line":357},[429,1645,751],{},[429,1647,1648],{"class":431,"line":448},[429,1649,756],{},[429,1651,1652],{"class":431,"line":492},[429,1653,761],{},[280,1655,765],{"id":764},[421,1657,1658],{"className":423,"code":768,"language":425,"meta":353,"style":353},[396,1659,1660,1664],{"__ignoreMap":353},[429,1661,1662],{"class":431,"line":432},[429,1663,775],{},[429,1665,1666],{"class":431,"line":354},[429,1667,780],{},[280,1669,784],{"id":783},[421,1671,1672],{"className":423,"code":787,"language":425,"meta":353,"style":353},[396,1673,1674,1678],{"__ignoreMap":353},[429,1675,1676],{"class":431,"line":432},[429,1677,794],{},[429,1679,1680],{"class":431,"line":354},[429,1681,799],{},[280,1683,803],{"id":802},[421,1685,1686],{"className":423,"code":806,"language":425,"meta":353,"style":353},[396,1687,1688,1692,1696,1700,1704],{"__ignoreMap":353},[429,1689,1690],{"class":431,"line":432},[429,1691,813],{},[429,1693,1694],{"class":431,"line":354},[429,1695,818],{},[429,1697,1698],{"class":431,"line":357},[429,1699,823],{},[429,1701,1702],{"class":431,"line":448},[429,1703,828],{},[429,1705,1706],{"class":431,"line":492},[429,1707,761],{},[280,1709,836],{"id":835},[421,1711,1712],{"className":423,"code":839,"language":425,"meta":353,"style":353},[396,1713,1714,1718,1722],{"__ignoreMap":353},[429,1715,1716],{"class":431,"line":432},[429,1717,813],{},[429,1719,1720],{"class":431,"line":354},[429,1721,614],{},[429,1723,1724],{"class":431,"line":357},[429,1725,854],{},[280,1727,858],{"id":857},[421,1729,1730],{"className":423,"code":861,"language":425,"meta":353,"style":353},[396,1731,1732,1736,1740,1744],{"__ignoreMap":353},[429,1733,1734],{"class":431,"line":432},[429,1735,435],{},[429,1737,1738],{"class":431,"line":354},[429,1739,526],{},[429,1741,1742],{"class":431,"line":357},[429,1743,614],{},[429,1745,1746],{"class":431,"line":448},[429,1747,880],{},[280,1749,884],{"id":883},[421,1751,1752],{"className":423,"code":887,"language":425,"meta":353,"style":353},[396,1753,1754,1758,1762],{"__ignoreMap":353},[429,1755,1756],{"class":431,"line":432},[429,1757,813],{},[429,1759,1760],{"class":431,"line":354},[429,1761,898],{},[429,1763,1764],{"class":431,"line":357},[429,1765,903],{},[280,1767,907],{"id":906},[421,1769,1770],{"className":423,"code":910,"language":425,"meta":353,"style":353},[396,1771,1772,1776,1780],{"__ignoreMap":353},[429,1773,1774],{"class":431,"line":432},[429,1775,813],{},[429,1777,1778],{"class":431,"line":354},[429,1779,921],{},[429,1781,1782],{"class":431,"line":357},[429,1783,926],{},[280,1785,930],{"id":929},[421,1787,1788],{"className":423,"code":933,"language":425,"meta":353,"style":353},[396,1789,1790,1794],{"__ignoreMap":353},[429,1791,1792],{"class":431,"line":432},[429,1793,794],{},[429,1795,1796],{"class":431,"line":354},[429,1797,944],{},[280,1799,948],{"id":947},[421,1801,1802],{"className":423,"code":951,"language":425,"meta":353,"style":353},[396,1803,1804,1808,1812],{"__ignoreMap":353},[429,1805,1806],{"class":431,"line":432},[429,1807,435],{},[429,1809,1810],{"class":431,"line":354},[429,1811,962],{},[429,1813,1814],{"class":431,"line":357},[429,1815,967],{},[32,1817],{},[11,1819,973],{"id":972},[16,1821,1822],{},[225,1823,978],{},[280,1825,982],{"id":981},[421,1827,1828],{"className":423,"code":985,"language":425,"meta":353,"style":353},[396,1829,1830,1834],{"__ignoreMap":353},[429,1831,1832],{"class":431,"line":432},[429,1833,435],{},[429,1835,1836],{"class":431,"line":354},[429,1837,996],{},[280,1839,1000],{"id":999},[421,1841,1842],{"className":423,"code":1003,"language":425,"meta":353,"style":353},[396,1843,1844,1848,1852],{"__ignoreMap":353},[429,1845,1846],{"class":431,"line":432},[429,1847,435],{},[429,1849,1850],{"class":431,"line":354},[429,1851,1014],{},[429,1853,1854],{"class":431,"line":357},[429,1855,1019],{},[280,1857,1023],{"id":1022},[421,1859,1860],{"className":423,"code":1026,"language":425,"meta":353,"style":353},[396,1861,1862,1866,1870],{"__ignoreMap":353},[429,1863,1864],{"class":431,"line":432},[429,1865,813],{},[429,1867,1868],{"class":431,"line":354},[429,1869,1037],{},[429,1871,1872],{"class":431,"line":357},[429,1873,1042],{},[280,1875,1046],{"id":1045},[421,1877,1878],{"className":423,"code":1049,"language":425,"meta":353,"style":353},[396,1879,1880,1884],{"__ignoreMap":353},[429,1881,1882],{"class":431,"line":432},[429,1883,435],{},[429,1885,1886],{"class":431,"line":354},[429,1887,1060],{},[280,1889,1064],{"id":1063},[421,1891,1892],{"className":423,"code":1067,"language":425,"meta":353,"style":353},[396,1893,1894,1898,1902],{"__ignoreMap":353},[429,1895,1896],{"class":431,"line":432},[429,1897,435],{},[429,1899,1900],{"class":431,"line":354},[429,1901,1078],{},[429,1903,1904],{"class":431,"line":357},[429,1905,1083],{},[280,1907,1087],{"id":1086},[421,1909,1910],{"className":423,"code":1090,"language":425,"meta":353,"style":353},[396,1911,1912,1916],{"__ignoreMap":353},[429,1913,1914],{"class":431,"line":432},[429,1915,435],{},[429,1917,1918],{"class":431,"line":354},[429,1919,1101],{},[280,1921,1105],{"id":1104},[421,1923,1924],{"className":423,"code":1108,"language":425,"meta":353,"style":353},[396,1925,1926,1930,1934],{"__ignoreMap":353},[429,1927,1928],{"class":431,"line":432},[429,1929,435],{},[429,1931,1932],{"class":431,"line":354},[429,1933,1119],{},[429,1935,1936],{"class":431,"line":357},[429,1937,1124],{},[280,1939,1128],{"id":1127},[421,1941,1942],{"className":423,"code":1131,"language":425,"meta":353,"style":353},[396,1943,1944,1948],{"__ignoreMap":353},[429,1945,1946],{"class":431,"line":432},[429,1947,435],{},[429,1949,1950],{"class":431,"line":354},[429,1951,1142],{},[280,1953,1146],{"id":1145},[421,1955,1956],{"className":423,"code":1149,"language":425,"meta":353,"style":353},[396,1957,1958,1962,1966,1970],{"__ignoreMap":353},[429,1959,1960],{"class":431,"line":432},[429,1961,813],{},[429,1963,1964],{"class":431,"line":354},[429,1965,1160],{},[429,1967,1968],{"class":431,"line":357},[429,1969,1165],{},[429,1971,1972],{"class":431,"line":448},[429,1973,1170],{},[280,1975,1174],{"id":1173},[421,1977,1978],{"className":423,"code":1177,"language":425,"meta":353,"style":353},[396,1979,1980,1984],{"__ignoreMap":353},[429,1981,1982],{"class":431,"line":432},[429,1983,435],{},[429,1985,1986],{"class":431,"line":354},[429,1987,1188],{},[280,1989,1192],{"id":1191},[421,1991,1992],{"className":423,"code":1195,"language":425,"meta":353,"style":353},[396,1993,1994,1998],{"__ignoreMap":353},[429,1995,1996],{"class":431,"line":432},[429,1997,435],{},[429,1999,2000],{"class":431,"line":354},[429,2001,1206],{},[280,2003,1210],{"id":1209},[421,2005,2006],{"className":423,"code":1213,"language":425,"meta":353,"style":353},[396,2007,2008,2012,2016],{"__ignoreMap":353},[429,2009,2010],{"class":431,"line":432},[429,2011,435],{},[429,2013,2014],{"class":431,"line":354},[429,2015,1224],{},[429,2017,2018],{"class":431,"line":357},[429,2019,1229],{},[280,2021,1233],{"id":1232},[421,2023,2024],{"className":423,"code":1236,"language":425,"meta":353,"style":353},[396,2025,2026,2030],{"__ignoreMap":353},[429,2027,2028],{"class":431,"line":432},[429,2029,435],{},[429,2031,2032],{"class":431,"line":354},[429,2033,1247],{},[280,2035,1251],{"id":1250},[421,2037,2038],{"className":423,"code":1254,"language":425,"meta":353,"style":353},[396,2039,2040,2044],{"__ignoreMap":353},[429,2041,2042],{"class":431,"line":432},[429,2043,1261],{},[429,2045,2046],{"class":431,"line":354},[429,2047,1266],{},[280,2049,1270],{"id":1269},[421,2051,2052],{"className":423,"code":1273,"language":425,"meta":353,"style":353},[396,2053,2054,2058,2062],{"__ignoreMap":353},[429,2055,2056],{"class":431,"line":432},[429,2057,435],{},[429,2059,2060],{"class":431,"line":354},[429,2061,1284],{},[429,2063,2064],{"class":431,"line":357},[429,2065,1289],{},[32,2067],{},[11,2069,660],{"id":659},[16,2071,1296,2072,1300],{},[20,2073,1299],{},[668,2075,670],{},{"title":353,"searchDepth":354,"depth":354,"links":2077},[2078,2079,2080],{"id":719,"depth":357,"text":720},{"id":972,"depth":357,"text":973},{"id":659,"depth":357,"text":660},{"date":687,"image":1310,"alt":1311,"tags":2082,"published":374},[691,692,1313,1314],{"title":701,"description":1308},1776512936929]