diff --git a/NOTICE.txt b/NOTICE.txt
index 94312d46c35ecb..56280e6e3883e2 100644
--- a/NOTICE.txt
+++ b/NOTICE.txt
@@ -147,6 +147,70 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
 
+---
+Detection Rules
+Copyright 2020 Elasticsearch B.V.
+
+---
+This product bundles rules based on https://github.com/BlueTeamLabs/sentinel-attack
+which is available under a "MIT" license. The files based on this license are:
+
+- defense_evasion_via_filter_manager
+- discovery_process_discovery_via_tasklist_command
+- persistence_priv_escalation_via_accessibility_features
+- persistence_via_application_shimming
+- defense_evasion_execution_via_trusted_developer_utilities
+
+MIT License
+
+Copyright (c) 2019 Edoardo Gerosa, Olaf Hartong
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+---
+This product bundles rules based on https://github.com/FSecureLABS/leonidas
+which is available under a "MIT" license. The files based on this license are:
+
+- credential_access_secretsmanager_getsecretvalue.toml
+
+MIT License
+
+Copyright (c) 2020 F-Secure LABS
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
 ---
 This product bundles bootstrap@3.3.6 which is available under a
 "MIT" license.
@@ -220,38 +284,6 @@ WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
----
-This product bundles rules based on https://github.com/BlueTeamLabs/sentinel-attack
-which is available under a "MIT" license. The files based on this license are:
-
-- windows_defense_evasion_via_filter_manager.json
-- windows_process_discovery_via_tasklist_command.json
-- windows_priv_escalation_via_accessibility_features.json
-- windows_persistence_via_application_shimming.json
-- windows_execution_via_trusted_developer_utilities.json
-
-MIT License
-
-Copyright (c) 2019 Edoardo Gerosa, Olaf Hartong
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-this software and associated documentation files (the "Software"), to deal in
-the Software without restriction, including without limitation the rights to
-use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
-of the Software, and to permit persons to whom the Software is furnished to do
-so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
-
 ---
 This product includes code that is adapted from mapbox-gl-js, which is
 available under a "BSD-3-Clause" license.
diff --git a/STYLEGUIDE.md b/STYLEGUIDE.md
index 48d4f929b68518..4ea7b04ebef6d8 100644
--- a/STYLEGUIDE.md
+++ b/STYLEGUIDE.md
@@ -3,11 +3,18 @@
 This guide applies to all development within the Kibana project and is
 recommended for the development of all Kibana plugins.
 
+- [General](#general)
+- [HTML](#html)
+- [API endpoints](#api-endpoints)
+- [TypeScript/JavaScript](#typeScript/javaScript)
+- [SASS files](#sass-files)
+- [React](#react)
+
 Besides the content in this style guide, the following style guides may also apply
 to all development within the Kibana project. Please make sure to also read them:
 
-- [Accessibility style guide](https://elastic.github.io/eui/#/guidelines/accessibility)
-- [SASS style guide](https://elastic.github.io/eui/#/guidelines/sass)
+- [Accessibility style guide (EUI Docs)](https://elastic.github.io/eui/#/guidelines/accessibility)
+- [SASS style guide (EUI Docs)](https://elastic.github.io/eui/#/guidelines/sass)
 
 ## General
 
@@ -582,6 +589,39 @@ Do not use setters, they cause more problems than they can solve.
 
 [sideeffect]: http://en.wikipedia.org/wiki/Side_effect_(computer_science)
 
+## SASS files
+
+When writing a new component, create a sibling SASS file of the same name and import directly into the **top** of the JS/TS component file. Doing so ensures the styles are never separated or lost on import and allows for better modularization (smaller individual plugin asset footprint).
+
+All SASS (.scss) files will automatically build with the [EUI](https://elastic.github.io/eui/#/guidelines/sass) & Kibana invisibles (SASS variables, mixins, functions) from the [`globals_[theme].scss` file](src/legacy/ui/public/styles/_globals_v7light.scss).
+
+While the styles for this component will only be loaded if the component exists on the page,
+the styles **will** be global and so it is recommended to use a three letter prefix on your
+classes to ensure proper scope.
+
+**Example:**
+
+```tsx
+// component.tsx
+
+import './component.scss';
+// All other imports below the SASS import
+
+export const Component = () => {
+  return (
+    <div className="plgComponent" />
+  );
+}
+```
+
+```scss
+// component.scss
+
+.plgComponent { ... }
+```
+
+Do not use the underscore `_` SASS file naming pattern when importing directly into a javascript file.
+
 ## React
 
 The following style guide rules are specific for working with the React framework.
diff --git a/docs/developer/getting-started/index.asciidoc b/docs/developer/getting-started/index.asciidoc
index ff1623e22f1eb4..47c4a52daf3039 100644
--- a/docs/developer/getting-started/index.asciidoc
+++ b/docs/developer/getting-started/index.asciidoc
@@ -29,7 +29,7 @@ you can switch to the correct version when using nvm by running:
 ----
 nvm use
 ----
- 
+
 Install the latest version of https://yarnpkg.com[yarn].
 
 Bootstrap {kib} and install all the dependencies:
@@ -93,13 +93,13 @@ yarn es snapshot --license trial
 
 `trial` will give you access to all capabilities.
 
-Read about more options for <<running-elasticsearch>>, like connecting to a remote host, running from source, 
-preserving data inbetween runs, running remote cluster, etc. 
+Read about more options for <<running-elasticsearch>>, like connecting to a remote host, running from source,
+preserving data inbetween runs, running remote cluster, etc.
 
 [float]
 === Run {kib}
 
-In another terminal window, start up {kib}. Include developer examples by adding an optional `--run-examples` flag.  
+In another terminal window, start up {kib}. Include developer examples by adding an optional `--run-examples` flag.
 
 [source,bash]
 ----
@@ -125,8 +125,6 @@ cause the {kib} server to reboot.
 
 * <<kibana-debugging>>
 
-* <<kibana-sass>>
-
 * <<building-kibana>>
 
 * <<development-plugin-resources>>
@@ -137,8 +135,6 @@ include::sample-data.asciidoc[]
 
 include::debugging.asciidoc[]
 
-include::sass.asciidoc[]
-
 include::building-kibana.asciidoc[]
 
 include::development-plugin-resources.asciidoc[]
\ No newline at end of file
diff --git a/docs/developer/getting-started/sass.asciidoc b/docs/developer/getting-started/sass.asciidoc
deleted file mode 100644
index 194e001f642e11..00000000000000
--- a/docs/developer/getting-started/sass.asciidoc
+++ /dev/null
@@ -1,36 +0,0 @@
-[[kibana-sass]]
-=== Styling with SASS
-
-When writing a new component, create a sibling SASS file of the same
-name and import directly into the JS/TS component file. Doing so ensures
-the styles are never separated or lost on import and allows for better
-modularization (smaller individual plugin asset footprint).
-
-All SASS (.scss) files will automatically build with the 
-https://elastic.github.io/eui/#/guidelines/sass[EUI] & {kib} invisibles (SASS variables, mixins, functions) from 
-the {kib-repo}tree/{branch}/src/legacy/ui/public/styles/_globals_v7light.scss[globals_THEME.scss] file.
-
-*Example:*
-
-[source,tsx]
-----
-// component.tsx
-
-import './component.scss';
-
-export const Component = () => {
-  return (
-    <div className="plgComponent" />
-  );
-}
-----
-
-[source,scss]
-----
-// component.scss
-
-.plgComponent { ... }
-----
-
-Do not use the underscore `_` SASS file naming pattern when importing
-directly into a javascript file.
\ No newline at end of file
diff --git a/docs/development/core/public/kibana-plugin-core-public.savedobjectsfindoptions.md b/docs/development/core/public/kibana-plugin-core-public.savedobjectsfindoptions.md
index 5f33d62382818a..70ad235fb89718 100644
--- a/docs/development/core/public/kibana-plugin-core-public.savedobjectsfindoptions.md
+++ b/docs/development/core/public/kibana-plugin-core-public.savedobjectsfindoptions.md
@@ -8,7 +8,7 @@
 <b>Signature:</b>
 
 ```typescript
-export interface SavedObjectsFindOptions extends SavedObjectsBaseOptions 
+export interface SavedObjectsFindOptions 
 ```
 
 ## Properties
@@ -19,6 +19,7 @@ export interface SavedObjectsFindOptions extends SavedObjectsBaseOptions
 |  [fields](./kibana-plugin-core-public.savedobjectsfindoptions.fields.md) | <code>string[]</code> | An array of fields to include in the results |
 |  [filter](./kibana-plugin-core-public.savedobjectsfindoptions.filter.md) | <code>string</code> |  |
 |  [hasReference](./kibana-plugin-core-public.savedobjectsfindoptions.hasreference.md) | <code>{</code><br/><code>        type: string;</code><br/><code>        id: string;</code><br/><code>    }</code> |  |
+|  [namespaces](./kibana-plugin-core-public.savedobjectsfindoptions.namespaces.md) | <code>string[]</code> |  |
 |  [page](./kibana-plugin-core-public.savedobjectsfindoptions.page.md) | <code>number</code> |  |
 |  [perPage](./kibana-plugin-core-public.savedobjectsfindoptions.perpage.md) | <code>number</code> |  |
 |  [preference](./kibana-plugin-core-public.savedobjectsfindoptions.preference.md) | <code>string</code> | An optional ES preference value to be used for the query \* |
diff --git a/docs/development/core/public/kibana-plugin-core-public.savedobjectsfindoptions.namespaces.md b/docs/development/core/public/kibana-plugin-core-public.savedobjectsfindoptions.namespaces.md
new file mode 100644
index 00000000000000..9cc9d64db1f65e
--- /dev/null
+++ b/docs/development/core/public/kibana-plugin-core-public.savedobjectsfindoptions.namespaces.md
@@ -0,0 +1,11 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-public](./kibana-plugin-core-public.md) &gt; [SavedObjectsFindOptions](./kibana-plugin-core-public.savedobjectsfindoptions.md) &gt; [namespaces](./kibana-plugin-core-public.savedobjectsfindoptions.namespaces.md)
+
+## SavedObjectsFindOptions.namespaces property
+
+<b>Signature:</b>
+
+```typescript
+namespaces?: string[];
+```
diff --git a/docs/development/core/server/kibana-plugin-core-server.savedobjectsfindoptions.md b/docs/development/core/server/kibana-plugin-core-server.savedobjectsfindoptions.md
index 6db16d979f1fe4..67e931f0cb3b37 100644
--- a/docs/development/core/server/kibana-plugin-core-server.savedobjectsfindoptions.md
+++ b/docs/development/core/server/kibana-plugin-core-server.savedobjectsfindoptions.md
@@ -8,7 +8,7 @@
 <b>Signature:</b>
 
 ```typescript
-export interface SavedObjectsFindOptions extends SavedObjectsBaseOptions 
+export interface SavedObjectsFindOptions 
 ```
 
 ## Properties
@@ -19,6 +19,7 @@ export interface SavedObjectsFindOptions extends SavedObjectsBaseOptions
 |  [fields](./kibana-plugin-core-server.savedobjectsfindoptions.fields.md) | <code>string[]</code> | An array of fields to include in the results |
 |  [filter](./kibana-plugin-core-server.savedobjectsfindoptions.filter.md) | <code>string</code> |  |
 |  [hasReference](./kibana-plugin-core-server.savedobjectsfindoptions.hasreference.md) | <code>{</code><br/><code>        type: string;</code><br/><code>        id: string;</code><br/><code>    }</code> |  |
+|  [namespaces](./kibana-plugin-core-server.savedobjectsfindoptions.namespaces.md) | <code>string[]</code> |  |
 |  [page](./kibana-plugin-core-server.savedobjectsfindoptions.page.md) | <code>number</code> |  |
 |  [perPage](./kibana-plugin-core-server.savedobjectsfindoptions.perpage.md) | <code>number</code> |  |
 |  [preference](./kibana-plugin-core-server.savedobjectsfindoptions.preference.md) | <code>string</code> | An optional ES preference value to be used for the query \* |
diff --git a/docs/development/core/server/kibana-plugin-core-server.savedobjectsfindoptions.namespaces.md b/docs/development/core/server/kibana-plugin-core-server.savedobjectsfindoptions.namespaces.md
new file mode 100644
index 00000000000000..cae707baa58c08
--- /dev/null
+++ b/docs/development/core/server/kibana-plugin-core-server.savedobjectsfindoptions.namespaces.md
@@ -0,0 +1,11 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-core-server](./kibana-plugin-core-server.md) &gt; [SavedObjectsFindOptions](./kibana-plugin-core-server.savedobjectsfindoptions.md) &gt; [namespaces](./kibana-plugin-core-server.savedobjectsfindoptions.namespaces.md)
+
+## SavedObjectsFindOptions.namespaces property
+
+<b>Signature:</b>
+
+```typescript
+namespaces?: string[];
+```
diff --git a/docs/development/core/server/kibana-plugin-core-server.savedobjectsrepository.find.md b/docs/development/core/server/kibana-plugin-core-server.savedobjectsrepository.find.md
index 8b89c802ec9ceb..6c41441302c0b9 100644
--- a/docs/development/core/server/kibana-plugin-core-server.savedobjectsrepository.find.md
+++ b/docs/development/core/server/kibana-plugin-core-server.savedobjectsrepository.find.md
@@ -7,14 +7,14 @@
 <b>Signature:</b>
 
 ```typescript
-find<T = unknown>({ search, defaultSearchOperator, searchFields, hasReference, page, perPage, sortField, sortOrder, fields, namespace, type, filter, preference, }: SavedObjectsFindOptions): Promise<SavedObjectsFindResponse<T>>;
+find<T = unknown>({ search, defaultSearchOperator, searchFields, hasReference, page, perPage, sortField, sortOrder, fields, namespaces, type, filter, preference, }: SavedObjectsFindOptions): Promise<SavedObjectsFindResponse<T>>;
 ```
 
 ## Parameters
 
 |  Parameter | Type | Description |
 |  --- | --- | --- |
-|  { search, defaultSearchOperator, searchFields, hasReference, page, perPage, sortField, sortOrder, fields, namespace, type, filter, preference, } | <code>SavedObjectsFindOptions</code> |  |
+|  { search, defaultSearchOperator, searchFields, hasReference, page, perPage, sortField, sortOrder, fields, namespaces, type, filter, preference, } | <code>SavedObjectsFindOptions</code> |  |
 
 <b>Returns:</b>
 
diff --git a/docs/development/core/server/kibana-plugin-core-server.savedobjectsrepository.md b/docs/development/core/server/kibana-plugin-core-server.savedobjectsrepository.md
index b9a92561f29fb3..5b02707a3c0f4d 100644
--- a/docs/development/core/server/kibana-plugin-core-server.savedobjectsrepository.md
+++ b/docs/development/core/server/kibana-plugin-core-server.savedobjectsrepository.md
@@ -23,7 +23,7 @@ export declare class SavedObjectsRepository
 |  [delete(type, id, options)](./kibana-plugin-core-server.savedobjectsrepository.delete.md) |  | Deletes an object |
 |  [deleteByNamespace(namespace, options)](./kibana-plugin-core-server.savedobjectsrepository.deletebynamespace.md) |  | Deletes all objects from the provided namespace. |
 |  [deleteFromNamespaces(type, id, namespaces, options)](./kibana-plugin-core-server.savedobjectsrepository.deletefromnamespaces.md) |  | Removes one or more namespaces from a given multi-namespace saved object. If no namespaces remain, the saved object is deleted entirely. This method and \[<code>addToNamespaces</code>\][SavedObjectsRepository.addToNamespaces()](./kibana-plugin-core-server.savedobjectsrepository.addtonamespaces.md) are the only ways to change which Spaces a multi-namespace saved object is shared to. |
-|  [find({ search, defaultSearchOperator, searchFields, hasReference, page, perPage, sortField, sortOrder, fields, namespace, type, filter, preference, })](./kibana-plugin-core-server.savedobjectsrepository.find.md) |  |  |
+|  [find({ search, defaultSearchOperator, searchFields, hasReference, page, perPage, sortField, sortOrder, fields, namespaces, type, filter, preference, })](./kibana-plugin-core-server.savedobjectsrepository.find.md) |  |  |
 |  [get(type, id, options)](./kibana-plugin-core-server.savedobjectsrepository.get.md) |  | Gets a single object |
 |  [incrementCounter(type, id, counterFieldName, options)](./kibana-plugin-core-server.savedobjectsrepository.incrementcounter.md) |  | Increases a counter field by one. Creates the document if one doesn't exist for the given id. |
 |  [update(type, id, attributes, options)](./kibana-plugin-core-server.savedobjectsrepository.update.md) |  | Updates an object |
diff --git a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.baseformatterspublic.md b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.baseformatterspublic.md
index ddbf1a8459d1f7..25f046983cbcee 100644
--- a/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.baseformatterspublic.md
+++ b/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.baseformatterspublic.md
@@ -7,5 +7,5 @@
 <b>Signature:</b>
 
 ```typescript
-baseFormattersPublic: (import("../../common").FieldFormatInstanceType | typeof DateFormat)[]
+baseFormattersPublic: (import("../../common").FieldFormatInstanceType | typeof DateNanosFormat | typeof DateFormat)[]
 ```
diff --git a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.fieldformats.md b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.fieldformats.md
index 45fc1a608e8ca3..0dddc65f4db928 100644
--- a/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.fieldformats.md
+++ b/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.fieldformats.md
@@ -13,7 +13,6 @@ fieldFormats: {
     BoolFormat: typeof BoolFormat;
     BytesFormat: typeof BytesFormat;
     ColorFormat: typeof ColorFormat;
-    DateNanosFormat: typeof DateNanosFormat;
     DurationFormat: typeof DurationFormat;
     IpFormat: typeof IpFormat;
     NumberFormat: typeof NumberFormat;
diff --git a/docs/settings/ingest-manager-settings.asciidoc b/docs/settings/ingest-manager-settings.asciidoc
index f46c7690790400..604471edc4d592 100644
--- a/docs/settings/ingest-manager-settings.asciidoc
+++ b/docs/settings/ingest-manager-settings.asciidoc
@@ -20,8 +20,6 @@ See the {ingest-guide}/index.html[Ingest Management] docs for more information.
 |===
 | `xpack.ingestManager.enabled` {ess-icon}
   | Set to `true` to enable {ingest-manager}. 
-| `xpack.ingestManager.epm.enabled` {ess-icon}
-  | Set to `true` (default) to enable {package-manager}. 
 | `xpack.ingestManager.fleet.enabled` {ess-icon}
   | Set to `true` (default) to enable {fleet}. 
 |===
@@ -32,7 +30,7 @@ See the {ingest-guide}/index.html[Ingest Management] docs for more information.
 
 [cols="2*<"]
 |===
-| `xpack.ingestManager.epm.registryUrl`
+| `xpack.ingestManager.registryUrl`
   | The address to use to reach {package-manager} registry.
 |===
 
diff --git a/package.json b/package.json
index 7ab6bfb91a3768..55a099b4e5c0c2 100644
--- a/package.json
+++ b/package.json
@@ -87,7 +87,6 @@
     "**/@types/hoist-non-react-statics": "^3.3.1",
     "**/@types/chai": "^4.2.11",
     "**/cypress/@types/lodash": "^4.14.155",
-    "**/cypress/lodash": "^4.15.19",
     "**/typescript": "3.9.5",
     "**/graphql-toolkit/lodash": "^4.17.15",
     "**/hoist-non-react-statics": "^3.3.2",
diff --git a/packages/kbn-dev-utils/src/run/run.ts b/packages/kbn-dev-utils/src/run/run.ts
index 894db0d3fdadbe..029d4285651639 100644
--- a/packages/kbn-dev-utils/src/run/run.ts
+++ b/packages/kbn-dev-utils/src/run/run.ts
@@ -22,7 +22,7 @@ import { inspect } from 'util';
 // @ts-ignore @types are outdated and module is super simple
 import exitHook from 'exit-hook';
 
-import { pickLevelFromFlags, ToolingLog } from '../tooling_log';
+import { pickLevelFromFlags, ToolingLog, LogLevel } from '../tooling_log';
 import { createFlagError, isFailError } from './fail';
 import { Flags, getFlags, getHelp } from './flags';
 import { ProcRunner, withProcRunner } from '../proc_runner';
@@ -38,6 +38,9 @@ type RunFn = (args: {
 export interface Options {
   usage?: string;
   description?: string;
+  log?: {
+    defaultLevel?: LogLevel;
+  };
   flags?: {
     allowUnexpected?: boolean;
     guessTypesForUnexpectedFlags?: boolean;
@@ -58,7 +61,9 @@ export async function run(fn: RunFn, options: Options = {}) {
   }
 
   const log = new ToolingLog({
-    level: pickLevelFromFlags(flags),
+    level: pickLevelFromFlags(flags, {
+      default: options.log?.defaultLevel,
+    }),
     writeTo: process.stdout,
   });
 
diff --git a/packages/kbn-test/src/functional_test_runner/cli.ts b/packages/kbn-test/src/functional_test_runner/cli.ts
index 2a8e0c3d7de9ac..d744be94673116 100644
--- a/packages/kbn-test/src/functional_test_runner/cli.ts
+++ b/packages/kbn-test/src/functional_test_runner/cli.ts
@@ -113,6 +113,9 @@ export function runFtrCli() {
       }
     },
     {
+      log: {
+        defaultLevel: 'debug',
+      },
       flags: {
         string: [
           'config',
@@ -126,7 +129,6 @@ export function runFtrCli() {
         boolean: ['bail', 'invert', 'test-stats', 'updateBaselines', 'throttle', 'headless'],
         default: {
           config: 'test/functional/config.js',
-          debug: true,
         },
         help: `
         --config=path      path to a config file
diff --git a/src/core/public/public.api.md b/src/core/public/public.api.md
index 303d005197588f..c811209dfa80fd 100644
--- a/src/core/public/public.api.md
+++ b/src/core/public/public.api.md
@@ -1282,7 +1282,7 @@ export interface SavedObjectsCreateOptions {
 }
 
 // @public (undocumented)
-export interface SavedObjectsFindOptions extends SavedObjectsBaseOptions {
+export interface SavedObjectsFindOptions {
     // (undocumented)
     defaultSearchOperator?: 'AND' | 'OR';
     fields?: string[];
@@ -1294,6 +1294,8 @@ export interface SavedObjectsFindOptions extends SavedObjectsBaseOptions {
         id: string;
     };
     // (undocumented)
+    namespaces?: string[];
+    // (undocumented)
     page?: number;
     // (undocumented)
     perPage?: number;
diff --git a/src/core/public/saved_objects/saved_objects_client.ts b/src/core/public/saved_objects/saved_objects_client.ts
index c4daaf5d7f3072..209f489e291399 100644
--- a/src/core/public/saved_objects/saved_objects_client.ts
+++ b/src/core/public/saved_objects/saved_objects_client.ts
@@ -294,6 +294,7 @@ export class SavedObjectsClient {
       sortField: 'sort_field',
       type: 'type',
       filter: 'filter',
+      namespaces: 'namespaces',
       preference: 'preference',
     };
 
diff --git a/src/core/server/saved_objects/export/get_sorted_objects_for_export.test.ts b/src/core/server/saved_objects/export/get_sorted_objects_for_export.test.ts
index 5da2235828b5c8..27c0a5205ae38b 100644
--- a/src/core/server/saved_objects/export/get_sorted_objects_for_export.test.ts
+++ b/src/core/server/saved_objects/export/get_sorted_objects_for_export.test.ts
@@ -107,7 +107,97 @@ describe('getSortedObjectsForExport()', () => {
         "calls": Array [
           Array [
             Object {
-              "namespace": undefined,
+              "namespaces": undefined,
+              "perPage": 500,
+              "search": undefined,
+              "type": Array [
+                "index-pattern",
+                "search",
+              ],
+            },
+          ],
+        ],
+        "results": Array [
+          Object {
+            "type": "return",
+            "value": Promise {},
+          },
+        ],
+      }
+    `);
+  });
+
+  test('omits the `namespaces` property from the export', async () => {
+    savedObjectsClient.find.mockResolvedValueOnce({
+      total: 2,
+      saved_objects: [
+        {
+          id: '2',
+          type: 'search',
+          attributes: {},
+          namespaces: ['foo', 'bar'],
+          score: 0,
+          references: [
+            {
+              name: 'name',
+              type: 'index-pattern',
+              id: '1',
+            },
+          ],
+        },
+        {
+          id: '1',
+          type: 'index-pattern',
+          attributes: {},
+          namespaces: ['foo', 'bar'],
+          score: 0,
+          references: [],
+        },
+      ],
+      per_page: 1,
+      page: 0,
+    });
+    const exportStream = await exportSavedObjectsToStream({
+      savedObjectsClient,
+      exportSizeLimit: 500,
+      types: ['index-pattern', 'search'],
+    });
+
+    const response = await readStreamToCompletion(exportStream);
+
+    expect(response).toMatchInlineSnapshot(`
+      Array [
+        Object {
+          "attributes": Object {},
+          "id": "1",
+          "references": Array [],
+          "type": "index-pattern",
+        },
+        Object {
+          "attributes": Object {},
+          "id": "2",
+          "references": Array [
+            Object {
+              "id": "1",
+              "name": "name",
+              "type": "index-pattern",
+            },
+          ],
+          "type": "search",
+        },
+        Object {
+          "exportedCount": 2,
+          "missingRefCount": 0,
+          "missingReferences": Array [],
+        },
+      ]
+    `);
+    expect(savedObjectsClient.find).toMatchInlineSnapshot(`
+      [MockFunction] {
+        "calls": Array [
+          Array [
+            Object {
+              "namespaces": undefined,
               "perPage": 500,
               "search": undefined,
               "type": Array [
@@ -257,7 +347,7 @@ describe('getSortedObjectsForExport()', () => {
         "calls": Array [
           Array [
             Object {
-              "namespace": undefined,
+              "namespaces": undefined,
               "perPage": 500,
               "search": "foo",
               "type": Array [
@@ -346,7 +436,9 @@ describe('getSortedObjectsForExport()', () => {
         "calls": Array [
           Array [
             Object {
-              "namespace": "foo",
+              "namespaces": Array [
+                "foo",
+              ],
               "perPage": 500,
               "search": undefined,
               "type": Array [
diff --git a/src/core/server/saved_objects/export/get_sorted_objects_for_export.ts b/src/core/server/saved_objects/export/get_sorted_objects_for_export.ts
index 6e985c25aeaef9..6cfe6f1be56698 100644
--- a/src/core/server/saved_objects/export/get_sorted_objects_for_export.ts
+++ b/src/core/server/saved_objects/export/get_sorted_objects_for_export.ts
@@ -109,7 +109,7 @@ async function fetchObjectsToExport({
       type: types,
       search,
       perPage: exportSizeLimit,
-      namespace,
+      namespaces: namespace ? [namespace] : undefined,
     });
     if (findResponse.total > exportSizeLimit) {
       throw Boom.badRequest(`Can't export more than ${exportSizeLimit} objects`);
@@ -162,10 +162,15 @@ export async function exportSavedObjectsToStream({
     exportedObjects = sortObjects(rootObjects);
   }
 
+  // redact attributes that should not be exported
+  const redactedObjects = exportedObjects.map<SavedObject<unknown>>(
+    ({ namespaces, ...object }) => object
+  );
+
   const exportDetails: SavedObjectsExportResultDetails = {
     exportedCount: exportedObjects.length,
     missingRefCount: missingReferences.length,
     missingReferences,
   };
-  return createListStream([...exportedObjects, ...(excludeExportDetails ? [] : [exportDetails])]);
+  return createListStream([...redactedObjects, ...(excludeExportDetails ? [] : [exportDetails])]);
 }
diff --git a/src/core/server/saved_objects/routes/find.ts b/src/core/server/saved_objects/routes/find.ts
index 5c1c2c9a9ab871..6313a95b1fefa6 100644
--- a/src/core/server/saved_objects/routes/find.ts
+++ b/src/core/server/saved_objects/routes/find.ts
@@ -45,11 +45,18 @@ export const registerFindRoute = (router: IRouter) => {
           ),
           fields: schema.maybe(schema.oneOf([schema.string(), schema.arrayOf(schema.string())])),
           filter: schema.maybe(schema.string()),
+          namespaces: schema.maybe(
+            schema.oneOf([schema.string(), schema.arrayOf(schema.string())])
+          ),
         }),
       },
     },
     router.handleLegacyErrors(async (context, req, res) => {
       const query = req.query;
+
+      const namespaces =
+        typeof req.query.namespaces === 'string' ? [req.query.namespaces] : req.query.namespaces;
+
       const result = await context.core.savedObjects.client.find({
         perPage: query.per_page,
         page: query.page,
@@ -62,6 +69,7 @@ export const registerFindRoute = (router: IRouter) => {
         hasReference: query.has_reference,
         fields: typeof query.fields === 'string' ? [query.fields] : query.fields,
         filter: query.filter,
+        namespaces,
       });
 
       return res.ok({ body: result });
diff --git a/src/core/server/saved_objects/routes/integration_tests/find.test.ts b/src/core/server/saved_objects/routes/integration_tests/find.test.ts
index 33e12dd4e517dd..d5a7710f04b395 100644
--- a/src/core/server/saved_objects/routes/integration_tests/find.test.ts
+++ b/src/core/server/saved_objects/routes/integration_tests/find.test.ts
@@ -81,6 +81,7 @@ describe('GET /api/saved_objects/_find', () => {
           attributes: {},
           score: 1,
           references: [],
+          namespaces: ['default'],
         },
         {
           type: 'index-pattern',
@@ -91,6 +92,7 @@ describe('GET /api/saved_objects/_find', () => {
           attributes: {},
           score: 1,
           references: [],
+          namespaces: ['default'],
         },
       ],
     };
@@ -241,4 +243,38 @@ describe('GET /api/saved_objects/_find', () => {
       defaultSearchOperator: 'OR',
     });
   });
+
+  it('accepts the query parameter namespaces as a string', async () => {
+    await supertest(httpSetup.server.listener)
+      .get('/api/saved_objects/_find?type=index-pattern&namespaces=foo')
+      .expect(200);
+
+    expect(savedObjectsClient.find).toHaveBeenCalledTimes(1);
+
+    const options = savedObjectsClient.find.mock.calls[0][0];
+    expect(options).toEqual({
+      perPage: 20,
+      page: 1,
+      type: ['index-pattern'],
+      namespaces: ['foo'],
+      defaultSearchOperator: 'OR',
+    });
+  });
+
+  it('accepts the query parameter namespaces as an array', async () => {
+    await supertest(httpSetup.server.listener)
+      .get('/api/saved_objects/_find?type=index-pattern&namespaces=default&namespaces=foo')
+      .expect(200);
+
+    expect(savedObjectsClient.find).toHaveBeenCalledTimes(1);
+
+    const options = savedObjectsClient.find.mock.calls[0][0];
+    expect(options).toEqual({
+      perPage: 20,
+      page: 1,
+      type: ['index-pattern'],
+      namespaces: ['default', 'foo'],
+      defaultSearchOperator: 'OR',
+    });
+  });
 });
diff --git a/src/core/server/saved_objects/service/lib/repository.test.js b/src/core/server/saved_objects/service/lib/repository.test.js
index ea749235cbb41b..d563edbe66c9b6 100644
--- a/src/core/server/saved_objects/service/lib/repository.test.js
+++ b/src/core/server/saved_objects/service/lib/repository.test.js
@@ -494,6 +494,7 @@ describe('SavedObjectsRepository', () => {
       ...obj,
       migrationVersion: { [obj.type]: '1.1.1' },
       version: mockVersion,
+      namespaces: obj.namespaces ?? [obj.namespace ?? 'default'],
       ...mockTimestampFields,
     });
 
@@ -826,9 +827,19 @@ describe('SavedObjectsRepository', () => {
         // Assert that both raw docs from the ES response are deserialized
         expect(serializer.rawToSavedObject).toHaveBeenNthCalledWith(1, {
           ...response.items[0].create,
+          _source: {
+            ...response.items[0].create._source,
+            namespaces: response.items[0].create._source.namespaces,
+          },
           _id: expect.stringMatching(/^myspace:config:[0-9a-f]{8}-([0-9a-f]{4}-){3}[0-9a-f]{12}$/),
         });
-        expect(serializer.rawToSavedObject).toHaveBeenNthCalledWith(2, response.items[1].create);
+        expect(serializer.rawToSavedObject).toHaveBeenNthCalledWith(2, {
+          ...response.items[1].create,
+          _source: {
+            ...response.items[1].create._source,
+            namespaces: response.items[1].create._source.namespaces,
+          },
+        });
 
         // Assert that ID's are deserialized to remove the type and namespace
         expect(result.saved_objects[0].id).toEqual(
@@ -985,7 +996,7 @@ describe('SavedObjectsRepository', () => {
       const expectSuccessResult = ({ type, id }, doc) => ({
         type,
         id,
-        ...(doc._source.namespaces && { namespaces: doc._source.namespaces }),
+        namespaces: doc._source.namespaces ?? ['default'],
         ...(doc._source.updated_at && { updated_at: doc._source.updated_at }),
         version: encodeHitVersion(doc),
         attributes: doc._source[type],
@@ -1027,12 +1038,12 @@ describe('SavedObjectsRepository', () => {
         });
       });
 
-      it(`includes namespaces property for multi-namespace documents`, async () => {
+      it(`includes namespaces property for single-namespace and multi-namespace documents`, async () => {
         const obj = { type: MULTI_NAMESPACE_TYPE, id: 'three' };
         const result = await bulkGetSuccess([obj1, obj]);
         expect(result).toEqual({
           saved_objects: [
-            expect.not.objectContaining({ namespaces: expect.anything() }),
+            expect.objectContaining({ namespaces: ['default'] }),
             expect.objectContaining({ namespaces: expect.any(Array) }),
           ],
         });
@@ -1350,12 +1361,13 @@ describe('SavedObjectsRepository', () => {
     });
 
     describe('returns', () => {
-      const expectSuccessResult = ({ type, id, attributes, references }) => ({
+      const expectSuccessResult = ({ type, id, attributes, references, namespaces }) => ({
         type,
         id,
         attributes,
         references,
         version: mockVersion,
+        namespaces: namespaces ?? ['default'],
         ...mockTimestampFields,
       });
 
@@ -1389,12 +1401,12 @@ describe('SavedObjectsRepository', () => {
         });
       });
 
-      it(`includes namespaces property for multi-namespace documents`, async () => {
+      it(`includes namespaces property for single-namespace and multi-namespace documents`, async () => {
         const obj = { type: MULTI_NAMESPACE_TYPE, id: 'three' };
         const result = await bulkUpdateSuccess([obj1, obj]);
         expect(result).toEqual({
           saved_objects: [
-            expect.not.objectContaining({ namespaces: expect.anything() }),
+            expect.objectContaining({ namespaces: expect.any(Array) }),
             expect.objectContaining({ namespaces: expect.any(Array) }),
           ],
         });
@@ -1651,6 +1663,7 @@ describe('SavedObjectsRepository', () => {
           version: mockVersion,
           attributes,
           references,
+          namespaces: [namespace ?? 'default'],
           migrationVersion: { [type]: '1.1.1' },
         });
       });
@@ -1907,7 +1920,7 @@ describe('SavedObjectsRepository', () => {
         await deleteByNamespaceSuccess(namespace);
         const allTypes = registry.getAllTypes().map((type) => type.name);
         expect(getSearchDslNS.getSearchDsl).toHaveBeenCalledWith(mappings, registry, {
-          namespace,
+          namespaces: [namespace],
           type: allTypes.filter((type) => !registry.isNamespaceAgnostic(type)),
         });
       });
@@ -2134,6 +2147,7 @@ describe('SavedObjectsRepository', () => {
             score: doc._score,
             attributes: doc._source[doc._source.type],
             references: [],
+            namespaces: doc._source.type === NAMESPACE_AGNOSTIC_TYPE ? undefined : ['default'],
           });
         });
       });
@@ -2143,7 +2157,7 @@ describe('SavedObjectsRepository', () => {
         callAdminCluster.mockReturnValue(namespacedSearchResults);
         const count = namespacedSearchResults.hits.hits.length;
 
-        const response = await savedObjectsRepository.find({ type, namespace });
+        const response = await savedObjectsRepository.find({ type, namespaces: [namespace] });
 
         expect(response.total).toBe(count);
         expect(response.saved_objects).toHaveLength(count);
@@ -2157,6 +2171,7 @@ describe('SavedObjectsRepository', () => {
             score: doc._score,
             attributes: doc._source[doc._source.type],
             references: [],
+            namespaces: doc._source.type === NAMESPACE_AGNOSTIC_TYPE ? undefined : [namespace],
           });
         });
       });
@@ -2176,7 +2191,7 @@ describe('SavedObjectsRepository', () => {
     describe('search dsl', () => {
       it(`passes mappings, registry, search, defaultSearchOperator, searchFields, type, sortField, sortOrder and hasReference to getSearchDsl`, async () => {
         const relevantOpts = {
-          namespace,
+          namespaces: [namespace],
           search: 'foo*',
           searchFields: ['foo'],
           type: [type],
@@ -2374,6 +2389,7 @@ describe('SavedObjectsRepository', () => {
             title: 'Testing',
           },
           references: [],
+          namespaces: ['default'],
         });
       });
 
@@ -2384,10 +2400,10 @@ describe('SavedObjectsRepository', () => {
         });
       });
 
-      it(`doesn't include namespaces if type is not multi-namespace`, async () => {
+      it(`include namespaces if type is not multi-namespace`, async () => {
         const result = await getSuccess(type, id);
-        expect(result).not.toMatchObject({
-          namespaces: expect.anything(),
+        expect(result).toMatchObject({
+          namespaces: ['default'],
         });
       });
     });
@@ -2908,10 +2924,10 @@ describe('SavedObjectsRepository', () => {
         _id: `${type}:${id}`,
         ...mockVersionProps,
         result: 'updated',
-        ...(registry.isMultiNamespace(type) && {
-          // don't need the rest of the source for test purposes, just the namespaces attribute
-          get: { _source: { namespaces: [options?.namespace ?? 'default'] } },
-        }),
+        // don't need the rest of the source for test purposes, just the namespace and namespaces attributes
+        get: {
+          _source: { namespaces: [options?.namespace ?? 'default'], namespace: options?.namespace },
+        },
       }); // this._writeToCluster('update', ...)
       const result = await savedObjectsRepository.update(type, id, attributes, options);
       expect(callAdminCluster).toHaveBeenCalledTimes(registry.isMultiNamespace(type) ? 2 : 1);
@@ -3011,15 +3027,15 @@ describe('SavedObjectsRepository', () => {
 
       it(`includes _sourceIncludes when type is multi-namespace`, async () => {
         await updateSuccess(MULTI_NAMESPACE_TYPE, id, attributes);
-        expectClusterCallArgs({ _sourceIncludes: ['namespaces'] }, 2);
+        expectClusterCallArgs({ _sourceIncludes: ['namespace', 'namespaces'] }, 2);
       });
 
-      it(`doesn't include _sourceIncludes when type is not multi-namespace`, async () => {
+      it(`includes _sourceIncludes when type is not multi-namespace`, async () => {
         await updateSuccess(type, id, attributes);
         expect(callAdminCluster).toHaveBeenLastCalledWith(
           expect.any(String),
-          expect.not.objectContaining({
-            _sourceIncludes: expect.anything(),
+          expect.objectContaining({
+            _sourceIncludes: ['namespace', 'namespaces'],
           })
         );
       });
@@ -3093,6 +3109,7 @@ describe('SavedObjectsRepository', () => {
           version: mockVersion,
           attributes,
           references,
+          namespaces: [namespace],
         });
       });
 
@@ -3103,10 +3120,10 @@ describe('SavedObjectsRepository', () => {
         });
       });
 
-      it(`doesn't include namespaces if type is not multi-namespace`, async () => {
+      it(`includes namespaces if type is not multi-namespace`, async () => {
         const result = await updateSuccess(type, id, attributes);
-        expect(result).not.toMatchObject({
-          namespaces: expect.anything(),
+        expect(result).toMatchObject({
+          namespaces: ['default'],
         });
       });
     });
diff --git a/src/core/server/saved_objects/service/lib/repository.ts b/src/core/server/saved_objects/service/lib/repository.ts
index 880b71e164b5b8..7a5ac9204627c0 100644
--- a/src/core/server/saved_objects/service/lib/repository.ts
+++ b/src/core/server/saved_objects/service/lib/repository.ts
@@ -423,7 +423,7 @@ export class SavedObjectsRepository {
         // When method == 'index' the bulkResponse doesn't include the indexed
         // _source so we return rawMigratedDoc but have to spread the latest
         // _seq_no and _primary_term values from the rawResponse.
-        return this._serializer.rawToSavedObject({
+        return this._rawToSavedObject({
           ...rawMigratedDoc,
           ...{ _seq_no: rawResponse._seq_no, _primary_term: rawResponse._primary_term },
         });
@@ -554,7 +554,7 @@ export class SavedObjectsRepository {
         },
         conflicts: 'proceed',
         ...getSearchDsl(this._mappings, this._registry, {
-          namespace,
+          namespaces: namespace ? [namespace] : undefined,
           type: typesToUpdate,
         }),
       },
@@ -590,7 +590,7 @@ export class SavedObjectsRepository {
     sortField,
     sortOrder,
     fields,
-    namespace,
+    namespaces,
     type,
     filter,
     preference,
@@ -651,7 +651,7 @@ export class SavedObjectsRepository {
           type: allowedTypes,
           sortField,
           sortOrder,
-          namespace,
+          namespaces,
           hasReference,
           kueryNode,
         }),
@@ -768,10 +768,16 @@ export class SavedObjectsRepository {
         }
 
         const time = doc._source.updated_at;
+
+        let namespaces = [];
+        if (!this._registry.isNamespaceAgnostic(type)) {
+          namespaces = doc._source.namespaces ?? [getNamespaceString(doc._source.namespace)];
+        }
+
         return {
           id,
           type,
-          ...(doc._source.namespaces && { namespaces: doc._source.namespaces }),
+          namespaces,
           ...(time && { updated_at: time }),
           version: encodeHitVersion(doc),
           attributes: doc._source[type],
@@ -817,10 +823,15 @@ export class SavedObjectsRepository {
 
     const { updated_at: updatedAt } = response._source;
 
+    let namespaces = [];
+    if (!this._registry.isNamespaceAgnostic(type)) {
+      namespaces = response._source.namespaces ?? [getNamespaceString(response._source.namespace)];
+    }
+
     return {
       id,
       type,
-      ...(response._source.namespaces && { namespaces: response._source.namespaces }),
+      namespaces,
       ...(updatedAt && { updated_at: updatedAt }),
       version: encodeHitVersion(response),
       attributes: response._source[type],
@@ -874,7 +885,7 @@ export class SavedObjectsRepository {
       body: {
         doc,
       },
-      ...(this._registry.isMultiNamespace(type) && { _sourceIncludes: ['namespaces'] }),
+      _sourceIncludes: ['namespace', 'namespaces'],
     });
 
     if (updateResponse.status === 404) {
@@ -882,14 +893,19 @@ export class SavedObjectsRepository {
       throw SavedObjectsErrorHelpers.createGenericNotFoundError(type, id);
     }
 
+    let namespaces = [];
+    if (!this._registry.isNamespaceAgnostic(type)) {
+      namespaces = updateResponse.get._source.namespaces ?? [
+        getNamespaceString(updateResponse.get._source.namespace),
+      ];
+    }
+
     return {
       id,
       type,
       updated_at: time,
       version: encodeHitVersion(updateResponse),
-      ...(this._registry.isMultiNamespace(type) && {
-        namespaces: updateResponse.get._source.namespaces,
-      }),
+      namespaces,
       references,
       attributes,
     };
@@ -1142,9 +1158,14 @@ export class SavedObjectsRepository {
               },
             };
           }
-          namespaces = actualResult._source.namespaces;
+          namespaces = actualResult._source.namespaces ?? [
+            getNamespaceString(actualResult._source.namespace),
+          ];
           versionProperties = getExpectedVersionProperties(version, actualResult);
         } else {
+          if (this._registry.isSingleNamespace(type)) {
+            namespaces = [getNamespaceString(namespace)];
+          }
           versionProperties = getExpectedVersionProperties(version);
         }
 
@@ -1340,12 +1361,12 @@ export class SavedObjectsRepository {
     return new Date().toISOString();
   }
 
-  // The internal representation of the saved object that the serializer returns
-  // includes the namespace, and we use this for migrating documents. However, we don't
-  // want the namespace to be returned from the repository, as the repository scopes each
-  // method transparently to the specified namespace.
   private _rawToSavedObject<T = unknown>(raw: SavedObjectsRawDoc): SavedObject<T> {
     const savedObject = this._serializer.rawToSavedObject(raw);
+    const { namespace, type } = savedObject;
+    if (this._registry.isSingleNamespace(type)) {
+      savedObject.namespaces = [getNamespaceString(namespace)];
+    }
     return omit(savedObject, 'namespace') as SavedObject<T>;
   }
 
diff --git a/src/core/server/saved_objects/service/lib/search_dsl/query_params.test.ts b/src/core/server/saved_objects/service/lib/search_dsl/query_params.test.ts
index a0ffa91f53671c..f916638c5251b2 100644
--- a/src/core/server/saved_objects/service/lib/search_dsl/query_params.test.ts
+++ b/src/core/server/saved_objects/service/lib/search_dsl/query_params.test.ts
@@ -196,19 +196,29 @@ describe('#getQueryParams', () => {
       });
     });
 
-    describe('`namespace` parameter', () => {
-      const createTypeClause = (type: string, namespace?: string) => {
+    describe('`namespaces` parameter', () => {
+      const createTypeClause = (type: string, namespaces?: string[]) => {
         if (registry.isMultiNamespace(type)) {
           return {
             bool: {
-              must: expect.arrayContaining([{ term: { namespaces: namespace ?? 'default' } }]),
+              must: expect.arrayContaining([{ terms: { namespaces: namespaces ?? ['default'] } }]),
               must_not: [{ exists: { field: 'namespace' } }],
             },
           };
-        } else if (namespace && registry.isSingleNamespace(type)) {
+        } else if (registry.isSingleNamespace(type)) {
+          const nonDefaultNamespaces = namespaces?.filter((n) => n !== 'default') ?? [];
+          const should: any = [];
+          if (nonDefaultNamespaces.length > 0) {
+            should.push({ terms: { namespace: nonDefaultNamespaces } });
+          }
+          if (namespaces?.includes('default')) {
+            should.push({ bool: { must_not: [{ exists: { field: 'namespace' } }] } });
+          }
           return {
             bool: {
-              must: expect.arrayContaining([{ term: { namespace } }]),
+              must: [{ term: { type } }],
+              should: expect.arrayContaining(should),
+              minimum_should_match: 1,
               must_not: [{ exists: { field: 'namespaces' } }],
             },
           };
@@ -229,23 +239,45 @@ describe('#getQueryParams', () => {
         );
       };
 
-      const test = (namespace?: string) => {
+      const test = (namespaces?: string[]) => {
         for (const typeOrTypes of ALL_TYPE_SUBSETS) {
-          const result = getQueryParams({ mappings, registry, type: typeOrTypes, namespace });
+          const result = getQueryParams({ mappings, registry, type: typeOrTypes, namespaces });
           const types = Array.isArray(typeOrTypes) ? typeOrTypes : [typeOrTypes];
-          expectResult(result, ...types.map((x) => createTypeClause(x, namespace)));
+          expectResult(result, ...types.map((x) => createTypeClause(x, namespaces)));
         }
         // also test with no specified type/s
-        const result = getQueryParams({ mappings, registry, type: undefined, namespace });
-        expectResult(result, ...ALL_TYPES.map((x) => createTypeClause(x, namespace)));
+        const result = getQueryParams({ mappings, registry, type: undefined, namespaces });
+        expectResult(result, ...ALL_TYPES.map((x) => createTypeClause(x, namespaces)));
       };
 
-      it('filters results with "namespace" field when `namespace` is not specified', () => {
+      it('normalizes and deduplicates provided namespaces', () => {
+        const result = getQueryParams({
+          mappings,
+          registry,
+          search: '*',
+          namespaces: ['foo', '*', 'foo', 'bar', 'default'],
+        });
+
+        expectResult(
+          result,
+          ...ALL_TYPES.map((x) => createTypeClause(x, ['foo', 'default', 'bar']))
+        );
+      });
+
+      it('filters results with "namespace" field when `namespaces` is not specified', () => {
         test(undefined);
       });
 
       it('filters results for specified namespace for appropriate type/s', () => {
-        test('foo-namespace');
+        test(['foo-namespace']);
+      });
+
+      it('filters results for specified namespaces for appropriate type/s', () => {
+        test(['foo-namespace', 'default']);
+      });
+
+      it('filters results for specified `default` namespace for appropriate type/s', () => {
+        test(['default']);
       });
     });
   });
@@ -353,4 +385,18 @@ describe('#getQueryParams', () => {
       });
     });
   });
+
+  describe('namespaces property', () => {
+    ALL_TYPES.forEach((type) => {
+      it(`throws for ${type} when namespaces is an empty array`, () => {
+        expect(() =>
+          getQueryParams({
+            mappings,
+            registry,
+            namespaces: [],
+          })
+        ).toThrowError('cannot specify empty namespaces array');
+      });
+    });
+  });
 });
diff --git a/src/core/server/saved_objects/service/lib/search_dsl/query_params.ts b/src/core/server/saved_objects/service/lib/search_dsl/query_params.ts
index 40485564176a60..164756f9796a5a 100644
--- a/src/core/server/saved_objects/service/lib/search_dsl/query_params.ts
+++ b/src/core/server/saved_objects/service/lib/search_dsl/query_params.ts
@@ -63,25 +63,42 @@ function getFieldsForTypes(types: string[], searchFields?: string[]) {
  */
 function getClauseForType(
   registry: ISavedObjectTypeRegistry,
-  namespace: string | undefined,
+  namespaces: string[] = ['default'],
   type: string
 ) {
+  if (namespaces.length === 0) {
+    throw new Error('cannot specify empty namespaces array');
+  }
   if (registry.isMultiNamespace(type)) {
     return {
       bool: {
-        must: [{ term: { type } }, { term: { namespaces: namespace ?? 'default' } }],
+        must: [{ term: { type } }, { terms: { namespaces } }],
         must_not: [{ exists: { field: 'namespace' } }],
       },
     };
-  } else if (namespace && registry.isSingleNamespace(type)) {
+  } else if (registry.isSingleNamespace(type)) {
+    const should: Array<Record<string, any>> = [];
+    const eligibleNamespaces = namespaces.filter((namespace) => namespace !== 'default');
+    if (eligibleNamespaces.length > 0) {
+      should.push({ terms: { namespace: eligibleNamespaces } });
+    }
+    if (namespaces.includes('default')) {
+      should.push({ bool: { must_not: [{ exists: { field: 'namespace' } }] } });
+    }
+    if (should.length === 0) {
+      // This is indicitive of a bug, and not user error.
+      throw new Error('unhandled search condition: expected at least 1 `should` clause.');
+    }
     return {
       bool: {
-        must: [{ term: { type } }, { term: { namespace } }],
+        must: [{ term: { type } }],
+        should,
+        minimum_should_match: 1,
         must_not: [{ exists: { field: 'namespaces' } }],
       },
     };
   }
-  // isSingleNamespace in the default namespace, or isNamespaceAgnostic
+  // isNamespaceAgnostic
   return {
     bool: {
       must: [{ term: { type } }],
@@ -98,7 +115,7 @@ interface HasReferenceQueryParams {
 interface QueryParams {
   mappings: IndexMapping;
   registry: ISavedObjectTypeRegistry;
-  namespace?: string;
+  namespaces?: string[];
   type?: string | string[];
   search?: string;
   searchFields?: string[];
@@ -113,7 +130,7 @@ interface QueryParams {
 export function getQueryParams({
   mappings,
   registry,
-  namespace,
+  namespaces,
   type,
   search,
   searchFields,
@@ -122,6 +139,22 @@ export function getQueryParams({
   kueryNode,
 }: QueryParams) {
   const types = getTypes(mappings, type);
+
+  // A de-duplicated set of namespaces makes for a more effecient query.
+  //
+  // Additonally, we treat the `*` namespace as the `default` namespace.
+  // In the Default Distribution, the `*` is automatically expanded to include all available namespaces.
+  // However, the OSS distribution (and certain configurations of the Default Distribution) can allow the `*`
+  // to pass through to the SO Repository, and eventually to this module. When this happens, we translate to `default`,
+  // since that is consistent with how a single-namespace search behaves in the OSS distribution. Leaving the wildcard in place
+  // would result in no results being returned, as the wildcard is treated as a literal, and not _actually_ as a wildcard.
+  // We had a good discussion around the tradeoffs here: https://github.com/elastic/kibana/pull/67644#discussion_r441055716
+  const normalizedNamespaces = namespaces
+    ? Array.from(
+        new Set(namespaces.map((namespace) => (namespace === '*' ? 'default' : namespace)))
+      )
+    : undefined;
+
   const bool: any = {
     filter: [
       ...(kueryNode != null ? [esKuery.toElasticsearchQuery(kueryNode)] : []),
@@ -152,7 +185,9 @@ export function getQueryParams({
                 },
               ]
             : undefined,
-          should: types.map((shouldType) => getClauseForType(registry, namespace, shouldType)),
+          should: types.map((shouldType) =>
+            getClauseForType(registry, normalizedNamespaces, shouldType)
+          ),
           minimum_should_match: 1,
         },
       },
diff --git a/src/core/server/saved_objects/service/lib/search_dsl/search_dsl.test.ts b/src/core/server/saved_objects/service/lib/search_dsl/search_dsl.test.ts
index 95b7ffd117ee92..08ad72397e4a21 100644
--- a/src/core/server/saved_objects/service/lib/search_dsl/search_dsl.test.ts
+++ b/src/core/server/saved_objects/service/lib/search_dsl/search_dsl.test.ts
@@ -57,9 +57,9 @@ describe('getSearchDsl', () => {
   });
 
   describe('passes control', () => {
-    it('passes (mappings, schema, namespace, type, search, searchFields, hasReference) to getQueryParams', () => {
+    it('passes (mappings, schema, namespaces, type, search, searchFields, hasReference) to getQueryParams', () => {
       const opts = {
-        namespace: 'foo-namespace',
+        namespaces: ['foo-namespace'],
         type: 'foo',
         search: 'bar',
         searchFields: ['baz'],
@@ -75,7 +75,7 @@ describe('getSearchDsl', () => {
       expect(getQueryParams).toHaveBeenCalledWith({
         mappings,
         registry,
-        namespace: opts.namespace,
+        namespaces: opts.namespaces,
         type: opts.type,
         search: opts.search,
         searchFields: opts.searchFields,
diff --git a/src/core/server/saved_objects/service/lib/search_dsl/search_dsl.ts b/src/core/server/saved_objects/service/lib/search_dsl/search_dsl.ts
index 74c25491aff8bb..6de868c3202401 100644
--- a/src/core/server/saved_objects/service/lib/search_dsl/search_dsl.ts
+++ b/src/core/server/saved_objects/service/lib/search_dsl/search_dsl.ts
@@ -33,7 +33,7 @@ interface GetSearchDslOptions {
   searchFields?: string[];
   sortField?: string;
   sortOrder?: string;
-  namespace?: string;
+  namespaces?: string[];
   hasReference?: {
     type: string;
     id: string;
@@ -53,7 +53,7 @@ export function getSearchDsl(
     searchFields,
     sortField,
     sortOrder,
-    namespace,
+    namespaces,
     hasReference,
     kueryNode,
   } = options;
@@ -70,7 +70,7 @@ export function getSearchDsl(
     ...getQueryParams({
       mappings,
       registry,
-      namespace,
+      namespaces,
       type,
       search,
       searchFields,
diff --git a/src/core/server/saved_objects/types.ts b/src/core/server/saved_objects/types.ts
index 2183b47b732f96..f9301d6598b1d7 100644
--- a/src/core/server/saved_objects/types.ts
+++ b/src/core/server/saved_objects/types.ts
@@ -63,7 +63,7 @@ export interface SavedObjectStatusMeta {
  *
  * @public
  */
-export interface SavedObjectsFindOptions extends SavedObjectsBaseOptions {
+export interface SavedObjectsFindOptions {
   type: string | string[];
   page?: number;
   perPage?: number;
@@ -82,6 +82,7 @@ export interface SavedObjectsFindOptions extends SavedObjectsBaseOptions {
   hasReference?: { type: string; id: string };
   defaultSearchOperator?: 'AND' | 'OR';
   filter?: string;
+  namespaces?: string[];
   /** An optional ES preference value to be used for the query **/
   preference?: string;
 }
diff --git a/src/core/server/server.api.md b/src/core/server/server.api.md
index 886544a4df317f..a0e16602ba4bfe 100644
--- a/src/core/server/server.api.md
+++ b/src/core/server/server.api.md
@@ -2175,7 +2175,7 @@ export interface SavedObjectsExportResultDetails {
 export type SavedObjectsFieldMapping = SavedObjectsCoreFieldMapping | SavedObjectsComplexFieldMapping;
 
 // @public (undocumented)
-export interface SavedObjectsFindOptions extends SavedObjectsBaseOptions {
+export interface SavedObjectsFindOptions {
     // (undocumented)
     defaultSearchOperator?: 'AND' | 'OR';
     fields?: string[];
@@ -2187,6 +2187,8 @@ export interface SavedObjectsFindOptions extends SavedObjectsBaseOptions {
         id: string;
     };
     // (undocumented)
+    namespaces?: string[];
+    // (undocumented)
     page?: number;
     // (undocumented)
     perPage?: number;
@@ -2398,7 +2400,7 @@ export class SavedObjectsRepository {
     deleteByNamespace(namespace: string, options?: SavedObjectsDeleteByNamespaceOptions): Promise<any>;
     deleteFromNamespaces(type: string, id: string, namespaces: string[], options?: SavedObjectsDeleteFromNamespacesOptions): Promise<{}>;
     // (undocumented)
-    find<T = unknown>({ search, defaultSearchOperator, searchFields, hasReference, page, perPage, sortField, sortOrder, fields, namespace, type, filter, preference, }: SavedObjectsFindOptions): Promise<SavedObjectsFindResponse<T>>;
+    find<T = unknown>({ search, defaultSearchOperator, searchFields, hasReference, page, perPage, sortField, sortOrder, fields, namespaces, type, filter, preference, }: SavedObjectsFindOptions): Promise<SavedObjectsFindResponse<T>>;
     get<T = unknown>(type: string, id: string, options?: SavedObjectsBaseOptions): Promise<SavedObject<T>>;
     incrementCounter(type: string, id: string, counterFieldName: string, options?: SavedObjectsIncrementCounterOptions): Promise<{
         id: string;
diff --git a/src/plugins/console/public/application/components/editor_example.tsx b/src/plugins/console/public/application/components/editor_example.tsx
index 72a1056b1a866e..b33d349cede288 100644
--- a/src/plugins/console/public/application/components/editor_example.tsx
+++ b/src/plugins/console/public/application/components/editor_example.tsx
@@ -27,13 +27,13 @@ interface EditorExampleProps {
 
 const exampleText = `
 # index a doc
-PUT index/1
+PUT index/_doc/1
 {
   "body": "here"
 }
 
 # and get it ...
-GET index/1
+GET index/_doc/1
 `;
 
 export function EditorExample(props: EditorExampleProps) {
diff --git a/src/plugins/data/common/field_formats/constants/base_formatters.ts b/src/plugins/data/common/field_formats/constants/base_formatters.ts
index 921c50571f727e..99c24496cf2206 100644
--- a/src/plugins/data/common/field_formats/constants/base_formatters.ts
+++ b/src/plugins/data/common/field_formats/constants/base_formatters.ts
@@ -23,7 +23,6 @@ import {
   BoolFormat,
   BytesFormat,
   ColorFormat,
-  DateNanosFormat,
   DurationFormat,
   IpFormat,
   NumberFormat,
@@ -40,7 +39,6 @@ export const baseFormatters: FieldFormatInstanceType[] = [
   BoolFormat,
   BytesFormat,
   ColorFormat,
-  DateNanosFormat,
   DurationFormat,
   IpFormat,
   NumberFormat,
diff --git a/src/plugins/data/common/field_formats/converters/date_nanos.test.ts b/src/plugins/data/common/field_formats/converters/date_nanos_shared.test.ts
similarity index 99%
rename from src/plugins/data/common/field_formats/converters/date_nanos.test.ts
rename to src/plugins/data/common/field_formats/converters/date_nanos_shared.test.ts
index 267f023e9b69dd..6843427d273ff7 100644
--- a/src/plugins/data/common/field_formats/converters/date_nanos.test.ts
+++ b/src/plugins/data/common/field_formats/converters/date_nanos_shared.test.ts
@@ -18,7 +18,7 @@
  */
 
 import moment from 'moment-timezone';
-import { DateNanosFormat, analysePatternForFract, formatWithNanos } from './date_nanos';
+import { DateNanosFormat, analysePatternForFract, formatWithNanos } from './date_nanos_shared';
 
 describe('Date Nanos Format', () => {
   let convert: Function;
diff --git a/src/plugins/data/common/field_formats/converters/date_nanos.ts b/src/plugins/data/common/field_formats/converters/date_nanos_shared.ts
similarity index 93%
rename from src/plugins/data/common/field_formats/converters/date_nanos.ts
rename to src/plugins/data/common/field_formats/converters/date_nanos_shared.ts
index 3fa2b1c276cd73..89a63243c76f07 100644
--- a/src/plugins/data/common/field_formats/converters/date_nanos.ts
+++ b/src/plugins/data/common/field_formats/converters/date_nanos_shared.ts
@@ -18,11 +18,9 @@
  */
 
 import { i18n } from '@kbn/i18n';
-import moment, { Moment } from 'moment';
 import { memoize, noop } from 'lodash';
-import { KBN_FIELD_TYPES } from '../../kbn_field_types/types';
-import { FieldFormat } from '../field_format';
-import { TextContextTypeConvert, FIELD_FORMAT_IDS } from '../types';
+import moment, { Moment } from 'moment';
+import { FieldFormat, FIELD_FORMAT_IDS, KBN_FIELD_TYPES, TextContextTypeConvert } from '../../';
 
 /**
  * Analyse the given moment.js format pattern for the fractional sec part (S,SS,SSS...)
@@ -76,9 +74,9 @@ export class DateNanosFormat extends FieldFormat {
   });
   static fieldType = KBN_FIELD_TYPES.DATE;
 
-  private memoizedConverter: Function = noop;
-  private memoizedPattern: string = '';
-  private timeZone: string = '';
+  protected memoizedConverter: Function = noop;
+  protected memoizedPattern: string = '';
+  protected timeZone: string = '';
 
   getParamDefaults() {
     return {
diff --git a/src/plugins/data/common/field_formats/converters/index.ts b/src/plugins/data/common/field_formats/converters/index.ts
index cc9fae7fc9965d..f71ddf5f781f77 100644
--- a/src/plugins/data/common/field_formats/converters/index.ts
+++ b/src/plugins/data/common/field_formats/converters/index.ts
@@ -19,7 +19,6 @@
 
 export { UrlFormat } from './url';
 export { BytesFormat } from './bytes';
-export { DateNanosFormat } from './date_nanos';
 export { RelativeDateFormat } from './relative_date';
 export { DurationFormat } from './duration';
 export { IpFormat } from './ip';
diff --git a/src/plugins/data/common/field_formats/field_formats_registry.ts b/src/plugins/data/common/field_formats/field_formats_registry.ts
index 74a942b51583df..84bedd2f9dee07 100644
--- a/src/plugins/data/common/field_formats/field_formats_registry.ts
+++ b/src/plugins/data/common/field_formats/field_formats_registry.ts
@@ -180,10 +180,18 @@ export class FieldFormatsRegistry {
    * @param  {ES_FIELD_TYPES[]} esTypes
    * @return {FieldFormat}
    */
-  getDefaultInstancePlain(fieldType: KBN_FIELD_TYPES, esTypes?: ES_FIELD_TYPES[]): FieldFormat {
+  getDefaultInstancePlain(
+    fieldType: KBN_FIELD_TYPES,
+    esTypes?: ES_FIELD_TYPES[],
+    params: Record<string, any> = {}
+  ): FieldFormat {
     const conf = this.getDefaultConfig(fieldType, esTypes);
+    const instanceParams = {
+      ...conf.params,
+      ...params,
+    };
 
-    return this.getInstance(conf.id, conf.params);
+    return this.getInstance(conf.id, instanceParams);
   }
   /**
    * Returns a cache key built by the given variables for caching in memoized
diff --git a/src/plugins/data/common/field_formats/index.ts b/src/plugins/data/common/field_formats/index.ts
index 104ff030873aa6..d622af2f663a14 100644
--- a/src/plugins/data/common/field_formats/index.ts
+++ b/src/plugins/data/common/field_formats/index.ts
@@ -27,7 +27,6 @@ export {
   BoolFormat,
   BytesFormat,
   ColorFormat,
-  DateNanosFormat,
   DurationFormat,
   IpFormat,
   NumberFormat,
diff --git a/src/plugins/data/public/field_formats/constants.ts b/src/plugins/data/public/field_formats/constants.ts
index a5c2b4e3799083..d5e292c0e78e52 100644
--- a/src/plugins/data/public/field_formats/constants.ts
+++ b/src/plugins/data/public/field_formats/constants.ts
@@ -18,6 +18,6 @@
  */
 
 import { baseFormatters } from '../../common';
-import { DateFormat } from './converters/date';
+import { DateFormat, DateNanosFormat } from './converters';
 
-export const baseFormattersPublic = [DateFormat, ...baseFormatters];
+export const baseFormattersPublic = [DateFormat, DateNanosFormat, ...baseFormatters];
diff --git a/src/plugins/data/public/field_formats/converters/date_nanos.ts b/src/plugins/data/public/field_formats/converters/date_nanos.ts
new file mode 100644
index 00000000000000..d83926826011ae
--- /dev/null
+++ b/src/plugins/data/public/field_formats/converters/date_nanos.ts
@@ -0,0 +1,20 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+export { DateNanosFormat } from '../../../common/field_formats/converters/date_nanos_shared';
diff --git a/src/plugins/data/public/field_formats/converters/index.ts b/src/plugins/data/public/field_formats/converters/index.ts
index c51111092becad..f5f154084242fd 100644
--- a/src/plugins/data/public/field_formats/converters/index.ts
+++ b/src/plugins/data/public/field_formats/converters/index.ts
@@ -18,3 +18,4 @@
  */
 
 export { DateFormat } from './date';
+export { DateNanosFormat } from './date_nanos';
diff --git a/src/plugins/data/public/field_formats/index.ts b/src/plugins/data/public/field_formats/index.ts
index 015d5b39561bb5..4525959fb864db 100644
--- a/src/plugins/data/public/field_formats/index.ts
+++ b/src/plugins/data/public/field_formats/index.ts
@@ -18,5 +18,5 @@
  */
 
 export { FieldFormatsService, FieldFormatsSetup, FieldFormatsStart } from './field_formats_service';
-export { DateFormat } from './converters';
+export { DateFormat, DateNanosFormat } from './converters';
 export { baseFormattersPublic } from './constants';
diff --git a/src/plugins/data/public/index.ts b/src/plugins/data/public/index.ts
index abec908b41c0f0..2efd1c82aae793 100644
--- a/src/plugins/data/public/index.ts
+++ b/src/plugins/data/public/index.ts
@@ -157,7 +157,6 @@ import {
   BoolFormat,
   BytesFormat,
   ColorFormat,
-  DateNanosFormat,
   DurationFormat,
   IpFormat,
   NumberFormat,
@@ -170,7 +169,7 @@ import {
   TruncateFormat,
 } from '../common/field_formats';
 
-import { DateFormat } from './field_formats';
+import { DateNanosFormat, DateFormat } from './field_formats';
 export { baseFormattersPublic } from './field_formats';
 
 // Field formats helpers namespace:
diff --git a/src/plugins/data/public/public.api.md b/src/plugins/data/public/public.api.md
index b532bacf5df252..0c23ba340304f6 100644
--- a/src/plugins/data/public/public.api.md
+++ b/src/plugins/data/public/public.api.md
@@ -246,11 +246,12 @@ export class AggParamType<TAggConfig extends IAggConfig = IAggConfig> extends Ba
     makeAgg: (agg: TAggConfig, state?: AggConfigSerialized) => TAggConfig;
 }
 
+// Warning: (ae-forgotten-export) The symbol "DateNanosFormat" needs to be exported by the entry point index.d.ts
 // Warning: (ae-forgotten-export) The symbol "DateFormat" needs to be exported by the entry point index.d.ts
 // Warning: (ae-missing-release-tag) "baseFormattersPublic" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal)
 //
 // @public (undocumented)
-export const baseFormattersPublic: (import("../../common").FieldFormatInstanceType | typeof DateFormat)[];
+export const baseFormattersPublic: (import("../../common").FieldFormatInstanceType | typeof DateNanosFormat | typeof DateFormat)[];
 
 // Warning: (ae-missing-release-tag) "BUCKET_TYPES" is exported by the package, but it is missing a release tag (@alpha, @beta, @public, or @internal)
 //
@@ -1955,42 +1956,41 @@ export const UI_SETTINGS: {
 // src/plugins/data/public/index.ts:136:21 - (ae-forgotten-export) The symbol "getEsQueryConfig" needs to be exported by the entry point index.d.ts
 // src/plugins/data/public/index.ts:136:21 - (ae-forgotten-export) The symbol "luceneStringToDsl" needs to be exported by the entry point index.d.ts
 // src/plugins/data/public/index.ts:136:21 - (ae-forgotten-export) The symbol "decorateQuery" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:177:26 - (ae-forgotten-export) The symbol "FieldFormatsRegistry" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:177:26 - (ae-forgotten-export) The symbol "BoolFormat" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:177:26 - (ae-forgotten-export) The symbol "BytesFormat" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:177:26 - (ae-forgotten-export) The symbol "ColorFormat" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:177:26 - (ae-forgotten-export) The symbol "DateNanosFormat" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:177:26 - (ae-forgotten-export) The symbol "DurationFormat" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:177:26 - (ae-forgotten-export) The symbol "IpFormat" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:177:26 - (ae-forgotten-export) The symbol "NumberFormat" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:177:26 - (ae-forgotten-export) The symbol "PercentFormat" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:177:26 - (ae-forgotten-export) The symbol "RelativeDateFormat" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:177:26 - (ae-forgotten-export) The symbol "SourceFormat" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:177:26 - (ae-forgotten-export) The symbol "StaticLookupFormat" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:177:26 - (ae-forgotten-export) The symbol "UrlFormat" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:177:26 - (ae-forgotten-export) The symbol "StringFormat" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:177:26 - (ae-forgotten-export) The symbol "TruncateFormat" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:233:27 - (ae-forgotten-export) The symbol "isFilterable" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:233:27 - (ae-forgotten-export) The symbol "isNestedField" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:233:27 - (ae-forgotten-export) The symbol "validateIndexPattern" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:233:27 - (ae-forgotten-export) The symbol "getFromSavedObject" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:233:27 - (ae-forgotten-export) The symbol "flattenHitWrapper" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:233:27 - (ae-forgotten-export) The symbol "formatHitProvider" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:370:20 - (ae-forgotten-export) The symbol "getRequestInspectorStats" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:370:20 - (ae-forgotten-export) The symbol "getResponseInspectorStats" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:370:20 - (ae-forgotten-export) The symbol "tabifyAggResponse" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:370:20 - (ae-forgotten-export) The symbol "tabifyGetColumns" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:372:1 - (ae-forgotten-export) The symbol "CidrMask" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:373:1 - (ae-forgotten-export) The symbol "dateHistogramInterval" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:382:1 - (ae-forgotten-export) The symbol "InvalidEsCalendarIntervalError" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:383:1 - (ae-forgotten-export) The symbol "InvalidEsIntervalFormatError" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:384:1 - (ae-forgotten-export) The symbol "Ipv4Address" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:385:1 - (ae-forgotten-export) The symbol "isDateHistogramBucketAggConfig" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:389:1 - (ae-forgotten-export) The symbol "isValidEsInterval" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:390:1 - (ae-forgotten-export) The symbol "isValidInterval" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:393:1 - (ae-forgotten-export) The symbol "parseInterval" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:394:1 - (ae-forgotten-export) The symbol "propFilter" needs to be exported by the entry point index.d.ts
-// src/plugins/data/public/index.ts:397:1 - (ae-forgotten-export) The symbol "toAbsoluteDates" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:176:26 - (ae-forgotten-export) The symbol "FieldFormatsRegistry" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:176:26 - (ae-forgotten-export) The symbol "BoolFormat" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:176:26 - (ae-forgotten-export) The symbol "BytesFormat" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:176:26 - (ae-forgotten-export) The symbol "ColorFormat" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:176:26 - (ae-forgotten-export) The symbol "DurationFormat" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:176:26 - (ae-forgotten-export) The symbol "IpFormat" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:176:26 - (ae-forgotten-export) The symbol "NumberFormat" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:176:26 - (ae-forgotten-export) The symbol "PercentFormat" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:176:26 - (ae-forgotten-export) The symbol "RelativeDateFormat" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:176:26 - (ae-forgotten-export) The symbol "SourceFormat" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:176:26 - (ae-forgotten-export) The symbol "StaticLookupFormat" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:176:26 - (ae-forgotten-export) The symbol "UrlFormat" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:176:26 - (ae-forgotten-export) The symbol "StringFormat" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:176:26 - (ae-forgotten-export) The symbol "TruncateFormat" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:232:27 - (ae-forgotten-export) The symbol "isFilterable" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:232:27 - (ae-forgotten-export) The symbol "isNestedField" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:232:27 - (ae-forgotten-export) The symbol "validateIndexPattern" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:232:27 - (ae-forgotten-export) The symbol "getFromSavedObject" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:232:27 - (ae-forgotten-export) The symbol "flattenHitWrapper" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:232:27 - (ae-forgotten-export) The symbol "formatHitProvider" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:369:20 - (ae-forgotten-export) The symbol "getRequestInspectorStats" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:369:20 - (ae-forgotten-export) The symbol "getResponseInspectorStats" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:369:20 - (ae-forgotten-export) The symbol "tabifyAggResponse" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:369:20 - (ae-forgotten-export) The symbol "tabifyGetColumns" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:371:1 - (ae-forgotten-export) The symbol "CidrMask" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:372:1 - (ae-forgotten-export) The symbol "dateHistogramInterval" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:381:1 - (ae-forgotten-export) The symbol "InvalidEsCalendarIntervalError" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:382:1 - (ae-forgotten-export) The symbol "InvalidEsIntervalFormatError" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:383:1 - (ae-forgotten-export) The symbol "Ipv4Address" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:384:1 - (ae-forgotten-export) The symbol "isDateHistogramBucketAggConfig" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:388:1 - (ae-forgotten-export) The symbol "isValidEsInterval" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:389:1 - (ae-forgotten-export) The symbol "isValidInterval" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:392:1 - (ae-forgotten-export) The symbol "parseInterval" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:393:1 - (ae-forgotten-export) The symbol "propFilter" needs to be exported by the entry point index.d.ts
+// src/plugins/data/public/index.ts:396:1 - (ae-forgotten-export) The symbol "toAbsoluteDates" needs to be exported by the entry point index.d.ts
 // src/plugins/data/public/query/state_sync/connect_to_query_state.ts:41:60 - (ae-forgotten-export) The symbol "FilterStateStore" needs to be exported by the entry point index.d.ts
 // src/plugins/data/public/types.ts:52:5 - (ae-forgotten-export) The symbol "createFiltersFromValueClickAction" needs to be exported by the entry point index.d.ts
 // src/plugins/data/public/types.ts:53:5 - (ae-forgotten-export) The symbol "createFiltersFromRangeSelectAction" needs to be exported by the entry point index.d.ts
diff --git a/src/plugins/data/server/field_formats/converters/date_nanos_server.test.ts b/src/plugins/data/server/field_formats/converters/date_nanos_server.test.ts
new file mode 100644
index 00000000000000..ba8e128f32728b
--- /dev/null
+++ b/src/plugins/data/server/field_formats/converters/date_nanos_server.test.ts
@@ -0,0 +1,74 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import { DateNanosFormat } from './date_nanos_server';
+import { FieldFormatsGetConfigFn } from 'src/plugins/data/common';
+
+describe('Date Nanos Format: Server side edition', () => {
+  let convert: Function;
+  let mockConfig: Record<string, any>;
+  let getConfig: FieldFormatsGetConfigFn;
+
+  const dateTime = '2019-05-05T14:04:56.201900001Z';
+
+  beforeEach(() => {
+    mockConfig = {};
+    mockConfig.dateNanosFormat = 'MMMM Do YYYY, HH:mm:ss.SSSSSSSSS';
+    mockConfig['dateFormat:tz'] = 'Browser';
+
+    getConfig = (key: string) => mockConfig[key];
+  });
+
+  test('should format according to the given timezone parameter', () => {
+    const dateNy = new DateNanosFormat({ timezone: 'America/New_York' }, getConfig);
+    convert = dateNy.convert.bind(dateNy);
+    expect(convert(dateTime)).toMatchInlineSnapshot(`"May 5th 2019, 10:04:56.201900001"`);
+
+    const datePhx = new DateNanosFormat({ timezone: 'America/Phoenix' }, getConfig);
+    convert = datePhx.convert.bind(datePhx);
+    expect(convert(dateTime)).toMatchInlineSnapshot(`"May 5th 2019, 07:04:56.201900001"`);
+  });
+
+  test('should format according to UTC if no timezone parameter is given or exists in settings', () => {
+    const utcFormat = 'May 5th 2019, 14:04:56.201900001';
+    const dateUtc = new DateNanosFormat({ timezone: 'UTC' }, getConfig);
+    convert = dateUtc.convert.bind(dateUtc);
+    expect(convert(dateTime)).toBe(utcFormat);
+
+    const dateDefault = new DateNanosFormat({}, getConfig);
+    convert = dateDefault.convert.bind(dateDefault);
+    expect(convert(dateTime)).toBe(utcFormat);
+  });
+
+  test('should format according to dateFormat:tz if the setting is not "Browser"', () => {
+    mockConfig['dateFormat:tz'] = 'America/Phoenix';
+
+    const date = new DateNanosFormat({}, getConfig);
+    convert = date.convert.bind(date);
+    expect(convert(dateTime)).toMatchInlineSnapshot(`"May 5th 2019, 07:04:56.201900001"`);
+  });
+
+  test('should defer to meta params for timezone, not the UI config', () => {
+    mockConfig['dateFormat:tz'] = 'America/Phoenix';
+
+    const date = new DateNanosFormat({ timezone: 'America/New_York' }, getConfig);
+    convert = date.convert.bind(date);
+    expect(convert(dateTime)).toMatchInlineSnapshot(`"May 5th 2019, 10:04:56.201900001"`);
+  });
+});
diff --git a/src/plugins/data/server/field_formats/converters/date_nanos_server.ts b/src/plugins/data/server/field_formats/converters/date_nanos_server.ts
new file mode 100644
index 00000000000000..299b2aac93d49d
--- /dev/null
+++ b/src/plugins/data/server/field_formats/converters/date_nanos_server.ts
@@ -0,0 +1,79 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import { memoize } from 'lodash';
+import moment from 'moment-timezone';
+import {
+  analysePatternForFract,
+  DateNanosFormat,
+  formatWithNanos,
+} from '../../../common/field_formats/converters/date_nanos_shared';
+import { TextContextTypeConvert } from '../../../common';
+
+class DateNanosFormatServer extends DateNanosFormat {
+  textConvert: TextContextTypeConvert = (val) => {
+    // don't give away our ref to converter so
+    // we can hot-swap when config changes
+    const pattern = this.param('pattern');
+    const timezone = this.param('timezone');
+    const fractPattern = analysePatternForFract(pattern);
+    const fallbackPattern = this.param('patternFallback');
+
+    const timezoneChanged = this.timeZone !== timezone;
+    const datePatternChanged = this.memoizedPattern !== pattern;
+    if (timezoneChanged || datePatternChanged) {
+      this.timeZone = timezone;
+      this.memoizedPattern = pattern;
+
+      this.memoizedConverter = memoize((value: any) => {
+        if (value === null || value === undefined) {
+          return '-';
+        }
+
+        /* On the server, importing moment returns a new instance. Unlike on
+         * the client side, it doesn't have the dateFormat:tz configuration
+         * baked in.
+         * We need to set the timezone manually here. The date is taken in as
+         * UTC and converted into the desired timezone. */
+        let date;
+        if (this.timeZone === 'Browser') {
+          // Assume a warning has been logged that this can be unpredictable. It
+          // would be too verbose to log anything here.
+          date = moment.utc(val);
+        } else {
+          date = moment.utc(val).tz(this.timeZone);
+        }
+
+        if (typeof value !== 'string' && date.isValid()) {
+          // fallback for max/min aggregation, where unixtime in ms is returned as a number
+          // aggregations in Elasticsearch generally just return ms
+          return date.format(fallbackPattern);
+        } else if (date.isValid()) {
+          return formatWithNanos(date, value, fractPattern);
+        } else {
+          return value;
+        }
+      });
+    }
+
+    return this.memoizedConverter(val);
+  };
+}
+
+export { DateNanosFormatServer as DateNanosFormat };
diff --git a/src/plugins/data/server/field_formats/converters/index.ts b/src/plugins/data/server/field_formats/converters/index.ts
index f5c69df9728699..1c6b827e2fbb5c 100644
--- a/src/plugins/data/server/field_formats/converters/index.ts
+++ b/src/plugins/data/server/field_formats/converters/index.ts
@@ -18,3 +18,4 @@
  */
 
 export { DateFormat } from './date_server';
+export { DateNanosFormat } from './date_nanos_server';
diff --git a/src/plugins/data/server/field_formats/field_formats_service.ts b/src/plugins/data/server/field_formats/field_formats_service.ts
index 70584efbee0a0e..cafb88de4b893b 100644
--- a/src/plugins/data/server/field_formats/field_formats_service.ts
+++ b/src/plugins/data/server/field_formats/field_formats_service.ts
@@ -23,10 +23,14 @@ import {
   baseFormatters,
 } from '../../common/field_formats';
 import { IUiSettingsClient } from '../../../../core/server';
-import { DateFormat } from './converters';
+import { DateFormat, DateNanosFormat } from './converters';
 
 export class FieldFormatsService {
-  private readonly fieldFormatClasses: FieldFormatInstanceType[] = [DateFormat, ...baseFormatters];
+  private readonly fieldFormatClasses: FieldFormatInstanceType[] = [
+    DateFormat,
+    DateNanosFormat,
+    ...baseFormatters,
+  ];
 
   public setup() {
     return {
diff --git a/src/plugins/data/server/index.ts b/src/plugins/data/server/index.ts
index 0dd0115add8ad0..b94238dcf96a4b 100644
--- a/src/plugins/data/server/index.ts
+++ b/src/plugins/data/server/index.ts
@@ -86,7 +86,6 @@ import {
   BoolFormat,
   BytesFormat,
   ColorFormat,
-  DateNanosFormat,
   DurationFormat,
   IpFormat,
   NumberFormat,
@@ -105,7 +104,6 @@ export const fieldFormats = {
   BoolFormat,
   BytesFormat,
   ColorFormat,
-  DateNanosFormat,
   DurationFormat,
   IpFormat,
   NumberFormat,
diff --git a/src/plugins/data/server/server.api.md b/src/plugins/data/server/server.api.md
index 6b62d942de6886..1fe03119c789de 100644
--- a/src/plugins/data/server/server.api.md
+++ b/src/plugins/data/server/server.api.md
@@ -295,7 +295,6 @@ export const fieldFormats: {
     BoolFormat: typeof BoolFormat;
     BytesFormat: typeof BytesFormat;
     ColorFormat: typeof ColorFormat;
-    DateNanosFormat: typeof DateNanosFormat;
     DurationFormat: typeof DurationFormat;
     IpFormat: typeof IpFormat;
     NumberFormat: typeof NumberFormat;
@@ -804,31 +803,30 @@ export const UI_SETTINGS: {
 // src/plugins/data/server/index.ts:40:23 - (ae-forgotten-export) The symbol "buildFilter" needs to be exported by the entry point index.d.ts
 // src/plugins/data/server/index.ts:71:21 - (ae-forgotten-export) The symbol "getEsQueryConfig" needs to be exported by the entry point index.d.ts
 // src/plugins/data/server/index.ts:71:21 - (ae-forgotten-export) The symbol "buildEsQuery" needs to be exported by the entry point index.d.ts
-// src/plugins/data/server/index.ts:102:26 - (ae-forgotten-export) The symbol "FieldFormatsRegistry" needs to be exported by the entry point index.d.ts
-// src/plugins/data/server/index.ts:102:26 - (ae-forgotten-export) The symbol "FieldFormat" needs to be exported by the entry point index.d.ts
-// src/plugins/data/server/index.ts:102:26 - (ae-forgotten-export) The symbol "BoolFormat" needs to be exported by the entry point index.d.ts
-// src/plugins/data/server/index.ts:102:26 - (ae-forgotten-export) The symbol "BytesFormat" needs to be exported by the entry point index.d.ts
-// src/plugins/data/server/index.ts:102:26 - (ae-forgotten-export) The symbol "ColorFormat" needs to be exported by the entry point index.d.ts
-// src/plugins/data/server/index.ts:102:26 - (ae-forgotten-export) The symbol "DateNanosFormat" needs to be exported by the entry point index.d.ts
-// src/plugins/data/server/index.ts:102:26 - (ae-forgotten-export) The symbol "DurationFormat" needs to be exported by the entry point index.d.ts
-// src/plugins/data/server/index.ts:102:26 - (ae-forgotten-export) The symbol "IpFormat" needs to be exported by the entry point index.d.ts
-// src/plugins/data/server/index.ts:102:26 - (ae-forgotten-export) The symbol "NumberFormat" needs to be exported by the entry point index.d.ts
-// src/plugins/data/server/index.ts:102:26 - (ae-forgotten-export) The symbol "PercentFormat" needs to be exported by the entry point index.d.ts
-// src/plugins/data/server/index.ts:102:26 - (ae-forgotten-export) The symbol "RelativeDateFormat" needs to be exported by the entry point index.d.ts
-// src/plugins/data/server/index.ts:102:26 - (ae-forgotten-export) The symbol "SourceFormat" needs to be exported by the entry point index.d.ts
-// src/plugins/data/server/index.ts:102:26 - (ae-forgotten-export) The symbol "StaticLookupFormat" needs to be exported by the entry point index.d.ts
-// src/plugins/data/server/index.ts:102:26 - (ae-forgotten-export) The symbol "UrlFormat" needs to be exported by the entry point index.d.ts
-// src/plugins/data/server/index.ts:102:26 - (ae-forgotten-export) The symbol "StringFormat" needs to be exported by the entry point index.d.ts
-// src/plugins/data/server/index.ts:102:26 - (ae-forgotten-export) The symbol "TruncateFormat" needs to be exported by the entry point index.d.ts
-// src/plugins/data/server/index.ts:129:27 - (ae-forgotten-export) The symbol "isFilterable" needs to be exported by the entry point index.d.ts
-// src/plugins/data/server/index.ts:129:27 - (ae-forgotten-export) The symbol "isNestedField" needs to be exported by the entry point index.d.ts
-// src/plugins/data/server/index.ts:185:1 - (ae-forgotten-export) The symbol "dateHistogramInterval" needs to be exported by the entry point index.d.ts
-// src/plugins/data/server/index.ts:186:1 - (ae-forgotten-export) The symbol "InvalidEsCalendarIntervalError" needs to be exported by the entry point index.d.ts
-// src/plugins/data/server/index.ts:187:1 - (ae-forgotten-export) The symbol "InvalidEsIntervalFormatError" needs to be exported by the entry point index.d.ts
-// src/plugins/data/server/index.ts:188:1 - (ae-forgotten-export) The symbol "Ipv4Address" needs to be exported by the entry point index.d.ts
-// src/plugins/data/server/index.ts:189:1 - (ae-forgotten-export) The symbol "isValidEsInterval" needs to be exported by the entry point index.d.ts
-// src/plugins/data/server/index.ts:190:1 - (ae-forgotten-export) The symbol "isValidInterval" needs to be exported by the entry point index.d.ts
-// src/plugins/data/server/index.ts:193:1 - (ae-forgotten-export) The symbol "toAbsoluteDates" needs to be exported by the entry point index.d.ts
+// src/plugins/data/server/index.ts:101:26 - (ae-forgotten-export) The symbol "FieldFormatsRegistry" needs to be exported by the entry point index.d.ts
+// src/plugins/data/server/index.ts:101:26 - (ae-forgotten-export) The symbol "FieldFormat" needs to be exported by the entry point index.d.ts
+// src/plugins/data/server/index.ts:101:26 - (ae-forgotten-export) The symbol "BoolFormat" needs to be exported by the entry point index.d.ts
+// src/plugins/data/server/index.ts:101:26 - (ae-forgotten-export) The symbol "BytesFormat" needs to be exported by the entry point index.d.ts
+// src/plugins/data/server/index.ts:101:26 - (ae-forgotten-export) The symbol "ColorFormat" needs to be exported by the entry point index.d.ts
+// src/plugins/data/server/index.ts:101:26 - (ae-forgotten-export) The symbol "DurationFormat" needs to be exported by the entry point index.d.ts
+// src/plugins/data/server/index.ts:101:26 - (ae-forgotten-export) The symbol "IpFormat" needs to be exported by the entry point index.d.ts
+// src/plugins/data/server/index.ts:101:26 - (ae-forgotten-export) The symbol "NumberFormat" needs to be exported by the entry point index.d.ts
+// src/plugins/data/server/index.ts:101:26 - (ae-forgotten-export) The symbol "PercentFormat" needs to be exported by the entry point index.d.ts
+// src/plugins/data/server/index.ts:101:26 - (ae-forgotten-export) The symbol "RelativeDateFormat" needs to be exported by the entry point index.d.ts
+// src/plugins/data/server/index.ts:101:26 - (ae-forgotten-export) The symbol "SourceFormat" needs to be exported by the entry point index.d.ts
+// src/plugins/data/server/index.ts:101:26 - (ae-forgotten-export) The symbol "StaticLookupFormat" needs to be exported by the entry point index.d.ts
+// src/plugins/data/server/index.ts:101:26 - (ae-forgotten-export) The symbol "UrlFormat" needs to be exported by the entry point index.d.ts
+// src/plugins/data/server/index.ts:101:26 - (ae-forgotten-export) The symbol "StringFormat" needs to be exported by the entry point index.d.ts
+// src/plugins/data/server/index.ts:101:26 - (ae-forgotten-export) The symbol "TruncateFormat" needs to be exported by the entry point index.d.ts
+// src/plugins/data/server/index.ts:127:27 - (ae-forgotten-export) The symbol "isFilterable" needs to be exported by the entry point index.d.ts
+// src/plugins/data/server/index.ts:127:27 - (ae-forgotten-export) The symbol "isNestedField" needs to be exported by the entry point index.d.ts
+// src/plugins/data/server/index.ts:183:1 - (ae-forgotten-export) The symbol "dateHistogramInterval" needs to be exported by the entry point index.d.ts
+// src/plugins/data/server/index.ts:184:1 - (ae-forgotten-export) The symbol "InvalidEsCalendarIntervalError" needs to be exported by the entry point index.d.ts
+// src/plugins/data/server/index.ts:185:1 - (ae-forgotten-export) The symbol "InvalidEsIntervalFormatError" needs to be exported by the entry point index.d.ts
+// src/plugins/data/server/index.ts:186:1 - (ae-forgotten-export) The symbol "Ipv4Address" needs to be exported by the entry point index.d.ts
+// src/plugins/data/server/index.ts:187:1 - (ae-forgotten-export) The symbol "isValidEsInterval" needs to be exported by the entry point index.d.ts
+// src/plugins/data/server/index.ts:188:1 - (ae-forgotten-export) The symbol "isValidInterval" needs to be exported by the entry point index.d.ts
+// src/plugins/data/server/index.ts:191:1 - (ae-forgotten-export) The symbol "toAbsoluteDates" needs to be exported by the entry point index.d.ts
 
 // (No @packageDocumentation comment for this package)
 
diff --git a/src/plugins/maps_legacy/server/index.ts b/src/plugins/maps_legacy/server/index.ts
index 18f58189fc6077..5da3ce1a84408c 100644
--- a/src/plugins/maps_legacy/server/index.ts
+++ b/src/plugins/maps_legacy/server/index.ts
@@ -17,8 +17,9 @@
  * under the License.
  */
 
-import { PluginConfigDescriptor } from 'kibana/server';
-import { PluginInitializerContext } from 'kibana/public';
+import { Plugin, PluginConfigDescriptor } from 'kibana/server';
+import { PluginInitializerContext } from 'src/core/server';
+import { Observable } from 'rxjs';
 import { configSchema, ConfigSchema } from '../config';
 
 export const config: PluginConfigDescriptor<ConfigSchema> = {
@@ -37,13 +38,27 @@ export const config: PluginConfigDescriptor<ConfigSchema> = {
   schema: configSchema,
 };
 
-export const plugin = (initializerContext: PluginInitializerContext) => ({
-  setup() {
+export interface MapsLegacyPluginSetup {
+  config$: Observable<ConfigSchema>;
+}
+
+export class MapsLegacyPlugin implements Plugin<MapsLegacyPluginSetup> {
+  readonly _initializerContext: PluginInitializerContext<ConfigSchema>;
+
+  constructor(initializerContext: PluginInitializerContext<ConfigSchema>) {
+    this._initializerContext = initializerContext;
+  }
+
+  public setup() {
     // @ts-ignore
-    const config$ = initializerContext.config.create();
+    const config$ = this._initializerContext.config.create();
     return {
-      config: config$,
+      config$,
     };
-  },
-  start() {},
-});
+  }
+
+  public start() {}
+}
+
+export const plugin = (initializerContext: PluginInitializerContext) =>
+  new MapsLegacyPlugin(initializerContext);
diff --git a/test/api_integration/apis/saved_objects/bulk_create.js b/test/api_integration/apis/saved_objects/bulk_create.js
index 6cb9d5dccdc9a7..7db968df8357a9 100644
--- a/test/api_integration/apis/saved_objects/bulk_create.js
+++ b/test/api_integration/apis/saved_objects/bulk_create.js
@@ -76,6 +76,7 @@ export default function ({ getService }) {
                     dashboard: resp.body.saved_objects[1].migrationVersion.dashboard,
                   },
                   references: [],
+                  namespaces: ['default'],
                 },
               ],
             });
@@ -121,6 +122,7 @@ export default function ({ getService }) {
                     title: 'An existing visualization',
                   },
                   references: [],
+                  namespaces: ['default'],
                   migrationVersion: {
                     visualization: resp.body.saved_objects[0].migrationVersion.visualization,
                   },
@@ -134,6 +136,7 @@ export default function ({ getService }) {
                     title: 'A great new dashboard',
                   },
                   references: [],
+                  namespaces: ['default'],
                   migrationVersion: {
                     dashboard: resp.body.saved_objects[1].migrationVersion.dashboard,
                   },
diff --git a/test/api_integration/apis/saved_objects/bulk_get.js b/test/api_integration/apis/saved_objects/bulk_get.js
index c802d529130651..56ee5a69be23ed 100644
--- a/test/api_integration/apis/saved_objects/bulk_get.js
+++ b/test/api_integration/apis/saved_objects/bulk_get.js
@@ -68,6 +68,7 @@ export default function ({ getService }) {
                       resp.body.saved_objects[0].attributes.kibanaSavedObjectMeta,
                   },
                   migrationVersion: resp.body.saved_objects[0].migrationVersion,
+                  namespaces: ['default'],
                   references: [
                     {
                       name: 'kibanaSavedObjectMeta.searchSourceJSON.index',
@@ -94,6 +95,7 @@ export default function ({ getService }) {
                     buildNum: 8467,
                     defaultIndex: '91200a00-9efd-11e7-acb3-3dab96693fab',
                   },
+                  namespaces: ['default'],
                   migrationVersion: resp.body.saved_objects[2].migrationVersion,
                   references: [],
                 },
diff --git a/test/api_integration/apis/saved_objects/bulk_update.js b/test/api_integration/apis/saved_objects/bulk_update.js
index e3f994ff224e87..973ce382ea8130 100644
--- a/test/api_integration/apis/saved_objects/bulk_update.js
+++ b/test/api_integration/apis/saved_objects/bulk_update.js
@@ -65,6 +65,7 @@ export default function ({ getService }) {
           attributes: {
             title: 'An existing visualization',
           },
+          namespaces: ['default'],
         });
 
         expect(secondObject)
@@ -77,6 +78,7 @@ export default function ({ getService }) {
           attributes: {
             title: 'An existing dashboard',
           },
+          namespaces: ['default'],
         });
       });
 
@@ -233,6 +235,7 @@ export default function ({ getService }) {
             attributes: {
               title: 'An existing dashboard',
             },
+            namespaces: ['default'],
           });
         });
       });
diff --git a/test/api_integration/apis/saved_objects/create.js b/test/api_integration/apis/saved_objects/create.js
index eddda3aded1419..c1300125441bcb 100644
--- a/test/api_integration/apis/saved_objects/create.js
+++ b/test/api_integration/apis/saved_objects/create.js
@@ -58,6 +58,7 @@ export default function ({ getService }) {
                 title: 'My favorite vis',
               },
               references: [],
+              namespaces: ['default'],
             });
             expect(resp.body.migrationVersion).to.be.ok();
           });
@@ -104,6 +105,7 @@ export default function ({ getService }) {
                 title: 'My favorite vis',
               },
               references: [],
+              namespaces: ['default'],
             });
             expect(resp.body.migrationVersion).to.be.ok();
           });
diff --git a/test/api_integration/apis/saved_objects/find.js b/test/api_integration/apis/saved_objects/find.js
index 7cb5955e4a43d9..f129bf22840da3 100644
--- a/test/api_integration/apis/saved_objects/find.js
+++ b/test/api_integration/apis/saved_objects/find.js
@@ -48,6 +48,7 @@ export default function ({ getService }) {
                   },
                   score: 0,
                   migrationVersion: resp.body.saved_objects[0].migrationVersion,
+                  namespaces: ['default'],
                   references: [
                     {
                       id: '91200a00-9efd-11e7-acb3-3dab96693fab',
@@ -107,6 +108,93 @@ export default function ({ getService }) {
             }));
       });
 
+      describe('unknown namespace', () => {
+        it('should return 200 with empty response', async () =>
+          await supertest
+            .get('/api/saved_objects/_find?type=visualization&namespaces=foo')
+            .expect(200)
+            .then((resp) => {
+              expect(resp.body).to.eql({
+                page: 1,
+                per_page: 20,
+                total: 0,
+                saved_objects: [],
+              });
+            }));
+      });
+
+      describe('known namespace', () => {
+        it('should return 200 with individual responses', async () =>
+          await supertest
+            .get('/api/saved_objects/_find?type=visualization&fields=title&namespaces=default')
+            .expect(200)
+            .then((resp) => {
+              expect(resp.body).to.eql({
+                page: 1,
+                per_page: 20,
+                total: 1,
+                saved_objects: [
+                  {
+                    type: 'visualization',
+                    id: 'dd7caf20-9efd-11e7-acb3-3dab96693fab',
+                    version: 'WzIsMV0=',
+                    attributes: {
+                      title: 'Count of requests',
+                    },
+                    migrationVersion: resp.body.saved_objects[0].migrationVersion,
+                    namespaces: ['default'],
+                    score: 0,
+                    references: [
+                      {
+                        id: '91200a00-9efd-11e7-acb3-3dab96693fab',
+                        name: 'kibanaSavedObjectMeta.searchSourceJSON.index',
+                        type: 'index-pattern',
+                      },
+                    ],
+                    updated_at: '2017-09-21T18:51:23.794Z',
+                  },
+                ],
+              });
+              expect(resp.body.saved_objects[0].migrationVersion).to.be.ok();
+            }));
+      });
+
+      describe('wildcard namespace', () => {
+        it('should return 200 with individual responses from the default namespace', async () =>
+          await supertest
+            .get('/api/saved_objects/_find?type=visualization&fields=title&namespaces=*')
+            .expect(200)
+            .then((resp) => {
+              expect(resp.body).to.eql({
+                page: 1,
+                per_page: 20,
+                total: 1,
+                saved_objects: [
+                  {
+                    type: 'visualization',
+                    id: 'dd7caf20-9efd-11e7-acb3-3dab96693fab',
+                    version: 'WzIsMV0=',
+                    attributes: {
+                      title: 'Count of requests',
+                    },
+                    migrationVersion: resp.body.saved_objects[0].migrationVersion,
+                    namespaces: ['default'],
+                    score: 0,
+                    references: [
+                      {
+                        id: '91200a00-9efd-11e7-acb3-3dab96693fab',
+                        name: 'kibanaSavedObjectMeta.searchSourceJSON.index',
+                        type: 'index-pattern',
+                      },
+                    ],
+                    updated_at: '2017-09-21T18:51:23.794Z',
+                  },
+                ],
+              });
+              expect(resp.body.saved_objects[0].migrationVersion).to.be.ok();
+            }));
+      });
+
       describe('with a filter', () => {
         it('should return 200 with a valid response', async () =>
           await supertest
@@ -135,6 +223,7 @@ export default function ({ getService }) {
                             .searchSourceJSON,
                       },
                     },
+                    namespaces: ['default'],
                     score: 0,
                     references: [
                       {
diff --git a/test/api_integration/apis/saved_objects/get.js b/test/api_integration/apis/saved_objects/get.js
index 55dfda251a75a6..6bb5cf0c8a7ff2 100644
--- a/test/api_integration/apis/saved_objects/get.js
+++ b/test/api_integration/apis/saved_objects/get.js
@@ -56,6 +56,7 @@ export default function ({ getService }) {
                   id: '91200a00-9efd-11e7-acb3-3dab96693fab',
                 },
               ],
+              namespaces: ['default'],
             });
             expect(resp.body.migrationVersion).to.be.ok();
           }));
diff --git a/test/api_integration/apis/saved_objects/update.js b/test/api_integration/apis/saved_objects/update.js
index d613f46878bb53..7803c39897f283 100644
--- a/test/api_integration/apis/saved_objects/update.js
+++ b/test/api_integration/apis/saved_objects/update.js
@@ -56,6 +56,7 @@ export default function ({ getService }) {
               attributes: {
                 title: 'My second favorite vis',
               },
+              namespaces: ['default'],
             });
           });
       });
diff --git a/test/api_integration/apis/saved_objects_management/find.ts b/test/api_integration/apis/saved_objects_management/find.ts
index b5154d619685aa..08c4327d7c0c46 100644
--- a/test/api_integration/apis/saved_objects_management/find.ts
+++ b/test/api_integration/apis/saved_objects_management/find.ts
@@ -49,6 +49,7 @@ export default function ({ getService }: FtrProviderContext) {
                     title: 'Count of requests',
                   },
                   migrationVersion: resp.body.saved_objects[0].migrationVersion,
+                  namespaces: ['default'],
                   references: [
                     {
                       id: '91200a00-9efd-11e7-acb3-3dab96693fab',
diff --git a/x-pack/plugins/canvas/.storybook/storyshots.test.js b/x-pack/plugins/canvas/.storybook/storyshots.test.js
index a3412c3a14e797..7195b97712464a 100644
--- a/x-pack/plugins/canvas/.storybook/storyshots.test.js
+++ b/x-pack/plugins/canvas/.storybook/storyshots.test.js
@@ -84,6 +84,10 @@ import { RenderedElement } from '../shareable_runtime/components/rendered_elemen
 jest.mock('../shareable_runtime/components/rendered_element');
 RenderedElement.mockImplementation(() => 'RenderedElement');
 
+import { EuiObserver } from '@elastic/eui/test-env/components/observer/observer';
+jest.mock('@elastic/eui/test-env/components/observer/observer');
+EuiObserver.mockImplementation(() => 'EuiObserver');
+
 addSerializer(styleSheetSerializer);
 
 // Initialize Storyshots and build the Jest Snapshots
diff --git a/x-pack/plugins/canvas/__tests__/fixtures/workpads.ts b/x-pack/plugins/canvas/__tests__/fixtures/workpads.ts
index 271fc7a9790577..4b1f31cb14687a 100644
--- a/x-pack/plugins/canvas/__tests__/fixtures/workpads.ts
+++ b/x-pack/plugins/canvas/__tests__/fixtures/workpads.ts
@@ -25,6 +25,7 @@ const BaseWorkpad: CanvasWorkpad = {
   pages: [],
   colors: [],
   isWriteable: true,
+  variables: [],
 };
 
 const BasePage: CanvasPage = {
diff --git a/x-pack/plugins/canvas/canvas_plugin_src/uis/datasources/esdocs.js b/x-pack/plugins/canvas/canvas_plugin_src/uis/datasources/esdocs.js
index 7384986fa5c2bf..618fe756ba0a43 100644
--- a/x-pack/plugins/canvas/canvas_plugin_src/uis/datasources/esdocs.js
+++ b/x-pack/plugins/canvas/canvas_plugin_src/uis/datasources/esdocs.js
@@ -107,7 +107,7 @@ const EsdocsDatasource = ({ args, updateArgs, defaultIndex }) => {
       <EuiAccordion
         id="accordionAdvancedSettings"
         buttonContent="Advanced settings"
-        className="canvasArg__accordion"
+        className="canvasSidebar__accordion"
       >
         <EuiSpacer size="s" />
         <EuiFormRow label={strings.getSortFieldTitle()} display="columnCompressed">
diff --git a/x-pack/plugins/canvas/i18n/components.ts b/x-pack/plugins/canvas/i18n/components.ts
index 8acda5da4f0d26..78083f26a38b1b 100644
--- a/x-pack/plugins/canvas/i18n/components.ts
+++ b/x-pack/plugins/canvas/i18n/components.ts
@@ -545,7 +545,7 @@ export const ComponentStrings = {
       }),
     getTitle: () =>
       i18n.translate('xpack.canvas.pageConfig.title', {
-        defaultMessage: 'Page styles',
+        defaultMessage: 'Page settings',
       }),
     getTransitionLabel: () =>
       i18n.translate('xpack.canvas.pageConfig.transitionLabel', {
@@ -899,6 +899,144 @@ export const ComponentStrings = {
         defaultMessage: 'Close tray',
       }),
   },
+  VarConfig: {
+    getAddButtonLabel: () =>
+      i18n.translate('xpack.canvas.varConfig.addButtonLabel', {
+        defaultMessage: 'Add a variable',
+      }),
+    getAddTooltipLabel: () =>
+      i18n.translate('xpack.canvas.varConfig.addTooltipLabel', {
+        defaultMessage: 'Add a variable',
+      }),
+    getCopyActionButtonLabel: () =>
+      i18n.translate('xpack.canvas.varConfig.copyActionButtonLabel', {
+        defaultMessage: 'Copy snippet',
+      }),
+    getCopyActionTooltipLabel: () =>
+      i18n.translate('xpack.canvas.varConfig.copyActionTooltipLabel', {
+        defaultMessage: 'Copy variable syntax to clipboard',
+      }),
+    getCopyNotificationDescription: () =>
+      i18n.translate('xpack.canvas.varConfig.copyNotificationDescription', {
+        defaultMessage: 'Variable syntax copied to clipboard',
+      }),
+    getDeleteActionButtonLabel: () =>
+      i18n.translate('xpack.canvas.varConfig.deleteActionButtonLabel', {
+        defaultMessage: 'Delete variable',
+      }),
+    getDeleteNotificationDescription: () =>
+      i18n.translate('xpack.canvas.varConfig.deleteNotificationDescription', {
+        defaultMessage: 'Variable successfully deleted',
+      }),
+    getEditActionButtonLabel: () =>
+      i18n.translate('xpack.canvas.varConfig.editActionButtonLabel', {
+        defaultMessage: 'Edit variable',
+      }),
+    getEmptyDescription: () =>
+      i18n.translate('xpack.canvas.varConfig.emptyDescription', {
+        defaultMessage:
+          'This workpad has no variables currently. You may add variables to store and edit common values. These variables can then be used in elements or within the expression editor.',
+      }),
+    getTableNameLabel: () =>
+      i18n.translate('xpack.canvas.varConfig.tableNameLabel', {
+        defaultMessage: 'Name',
+      }),
+    getTableTypeLabel: () =>
+      i18n.translate('xpack.canvas.varConfig.tableTypeLabel', {
+        defaultMessage: 'Type',
+      }),
+    getTableValueLabel: () =>
+      i18n.translate('xpack.canvas.varConfig.tableValueLabel', {
+        defaultMessage: 'Value',
+      }),
+    getTitle: () =>
+      i18n.translate('xpack.canvas.varConfig.titleLabel', {
+        defaultMessage: 'Variables',
+      }),
+    getTitleTooltip: () =>
+      i18n.translate('xpack.canvas.varConfig.titleTooltip', {
+        defaultMessage: 'Add variables to store and edit common values',
+      }),
+  },
+  VarConfigDeleteVar: {
+    getCancelButtonLabel: () =>
+      i18n.translate('xpack.canvas.varConfigDeleteVar.cancelButtonLabel', {
+        defaultMessage: 'Cancel',
+      }),
+    getDeleteButtonLabel: () =>
+      i18n.translate('xpack.canvas.varConfigDeleteVar.deleteButtonLabel', {
+        defaultMessage: 'Delete variable',
+      }),
+    getTitle: () =>
+      i18n.translate('xpack.canvas.varConfigDeleteVar.titleLabel', {
+        defaultMessage: 'Delete variable?',
+      }),
+    getWarningDescription: () =>
+      i18n.translate('xpack.canvas.varConfigDeleteVar.warningDescription', {
+        defaultMessage:
+          'Deleting this variable may adversely affect the workpad. Are you sure you wish to continue?',
+      }),
+  },
+  VarConfigEditVar: {
+    getAddTitle: () =>
+      i18n.translate('xpack.canvas.varConfigEditVar.addTitleLabel', {
+        defaultMessage: 'Add variable',
+      }),
+    getCancelButtonLabel: () =>
+      i18n.translate('xpack.canvas.varConfigEditVar.cancelButtonLabel', {
+        defaultMessage: 'Cancel',
+      }),
+    getDuplicateNameError: () =>
+      i18n.translate('xpack.canvas.varConfigEditVar.duplicateNameError', {
+        defaultMessage: 'Variable name already in use',
+      }),
+    getEditTitle: () =>
+      i18n.translate('xpack.canvas.varConfigEditVar.editTitleLabel', {
+        defaultMessage: 'Edit variable',
+      }),
+    getEditWarning: () =>
+      i18n.translate('xpack.canvas.varConfigEditVar.editWarning', {
+        defaultMessage: 'Editing a variable in use may adversely affect your workpad',
+      }),
+    getNameFieldLabel: () =>
+      i18n.translate('xpack.canvas.varConfigEditVar.nameFieldLabel', {
+        defaultMessage: 'Name',
+      }),
+    getSaveButtonLabel: () =>
+      i18n.translate('xpack.canvas.varConfigEditVar.saveButtonLabel', {
+        defaultMessage: 'Save changes',
+      }),
+    getTypeBooleanLabel: () =>
+      i18n.translate('xpack.canvas.varConfigEditVar.typeBooleanLabel', {
+        defaultMessage: 'Boolean',
+      }),
+    getTypeFieldLabel: () =>
+      i18n.translate('xpack.canvas.varConfigEditVar.typeFieldLabel', {
+        defaultMessage: 'Type',
+      }),
+    getTypeNumberLabel: () =>
+      i18n.translate('xpack.canvas.varConfigEditVar.typeNumberLabel', {
+        defaultMessage: 'Number',
+      }),
+    getTypeStringLabel: () =>
+      i18n.translate('xpack.canvas.varConfigEditVar.typeStringLabel', {
+        defaultMessage: 'String',
+      }),
+    getValueFieldLabel: () =>
+      i18n.translate('xpack.canvas.varConfigEditVar.valueFieldLabel', {
+        defaultMessage: 'Value',
+      }),
+  },
+  VarConfigVarValueField: {
+    getFalseOption: () =>
+      i18n.translate('xpack.canvas.varConfigVarValueField.falseOption', {
+        defaultMessage: 'False',
+      }),
+    getTrueOption: () =>
+      i18n.translate('xpack.canvas.varConfigVarValueField.trueOption', {
+        defaultMessage: 'True',
+      }),
+  },
   WorkpadConfig: {
     getApplyStylesheetButtonLabel: () =>
       i18n.translate('xpack.canvas.workpadConfig.applyStylesheetButtonLabel', {
diff --git a/x-pack/plugins/canvas/public/components/arg_form/arg_form.js b/x-pack/plugins/canvas/public/components/arg_form/arg_form.js
index dfd99b18646a6b..f356eedff19cff 100644
--- a/x-pack/plugins/canvas/public/components/arg_form/arg_form.js
+++ b/x-pack/plugins/canvas/public/components/arg_form/arg_form.js
@@ -120,7 +120,7 @@ class ArgFormComponent extends PureComponent {
           );
 
           return (
-            <div className={`canvasArg ${expandableLabel ? 'canvasArg--expandable' : null}`}>
+            <div className={`canvasArg ${expandableLabel ? 'canvasSidebar__expandable' : null}`}>
               <ArgLabel
                 className="resolved"
                 argId={argId}
diff --git a/x-pack/plugins/canvas/public/components/arg_form/arg_form.scss b/x-pack/plugins/canvas/public/components/arg_form/arg_form.scss
index 3fc220d41d551a..6c109c534da6ad 100644
--- a/x-pack/plugins/canvas/public/components/arg_form/arg_form.scss
+++ b/x-pack/plugins/canvas/public/components/arg_form/arg_form.scss
@@ -1,27 +1,3 @@
-.canvasArg--expandable + .canvasArg--expandable {
-  margin-top: 0;
-
-  .canvasArg__accordion:before {
-    display: none;
-  }
-}
-
-.canvasSidebar__panel {
-  .canvasArg--expandable:last-child {
-    .canvasArg__accordion {
-      margin-bottom: (-$euiSizeS);
-    }
-
-    .canvasArg__accordion:after {
-      content: none;
-    }
-
-    .canvasArg__accordion.euiAccordion-isOpen:after {
-      display: none;
-    }
-  }
-}
-
 .canvasArg {
   margin-top: $euiSizeS;
 }
@@ -31,10 +7,6 @@
   padding: $euiSizeXS 0;
 }
 
-.canvasArg__content {
-  padding-top: $euiSizeS;
-}
-
 .canvasArg__form {
   position: relative;
 }
@@ -43,38 +15,11 @@
   margin-left: -$euiSizeXL;
 }
 
-.canvasArg__accordion {
-  padding: $euiSizeS $euiSizeM;
-  margin: 0 (-$euiSizeM);
-  background: $euiColorLightestShade;
-  position: relative;
-
+.canvasSidebar__accordion {
   // don't let remove button position here if this is nested in an accordion
   .canvasArg__form {
     position: static;
   }
-
-  &.euiAccordion-isOpen {
-    background: transparent;
-  }
-
-  &:before,
-  &:after {
-    content: '';
-    height: 1px;
-    position: absolute;
-    left: 0;
-    width: 100%;
-    background: $euiColorLightShade;
-  }
-
-  &:before {
-    top: 0;
-  }
-
-  &:after {
-    bottom: 0;
-  }
 }
 
 // this is a workaround since an EuiFormRow label cannot be passed in toggle.js
diff --git a/x-pack/plugins/canvas/public/components/arg_form/arg_label.js b/x-pack/plugins/canvas/public/components/arg_form/arg_label.js
index fa0391952d1515..56a4a663fa2688 100644
--- a/x-pack/plugins/canvas/public/components/arg_form/arg_label.js
+++ b/x-pack/plugins/canvas/public/components/arg_form/arg_label.js
@@ -6,7 +6,7 @@
 
 import React from 'react';
 import PropTypes from 'prop-types';
-import { EuiFormRow, EuiAccordion, EuiText, EuiToolTip, EuiIcon } from '@elastic/eui';
+import { EuiFormRow, EuiAccordion, EuiToolTip, EuiIcon } from '@elastic/eui';
 // This is what is being generated by render() from the Arg class. It is called in FunctionForm
 
 export const ArgLabel = (props) => {
@@ -17,18 +17,16 @@ export const ArgLabel = (props) => {
       {expandable ? (
         <EuiAccordion
           id={`accordion-${argId}`}
-          className="canvasArg__accordion"
+          className="canvasSidebar__accordion"
           buttonContent={
             <EuiToolTip content={help} position="left" className="canvasArg__tooltip">
-              <EuiText size="s" color="subdued" htmlFor={`accordion-${argId}`}>
-                {label}
-              </EuiText>
+              <span>{label}</span>
             </EuiToolTip>
           }
           extraAction={simpleArg}
           initialIsOpen={initialIsOpen}
         >
-          <div className="canvasArg__content">{children}</div>
+          <div className="canvasSidebar__accordionContent">{children}</div>
         </EuiAccordion>
       ) : (
         simpleArg && (
diff --git a/x-pack/plugins/canvas/public/components/datasource/datasource_preview/index.js b/x-pack/plugins/canvas/public/components/datasource/datasource_preview/index.js
index 045e98bab870e9..dcd933c2320cf3 100644
--- a/x-pack/plugins/canvas/public/components/datasource/datasource_preview/index.js
+++ b/x-pack/plugins/canvas/public/components/datasource/datasource_preview/index.js
@@ -15,10 +15,13 @@ export const DatasourcePreview = compose(
   withState('datatable', 'setDatatable'),
   lifecycle({
     componentDidMount() {
-      interpretAst({
-        type: 'expression',
-        chain: [this.props.function],
-      }).then(this.props.setDatatable);
+      interpretAst(
+        {
+          type: 'expression',
+          chain: [this.props.function],
+        },
+        {}
+      ).then(this.props.setDatatable);
     },
   }),
   branch(({ datatable }) => !datatable, renderComponent(Loading))
diff --git a/x-pack/plugins/canvas/public/components/element_config/element_config.js b/x-pack/plugins/canvas/public/components/element_config/element_config.js
deleted file mode 100644
index 5d710ef8835482..00000000000000
--- a/x-pack/plugins/canvas/public/components/element_config/element_config.js
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License;
- * you may not use this file except in compliance with the Elastic License.
- */
-
-import { EuiFlexGroup, EuiFlexItem, EuiStat, EuiAccordion, EuiText, EuiSpacer } from '@elastic/eui';
-import PropTypes from 'prop-types';
-import React from 'react';
-import { ComponentStrings } from '../../../i18n';
-
-const { ElementConfig: strings } = ComponentStrings;
-
-export const ElementConfig = ({ elementStats }) => {
-  if (!elementStats) {
-    return null;
-  }
-
-  const { total, ready, error } = elementStats;
-  const progress = total > 0 ? Math.round(((ready + error) / total) * 100) : 100;
-
-  return (
-    <EuiAccordion
-      id="canvas-element-stats"
-      buttonContent={
-        <EuiText size="s" color="subdued">
-          {strings.getTitle()}
-        </EuiText>
-      }
-      initialIsOpen={false}
-    >
-      <EuiSpacer size="s" />
-      <EuiFlexGroup gutterSize="none">
-        <EuiFlexItem>
-          <EuiStat
-            title={total}
-            description={strings.getTotalLabel()}
-            titleSize="xs"
-            textAlign="center"
-          />
-        </EuiFlexItem>
-        <EuiFlexItem>
-          <EuiStat
-            title={ready}
-            description={strings.getLoadedLabel()}
-            titleSize="xs"
-            textAlign="center"
-          />
-        </EuiFlexItem>
-        <EuiFlexItem>
-          <EuiStat
-            title={error}
-            description={strings.getFailedLabel()}
-            titleSize="xs"
-            textAlign="center"
-          />
-        </EuiFlexItem>
-        <EuiFlexItem>
-          <EuiStat
-            title={progress + '%'}
-            description={strings.getProgressLabel()}
-            titleSize="xs"
-            textAlign="center"
-          />
-        </EuiFlexItem>
-      </EuiFlexGroup>
-    </EuiAccordion>
-  );
-};
-
-ElementConfig.propTypes = {
-  elementStats: PropTypes.object,
-};
diff --git a/x-pack/plugins/canvas/public/components/element_config/element_config.tsx b/x-pack/plugins/canvas/public/components/element_config/element_config.tsx
new file mode 100644
index 00000000000000..c2fd827d620990
--- /dev/null
+++ b/x-pack/plugins/canvas/public/components/element_config/element_config.tsx
@@ -0,0 +1,62 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { EuiFlexGroup, EuiFlexItem, EuiStat, EuiAccordion } from '@elastic/eui';
+import PropTypes from 'prop-types';
+import React from 'react';
+import { ComponentStrings } from '../../../i18n';
+import { State } from '../../../types';
+
+const { ElementConfig: strings } = ComponentStrings;
+
+interface Props {
+  elementStats: State['transient']['elementStats'];
+}
+
+export const ElementConfig = ({ elementStats }: Props) => {
+  if (!elementStats) {
+    return null;
+  }
+
+  const { total, ready, error } = elementStats;
+  const progress = total > 0 ? Math.round(((ready + error) / total) * 100) : 100;
+
+  return (
+    <div className="canvasSidebar__expandable">
+      <EuiAccordion
+        id="canvas-element-stats"
+        buttonContent={strings.getTitle()}
+        initialIsOpen={false}
+        className="canvasSidebar__accordion"
+      >
+        <div className="canvasSidebar__accordionContent">
+          <EuiFlexGroup gutterSize="none">
+            <EuiFlexItem>
+              <EuiStat title={total} description={strings.getTotalLabel()} titleSize="xs" />
+            </EuiFlexItem>
+            <EuiFlexItem>
+              <EuiStat title={ready} description={strings.getLoadedLabel()} titleSize="xs" />
+            </EuiFlexItem>
+            <EuiFlexItem>
+              <EuiStat title={error} description={strings.getFailedLabel()} titleSize="xs" />
+            </EuiFlexItem>
+            <EuiFlexItem>
+              <EuiStat
+                title={progress + '%'}
+                description={strings.getProgressLabel()}
+                titleSize="xs"
+              />
+            </EuiFlexItem>
+          </EuiFlexGroup>
+        </div>
+      </EuiAccordion>
+    </div>
+  );
+};
+
+ElementConfig.propTypes = {
+  elementStats: PropTypes.object,
+};
diff --git a/x-pack/plugins/canvas/public/components/page_config/page_config.js b/x-pack/plugins/canvas/public/components/page_config/page_config.js
index 51a4762fca501a..c45536ac7b1756 100644
--- a/x-pack/plugins/canvas/public/components/page_config/page_config.js
+++ b/x-pack/plugins/canvas/public/components/page_config/page_config.js
@@ -30,7 +30,7 @@ export const PageConfig = ({
 }) => {
   return (
     <Fragment>
-      <EuiTitle size="xxxs" className="canvasSidebar__panelTitleHeading">
+      <EuiTitle size="xs" className="canvasSidebar__panelTitleHeading">
         <h4>{strings.getTitle()}</h4>
       </EuiTitle>
       <EuiSpacer size="s" />
diff --git a/x-pack/plugins/canvas/public/components/sidebar/global_config.tsx b/x-pack/plugins/canvas/public/components/sidebar/global_config.tsx
index f89ab79a086cfe..62673a5b38cc8b 100644
--- a/x-pack/plugins/canvas/public/components/sidebar/global_config.tsx
+++ b/x-pack/plugins/canvas/public/components/sidebar/global_config.tsx
@@ -17,8 +17,6 @@ export const GlobalConfig: FunctionComponent = () => (
   <Fragment>
     <SidebarSection>
       <WorkpadConfig />
-    </SidebarSection>
-    <SidebarSection>
       <ElementConfig />
     </SidebarSection>
     <SidebarSection>
diff --git a/x-pack/plugins/canvas/public/components/sidebar/sidebar.scss b/x-pack/plugins/canvas/public/components/sidebar/sidebar.scss
index 338d515165e43c..76d758197aa19e 100644
--- a/x-pack/plugins/canvas/public/components/sidebar/sidebar.scss
+++ b/x-pack/plugins/canvas/public/components/sidebar/sidebar.scss
@@ -31,12 +31,68 @@
   &--isEmpty {
     border-bottom: none;
   }
+
+  .canvasSidebar__expandable:last-child {
+    .canvasSidebar__accordion {
+      margin-bottom: (-$euiSizeS);
+    }
+
+    .canvasSidebar__accordion:after {
+      content: none;
+    }
+
+    .canvasSidebar__accordion.euiAccordion-isOpen:after {
+      display: none;
+    }
+  }
 }
 
 .canvasSidebar__panel-noMinWidth .euiButton {
   min-width: 0;
 }
 
+.canvasSidebar__expandable + .canvasSidebar__expandable {
+  margin-top: 0;
+
+  .canvasSidebar__accordion:before {
+    display: none;
+  }
+}
+
+.canvasSidebar__accordion {
+  padding: $euiSizeM;
+  margin: 0 (-$euiSizeM);
+  background: $euiColorLightestShade;
+  position: relative;
+
+  &.euiAccordion-isOpen {
+    background: transparent;
+  }
+
+  &:before,
+  &:after {
+    content: '';
+    height: 1px;
+    position: absolute;
+    left: 0;
+    width: 100%;
+    background: $euiColorLightShade;
+  }
+
+  &:before {
+    top: 0;
+  }
+
+  &:after {
+    bottom: 0;
+  }
+}
+
+.canvasSidebar__accordionContent {
+  padding-top: $euiSize;
+  padding-left: $euiSizeXS + $euiSizeS + $euiSize;
+}
+
 @keyframes sidebarPop {
   0% {
     opacity: 0;
diff --git a/x-pack/plugins/canvas/public/components/var_config/__examples__/__snapshots__/delete_var.stories.storyshot b/x-pack/plugins/canvas/public/components/var_config/__examples__/__snapshots__/delete_var.stories.storyshot
new file mode 100644
index 00000000000000..64f8cba665c15c
--- /dev/null
+++ b/x-pack/plugins/canvas/public/components/var_config/__examples__/__snapshots__/delete_var.stories.storyshot
@@ -0,0 +1,109 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`Storyshots components/Variables/DeleteVar default 1`] = `
+Array [
+  <div
+    className="canvasVarHeader__triggerWrapper"
+  >
+    <button
+      className="canvasVarHeader__button"
+      onClick={[Function]}
+      type="button"
+    >
+      <span
+        className="canvasVarHeader__iconWrapper"
+      >
+        <div
+          data-euiicon-type="sortLeft"
+          style={
+            Object {
+              "verticalAlign": "top",
+            }
+          }
+        />
+      </span>
+      <span>
+        <span
+          className="canvasVarHeader__anchor"
+        >
+          Delete variable?
+        </span>
+      </span>
+    </button>
+  </div>,
+  <div
+    className="canvasSidebar__accordionContent"
+  >
+    <div>
+      <div
+        className="euiFlexGroup euiFlexGroup--gutterLarge euiFlexGroup--directionRow euiFlexGroup--responsive"
+      >
+        <div
+          className="euiFlexItem euiFlexItem--flexGrowZero"
+        >
+          <div
+            className="euiText euiText--small"
+          >
+            <div
+              className="euiTextColor euiTextColor--subdued"
+            >
+              Deleting this variable may adversely affect the workpad. Are you sure you wish to continue?
+            </div>
+          </div>
+        </div>
+      </div>
+      <div
+        className="euiSpacer euiSpacer--m"
+      />
+      <div
+        className="euiFlexGroup euiFlexGroup--gutterLarge euiFlexGroup--alignItemsCenter euiFlexGroup--directionRow euiFlexGroup--responsive"
+      >
+        <div
+          className="euiFlexItem euiFlexItem--flexGrowZero"
+        >
+          <button
+            className="euiButton euiButton--danger euiButton--small euiButton--fill"
+            onClick={[Function]}
+            type="button"
+          >
+            <span
+              className="euiButton__content"
+            >
+              <div
+                aria-hidden="true"
+                className="euiButton__icon"
+                data-euiicon-type="trash"
+                size="m"
+              />
+              <span
+                className="euiButton__text"
+              >
+                Delete variable
+              </span>
+            </span>
+          </button>
+        </div>
+        <div
+          className="euiFlexItem euiFlexItem--flexGrowZero"
+        >
+          <button
+            className="euiButtonEmpty euiButtonEmpty--primary euiButtonEmpty--small"
+            onClick={[Function]}
+            type="button"
+          >
+            <span
+              className="euiButtonEmpty__content"
+            >
+              <span
+                className="euiButtonEmpty__text"
+              >
+                Cancel
+              </span>
+            </span>
+          </button>
+        </div>
+      </div>
+    </div>
+  </div>,
+]
+`;
diff --git a/x-pack/plugins/canvas/public/components/var_config/__examples__/__snapshots__/edit_var.stories.storyshot b/x-pack/plugins/canvas/public/components/var_config/__examples__/__snapshots__/edit_var.stories.storyshot
new file mode 100644
index 00000000000000..65043e13e51431
--- /dev/null
+++ b/x-pack/plugins/canvas/public/components/var_config/__examples__/__snapshots__/edit_var.stories.storyshot
@@ -0,0 +1,1236 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`Storyshots components/Variables/EditVar edit variable (boolean) 1`] = `
+Array [
+  <div
+    className="canvasVarHeader__triggerWrapper"
+  >
+    <button
+      className="canvasVarHeader__button"
+      onClick={[Function]}
+      type="button"
+    >
+      <span
+        className="canvasVarHeader__iconWrapper"
+      >
+        <div
+          data-euiicon-type="sortLeft"
+          style={
+            Object {
+              "verticalAlign": "top",
+            }
+          }
+        />
+      </span>
+      <span>
+        <span
+          className="canvasVarHeader__anchor"
+        >
+          Edit variable
+        </span>
+      </span>
+    </button>
+  </div>,
+  <div
+    className="canvasSidebar__accordionContent"
+  >
+    <div>
+      <div
+        className="euiCallOut euiCallOut--warning euiCallOut--small"
+      >
+        <div
+          className="euiCallOutHeader"
+        >
+          <div
+            aria-hidden="true"
+            className="euiCallOutHeader__icon"
+            data-euiicon-type="alert"
+            size="m"
+          />
+          <span
+            className="euiCallOutHeader__title"
+          >
+            Editing a variable in use may adversely affect your workpad
+          </span>
+        </div>
+      </div>
+      <div
+        className="euiSpacer euiSpacer--m"
+      />
+    </div>
+    <form
+      className="euiForm"
+    >
+      <div
+        className="euiFormRow euiFormRow--compressed"
+        id="generated-id-row"
+      >
+        <div
+          className="euiFormRow__labelWrapper"
+        >
+          <label
+            className="euiFormLabel euiFormRow__label"
+            htmlFor="generated-id"
+          >
+            Type
+          </label>
+        </div>
+        <div
+          className="euiFormRow__fieldWrapper"
+        >
+          <div
+            className="euiPopover euiPopover--anchorDownCenter euiPopover--displayBlock euiSuperSelect"
+            onKeyDown={[Function]}
+            onMouseDown={[Function]}
+            onMouseUp={[Function]}
+            onTouchEnd={[Function]}
+            onTouchStart={[Function]}
+          >
+            <div
+              className="euiPopover__anchor"
+            >
+              <input
+                id="generated-id"
+                type="hidden"
+                value="boolean"
+              />
+              <div
+                className="euiFormControlLayout euiFormControlLayout--compressed"
+              >
+                <div
+                  className="euiFormControlLayout__childrenWrapper"
+                >
+                  <span
+                    className="euiScreenReaderOnly"
+                    id="generated-id"
+                  >
+                    Select an option: 
+                    <div
+                      className="canvasEditVar__typeOption"
+                    >
+                      <span
+                        className="euiToken euiToken--euiColorVis7 euiToken--square euiToken--light euiToken--small canvasEditVar__tokenIcon"
+                        style={Object {}}
+                      >
+                        <div
+                          data-euiicon-type="tokenBoolean"
+                          size="m"
+                        />
+                      </span>
+                       
+                      <span>
+                        Boolean
+                      </span>
+                    </div>
+                    , is selected
+                  </span>
+                  <button
+                    aria-haspopup="true"
+                    aria-labelledby="generated-id generated-id"
+                    aria-selected={true}
+                    className="euiSuperSelectControl euiSuperSelectControl--compressed"
+                    onBlur={[Function]}
+                    onClick={[Function]}
+                    onFocus={[Function]}
+                    onKeyDown={[Function]}
+                    role="option"
+                    type="button"
+                  >
+                    <div
+                      className="canvasEditVar__typeOption"
+                    >
+                      <span
+                        className="euiToken euiToken--euiColorVis7 euiToken--square euiToken--light euiToken--small canvasEditVar__tokenIcon"
+                        style={Object {}}
+                      >
+                        <div
+                          data-euiicon-type="tokenBoolean"
+                          size="m"
+                        />
+                      </span>
+                       
+                      <span>
+                        Boolean
+                      </span>
+                    </div>
+                  </button>
+                  <div
+                    className="euiFormControlLayoutIcons euiFormControlLayoutIcons--right"
+                  >
+                    <span
+                      className="euiFormControlLayoutCustomIcon"
+                    >
+                      <div
+                        aria-hidden="true"
+                        className="euiFormControlLayoutCustomIcon__icon"
+                        data-euiicon-type="arrowDown"
+                      />
+                    </span>
+                  </div>
+                </div>
+              </div>
+            </div>
+          </div>
+        </div>
+      </div>
+      <div
+        className="euiFormRow euiFormRow--compressed"
+        id="generated-id-row"
+      >
+        <div
+          className="euiFormRow__labelWrapper"
+        >
+          <label
+            aria-invalid={false}
+            className="euiFormLabel euiFormRow__label"
+            htmlFor="generated-id"
+          >
+            Name
+          </label>
+        </div>
+        <div
+          className="euiFormRow__fieldWrapper"
+        >
+          <div
+            className="euiFormControlLayout euiFormControlLayout--compressed"
+          >
+            <div
+              className="euiFormControlLayout__childrenWrapper"
+            >
+              <input
+                className="euiFieldText euiFieldText--compressed"
+                id="generated-id"
+                name="name"
+                onBlur={[Function]}
+                onChange={[Function]}
+                onFocus={[Function]}
+                type="text"
+                value="zenMode"
+              />
+            </div>
+          </div>
+        </div>
+      </div>
+      <div
+        className="euiFormRow euiFormRow--compressed"
+        id="generated-id-row"
+      >
+        <div
+          className="euiFormRow__labelWrapper"
+        >
+          <label
+            className="euiFormLabel euiFormRow__label"
+            htmlFor="generated-id"
+          >
+            Value
+          </label>
+        </div>
+        <div
+          className="euiFormRow__fieldWrapper"
+        >
+          <fieldset
+            className="euiButtonGroup__fieldset euiButtonGroup__fieldset--fullWidth"
+          >
+            <div
+              className="euiButtonGroup euiButtonGroup--compressed euiButtonGroup--fullWidth"
+            >
+              <div
+                className="euiToggle euiToggle--checked euiButtonToggle__wrapper euiButtonGroup__toggle"
+              >
+                <input
+                  aria-label="True"
+                  checked={true}
+                  className="euiToggle__input euiButtonToggle__input"
+                  name="value"
+                  onChange={[Function]}
+                  title="True"
+                  type="radio"
+                />
+                <button
+                  className="euiButton euiButton--text euiButton--small euiButtonToggle euiButtonGroup__button euiButtonGroup__button--selected"
+                  id="generated-id-true"
+                  tabIndex={-1}
+                  type="button"
+                >
+                  <span
+                    className="euiButton__content"
+                  >
+                    <span
+                      className="euiButton__text"
+                    >
+                      True
+                    </span>
+                  </span>
+                </button>
+              </div>
+              <div
+                className="euiToggle euiButtonToggle__wrapper euiButtonGroup__toggle"
+              >
+                <input
+                  aria-label="False"
+                  checked={false}
+                  className="euiToggle__input euiButtonToggle__input"
+                  name="value"
+                  onChange={[Function]}
+                  title="False"
+                  type="radio"
+                />
+                <button
+                  className="euiButton euiButton--text euiButton--small euiButtonToggle euiButtonGroup__button"
+                  id="generated-id-false"
+                  tabIndex={-1}
+                  type="button"
+                >
+                  <span
+                    className="euiButton__content"
+                  >
+                    <span
+                      className="euiButton__text"
+                    >
+                      False
+                    </span>
+                  </span>
+                </button>
+              </div>
+            </div>
+          </fieldset>
+        </div>
+      </div>
+      <div
+        className="euiSpacer euiSpacer--m"
+      />
+      <div
+        className="euiFlexGroup euiFlexGroup--gutterLarge euiFlexGroup--alignItemsCenter euiFlexGroup--directionRow euiFlexGroup--responsive"
+      >
+        <div
+          className="euiFlexItem euiFlexItem--flexGrowZero"
+        >
+          <button
+            className="euiButton euiButton--secondary euiButton--small euiButton--fill"
+            disabled={false}
+            onClick={[Function]}
+            type="button"
+          >
+            <span
+              className="euiButton__content"
+            >
+              <div
+                aria-hidden="true"
+                className="euiButton__icon"
+                data-euiicon-type="save"
+                size="m"
+              />
+              <span
+                className="euiButton__text"
+              >
+                Save changes
+              </span>
+            </span>
+          </button>
+        </div>
+        <div
+          className="euiFlexItem euiFlexItem--flexGrowZero"
+        >
+          <button
+            className="euiButtonEmpty euiButtonEmpty--primary euiButtonEmpty--small"
+            onClick={[Function]}
+            type="button"
+          >
+            <span
+              className="euiButtonEmpty__content"
+            >
+              <span
+                className="euiButtonEmpty__text"
+              >
+                Cancel
+              </span>
+            </span>
+          </button>
+        </div>
+      </div>
+    </form>
+  </div>,
+]
+`;
+
+exports[`Storyshots components/Variables/EditVar edit variable (number) 1`] = `
+Array [
+  <div
+    className="canvasVarHeader__triggerWrapper"
+  >
+    <button
+      className="canvasVarHeader__button"
+      onClick={[Function]}
+      type="button"
+    >
+      <span
+        className="canvasVarHeader__iconWrapper"
+      >
+        <div
+          data-euiicon-type="sortLeft"
+          style={
+            Object {
+              "verticalAlign": "top",
+            }
+          }
+        />
+      </span>
+      <span>
+        <span
+          className="canvasVarHeader__anchor"
+        >
+          Edit variable
+        </span>
+      </span>
+    </button>
+  </div>,
+  <div
+    className="canvasSidebar__accordionContent"
+  >
+    <div>
+      <div
+        className="euiCallOut euiCallOut--warning euiCallOut--small"
+      >
+        <div
+          className="euiCallOutHeader"
+        >
+          <div
+            aria-hidden="true"
+            className="euiCallOutHeader__icon"
+            data-euiicon-type="alert"
+            size="m"
+          />
+          <span
+            className="euiCallOutHeader__title"
+          >
+            Editing a variable in use may adversely affect your workpad
+          </span>
+        </div>
+      </div>
+      <div
+        className="euiSpacer euiSpacer--m"
+      />
+    </div>
+    <form
+      className="euiForm"
+    >
+      <div
+        className="euiFormRow euiFormRow--compressed"
+        id="generated-id-row"
+      >
+        <div
+          className="euiFormRow__labelWrapper"
+        >
+          <label
+            className="euiFormLabel euiFormRow__label"
+            htmlFor="generated-id"
+          >
+            Type
+          </label>
+        </div>
+        <div
+          className="euiFormRow__fieldWrapper"
+        >
+          <div
+            className="euiPopover euiPopover--anchorDownCenter euiPopover--displayBlock euiSuperSelect"
+            onKeyDown={[Function]}
+            onMouseDown={[Function]}
+            onMouseUp={[Function]}
+            onTouchEnd={[Function]}
+            onTouchStart={[Function]}
+          >
+            <div
+              className="euiPopover__anchor"
+            >
+              <input
+                id="generated-id"
+                type="hidden"
+                value="number"
+              />
+              <div
+                className="euiFormControlLayout euiFormControlLayout--compressed"
+              >
+                <div
+                  className="euiFormControlLayout__childrenWrapper"
+                >
+                  <span
+                    className="euiScreenReaderOnly"
+                    id="generated-id"
+                  >
+                    Select an option: 
+                    <div
+                      className="canvasEditVar__typeOption"
+                    >
+                      <span
+                        className="euiToken euiToken--euiColorVis0 euiToken--square euiToken--light euiToken--small canvasEditVar__tokenIcon"
+                        style={Object {}}
+                      >
+                        <div
+                          data-euiicon-type="tokenNumber"
+                          size="m"
+                        />
+                      </span>
+                       
+                      <span>
+                        Number
+                      </span>
+                    </div>
+                    , is selected
+                  </span>
+                  <button
+                    aria-haspopup="true"
+                    aria-labelledby="generated-id generated-id"
+                    aria-selected={true}
+                    className="euiSuperSelectControl euiSuperSelectControl--compressed"
+                    onBlur={[Function]}
+                    onClick={[Function]}
+                    onFocus={[Function]}
+                    onKeyDown={[Function]}
+                    role="option"
+                    type="button"
+                  >
+                    <div
+                      className="canvasEditVar__typeOption"
+                    >
+                      <span
+                        className="euiToken euiToken--euiColorVis0 euiToken--square euiToken--light euiToken--small canvasEditVar__tokenIcon"
+                        style={Object {}}
+                      >
+                        <div
+                          data-euiicon-type="tokenNumber"
+                          size="m"
+                        />
+                      </span>
+                       
+                      <span>
+                        Number
+                      </span>
+                    </div>
+                  </button>
+                  <div
+                    className="euiFormControlLayoutIcons euiFormControlLayoutIcons--right"
+                  >
+                    <span
+                      className="euiFormControlLayoutCustomIcon"
+                    >
+                      <div
+                        aria-hidden="true"
+                        className="euiFormControlLayoutCustomIcon__icon"
+                        data-euiicon-type="arrowDown"
+                      />
+                    </span>
+                  </div>
+                </div>
+              </div>
+            </div>
+          </div>
+        </div>
+      </div>
+      <div
+        className="euiFormRow euiFormRow--compressed"
+        id="generated-id-row"
+      >
+        <div
+          className="euiFormRow__labelWrapper"
+        >
+          <label
+            aria-invalid={false}
+            className="euiFormLabel euiFormRow__label"
+            htmlFor="generated-id"
+          >
+            Name
+          </label>
+        </div>
+        <div
+          className="euiFormRow__fieldWrapper"
+        >
+          <div
+            className="euiFormControlLayout euiFormControlLayout--compressed"
+          >
+            <div
+              className="euiFormControlLayout__childrenWrapper"
+            >
+              <input
+                className="euiFieldText euiFieldText--compressed"
+                id="generated-id"
+                name="name"
+                onBlur={[Function]}
+                onChange={[Function]}
+                onFocus={[Function]}
+                type="text"
+                value="bigNumber"
+              />
+            </div>
+          </div>
+        </div>
+      </div>
+      <div
+        className="euiFormRow euiFormRow--compressed"
+        id="generated-id-row"
+      >
+        <div
+          className="euiFormRow__labelWrapper"
+        >
+          <label
+            className="euiFormLabel euiFormRow__label"
+            htmlFor="generated-id"
+          >
+            Value
+          </label>
+        </div>
+        <div
+          className="euiFormRow__fieldWrapper"
+        >
+          <div
+            className="euiFormControlLayout euiFormControlLayout--compressed"
+          >
+            <div
+              className="euiFormControlLayout__childrenWrapper"
+            >
+              <input
+                className="euiFieldNumber euiFieldNumber--compressed"
+                name="value"
+                onChange={[Function]}
+                type="number"
+                value={1000}
+              />
+            </div>
+          </div>
+        </div>
+      </div>
+      <div
+        className="euiSpacer euiSpacer--m"
+      />
+      <div
+        className="euiFlexGroup euiFlexGroup--gutterLarge euiFlexGroup--alignItemsCenter euiFlexGroup--directionRow euiFlexGroup--responsive"
+      >
+        <div
+          className="euiFlexItem euiFlexItem--flexGrowZero"
+        >
+          <button
+            className="euiButton euiButton--secondary euiButton--small euiButton--fill"
+            disabled={false}
+            onClick={[Function]}
+            type="button"
+          >
+            <span
+              className="euiButton__content"
+            >
+              <div
+                aria-hidden="true"
+                className="euiButton__icon"
+                data-euiicon-type="save"
+                size="m"
+              />
+              <span
+                className="euiButton__text"
+              >
+                Save changes
+              </span>
+            </span>
+          </button>
+        </div>
+        <div
+          className="euiFlexItem euiFlexItem--flexGrowZero"
+        >
+          <button
+            className="euiButtonEmpty euiButtonEmpty--primary euiButtonEmpty--small"
+            onClick={[Function]}
+            type="button"
+          >
+            <span
+              className="euiButtonEmpty__content"
+            >
+              <span
+                className="euiButtonEmpty__text"
+              >
+                Cancel
+              </span>
+            </span>
+          </button>
+        </div>
+      </div>
+    </form>
+  </div>,
+]
+`;
+
+exports[`Storyshots components/Variables/EditVar edit variable (string) 1`] = `
+Array [
+  <div
+    className="canvasVarHeader__triggerWrapper"
+  >
+    <button
+      className="canvasVarHeader__button"
+      onClick={[Function]}
+      type="button"
+    >
+      <span
+        className="canvasVarHeader__iconWrapper"
+      >
+        <div
+          data-euiicon-type="sortLeft"
+          style={
+            Object {
+              "verticalAlign": "top",
+            }
+          }
+        />
+      </span>
+      <span>
+        <span
+          className="canvasVarHeader__anchor"
+        >
+          Edit variable
+        </span>
+      </span>
+    </button>
+  </div>,
+  <div
+    className="canvasSidebar__accordionContent"
+  >
+    <div>
+      <div
+        className="euiCallOut euiCallOut--warning euiCallOut--small"
+      >
+        <div
+          className="euiCallOutHeader"
+        >
+          <div
+            aria-hidden="true"
+            className="euiCallOutHeader__icon"
+            data-euiicon-type="alert"
+            size="m"
+          />
+          <span
+            className="euiCallOutHeader__title"
+          >
+            Editing a variable in use may adversely affect your workpad
+          </span>
+        </div>
+      </div>
+      <div
+        className="euiSpacer euiSpacer--m"
+      />
+    </div>
+    <form
+      className="euiForm"
+    >
+      <div
+        className="euiFormRow euiFormRow--compressed"
+        id="generated-id-row"
+      >
+        <div
+          className="euiFormRow__labelWrapper"
+        >
+          <label
+            className="euiFormLabel euiFormRow__label"
+            htmlFor="generated-id"
+          >
+            Type
+          </label>
+        </div>
+        <div
+          className="euiFormRow__fieldWrapper"
+        >
+          <div
+            className="euiPopover euiPopover--anchorDownCenter euiPopover--displayBlock euiSuperSelect"
+            onKeyDown={[Function]}
+            onMouseDown={[Function]}
+            onMouseUp={[Function]}
+            onTouchEnd={[Function]}
+            onTouchStart={[Function]}
+          >
+            <div
+              className="euiPopover__anchor"
+            >
+              <input
+                id="generated-id"
+                type="hidden"
+                value="string"
+              />
+              <div
+                className="euiFormControlLayout euiFormControlLayout--compressed"
+              >
+                <div
+                  className="euiFormControlLayout__childrenWrapper"
+                >
+                  <span
+                    className="euiScreenReaderOnly"
+                    id="generated-id"
+                  >
+                    Select an option: 
+                    <div
+                      className="canvasEditVar__typeOption"
+                    >
+                      <span
+                        className="euiToken euiToken--euiColorVis1 euiToken--square euiToken--light euiToken--small canvasEditVar__tokenIcon"
+                        style={Object {}}
+                      >
+                        <div
+                          data-euiicon-type="tokenString"
+                          size="m"
+                        />
+                      </span>
+                       
+                      <span>
+                        String
+                      </span>
+                    </div>
+                    , is selected
+                  </span>
+                  <button
+                    aria-haspopup="true"
+                    aria-labelledby="generated-id generated-id"
+                    aria-selected={true}
+                    className="euiSuperSelectControl euiSuperSelectControl--compressed"
+                    onBlur={[Function]}
+                    onClick={[Function]}
+                    onFocus={[Function]}
+                    onKeyDown={[Function]}
+                    role="option"
+                    type="button"
+                  >
+                    <div
+                      className="canvasEditVar__typeOption"
+                    >
+                      <span
+                        className="euiToken euiToken--euiColorVis1 euiToken--square euiToken--light euiToken--small canvasEditVar__tokenIcon"
+                        style={Object {}}
+                      >
+                        <div
+                          data-euiicon-type="tokenString"
+                          size="m"
+                        />
+                      </span>
+                       
+                      <span>
+                        String
+                      </span>
+                    </div>
+                  </button>
+                  <div
+                    className="euiFormControlLayoutIcons euiFormControlLayoutIcons--right"
+                  >
+                    <span
+                      className="euiFormControlLayoutCustomIcon"
+                    >
+                      <div
+                        aria-hidden="true"
+                        className="euiFormControlLayoutCustomIcon__icon"
+                        data-euiicon-type="arrowDown"
+                      />
+                    </span>
+                  </div>
+                </div>
+              </div>
+            </div>
+          </div>
+        </div>
+      </div>
+      <div
+        className="euiFormRow euiFormRow--compressed"
+        id="generated-id-row"
+      >
+        <div
+          className="euiFormRow__labelWrapper"
+        >
+          <label
+            aria-invalid={false}
+            className="euiFormLabel euiFormRow__label"
+            htmlFor="generated-id"
+          >
+            Name
+          </label>
+        </div>
+        <div
+          className="euiFormRow__fieldWrapper"
+        >
+          <div
+            className="euiFormControlLayout euiFormControlLayout--compressed"
+          >
+            <div
+              className="euiFormControlLayout__childrenWrapper"
+            >
+              <input
+                className="euiFieldText euiFieldText--compressed"
+                id="generated-id"
+                name="name"
+                onBlur={[Function]}
+                onChange={[Function]}
+                onFocus={[Function]}
+                type="text"
+                value="homeUrl"
+              />
+            </div>
+          </div>
+        </div>
+      </div>
+      <div
+        className="euiFormRow euiFormRow--compressed"
+        id="generated-id-row"
+      >
+        <div
+          className="euiFormRow__labelWrapper"
+        >
+          <label
+            className="euiFormLabel euiFormRow__label"
+            htmlFor="generated-id"
+          >
+            Value
+          </label>
+        </div>
+        <div
+          className="euiFormRow__fieldWrapper"
+        >
+          <div
+            className="euiFormControlLayout euiFormControlLayout--compressed"
+          >
+            <div
+              className="euiFormControlLayout__childrenWrapper"
+            >
+              <input
+                className="euiFieldText euiFieldText--compressed"
+                name="value"
+                onChange={[Function]}
+                type="text"
+                value="https://elastic.co"
+              />
+            </div>
+          </div>
+        </div>
+      </div>
+      <div
+        className="euiSpacer euiSpacer--m"
+      />
+      <div
+        className="euiFlexGroup euiFlexGroup--gutterLarge euiFlexGroup--alignItemsCenter euiFlexGroup--directionRow euiFlexGroup--responsive"
+      >
+        <div
+          className="euiFlexItem euiFlexItem--flexGrowZero"
+        >
+          <button
+            className="euiButton euiButton--secondary euiButton--small euiButton--fill"
+            disabled={false}
+            onClick={[Function]}
+            type="button"
+          >
+            <span
+              className="euiButton__content"
+            >
+              <div
+                aria-hidden="true"
+                className="euiButton__icon"
+                data-euiicon-type="save"
+                size="m"
+              />
+              <span
+                className="euiButton__text"
+              >
+                Save changes
+              </span>
+            </span>
+          </button>
+        </div>
+        <div
+          className="euiFlexItem euiFlexItem--flexGrowZero"
+        >
+          <button
+            className="euiButtonEmpty euiButtonEmpty--primary euiButtonEmpty--small"
+            onClick={[Function]}
+            type="button"
+          >
+            <span
+              className="euiButtonEmpty__content"
+            >
+              <span
+                className="euiButtonEmpty__text"
+              >
+                Cancel
+              </span>
+            </span>
+          </button>
+        </div>
+      </div>
+    </form>
+  </div>,
+]
+`;
+
+exports[`Storyshots components/Variables/EditVar new variable 1`] = `
+Array [
+  <div
+    className="canvasVarHeader__triggerWrapper"
+  >
+    <button
+      className="canvasVarHeader__button"
+      onClick={[Function]}
+      type="button"
+    >
+      <span
+        className="canvasVarHeader__iconWrapper"
+      >
+        <div
+          data-euiicon-type="sortLeft"
+          style={
+            Object {
+              "verticalAlign": "top",
+            }
+          }
+        />
+      </span>
+      <span>
+        <span
+          className="canvasVarHeader__anchor"
+        >
+          Add variable
+        </span>
+      </span>
+    </button>
+  </div>,
+  <div
+    className="canvasSidebar__accordionContent"
+  >
+    <form
+      className="euiForm"
+    >
+      <div
+        className="euiFormRow euiFormRow--compressed"
+        id="generated-id-row"
+      >
+        <div
+          className="euiFormRow__labelWrapper"
+        >
+          <label
+            className="euiFormLabel euiFormRow__label"
+            htmlFor="generated-id"
+          >
+            Type
+          </label>
+        </div>
+        <div
+          className="euiFormRow__fieldWrapper"
+        >
+          <div
+            className="euiPopover euiPopover--anchorDownCenter euiPopover--displayBlock euiSuperSelect"
+            onKeyDown={[Function]}
+            onMouseDown={[Function]}
+            onMouseUp={[Function]}
+            onTouchEnd={[Function]}
+            onTouchStart={[Function]}
+          >
+            <div
+              className="euiPopover__anchor"
+            >
+              <input
+                id="generated-id"
+                type="hidden"
+                value="string"
+              />
+              <div
+                className="euiFormControlLayout euiFormControlLayout--compressed"
+              >
+                <div
+                  className="euiFormControlLayout__childrenWrapper"
+                >
+                  <span
+                    className="euiScreenReaderOnly"
+                    id="generated-id"
+                  >
+                    Select an option: 
+                    <div
+                      className="canvasEditVar__typeOption"
+                    >
+                      <span
+                        className="euiToken euiToken--euiColorVis1 euiToken--square euiToken--light euiToken--small canvasEditVar__tokenIcon"
+                        style={Object {}}
+                      >
+                        <div
+                          data-euiicon-type="tokenString"
+                          size="m"
+                        />
+                      </span>
+                       
+                      <span>
+                        String
+                      </span>
+                    </div>
+                    , is selected
+                  </span>
+                  <button
+                    aria-haspopup="true"
+                    aria-labelledby="generated-id generated-id"
+                    aria-selected={true}
+                    className="euiSuperSelectControl euiSuperSelectControl--compressed"
+                    onBlur={[Function]}
+                    onClick={[Function]}
+                    onFocus={[Function]}
+                    onKeyDown={[Function]}
+                    role="option"
+                    type="button"
+                  >
+                    <div
+                      className="canvasEditVar__typeOption"
+                    >
+                      <span
+                        className="euiToken euiToken--euiColorVis1 euiToken--square euiToken--light euiToken--small canvasEditVar__tokenIcon"
+                        style={Object {}}
+                      >
+                        <div
+                          data-euiicon-type="tokenString"
+                          size="m"
+                        />
+                      </span>
+                       
+                      <span>
+                        String
+                      </span>
+                    </div>
+                  </button>
+                  <div
+                    className="euiFormControlLayoutIcons euiFormControlLayoutIcons--right"
+                  >
+                    <span
+                      className="euiFormControlLayoutCustomIcon"
+                    >
+                      <div
+                        aria-hidden="true"
+                        className="euiFormControlLayoutCustomIcon__icon"
+                        data-euiicon-type="arrowDown"
+                      />
+                    </span>
+                  </div>
+                </div>
+              </div>
+            </div>
+          </div>
+        </div>
+      </div>
+      <div
+        className="euiFormRow euiFormRow--compressed"
+        id="generated-id-row"
+      >
+        <div
+          className="euiFormRow__labelWrapper"
+        >
+          <label
+            aria-invalid={false}
+            className="euiFormLabel euiFormRow__label"
+            htmlFor="generated-id"
+          >
+            Name
+          </label>
+        </div>
+        <div
+          className="euiFormRow__fieldWrapper"
+        >
+          <div
+            className="euiFormControlLayout euiFormControlLayout--compressed"
+          >
+            <div
+              className="euiFormControlLayout__childrenWrapper"
+            >
+              <input
+                className="euiFieldText euiFieldText--compressed"
+                id="generated-id"
+                name="name"
+                onBlur={[Function]}
+                onChange={[Function]}
+                onFocus={[Function]}
+                type="text"
+                value=""
+              />
+            </div>
+          </div>
+        </div>
+      </div>
+      <div
+        className="euiFormRow euiFormRow--compressed"
+        id="generated-id-row"
+      >
+        <div
+          className="euiFormRow__labelWrapper"
+        >
+          <label
+            className="euiFormLabel euiFormRow__label"
+            htmlFor="generated-id"
+          >
+            Value
+          </label>
+        </div>
+        <div
+          className="euiFormRow__fieldWrapper"
+        >
+          <div
+            className="euiFormControlLayout euiFormControlLayout--compressed"
+          >
+            <div
+              className="euiFormControlLayout__childrenWrapper"
+            >
+              <input
+                className="euiFieldText euiFieldText--compressed"
+                name="value"
+                onChange={[Function]}
+                type="text"
+                value=""
+              />
+            </div>
+          </div>
+        </div>
+      </div>
+      <div
+        className="euiSpacer euiSpacer--m"
+      />
+      <div
+        className="euiFlexGroup euiFlexGroup--gutterLarge euiFlexGroup--alignItemsCenter euiFlexGroup--directionRow euiFlexGroup--responsive"
+      >
+        <div
+          className="euiFlexItem euiFlexItem--flexGrowZero"
+        >
+          <button
+            className="euiButton euiButton--secondary euiButton--small euiButton--fill"
+            disabled={true}
+            onClick={[Function]}
+            type="button"
+          >
+            <span
+              className="euiButton__content"
+            >
+              <div
+                aria-hidden="true"
+                className="euiButton__icon"
+                data-euiicon-type="save"
+                size="m"
+              />
+              <span
+                className="euiButton__text"
+              >
+                Save changes
+              </span>
+            </span>
+          </button>
+        </div>
+        <div
+          className="euiFlexItem euiFlexItem--flexGrowZero"
+        >
+          <button
+            className="euiButtonEmpty euiButtonEmpty--primary euiButtonEmpty--small"
+            onClick={[Function]}
+            type="button"
+          >
+            <span
+              className="euiButtonEmpty__content"
+            >
+              <span
+                className="euiButtonEmpty__text"
+              >
+                Cancel
+              </span>
+            </span>
+          </button>
+        </div>
+      </div>
+    </form>
+  </div>,
+]
+`;
diff --git a/x-pack/plugins/canvas/public/components/var_config/__examples__/__snapshots__/var_config.stories.storyshot b/x-pack/plugins/canvas/public/components/var_config/__examples__/__snapshots__/var_config.stories.storyshot
new file mode 100644
index 00000000000000..146f07a9d01182
--- /dev/null
+++ b/x-pack/plugins/canvas/public/components/var_config/__examples__/__snapshots__/var_config.stories.storyshot
@@ -0,0 +1,87 @@
+// Jest Snapshot v1, https://goo.gl/fbAQLP
+
+exports[`Storyshots components/Variables/VarConfig default 1`] = `
+<div
+  className="canvasSidebar__expandable canvasVarConfig__container "
+>
+  <div
+    className="canvasVarConfig__innerContainer"
+  >
+    <div
+      className="euiAccordion canvasVarConfig__listView canvasSidebar__accordion"
+    >
+      <div
+        className="euiAccordion__triggerWrapper"
+      >
+        <button
+          aria-controls="accordion-variables"
+          aria-expanded={false}
+          className="euiAccordion__button"
+          onClick={[Function]}
+          type="button"
+        >
+          <span
+            className="euiAccordion__iconWrapper"
+          >
+            <div
+              className="euiAccordion__icon"
+              data-euiicon-type="arrowRight"
+              size="m"
+            />
+          </span>
+          <span
+            className="euiIEFlexWrapFix"
+          >
+            <span
+              className="euiToolTipAnchor"
+              onKeyUp={[Function]}
+              onMouseOut={[Function]}
+              onMouseOver={[Function]}
+            >
+              <span
+                onBlur={[Function]}
+                onFocus={[Function]}
+              >
+                Variables
+              </span>
+            </span>
+          </span>
+        </button>
+        <div
+          className="euiAccordion__optionalAction"
+        >
+          <span
+            className="euiToolTipAnchor"
+            onKeyUp={[Function]}
+            onMouseOut={[Function]}
+            onMouseOver={[Function]}
+          >
+            <button
+              aria-label="Add a variable"
+              className="euiButtonIcon euiButtonIcon--primary"
+              onBlur={[Function]}
+              onClick={[Function]}
+              onFocus={[Function]}
+              type="button"
+            >
+              <div
+                aria-hidden="true"
+                className="euiButtonIcon__icon"
+                data-euiicon-type="plusInCircle"
+                size="m"
+              />
+            </button>
+          </span>
+        </div>
+      </div>
+      <div
+        className="euiAccordion__childWrapper"
+        id="accordion-variables"
+      />
+    </div>
+    <div
+      className="canvasVarConfig__editView canvasSidebar__accordion"
+    />
+  </div>
+</div>
+`;
diff --git a/x-pack/plugins/canvas/public/components/var_config/__examples__/delete_var.stories.tsx b/x-pack/plugins/canvas/public/components/var_config/__examples__/delete_var.stories.tsx
new file mode 100644
index 00000000000000..8f5b73d1f6ae91
--- /dev/null
+++ b/x-pack/plugins/canvas/public/components/var_config/__examples__/delete_var.stories.tsx
@@ -0,0 +1,23 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { action } from '@storybook/addon-actions';
+import { storiesOf } from '@storybook/react';
+import React from 'react';
+
+import { CanvasVariable } from '../../../../types';
+
+import { DeleteVar } from '../delete_var';
+
+const variable: CanvasVariable = {
+  name: 'homeUrl',
+  value: 'https://elastic.co',
+  type: 'string',
+};
+
+storiesOf('components/Variables/DeleteVar', module).add('default', () => (
+  <DeleteVar selectedVar={variable} onDelete={action('onDelete')} onCancel={action('onCancel')} />
+));
diff --git a/x-pack/plugins/canvas/public/components/var_config/__examples__/edit_var.stories.tsx b/x-pack/plugins/canvas/public/components/var_config/__examples__/edit_var.stories.tsx
new file mode 100644
index 00000000000000..0369c2c09a39ca
--- /dev/null
+++ b/x-pack/plugins/canvas/public/components/var_config/__examples__/edit_var.stories.tsx
@@ -0,0 +1,65 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { action } from '@storybook/addon-actions';
+import { storiesOf } from '@storybook/react';
+import React from 'react';
+
+import { CanvasVariable } from '../../../../types';
+
+import { EditVar } from '../edit_var';
+
+const variables: CanvasVariable[] = [
+  {
+    name: 'homeUrl',
+    value: 'https://elastic.co',
+    type: 'string',
+  },
+  {
+    name: 'bigNumber',
+    value: 1000,
+    type: 'number',
+  },
+  {
+    name: 'zenMode',
+    value: true,
+    type: 'boolean',
+  },
+];
+
+storiesOf('components/Variables/EditVar', module)
+  .add('new variable', () => (
+    <EditVar
+      variables={variables}
+      selectedVar={null}
+      onSave={action('onSave')}
+      onCancel={action('onCancel')}
+    />
+  ))
+  .add('edit variable (string)', () => (
+    <EditVar
+      variables={variables}
+      selectedVar={variables[0]}
+      onSave={action('onSave')}
+      onCancel={action('onCancel')}
+    />
+  ))
+  .add('edit variable (number)', () => (
+    <EditVar
+      variables={variables}
+      selectedVar={variables[1]}
+      onSave={action('onSave')}
+      onCancel={action('onCancel')}
+    />
+  ))
+  .add('edit variable (boolean)', () => (
+    <EditVar
+      variables={variables}
+      selectedVar={variables[2]}
+      onSave={action('onSave')}
+      onCancel={action('onCancel')}
+    />
+  ));
diff --git a/x-pack/plugins/canvas/public/components/var_config/__examples__/var_config.stories.tsx b/x-pack/plugins/canvas/public/components/var_config/__examples__/var_config.stories.tsx
new file mode 100644
index 00000000000000..ac5c97d122138f
--- /dev/null
+++ b/x-pack/plugins/canvas/public/components/var_config/__examples__/var_config.stories.tsx
@@ -0,0 +1,41 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { action } from '@storybook/addon-actions';
+import { storiesOf } from '@storybook/react';
+import React from 'react';
+
+import { CanvasVariable } from '../../../../types';
+
+import { VarConfig } from '../var_config';
+
+const variables: CanvasVariable[] = [
+  {
+    name: 'homeUrl',
+    value: 'https://elastic.co',
+    type: 'string',
+  },
+  {
+    name: 'bigNumber',
+    value: 1000,
+    type: 'number',
+  },
+  {
+    name: 'zenMode',
+    value: true,
+    type: 'boolean',
+  },
+];
+
+storiesOf('components/Variables/VarConfig', module).add('default', () => (
+  <VarConfig
+    variables={variables}
+    onCopyVar={action('onCopyVar')}
+    onDeleteVar={action('onDeleteVar')}
+    onAddVar={action('onAddVar')}
+    onEditVar={action('onEditVar')}
+  />
+));
diff --git a/x-pack/plugins/canvas/public/components/var_config/delete_var.tsx b/x-pack/plugins/canvas/public/components/var_config/delete_var.tsx
new file mode 100644
index 00000000000000..fa1771a752848c
--- /dev/null
+++ b/x-pack/plugins/canvas/public/components/var_config/delete_var.tsx
@@ -0,0 +1,77 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import React, { FC } from 'react';
+import {
+  EuiIcon,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiButton,
+  EuiButtonEmpty,
+  EuiSpacer,
+  EuiText,
+} from '@elastic/eui';
+import { CanvasVariable } from '../../../types';
+
+import { ComponentStrings } from '../../../i18n';
+const { VarConfigDeleteVar: strings } = ComponentStrings;
+
+import './var_panel.scss';
+
+interface Props {
+  selectedVar: CanvasVariable;
+  onDelete: (v: CanvasVariable) => void;
+  onCancel: () => void;
+}
+
+export const DeleteVar: FC<Props> = ({ selectedVar, onCancel, onDelete }) => {
+  return (
+    <React.Fragment>
+      <div className="canvasVarHeader__triggerWrapper">
+        <button className="canvasVarHeader__button" type="button" onClick={() => onCancel()}>
+          <span className="canvasVarHeader__iconWrapper">
+            <EuiIcon type="sortLeft" style={{ verticalAlign: 'top' }} />
+          </span>
+          <span>
+            <span className="canvasVarHeader__anchor">{strings.getTitle()}</span>
+          </span>
+        </button>
+      </div>
+      <div className="canvasSidebar__accordionContent">
+        <div>
+          <EuiFlexGroup>
+            <EuiFlexItem grow={false}>
+              <EuiText color="subdued" size="s">
+                {strings.getWarningDescription()}
+              </EuiText>
+            </EuiFlexItem>
+          </EuiFlexGroup>
+
+          <EuiSpacer size="m" />
+
+          <EuiFlexGroup alignItems="center">
+            <EuiFlexItem grow={false}>
+              <EuiButton
+                color="danger"
+                size="s"
+                fill
+                onClick={() => onDelete(selectedVar)}
+                iconType="trash"
+              >
+                {strings.getDeleteButtonLabel()}
+              </EuiButton>
+            </EuiFlexItem>
+            <EuiFlexItem grow={false}>
+              <EuiButtonEmpty size="s" onClick={() => onCancel()}>
+                {strings.getCancelButtonLabel()}
+              </EuiButtonEmpty>
+            </EuiFlexItem>
+          </EuiFlexGroup>
+        </div>
+      </div>
+    </React.Fragment>
+  );
+};
diff --git a/x-pack/plugins/canvas/public/components/var_config/edit_var.scss b/x-pack/plugins/canvas/public/components/var_config/edit_var.scss
new file mode 100644
index 00000000000000..7d4a7a4c81ba10
--- /dev/null
+++ b/x-pack/plugins/canvas/public/components/var_config/edit_var.scss
@@ -0,0 +1,8 @@
+.canvasEditVar__typeOption {
+  display: flex;
+  align-items: center;
+
+  .canvasEditVar__tokenIcon {
+    margin-right: 15px;
+  }
+}
diff --git a/x-pack/plugins/canvas/public/components/var_config/edit_var.tsx b/x-pack/plugins/canvas/public/components/var_config/edit_var.tsx
new file mode 100644
index 00000000000000..a1a5541431d267
--- /dev/null
+++ b/x-pack/plugins/canvas/public/components/var_config/edit_var.tsx
@@ -0,0 +1,189 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import React, { useState, FC } from 'react';
+import {
+  EuiIcon,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiToken,
+  EuiSuperSelect,
+  EuiForm,
+  EuiFormRow,
+  EuiFieldText,
+  EuiButton,
+  EuiButtonEmpty,
+  EuiSpacer,
+  EuiCallOut,
+} from '@elastic/eui';
+import { CanvasVariable } from '../../../types';
+
+import { VarValueField } from './var_value_field';
+
+import { ComponentStrings } from '../../../i18n';
+const { VarConfigEditVar: strings } = ComponentStrings;
+
+import './edit_var.scss';
+import './var_panel.scss';
+
+interface Props {
+  selectedVar: CanvasVariable | null;
+  variables: CanvasVariable[];
+  onSave: (v: CanvasVariable) => void;
+  onCancel: () => void;
+}
+
+const checkDupeName = (newName: string, oldName: string | null, variables: CanvasVariable[]) => {
+  const match = variables.find((v) => {
+    // If the new name matches an existing variable and that
+    // matched variable name isn't the old name, then there
+    // is a duplicate
+    return newName === v.name && (!oldName || v.name !== oldName);
+  });
+
+  return !!match;
+};
+
+export const EditVar: FC<Props> = ({ variables, selectedVar, onCancel, onSave }) => {
+  // If there isn't a selected variable, we're creating a new var
+  const isNew = selectedVar === null;
+
+  const [type, setType] = useState(isNew ? 'string' : selectedVar!.type);
+  const [name, setName] = useState(isNew ? '' : selectedVar!.name);
+  const [value, setValue] = useState(isNew ? '' : selectedVar!.value);
+
+  const hasDupeName = checkDupeName(name, selectedVar && selectedVar.name, variables);
+
+  const typeOptions = [
+    {
+      value: 'string',
+      inputDisplay: (
+        <div className="canvasEditVar__typeOption">
+          <EuiToken iconType="tokenString" className="canvasEditVar__tokenIcon" />{' '}
+          <span>{strings.getTypeStringLabel()}</span>
+        </div>
+      ),
+    },
+    {
+      value: 'number',
+      inputDisplay: (
+        <div className="canvasEditVar__typeOption">
+          <EuiToken iconType="tokenNumber" className="canvasEditVar__tokenIcon" />{' '}
+          <span>{strings.getTypeNumberLabel()}</span>
+        </div>
+      ),
+    },
+    {
+      value: 'boolean',
+      inputDisplay: (
+        <div className="canvasEditVar__typeOption">
+          <EuiToken iconType="tokenBoolean" className="canvasEditVar__tokenIcon" />{' '}
+          <span>{strings.getTypeBooleanLabel()}</span>
+        </div>
+      ),
+    },
+  ];
+
+  return (
+    <>
+      <div className="canvasVarHeader__triggerWrapper">
+        <button className="canvasVarHeader__button" type="button" onClick={() => onCancel()}>
+          <span className="canvasVarHeader__iconWrapper">
+            <EuiIcon type="sortLeft" style={{ verticalAlign: 'top' }} />
+          </span>
+          <span>
+            <span className="canvasVarHeader__anchor">
+              {isNew ? strings.getAddTitle() : strings.getEditTitle()}
+            </span>
+          </span>
+        </button>
+      </div>
+      <div className="canvasSidebar__accordionContent">
+        {!isNew && (
+          <div>
+            <EuiCallOut
+              title={strings.getEditWarning()}
+              color="warning"
+              iconType="alert"
+              size="s"
+            />
+            <EuiSpacer size="m" />
+          </div>
+        )}
+
+        <EuiForm component="form">
+          <EuiFormRow label={strings.getTypeFieldLabel()} display="rowCompressed">
+            <EuiSuperSelect
+              options={typeOptions}
+              valueOfSelected={type}
+              onChange={(v) => {
+                // Only have these types possible in the dropdown
+                setType(v as CanvasVariable['type']);
+
+                // Reset default value
+                if (v === 'boolean') {
+                  // Just setting a default value
+                  setValue(true);
+                } else if (v === 'number') {
+                  // Setting default number
+                  setValue(0);
+                } else {
+                  setValue('');
+                }
+              }}
+              compressed={true}
+            />
+          </EuiFormRow>
+          <EuiFormRow
+            label={strings.getNameFieldLabel()}
+            display="rowCompressed"
+            isInvalid={hasDupeName}
+            error={hasDupeName && strings.getDuplicateNameError()}
+          >
+            <EuiFieldText
+              name="name"
+              value={name}
+              compressed={true}
+              onChange={(e) => setName(e.target.value)}
+              isInvalid={hasDupeName}
+            />
+          </EuiFormRow>
+          <EuiFormRow label={strings.getValueFieldLabel()} display="rowCompressed">
+            <VarValueField type={type} value={value} onChange={(v) => setValue(v)} />
+          </EuiFormRow>
+
+          <EuiSpacer size="m" />
+
+          <EuiFlexGroup alignItems="center">
+            <EuiFlexItem grow={false}>
+              <EuiButton
+                color="secondary"
+                size="s"
+                fill
+                onClick={() =>
+                  onSave({
+                    name,
+                    value,
+                    type,
+                  })
+                }
+                disabled={hasDupeName || !name}
+                iconType="save"
+              >
+                {strings.getSaveButtonLabel()}
+              </EuiButton>
+            </EuiFlexItem>
+            <EuiFlexItem grow={false}>
+              <EuiButtonEmpty size="s" onClick={() => onCancel()}>
+                {strings.getCancelButtonLabel()}
+              </EuiButtonEmpty>
+            </EuiFlexItem>
+          </EuiFlexGroup>
+        </EuiForm>
+      </div>
+    </>
+  );
+};
diff --git a/x-pack/plugins/canvas/public/components/var_config/index.tsx b/x-pack/plugins/canvas/public/components/var_config/index.tsx
new file mode 100644
index 00000000000000..526037b79e0e0a
--- /dev/null
+++ b/x-pack/plugins/canvas/public/components/var_config/index.tsx
@@ -0,0 +1,66 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import React, { FC } from 'react';
+import copy from 'copy-to-clipboard';
+import { VarConfig as ChildComponent } from './var_config';
+import {
+  withKibana,
+  KibanaReactContextValue,
+  KibanaServices,
+} from '../../../../../../src/plugins/kibana_react/public';
+import { CanvasServices } from '../../services';
+
+import { ComponentStrings } from '../../../i18n';
+
+import { CanvasVariable } from '../../../types';
+
+const { VarConfig: strings } = ComponentStrings;
+
+interface Props {
+  kibana: KibanaReactContextValue<{ canvas: CanvasServices } & KibanaServices>;
+
+  variables: CanvasVariable[];
+  setVariables: (variables: CanvasVariable[]) => void;
+}
+
+const WrappedComponent: FC<Props> = ({ kibana, variables, setVariables }) => {
+  const onDeleteVar = (v: CanvasVariable) => {
+    const index = variables.findIndex((targetVar: CanvasVariable) => {
+      return targetVar.name === v.name;
+    });
+    if (index !== -1) {
+      const newVars = [...variables];
+      newVars.splice(index, 1);
+      setVariables(newVars);
+
+      kibana.services.canvas.notify.success(strings.getDeleteNotificationDescription());
+    }
+  };
+
+  const onCopyVar = (v: CanvasVariable) => {
+    const snippetStr = `{var "${v.name}"}`;
+    copy(snippetStr, { debug: true });
+    kibana.services.canvas.notify.success(strings.getCopyNotificationDescription());
+  };
+
+  const onAddVar = (v: CanvasVariable) => {
+    setVariables([...variables, v]);
+  };
+
+  const onEditVar = (oldVar: CanvasVariable, newVar: CanvasVariable) => {
+    const existingVarIndex = variables.findIndex((v) => oldVar.name === v.name);
+
+    const newVars = [...variables];
+    newVars[existingVarIndex] = newVar;
+
+    setVariables(newVars);
+  };
+
+  return <ChildComponent {...{ variables, onCopyVar, onDeleteVar, onAddVar, onEditVar }} />;
+};
+
+export const VarConfig = withKibana(WrappedComponent);
diff --git a/x-pack/plugins/canvas/public/components/var_config/var_config.scss b/x-pack/plugins/canvas/public/components/var_config/var_config.scss
new file mode 100644
index 00000000000000..19fe64e7422fdb
--- /dev/null
+++ b/x-pack/plugins/canvas/public/components/var_config/var_config.scss
@@ -0,0 +1,66 @@
+.canvasVarConfig__container {
+  width: 100%;
+  position: relative;
+
+  &.canvasVarConfig-isEditMode {
+    .canvasVarConfig__innerContainer {
+      transform: translateX(-50%);
+    }
+  }
+}
+
+.canvasVarConfig__list {
+  table {
+    background-color: transparent;
+  }
+
+  thead tr th,
+  thead tr td {
+    border-bottom: none;
+    border-top: none;
+  }
+
+  tbody tr td {
+    border-top: none;
+    border-bottom: none;
+  }
+
+  tbody tr:hover {
+    background-color: transparent;
+  }
+
+  tbody tr:last-child td {
+    border-bottom: none;
+  }
+}
+
+.canvasVarConfig__innerContainer {
+  width: calc(200% + 48px); // Account for the extra padding
+
+  position: relative;
+
+  display: flex;
+  flex-direction: row;
+  align-content: stretch;
+
+  .canvasVarConfig__editView {
+    margin-left: 0;
+  }
+
+  .canvasVarConfig__listView {
+    margin-right: 0;
+  }
+}
+
+.canvasVarConfig__editView {
+  width: 50%;
+  height: 100%;
+
+  flex-shrink: 0;
+}
+
+.canvasVarConfig__listView {
+  width: 50%;
+
+  flex-shrink: 0;
+}
diff --git a/x-pack/plugins/canvas/public/components/var_config/var_config.tsx b/x-pack/plugins/canvas/public/components/var_config/var_config.tsx
new file mode 100644
index 00000000000000..6120130c77e241
--- /dev/null
+++ b/x-pack/plugins/canvas/public/components/var_config/var_config.tsx
@@ -0,0 +1,230 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import React, { useState, FC } from 'react';
+import {
+  EuiAccordion,
+  EuiButtonIcon,
+  EuiToken,
+  EuiToolTip,
+  EuiText,
+  EuiInMemoryTable,
+  EuiBasicTableColumn,
+  EuiTableActionsColumnType,
+  EuiSpacer,
+  EuiButton,
+} from '@elastic/eui';
+
+import { CanvasVariable } from '../../../types';
+import { ComponentStrings } from '../../../i18n';
+
+import { EditVar } from './edit_var';
+import { DeleteVar } from './delete_var';
+
+import './var_config.scss';
+
+const { VarConfig: strings } = ComponentStrings;
+
+enum PanelMode {
+  List,
+  Edit,
+  Delete,
+}
+
+const typeToToken = {
+  number: 'tokenNumber',
+  boolean: 'tokenBoolean',
+  string: 'tokenString',
+};
+
+interface Props {
+  variables: CanvasVariable[];
+  onCopyVar: (v: CanvasVariable) => void;
+  onDeleteVar: (v: CanvasVariable) => void;
+  onAddVar: (v: CanvasVariable) => void;
+  onEditVar: (oldVar: CanvasVariable, newVar: CanvasVariable) => void;
+}
+
+export const VarConfig: FC<Props> = ({
+  variables,
+  onCopyVar,
+  onDeleteVar,
+  onAddVar,
+  onEditVar,
+}) => {
+  const [panelMode, setPanelMode] = useState<PanelMode>(PanelMode.List);
+  const [selectedVar, setSelectedVar] = useState<CanvasVariable | null>(null);
+
+  const selectAndEditVar = (v: CanvasVariable) => {
+    setSelectedVar(v);
+    setPanelMode(PanelMode.Edit);
+  };
+
+  const selectAndDeleteVar = (v: CanvasVariable) => {
+    setSelectedVar(v);
+    setPanelMode(PanelMode.Delete);
+  };
+
+  const actions: EuiTableActionsColumnType<CanvasVariable>['actions'] = [
+    {
+      type: 'icon',
+      name: strings.getCopyActionButtonLabel(),
+      description: strings.getCopyActionTooltipLabel(),
+      icon: 'copyClipboard',
+      onClick: onCopyVar,
+      isPrimary: true,
+    },
+    {
+      type: 'icon',
+      name: strings.getEditActionButtonLabel(),
+      description: '',
+      icon: 'pencil',
+      onClick: selectAndEditVar,
+    },
+    {
+      type: 'icon',
+      name: strings.getDeleteActionButtonLabel(),
+      description: '',
+      icon: 'trash',
+      color: 'danger',
+      onClick: selectAndDeleteVar,
+    },
+  ];
+
+  const varColumns: Array<EuiBasicTableColumn<CanvasVariable>> = [
+    {
+      field: 'type',
+      name: strings.getTableTypeLabel(),
+      sortable: true,
+      render: (varType: CanvasVariable['type'], _v: CanvasVariable) => {
+        return <EuiToken iconType={typeToToken[varType]} />;
+      },
+      width: '50px',
+    },
+    {
+      field: 'name',
+      name: strings.getTableNameLabel(),
+      sortable: true,
+    },
+    {
+      field: 'value',
+      name: strings.getTableValueLabel(),
+      sortable: true,
+      truncateText: true,
+      render: (value: CanvasVariable['value'], _v: CanvasVariable) => {
+        return '' + value;
+      },
+    },
+    {
+      actions,
+      width: '60px',
+    },
+  ];
+
+  return (
+    <div
+      className={`canvasSidebar__expandable canvasVarConfig__container ${
+        panelMode !== PanelMode.List ? 'canvasVarConfig-isEditMode' : ''
+      }`}
+    >
+      <div className="canvasVarConfig__innerContainer">
+        <EuiAccordion
+          id="accordion-variables"
+          className="canvasVarConfig__listView canvasSidebar__accordion"
+          buttonContent={
+            <EuiToolTip
+              content={strings.getTitleTooltip()}
+              position="left"
+              className="canvasArg__tooltip"
+            >
+              <span>{strings.getTitle()}</span>
+            </EuiToolTip>
+          }
+          extraAction={
+            <EuiToolTip position="top" content={strings.getAddTooltipLabel()}>
+              <EuiButtonIcon
+                color="primary"
+                iconType="plusInCircle"
+                aria-label={strings.getAddTooltipLabel()}
+                onClick={() => {
+                  setSelectedVar(null);
+                  setPanelMode(PanelMode.Edit);
+                }}
+              />
+            </EuiToolTip>
+          }
+        >
+          {variables.length !== 0 && (
+            <div className="canvasSidebar__accordionContent">
+              <EuiInMemoryTable
+                className="canvasVarConfig__list"
+                items={variables}
+                columns={varColumns}
+                hasActions={true}
+                pagination={false}
+                sorting={true}
+                compressed
+              />
+            </div>
+          )}
+          {variables.length === 0 && (
+            <div className="canvasSidebar__accordionContent">
+              <EuiText color="subdued" size="s">
+                {strings.getEmptyDescription()}
+              </EuiText>
+              <EuiSpacer size="m" />
+              <EuiButton
+                size="s"
+                iconType="plusInCircle"
+                onClick={() => setPanelMode(PanelMode.Edit)}
+              >
+                {strings.getAddButtonLabel()}
+              </EuiButton>
+            </div>
+          )}
+        </EuiAccordion>
+        <div className="canvasVarConfig__editView canvasSidebar__accordion">
+          {panelMode === PanelMode.Edit && (
+            <EditVar
+              variables={variables}
+              selectedVar={selectedVar}
+              onSave={(newVar: CanvasVariable) => {
+                if (!selectedVar) {
+                  onAddVar(newVar);
+                } else {
+                  onEditVar(selectedVar, newVar);
+                }
+
+                setSelectedVar(null);
+                setPanelMode(PanelMode.List);
+              }}
+              onCancel={() => {
+                setSelectedVar(null);
+                setPanelMode(PanelMode.List);
+              }}
+            />
+          )}
+
+          {panelMode === PanelMode.Delete && selectedVar && (
+            <DeleteVar
+              selectedVar={selectedVar}
+              onDelete={(v: CanvasVariable) => {
+                onDeleteVar(v);
+
+                setSelectedVar(null);
+                setPanelMode(PanelMode.List);
+              }}
+              onCancel={() => {
+                setSelectedVar(null);
+                setPanelMode(PanelMode.List);
+              }}
+            />
+          )}
+        </div>
+      </div>
+    </div>
+  );
+};
diff --git a/x-pack/plugins/canvas/public/components/var_config/var_panel.scss b/x-pack/plugins/canvas/public/components/var_config/var_panel.scss
new file mode 100644
index 00000000000000..84f92aab281465
--- /dev/null
+++ b/x-pack/plugins/canvas/public/components/var_config/var_panel.scss
@@ -0,0 +1,31 @@
+.canvasVarHeader__triggerWrapper {
+  display: flex;
+  align-items: center;
+}
+
+.canvasVarHeader__button {
+  @include euiFontSize;
+  text-align: left;
+
+  width: 100%;
+  flex-grow: 1;
+
+  display: flex;
+  align-items: center;
+}
+
+.canvasVarHeader__iconWrapper {
+  width: $euiSize;
+  height: $euiSize;
+
+  border-radius: $euiBorderRadius;
+
+  margin-right: $euiSizeS;
+  margin-left: $euiSizeXS;
+
+  flex-shrink: 0;
+}
+
+.canvasVarHeader__anchor {
+  display: inline-block;
+}
\ No newline at end of file
diff --git a/x-pack/plugins/canvas/public/components/var_config/var_value_field.tsx b/x-pack/plugins/canvas/public/components/var_config/var_value_field.tsx
new file mode 100644
index 00000000000000..c86be4efec0431
--- /dev/null
+++ b/x-pack/plugins/canvas/public/components/var_config/var_value_field.tsx
@@ -0,0 +1,69 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import React, { FC } from 'react';
+import { EuiFieldText, EuiFieldNumber, EuiButtonGroup } from '@elastic/eui';
+import { htmlIdGenerator } from '@elastic/eui';
+
+import { CanvasVariable } from '../../../types';
+
+import { ComponentStrings } from '../../../i18n';
+const { VarConfigVarValueField: strings } = ComponentStrings;
+
+interface Props {
+  type: CanvasVariable['type'];
+  value: CanvasVariable['value'];
+  onChange: (v: CanvasVariable['value']) => void;
+}
+
+export const VarValueField: FC<Props> = ({ type, value, onChange }) => {
+  const idPrefix = htmlIdGenerator()();
+
+  const options = [
+    {
+      id: `${idPrefix}-true`,
+      label: strings.getTrueOption(),
+    },
+    {
+      id: `${idPrefix}-false`,
+      label: strings.getFalseOption(),
+    },
+  ];
+
+  if (type === 'number') {
+    return (
+      <EuiFieldNumber
+        compressed
+        name="value"
+        value={value as number}
+        onChange={(e) => onChange(e.target.value)}
+      />
+    );
+  } else if (type === 'boolean') {
+    return (
+      <EuiButtonGroup
+        name="value"
+        options={options}
+        idSelected={`${idPrefix}-${value}`}
+        onChange={(id) => {
+          const val = id.replace(`${idPrefix}-`, '') === 'true';
+          onChange(val);
+        }}
+        buttonSize="compressed"
+        isFullWidth
+      />
+    );
+  }
+
+  return (
+    <EuiFieldText
+      compressed
+      name="value"
+      value={String(value)}
+      onChange={(e) => onChange(e.target.value)}
+    />
+  );
+};
diff --git a/x-pack/plugins/canvas/public/components/workpad_config/index.ts b/x-pack/plugins/canvas/public/components/workpad_config/index.ts
index c69a1fd9b81379..bba08d7647e9ec 100644
--- a/x-pack/plugins/canvas/public/components/workpad_config/index.ts
+++ b/x-pack/plugins/canvas/public/components/workpad_config/index.ts
@@ -7,11 +7,17 @@
 import { connect } from 'react-redux';
 
 import { get } from 'lodash';
-import { sizeWorkpad as setSize, setName, setWorkpadCSS } from '../../state/actions/workpad';
+import {
+  sizeWorkpad as setSize,
+  setName,
+  setWorkpadCSS,
+  updateWorkpadVariables,
+} from '../../state/actions/workpad';
+
 import { getWorkpad } from '../../state/selectors/workpad';
 import { DEFAULT_WORKPAD_CSS } from '../../../common/lib/constants';
 import { WorkpadConfig as Component } from './workpad_config';
-import { State } from '../../../types';
+import { State, CanvasVariable } from '../../../types';
 
 const mapStateToProps = (state: State) => {
   const workpad = getWorkpad(state);
@@ -23,6 +29,7 @@ const mapStateToProps = (state: State) => {
       height: get(workpad, 'height'),
     },
     css: get(workpad, 'css', DEFAULT_WORKPAD_CSS),
+    variables: get(workpad, 'variables', []),
   };
 };
 
@@ -30,6 +37,7 @@ const mapDispatchToProps = {
   setSize,
   setName,
   setWorkpadCSS,
+  setWorkpadVariables: (vars: CanvasVariable[]) => updateWorkpadVariables(vars),
 };
 
 export const WorkpadConfig = connect(mapStateToProps, mapDispatchToProps)(Component);
diff --git a/x-pack/plugins/canvas/public/components/workpad_config/workpad_config.tsx b/x-pack/plugins/canvas/public/components/workpad_config/workpad_config.tsx
index 7b7a1e08b2c5da..a7424882f10722 100644
--- a/x-pack/plugins/canvas/public/components/workpad_config/workpad_config.tsx
+++ b/x-pack/plugins/canvas/public/components/workpad_config/workpad_config.tsx
@@ -19,10 +19,13 @@ import {
   EuiToolTip,
   EuiTextArea,
   EuiAccordion,
-  EuiText,
   EuiButton,
 } from '@elastic/eui';
+
+import { VarConfig } from '../var_config';
+
 import { DEFAULT_WORKPAD_CSS } from '../../../common/lib/constants';
+import { CanvasVariable } from '../../../types';
 import { ComponentStrings } from '../../../i18n';
 
 const { WorkpadConfig: strings } = ComponentStrings;
@@ -34,14 +37,16 @@ interface Props {
   };
   name: string;
   css?: string;
+  variables: CanvasVariable[];
   setSize: ({ height, width }: { height: number; width: number }) => void;
   setName: (name: string) => void;
   setWorkpadCSS: (css: string) => void;
+  setWorkpadVariables: (vars: CanvasVariable[]) => void;
 }
 
 export const WorkpadConfig: FunctionComponent<Props> = (props) => {
   const [css, setCSS] = useState(props.css);
-  const { size, name, setSize, setName, setWorkpadCSS } = props;
+  const { size, name, setSize, setName, setWorkpadCSS, variables, setWorkpadVariables } = props;
   const rotate = () => setSize({ width: size.height, height: size.width });
 
   const badges = [
@@ -129,23 +134,25 @@ export const WorkpadConfig: FunctionComponent<Props> = (props) => {
       </div>
 
       <EuiSpacer size="m" />
-      <div className="canvasArg--expandable">
+
+      <VarConfig variables={variables} setVariables={setWorkpadVariables} />
+
+      <div className="canvasSidebar__expandable">
         <EuiAccordion
           id="accordion-global-css"
-          className="canvasArg__accordion"
+          className="canvasSidebar__accordion"
+          style={{ marginBottom: 0 }}
           buttonContent={
             <EuiToolTip
               content={strings.getGlobalCSSTooltip()}
               position="left"
               className="canvasArg__tooltip"
             >
-              <EuiText size="s" color="subdued">
-                {strings.getGlobalCSSLabel()}
-              </EuiText>
+              <span>{strings.getGlobalCSSLabel()}</span>
             </EuiToolTip>
           }
         >
-          <div className="canvasArg__content">
+          <div className="canvasSidebar__accordionContent">
             <EuiTextArea
               aria-label={strings.getGlobalCSSTooltip()}
               value={css}
@@ -169,7 +176,9 @@ WorkpadConfig.propTypes = {
   size: PropTypes.object.isRequired,
   name: PropTypes.string.isRequired,
   css: PropTypes.string,
+  variables: PropTypes.array,
   setSize: PropTypes.func.isRequired,
   setName: PropTypes.func.isRequired,
   setWorkpadCSS: PropTypes.func.isRequired,
+  setWorkpadVariables: PropTypes.func.isRequired,
 };
diff --git a/x-pack/plugins/canvas/public/functions/filters.ts b/x-pack/plugins/canvas/public/functions/filters.ts
index ecde5d2eb255b9..61fa67dc63316c 100644
--- a/x-pack/plugins/canvas/public/functions/filters.ts
+++ b/x-pack/plugins/canvas/public/functions/filters.ts
@@ -10,7 +10,7 @@ import { ExpressionFunctionDefinition } from 'src/plugins/expressions/public';
 import { interpretAst } from '../lib/run_interpreter';
 // @ts-expect-error untyped local
 import { getState } from '../state/store';
-import { getGlobalFilters } from '../state/selectors/workpad';
+import { getGlobalFilters, getWorkpadVariablesAsObject } from '../state/selectors/workpad';
 import { ExpressionValueFilter } from '../../types';
 import { getFunctionHelp } from '../../i18n';
 import { InitializeArguments } from '.';
@@ -79,7 +79,7 @@ export function filtersFunctionFactory(initialize: InitializeArguments): () => F
         if (filterList && filterList.length) {
           const filterExpression = filterList.join(' | ');
           const filterAST = fromExpression(filterExpression);
-          return interpretAst(filterAST);
+          return interpretAst(filterAST, getWorkpadVariablesAsObject(getState()));
         } else {
           const filterType = initialize.typesRegistry.get('filter');
           return filterType?.from(null, {});
diff --git a/x-pack/plugins/canvas/public/lib/run_interpreter.ts b/x-pack/plugins/canvas/public/lib/run_interpreter.ts
index 07c0ca4b1ce152..12e07ed3535f6d 100644
--- a/x-pack/plugins/canvas/public/lib/run_interpreter.ts
+++ b/x-pack/plugins/canvas/public/lib/run_interpreter.ts
@@ -15,8 +15,12 @@ interface Options {
 /**
  * Meant to be a replacement for plugins/interpreter/interpretAST
  */
-export async function interpretAst(ast: ExpressionAstExpression): Promise<ExpressionValue> {
-  return await expressionsService.getService().execute(ast).getData();
+export async function interpretAst(
+  ast: ExpressionAstExpression,
+  variables: Record<string, any>
+): Promise<ExpressionValue> {
+  const context = { variables };
+  return await expressionsService.getService().execute(ast, null, context).getData();
 }
 
 /**
@@ -24,6 +28,7 @@ export async function interpretAst(ast: ExpressionAstExpression): Promise<Expres
  *
  * @param {object} ast - Executable AST
  * @param {any} input - Initial input for AST execution
+ * @param {object} variables - Variables to pass in to the intrepreter context
  * @param {object} options
  * @param {boolean} options.castToRender - try to cast to a type: render object?
  * @returns {promise}
@@ -31,17 +36,20 @@ export async function interpretAst(ast: ExpressionAstExpression): Promise<Expres
 export async function runInterpreter(
   ast: ExpressionAstExpression,
   input: ExpressionValue,
+  variables: Record<string, any>,
   options: Options = {}
 ): Promise<ExpressionValue> {
+  const context = { variables };
+
   try {
-    const renderable = await expressionsService.getService().execute(ast, input).getData();
+    const renderable = await expressionsService.getService().execute(ast, input, context).getData();
 
     if (getType(renderable) === 'render') {
       return renderable;
     }
 
     if (options.castToRender) {
-      return runInterpreter(fromExpression('render'), renderable, {
+      return runInterpreter(fromExpression('render'), renderable, variables, {
         castToRender: false,
       });
     }
diff --git a/x-pack/plugins/canvas/public/lib/workpad_service.js b/x-pack/plugins/canvas/public/lib/workpad_service.js
index 1617759e83dd8b..2047e20424accb 100644
--- a/x-pack/plugins/canvas/public/lib/workpad_service.js
+++ b/x-pack/plugins/canvas/public/lib/workpad_service.js
@@ -21,6 +21,7 @@ const validKeys = [
   'assets',
   'colors',
   'css',
+  'variables',
   'height',
   'id',
   'isWriteable',
@@ -61,6 +62,7 @@ export function create(workpad) {
   return fetch.post(getApiPath(), {
     ...sanitizeWorkpad({ ...workpad }),
     assets: workpad.assets || {},
+    variables: workpad.variables || [],
   });
 }
 
@@ -73,7 +75,7 @@ export async function createFromTemplate(templateId) {
 export function get(workpadId) {
   return fetch.get(`${getApiPath()}/${workpadId}`).then(({ data: workpad }) => {
     // shim old workpads with new properties
-    return { css: DEFAULT_WORKPAD_CSS, ...workpad };
+    return { css: DEFAULT_WORKPAD_CSS, variables: [], ...workpad };
   });
 }
 
diff --git a/x-pack/plugins/canvas/public/state/actions/elements.js b/x-pack/plugins/canvas/public/state/actions/elements.js
index e89e62917da390..2ba011373c6702 100644
--- a/x-pack/plugins/canvas/public/state/actions/elements.js
+++ b/x-pack/plugins/canvas/public/state/actions/elements.js
@@ -9,7 +9,13 @@ import immutable from 'object-path-immutable';
 import { get, pick, cloneDeep, without } from 'lodash';
 import { toExpression, safeElementFromExpression } from '@kbn/interpreter/common';
 import { createThunk } from '../../lib/create_thunk';
-import { getPages, getNodeById, getNodes, getSelectedPageIndex } from '../selectors/workpad';
+import {
+  getPages,
+  getWorkpadVariablesAsObject,
+  getNodeById,
+  getNodes,
+  getSelectedPageIndex,
+} from '../selectors/workpad';
 import { getValue as getResolvedArgsValue } from '../selectors/resolved_args';
 import { getDefaultElement } from '../defaults';
 import { ErrorStrings } from '../../../i18n';
@@ -96,13 +102,15 @@ export const fetchContext = createThunk(
       return i < index;
     });
 
+    const variables = getWorkpadVariablesAsObject(getState());
+
     // get context data from a partial AST
     return interpretAst(
       {
         ...element.ast,
         chain: astChain,
       },
-      prevContextValue
+      variables
     ).then((value) => {
       dispatch(
         args.setValue({
@@ -114,7 +122,7 @@ export const fetchContext = createThunk(
   }
 );
 
-const fetchRenderableWithContextFn = ({ dispatch }, element, ast, context) => {
+const fetchRenderableWithContextFn = ({ dispatch, getState }, element, ast, context) => {
   const argumentPath = [element.id, 'expressionRenderable'];
   dispatch(
     args.setLoading({
@@ -128,7 +136,9 @@ const fetchRenderableWithContextFn = ({ dispatch }, element, ast, context) => {
       value: renderable,
     });
 
-  return runInterpreter(ast, context, { castToRender: true })
+  const variables = getWorkpadVariablesAsObject(getState());
+
+  return runInterpreter(ast, context, variables, { castToRender: true })
     .then((renderable) => {
       dispatch(getAction(renderable));
     })
@@ -172,7 +182,9 @@ export const fetchAllRenderables = createThunk(
         const ast = element.ast || safeElementFromExpression(element.expression);
         const argumentPath = [element.id, 'expressionRenderable'];
 
-        return runInterpreter(ast, null, { castToRender: true })
+        const variables = getWorkpadVariablesAsObject(getState());
+
+        return runInterpreter(ast, null, variables, { castToRender: true })
           .then((renderable) => ({ path: argumentPath, value: renderable }))
           .catch((err) => {
             services.notify.getService().error(err);
diff --git a/x-pack/plugins/canvas/public/state/actions/workpad.ts b/x-pack/plugins/canvas/public/state/actions/workpad.ts
index 419832e404594d..7af55730f5787b 100644
--- a/x-pack/plugins/canvas/public/state/actions/workpad.ts
+++ b/x-pack/plugins/canvas/public/state/actions/workpad.ts
@@ -10,7 +10,7 @@ import { createThunk } from '../../lib/create_thunk';
 import { getWorkpadColors } from '../selectors/workpad';
 // @ts-expect-error
 import { fetchAllRenderables } from './elements';
-import { CanvasWorkpad } from '../../../types';
+import { CanvasWorkpad, CanvasVariable } from '../../../types';
 
 export const sizeWorkpad = createAction<{ height: number; width: number }>('sizeWorkpad');
 export const setName = createAction<string>('setName');
@@ -18,6 +18,7 @@ export const setWriteable = createAction<boolean>('setWriteable');
 export const setColors = createAction<string[]>('setColors');
 export const setRefreshInterval = createAction<number>('setRefreshInterval');
 export const setWorkpadCSS = createAction<string>('setWorkpadCSS');
+export const setWorkpadVariables = createAction<CanvasVariable[]>('setWorkpadVariables');
 export const enableAutoplay = createAction<boolean>('enableAutoplay');
 export const setAutoplayInterval = createAction<number>('setAutoplayInterval');
 export const resetWorkpad = createAction<void>('resetWorkpad');
@@ -38,6 +39,14 @@ export const removeColor = createThunk('removeColor', ({ dispatch, getState }, c
   dispatch(setColors(without(getWorkpadColors(getState()), color)));
 });
 
+export const updateWorkpadVariables = createThunk(
+  'updateWorkpadVariables',
+  ({ dispatch }, vars) => {
+    dispatch(setWorkpadVariables(vars));
+    dispatch(fetchAllRenderables());
+  }
+);
+
 export const setWorkpad = createThunk(
   'setWorkpad',
   (
diff --git a/x-pack/plugins/canvas/public/state/defaults.js b/x-pack/plugins/canvas/public/state/defaults.js
index 13ff7102bcafe9..5cffb5e865d648 100644
--- a/x-pack/plugins/canvas/public/state/defaults.js
+++ b/x-pack/plugins/canvas/public/state/defaults.js
@@ -81,6 +81,7 @@ export const getDefaultWorkpad = () => {
       '#FFFFFF',
       'rgba(255,255,255,0)', // 'transparent'
     ],
+    variables: [],
     isWriteable: true,
   };
 };
diff --git a/x-pack/plugins/canvas/public/state/reducers/workpad.js b/x-pack/plugins/canvas/public/state/reducers/workpad.js
index 30f9c638a054fe..9a0c30bdf13374 100644
--- a/x-pack/plugins/canvas/public/state/reducers/workpad.js
+++ b/x-pack/plugins/canvas/public/state/reducers/workpad.js
@@ -14,6 +14,7 @@ import {
   setName,
   setWriteable,
   setWorkpadCSS,
+  setWorkpadVariables,
   resetWorkpad,
 } from '../actions/workpad';
 
@@ -59,6 +60,10 @@ export const workpadReducer = handleActions(
       return { ...workpadState, css: payload };
     },
 
+    [setWorkpadVariables]: (workpadState, { payload }) => {
+      return { ...workpadState, variables: payload };
+    },
+
     [resetWorkpad]: () => ({ ...getDefaultWorkpad() }),
   },
   {}
diff --git a/x-pack/plugins/canvas/public/state/selectors/workpad.ts b/x-pack/plugins/canvas/public/state/selectors/workpad.ts
index 83f4984b4a3002..1d7ea05daaa61c 100644
--- a/x-pack/plugins/canvas/public/state/selectors/workpad.ts
+++ b/x-pack/plugins/canvas/public/state/selectors/workpad.ts
@@ -10,7 +10,14 @@ import { safeElementFromExpression, fromExpression } from '@kbn/interpreter/comm
 // @ts-expect-error untyped local
 import { append } from '../../lib/modify_path';
 import { getAssets } from './assets';
-import { State, CanvasWorkpad, CanvasPage, CanvasElement, ResolvedArgType } from '../../../types';
+import {
+  State,
+  CanvasWorkpad,
+  CanvasPage,
+  CanvasElement,
+  CanvasVariable,
+  ResolvedArgType,
+} from '../../../types';
 import {
   ExpressionContext,
   CanvasGroup,
@@ -49,6 +56,23 @@ export function getWorkpadPersisted(state: State) {
   return getWorkpad(state);
 }
 
+export function getWorkpadVariables(state: State) {
+  const workpad = getWorkpad(state);
+  return get(workpad, 'variables', []);
+}
+
+export function getWorkpadVariablesAsObject(state: State) {
+  const variables = getWorkpadVariables(state);
+  if (variables.length === 0) {
+    return {};
+  }
+
+  return (variables as CanvasVariable[]).reduce(
+    (vars: Record<string, any>, v: CanvasVariable) => ({ ...vars, [v.name]: v.value }),
+    {}
+  );
+}
+
 export function getWorkpadInfo(state: State): WorkpadInfo {
   return {
     ...getWorkpad(state),
@@ -326,7 +350,9 @@ export function getElements(
     return elements.map((el) => omit(el, ['ast']));
   }
 
-  return elements.map(appendAst);
+  const elementAppendAst = (elem: CanvasElement) => appendAst(elem);
+
+  return elements.map(elementAppendAst);
 }
 
 const augment = (type: string) => <T extends CanvasElement | CanvasGroup>(n: T): T => ({
diff --git a/x-pack/plugins/canvas/server/lib/sanitize_name.js b/x-pack/plugins/canvas/server/lib/sanitize_name.js
index 295315c3ceb2ef..4c787c816a331f 100644
--- a/x-pack/plugins/canvas/server/lib/sanitize_name.js
+++ b/x-pack/plugins/canvas/server/lib/sanitize_name.js
@@ -5,9 +5,9 @@
  */
 
 export function sanitizeName(name) {
-  // blacklisted characters
-  const blacklist = ['(', ')'];
-  const pattern = blacklist.map((v) => escapeRegExp(v)).join('|');
+  // invalid characters
+  const invalid = ['(', ')'];
+  const pattern = invalid.map((v) => escapeRegExp(v)).join('|');
   const regex = new RegExp(pattern, 'g');
   return name.replace(regex, '_');
 }
diff --git a/x-pack/plugins/canvas/server/routes/workpad/workpad_schema.ts b/x-pack/plugins/canvas/server/routes/workpad/workpad_schema.ts
index 0c31f517a74b3c..5bbd2caa0cb99a 100644
--- a/x-pack/plugins/canvas/server/routes/workpad/workpad_schema.ts
+++ b/x-pack/plugins/canvas/server/routes/workpad/workpad_schema.ts
@@ -51,12 +51,19 @@ export const WorkpadAssetSchema = schema.object({
   value: schema.string(),
 });
 
+export const WorkpadVariable = schema.object({
+  name: schema.string(),
+  value: schema.oneOf([schema.string(), schema.number(), schema.boolean()]),
+  type: schema.string(),
+});
+
 export const WorkpadSchema = schema.object({
   '@created': schema.maybe(schema.string()),
   '@timestamp': schema.maybe(schema.string()),
   assets: schema.maybe(schema.recordOf(schema.string(), WorkpadAssetSchema)),
   colors: schema.arrayOf(schema.string()),
   css: schema.string(),
+  variables: schema.arrayOf(WorkpadVariable),
   height: schema.number(),
   id: schema.string(),
   isWriteable: schema.maybe(schema.boolean()),
diff --git a/x-pack/plugins/canvas/server/templates/pitch_presentation.ts b/x-pack/plugins/canvas/server/templates/pitch_presentation.ts
index 95f0dc4c3da39a..416d3aee2dd034 100644
--- a/x-pack/plugins/canvas/server/templates/pitch_presentation.ts
+++ b/x-pack/plugins/canvas/server/templates/pitch_presentation.ts
@@ -1644,5 +1644,6 @@ export const pitch: CanvasTemplate = {
     },
     css:
       ".canvasPage h1, .canvasPage h2, .canvasPage h3, .canvasPage h4, .canvasPage h5 {\nfont-family: 'Futura';\ncolor: #444444;\n}\n\n.canvasPage h1 {\nfont-size: 112px;\nfont-weight: bold;\ncolor: #FFFFFF;\n}\n\n.canvasPage h2 {\nfont-size: 48px;\nfont-weight: bold;\n}\n\n.canvasPage h3 {\nfont-size: 30px;\nfont-weight: 300;\ntext-transform: uppercase;\ncolor: #FFFFFF;\n}\n\n.canvasPage h5 {\nfont-size: 24px;\nfont-style: italic;\n}",
+    variables: [],
   },
 };
diff --git a/x-pack/plugins/canvas/server/templates/status_report.ts b/x-pack/plugins/canvas/server/templates/status_report.ts
index b396ed784cbedb..447e1f99afaee1 100644
--- a/x-pack/plugins/canvas/server/templates/status_report.ts
+++ b/x-pack/plugins/canvas/server/templates/status_report.ts
@@ -17,6 +17,7 @@ export const status: CanvasTemplate = {
     height: 792,
     css:
       '.canvasPage h1, .canvasPage h2, .canvasPage h3, .canvasPage h4, .canvasPage h5, .canvasPage h6, .canvasPage li, .canvasPage p, .canvasPage th, .canvasPage td {\nfont-family: "Gill Sans" !important;\ncolor: #333333;\n}\n\n.canvasPage h1, .canvasPage h2 {\nfont-weight: 400;\n}\n\n.canvasPage h2 {\ntext-transform: uppercase;\ncolor: #1785B0;\n}\n\n.canvasMarkdown p,\n.canvasMarkdown li {\nfont-size: 18px;\n}\n\n.canvasMarkdown li {\nmargin-bottom: .75em;\n}\n\n.canvasMarkdown h3:not(:first-child) {\nmargin-top: 2em;\n}\n\n.canvasMarkdown a {\ncolor: #1785B0;\n}\n\n.canvasMarkdown th,\n.canvasMarkdown td {\npadding: .5em 1em;\n}\n\n.canvasMarkdown th {\nbackground-color: #FAFBFD;\n}\n\n.canvasMarkdown table,\n.canvasMarkdown th,\n.canvasMarkdown td {\nborder: 1px solid #e4e9f2;\n}',
+    variables: [],
     page: 0,
     pages: [
       {
diff --git a/x-pack/plugins/canvas/server/templates/summary_report.ts b/x-pack/plugins/canvas/server/templates/summary_report.ts
index 1b32a80fa82c73..64f04eef4194ec 100644
--- a/x-pack/plugins/canvas/server/templates/summary_report.ts
+++ b/x-pack/plugins/canvas/server/templates/summary_report.ts
@@ -493,5 +493,6 @@ export const summary: CanvasTemplate = {
     '@created': '2019-05-31T16:01:45.751Z',
     assets: {},
     css: 'h3 {\ncolor: #343741;\nfont-weight: 400;\n}\n\nh5 {\ncolor: #69707D;\n}',
+    variables: [],
   },
 };
diff --git a/x-pack/plugins/canvas/server/templates/theme_dark.ts b/x-pack/plugins/canvas/server/templates/theme_dark.ts
index 8dce2c5eb9b6eb..5822a17976cd30 100644
--- a/x-pack/plugins/canvas/server/templates/theme_dark.ts
+++ b/x-pack/plugins/canvas/server/templates/theme_dark.ts
@@ -17,6 +17,7 @@ export const dark: CanvasTemplate = {
     height: 720,
     page: 0,
     css: '',
+    variables: [],
     pages: [
       {
         id: 'page-fda26a1f-c096-44e4-a149-cb99e1038a34',
diff --git a/x-pack/plugins/canvas/server/templates/theme_light.ts b/x-pack/plugins/canvas/server/templates/theme_light.ts
index fb654a2fd29545..d278e057bb441a 100644
--- a/x-pack/plugins/canvas/server/templates/theme_light.ts
+++ b/x-pack/plugins/canvas/server/templates/theme_light.ts
@@ -14,6 +14,7 @@ export const light: CanvasTemplate = {
   template: {
     name: 'Light',
     css: '',
+    variables: [],
     width: 1080,
     height: 720,
     page: 0,
diff --git a/x-pack/plugins/canvas/types/canvas.ts b/x-pack/plugins/canvas/types/canvas.ts
index 2f20dc88fdec43..cc07f498f1eec2 100644
--- a/x-pack/plugins/canvas/types/canvas.ts
+++ b/x-pack/plugins/canvas/types/canvas.ts
@@ -37,12 +37,19 @@ export interface CanvasPage {
   groups: CanvasGroup[];
 }
 
+export interface CanvasVariable {
+  name: string;
+  value: boolean | number | string;
+  type: 'boolean' | 'number' | 'string';
+}
+
 export interface CanvasWorkpad {
   '@created': string;
   '@timestamp': string;
   assets: { [id: string]: CanvasAsset };
   colors: string[];
   css: string;
+  variables: CanvasVariable[];
   height: number;
   id: string;
   isWriteable: boolean;
diff --git a/x-pack/plugins/encrypted_saved_objects/server/saved_objects/encrypted_saved_objects_client_wrapper.test.ts b/x-pack/plugins/encrypted_saved_objects/server/saved_objects/encrypted_saved_objects_client_wrapper.test.ts
index eea19bb1aa7dd5..5d4ea5a6370e4a 100644
--- a/x-pack/plugins/encrypted_saved_objects/server/saved_objects/encrypted_saved_objects_client_wrapper.test.ts
+++ b/x-pack/plugins/encrypted_saved_objects/server/saved_objects/encrypted_saved_objects_client_wrapper.test.ts
@@ -939,6 +939,7 @@ describe('#bulkGet', () => {
             attrNotSoSecret: 'not-so-secret',
             attrThree: 'three',
           },
+          namespaces: ['some-ns'],
           references: [],
         },
         {
@@ -950,6 +951,7 @@ describe('#bulkGet', () => {
             attrNotSoSecret: '*not-so-secret*',
             attrThree: 'three',
           },
+          namespaces: ['some-ns'],
           references: [],
         },
       ],
@@ -1015,6 +1017,7 @@ describe('#bulkGet', () => {
             attrNotSoSecret: 'not-so-secret',
             attrThree: 'three',
           },
+          namespaces: ['some-ns'],
           references: [],
         },
         {
@@ -1026,6 +1029,7 @@ describe('#bulkGet', () => {
             attrNotSoSecret: '*not-so-secret*',
             attrThree: 'three',
           },
+          namespaces: ['some-ns'],
           references: [],
         },
       ],
diff --git a/x-pack/plugins/encrypted_saved_objects/server/saved_objects/encrypted_saved_objects_client_wrapper.ts b/x-pack/plugins/encrypted_saved_objects/server/saved_objects/encrypted_saved_objects_client_wrapper.ts
index bdc2b6cb2e6679..3246457179f68e 100644
--- a/x-pack/plugins/encrypted_saved_objects/server/saved_objects/encrypted_saved_objects_client_wrapper.ts
+++ b/x-pack/plugins/encrypted_saved_objects/server/saved_objects/encrypted_saved_objects_client_wrapper.ts
@@ -25,6 +25,7 @@ import {
 } from 'src/core/server';
 import { AuthenticatedUser } from '../../../security/common/model';
 import { EncryptedSavedObjectsService } from '../crypto';
+import { getDescriptorNamespace } from './get_descriptor_namespace';
 
 interface EncryptedSavedObjectsClientOptions {
   baseClient: SavedObjectsClientContract;
@@ -47,10 +48,6 @@ export class EncryptedSavedObjectsClientWrapper implements SavedObjectsClientCon
     public readonly errors = options.baseClient.errors
   ) {}
 
-  // only include namespace in AAD descriptor if the specified type is single-namespace
-  private getDescriptorNamespace = (type: string, namespace?: string) =>
-    this.options.baseTypeRegistry.isSingleNamespace(type) ? namespace : undefined;
-
   public async create<T>(
     type: string,
     attributes: T = {} as T,
@@ -70,7 +67,11 @@ export class EncryptedSavedObjectsClientWrapper implements SavedObjectsClientCon
     }
 
     const id = generateID();
-    const namespace = this.getDescriptorNamespace(type, options.namespace);
+    const namespace = getDescriptorNamespace(
+      this.options.baseTypeRegistry,
+      type,
+      options.namespace
+    );
     return await this.handleEncryptedAttributesInResponse(
       await this.options.baseClient.create(
         type,
@@ -109,7 +110,11 @@ export class EncryptedSavedObjectsClientWrapper implements SavedObjectsClientCon
         }
 
         const id = generateID();
-        const namespace = this.getDescriptorNamespace(object.type, options?.namespace);
+        const namespace = getDescriptorNamespace(
+          this.options.baseTypeRegistry,
+          object.type,
+          options?.namespace
+        );
         return {
           ...object,
           id,
@@ -124,8 +129,7 @@ export class EncryptedSavedObjectsClientWrapper implements SavedObjectsClientCon
 
     return await this.handleEncryptedAttributesInBulkResponse(
       await this.options.baseClient.bulkCreate<T>(encryptedObjects, options),
-      objects,
-      options?.namespace
+      objects
     );
   }
 
@@ -142,7 +146,11 @@ export class EncryptedSavedObjectsClientWrapper implements SavedObjectsClientCon
         if (!this.options.service.isRegistered(type)) {
           return object;
         }
-        const namespace = this.getDescriptorNamespace(type, options?.namespace);
+        const namespace = getDescriptorNamespace(
+          this.options.baseTypeRegistry,
+          type,
+          options?.namespace
+        );
         return {
           ...object,
           attributes: await this.options.service.encryptAttributes(
@@ -156,8 +164,7 @@ export class EncryptedSavedObjectsClientWrapper implements SavedObjectsClientCon
 
     return await this.handleEncryptedAttributesInBulkResponse(
       await this.options.baseClient.bulkUpdate(encryptedObjects, options),
-      objects,
-      options?.namespace
+      objects
     );
   }
 
@@ -168,8 +175,7 @@ export class EncryptedSavedObjectsClientWrapper implements SavedObjectsClientCon
   public async find<T>(options: SavedObjectsFindOptions) {
     return await this.handleEncryptedAttributesInBulkResponse(
       await this.options.baseClient.find<T>(options),
-      undefined,
-      options.namespace
+      undefined
     );
   }
 
@@ -179,8 +185,7 @@ export class EncryptedSavedObjectsClientWrapper implements SavedObjectsClientCon
   ) {
     return await this.handleEncryptedAttributesInBulkResponse(
       await this.options.baseClient.bulkGet<T>(objects, options),
-      undefined,
-      options?.namespace
+      undefined
     );
   }
 
@@ -188,7 +193,7 @@ export class EncryptedSavedObjectsClientWrapper implements SavedObjectsClientCon
     return await this.handleEncryptedAttributesInResponse(
       await this.options.baseClient.get<T>(type, id, options),
       undefined as unknown,
-      this.getDescriptorNamespace(type, options?.namespace)
+      getDescriptorNamespace(this.options.baseTypeRegistry, type, options?.namespace)
     );
   }
 
@@ -201,7 +206,11 @@ export class EncryptedSavedObjectsClientWrapper implements SavedObjectsClientCon
     if (!this.options.service.isRegistered(type)) {
       return await this.options.baseClient.update(type, id, attributes, options);
     }
-    const namespace = this.getDescriptorNamespace(type, options?.namespace);
+    const namespace = getDescriptorNamespace(
+      this.options.baseTypeRegistry,
+      type,
+      options?.namespace
+    );
     return this.handleEncryptedAttributesInResponse(
       await this.options.baseClient.update(
         type,
@@ -270,7 +279,6 @@ export class EncryptedSavedObjectsClientWrapper implements SavedObjectsClientCon
    * response portion isn't registered, it is returned as is.
    * @param response Raw response returned by the underlying base client.
    * @param [objects] Optional list of saved objects with original attributes.
-   * @param [namespace] Optional namespace that was used for the saved objects operation.
    */
   private async handleEncryptedAttributesInBulkResponse<
     T,
@@ -279,12 +287,16 @@ export class EncryptedSavedObjectsClientWrapper implements SavedObjectsClientCon
       | SavedObjectsFindResponse<T>
       | SavedObjectsBulkUpdateResponse<T>,
     O extends Array<SavedObjectsBulkCreateObject<T>> | Array<SavedObjectsBulkUpdateObject<T>>
-  >(response: R, objects?: O, namespace?: string) {
+  >(response: R, objects?: O) {
     for (const [index, savedObject] of response.saved_objects.entries()) {
       await this.handleEncryptedAttributesInResponse(
         savedObject,
         objects?.[index].attributes ?? undefined,
-        this.getDescriptorNamespace(savedObject.type, namespace)
+        getDescriptorNamespace(
+          this.options.baseTypeRegistry,
+          savedObject.type,
+          savedObject.namespaces ? savedObject.namespaces[0] : undefined
+        )
       );
     }
 
diff --git a/x-pack/plugins/encrypted_saved_objects/server/saved_objects/get_descriptor_namespace.test.ts b/x-pack/plugins/encrypted_saved_objects/server/saved_objects/get_descriptor_namespace.test.ts
new file mode 100644
index 00000000000000..7ba90a5a76ab32
--- /dev/null
+++ b/x-pack/plugins/encrypted_saved_objects/server/saved_objects/get_descriptor_namespace.test.ts
@@ -0,0 +1,70 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { savedObjectsTypeRegistryMock } from 'src/core/server/mocks';
+import { getDescriptorNamespace } from './get_descriptor_namespace';
+
+describe('getDescriptorNamespace', () => {
+  describe('namespace agnostic', () => {
+    it('returns undefined', () => {
+      const mockBaseTypeRegistry = savedObjectsTypeRegistryMock.create();
+      mockBaseTypeRegistry.isSingleNamespace.mockReturnValue(false);
+      mockBaseTypeRegistry.isMultiNamespace.mockReturnValue(false);
+      mockBaseTypeRegistry.isNamespaceAgnostic.mockReturnValue(true);
+
+      expect(getDescriptorNamespace(mockBaseTypeRegistry, 'globaltype', undefined)).toEqual(
+        undefined
+      );
+      expect(getDescriptorNamespace(mockBaseTypeRegistry, 'globaltype', 'foo-namespace')).toEqual(
+        undefined
+      );
+    });
+  });
+
+  describe('multi-namespace', () => {
+    it('returns undefined', () => {
+      const mockBaseTypeRegistry = savedObjectsTypeRegistryMock.create();
+      mockBaseTypeRegistry.isSingleNamespace.mockReturnValue(false);
+      mockBaseTypeRegistry.isMultiNamespace.mockReturnValue(true);
+      mockBaseTypeRegistry.isNamespaceAgnostic.mockReturnValue(false);
+
+      expect(getDescriptorNamespace(mockBaseTypeRegistry, 'sharedtype', undefined)).toEqual(
+        undefined
+      );
+      expect(getDescriptorNamespace(mockBaseTypeRegistry, 'sharedtype', 'foo-namespace')).toEqual(
+        undefined
+      );
+    });
+  });
+
+  describe('single namespace', () => {
+    it('returns `undefined` if provided namespace is undefined or `default`', () => {
+      const mockBaseTypeRegistry = savedObjectsTypeRegistryMock.create();
+      mockBaseTypeRegistry.isSingleNamespace.mockReturnValue(true);
+      mockBaseTypeRegistry.isMultiNamespace.mockReturnValue(false);
+      mockBaseTypeRegistry.isNamespaceAgnostic.mockReturnValue(false);
+
+      expect(getDescriptorNamespace(mockBaseTypeRegistry, 'singletype', undefined)).toEqual(
+        undefined
+      );
+
+      expect(getDescriptorNamespace(mockBaseTypeRegistry, 'singletype', 'default')).toEqual(
+        undefined
+      );
+    });
+
+    it('returns the provided namespace', () => {
+      const mockBaseTypeRegistry = savedObjectsTypeRegistryMock.create();
+      mockBaseTypeRegistry.isSingleNamespace.mockReturnValue(true);
+      mockBaseTypeRegistry.isMultiNamespace.mockReturnValue(false);
+      mockBaseTypeRegistry.isNamespaceAgnostic.mockReturnValue(false);
+
+      expect(getDescriptorNamespace(mockBaseTypeRegistry, 'singletype', 'foo-namespace')).toEqual(
+        'foo-namespace'
+      );
+    });
+  });
+});
diff --git a/x-pack/plugins/encrypted_saved_objects/server/saved_objects/get_descriptor_namespace.ts b/x-pack/plugins/encrypted_saved_objects/server/saved_objects/get_descriptor_namespace.ts
new file mode 100644
index 00000000000000..b2842df909a1df
--- /dev/null
+++ b/x-pack/plugins/encrypted_saved_objects/server/saved_objects/get_descriptor_namespace.ts
@@ -0,0 +1,16 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { ISavedObjectTypeRegistry } from 'kibana/server';
+
+export const getDescriptorNamespace = (
+  typeRegistry: ISavedObjectTypeRegistry,
+  type: string,
+  namespace?: string
+) => {
+  const descriptorNamespace = typeRegistry.isSingleNamespace(type) ? namespace : undefined;
+  return descriptorNamespace === 'default' ? undefined : descriptorNamespace;
+};
diff --git a/x-pack/plugins/encrypted_saved_objects/server/saved_objects/index.ts b/x-pack/plugins/encrypted_saved_objects/server/saved_objects/index.ts
index af00050183b775..0e5be4e4eee5aa 100644
--- a/x-pack/plugins/encrypted_saved_objects/server/saved_objects/index.ts
+++ b/x-pack/plugins/encrypted_saved_objects/server/saved_objects/index.ts
@@ -15,6 +15,7 @@ import {
 import { SecurityPluginSetup } from '../../../security/server';
 import { EncryptedSavedObjectsService } from '../crypto';
 import { EncryptedSavedObjectsClientWrapper } from './encrypted_saved_objects_client_wrapper';
+import { getDescriptorNamespace } from './get_descriptor_namespace';
 
 interface SetupSavedObjectsParams {
   service: PublicMethodsOf<EncryptedSavedObjectsService>;
@@ -84,7 +85,7 @@ export function setupSavedObjects({
             {
               type,
               id,
-              namespace: typeRegistry.isSingleNamespace(type) ? options?.namespace : undefined,
+              namespace: getDescriptorNamespace(typeRegistry, type, options?.namespace),
             },
             savedObject.attributes as Record<string, unknown>
           )) as T,
diff --git a/x-pack/plugins/infra/common/log_analysis/log_analysis.ts b/x-pack/plugins/infra/common/log_analysis/log_analysis.ts
index b8fba7a14e243a..680a2a0fef1145 100644
--- a/x-pack/plugins/infra/common/log_analysis/log_analysis.ts
+++ b/x-pack/plugins/infra/common/log_analysis/log_analysis.ts
@@ -14,18 +14,10 @@ export type JobStatus =
   | 'finished'
   | 'failed';
 
-export type SetupStatusRequiredReason =
-  | 'missing' // jobs are missing
-  | 'reconfiguration' // the configurations don't match the source configurations
-  | 'update'; // the definitions don't match the module definitions
-
 export type SetupStatus =
   | { type: 'initializing' } // acquiring job statuses to determine setup status
   | { type: 'unknown' } // job status could not be acquired (failed request etc)
-  | {
-      type: 'required';
-      reason: SetupStatusRequiredReason;
-    } // setup required
+  | { type: 'required' } // setup required
   | { type: 'pending' } // In the process of setting up the module for the first time or retrying, waiting for response
   | { type: 'succeeded' } // setup succeeded, notifying user
   | {
diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/index.ts b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/index.ts
index e954cf21229ee0..afad55dd22d43d 100644
--- a/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/index.ts
+++ b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/index.ts
@@ -5,4 +5,5 @@
  */
 
 export * from './log_analysis_job_problem_indicator';
+export * from './notices_section';
 export * from './recreate_job_button';
diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/job_configuration_outdated_callout.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/job_configuration_outdated_callout.tsx
index 13b7d1927f6761..a8a7ec4f5f44f5 100644
--- a/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/job_configuration_outdated_callout.tsx
+++ b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/job_configuration_outdated_callout.tsx
@@ -11,19 +11,24 @@ import React from 'react';
 import { RecreateJobCallout } from './recreate_job_callout';
 
 export const JobConfigurationOutdatedCallout: React.FC<{
+  moduleName: string;
   onRecreateMlJob: () => void;
-}> = ({ onRecreateMlJob }) => (
-  <RecreateJobCallout title={jobConfigurationOutdatedTitle} onRecreateMlJob={onRecreateMlJob}>
+}> = ({ moduleName, onRecreateMlJob }) => (
+  <RecreateJobCallout
+    title={i18n.translate('xpack.infra.logs.analysis.jobConfigurationOutdatedCalloutTitle', {
+      defaultMessage: 'The {moduleName} ML job configuration is outdated',
+      values: {
+        moduleName,
+      },
+    })}
+    onRecreateMlJob={onRecreateMlJob}
+  >
     <FormattedMessage
       id="xpack.infra.logs.analysis.jobConfigurationOutdatedCalloutMessage"
-      defaultMessage="The ML job was created using a different source configuration. Recreate the job to apply the current configuration. This removes previously detected anomalies."
+      defaultMessage="The {moduleName} ML job was created using a different source configuration. Recreate the job to apply the current configuration. This removes previously detected anomalies."
+      values={{
+        moduleName,
+      }}
     />
   </RecreateJobCallout>
 );
-
-const jobConfigurationOutdatedTitle = i18n.translate(
-  'xpack.infra.logs.analysis.jobConfigurationOutdatedCalloutTitle',
-  {
-    defaultMessage: 'ML job configuration outdated',
-  }
-);
diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/job_definition_outdated_callout.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/job_definition_outdated_callout.tsx
index 5072fb09cdceb4..7d876b91fc6b55 100644
--- a/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/job_definition_outdated_callout.tsx
+++ b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/job_definition_outdated_callout.tsx
@@ -11,19 +11,24 @@ import React from 'react';
 import { RecreateJobCallout } from './recreate_job_callout';
 
 export const JobDefinitionOutdatedCallout: React.FC<{
+  moduleName: string;
   onRecreateMlJob: () => void;
-}> = ({ onRecreateMlJob }) => (
-  <RecreateJobCallout title={jobDefinitionOutdatedTitle} onRecreateMlJob={onRecreateMlJob}>
+}> = ({ moduleName, onRecreateMlJob }) => (
+  <RecreateJobCallout
+    title={i18n.translate('xpack.infra.logs.analysis.jobDefinitionOutdatedCalloutTitle', {
+      defaultMessage: 'The {moduleName} ML job definition is outdated',
+      values: {
+        moduleName,
+      },
+    })}
+    onRecreateMlJob={onRecreateMlJob}
+  >
     <FormattedMessage
       id="xpack.infra.logs.analysis.jobDefinitionOutdatedCalloutMessage"
-      defaultMessage="A newer version of the ML job is available. Recreate the job to deploy the newer version. This removes previously detected anomalies."
+      defaultMessage="A newer version of the {moduleName} ML job is available. Recreate the job to deploy the newer version. This removes previously detected anomalies."
+      values={{
+        moduleName,
+      }}
     />
   </RecreateJobCallout>
 );
-
-const jobDefinitionOutdatedTitle = i18n.translate(
-  'xpack.infra.logs.analysis.jobDefinitionOutdatedCalloutTitle',
-  {
-    defaultMessage: 'ML job definition outdated',
-  }
-);
diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/log_analysis_job_problem_indicator.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/log_analysis_job_problem_indicator.tsx
index e7e89bb365e4f5..9cdf4a667d1405 100644
--- a/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/log_analysis_job_problem_indicator.tsx
+++ b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/log_analysis_job_problem_indicator.tsx
@@ -16,6 +16,7 @@ export const LogAnalysisJobProblemIndicator: React.FC<{
   hasOutdatedJobDefinitions: boolean;
   hasStoppedJobs: boolean;
   isFirstUse: boolean;
+  moduleName: string;
   onRecreateMlJobForReconfiguration: () => void;
   onRecreateMlJobForUpdate: () => void;
 }> = ({
@@ -23,16 +24,23 @@ export const LogAnalysisJobProblemIndicator: React.FC<{
   hasOutdatedJobDefinitions,
   hasStoppedJobs,
   isFirstUse,
+  moduleName,
   onRecreateMlJobForReconfiguration,
   onRecreateMlJobForUpdate,
 }) => {
   return (
     <>
       {hasOutdatedJobDefinitions ? (
-        <JobDefinitionOutdatedCallout onRecreateMlJob={onRecreateMlJobForUpdate} />
+        <JobDefinitionOutdatedCallout
+          moduleName={moduleName}
+          onRecreateMlJob={onRecreateMlJobForUpdate}
+        />
       ) : null}
       {hasOutdatedJobConfigurations ? (
-        <JobConfigurationOutdatedCallout onRecreateMlJob={onRecreateMlJobForReconfiguration} />
+        <JobConfigurationOutdatedCallout
+          moduleName={moduleName}
+          onRecreateMlJob={onRecreateMlJobForReconfiguration}
+        />
       ) : null}
       {hasStoppedJobs ? <JobStoppedCallout /> : null}
       {isFirstUse ? <FirstUseCallout /> : null}
diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/sections/notices/notices_section.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/notices_section.tsx
similarity index 83%
rename from x-pack/plugins/infra/public/pages/logs/log_entry_categories/sections/notices/notices_section.tsx
rename to x-pack/plugins/infra/public/components/logging/log_analysis_job_status/notices_section.tsx
index 8f44b5b54c48fb..aa72281b9fbdbb 100644
--- a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/sections/notices/notices_section.tsx
+++ b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/notices_section.tsx
@@ -5,8 +5,8 @@
  */
 
 import React from 'react';
-import { LogAnalysisJobProblemIndicator } from '../../../../../components/logging/log_analysis_job_status';
-import { QualityWarning } from './quality_warnings';
+import { QualityWarning } from '../../../containers/logs/log_analysis/log_analysis_module_types';
+import { LogAnalysisJobProblemIndicator } from './log_analysis_job_problem_indicator';
 import { CategoryQualityWarnings } from './quality_warning_notices';
 
 export const CategoryJobNoticesSection: React.FC<{
@@ -14,6 +14,7 @@ export const CategoryJobNoticesSection: React.FC<{
   hasOutdatedJobDefinitions: boolean;
   hasStoppedJobs: boolean;
   isFirstUse: boolean;
+  moduleName: string;
   onRecreateMlJobForReconfiguration: () => void;
   onRecreateMlJobForUpdate: () => void;
   qualityWarnings: QualityWarning[];
@@ -22,6 +23,7 @@ export const CategoryJobNoticesSection: React.FC<{
   hasOutdatedJobDefinitions,
   hasStoppedJobs,
   isFirstUse,
+  moduleName,
   onRecreateMlJobForReconfiguration,
   onRecreateMlJobForUpdate,
   qualityWarnings,
@@ -32,6 +34,7 @@ export const CategoryJobNoticesSection: React.FC<{
       hasOutdatedJobDefinitions={hasOutdatedJobDefinitions}
       hasStoppedJobs={hasStoppedJobs}
       isFirstUse={isFirstUse}
+      moduleName={moduleName}
       onRecreateMlJobForReconfiguration={onRecreateMlJobForReconfiguration}
       onRecreateMlJobForUpdate={onRecreateMlJobForUpdate}
     />
diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/sections/notices/quality_warning_notices.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/quality_warning_notices.tsx
similarity index 96%
rename from x-pack/plugins/infra/public/pages/logs/log_entry_categories/sections/notices/quality_warning_notices.tsx
rename to x-pack/plugins/infra/public/components/logging/log_analysis_job_status/quality_warning_notices.tsx
index 73b6b88db873a5..0d93ead5a82c67 100644
--- a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/sections/notices/quality_warning_notices.tsx
+++ b/x-pack/plugins/infra/public/components/logging/log_analysis_job_status/quality_warning_notices.tsx
@@ -8,7 +8,10 @@ import { EuiCallOut } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n/react';
 import React from 'react';
-import { CategoryQualityWarningReason, QualityWarning } from './quality_warnings';
+import type {
+  CategoryQualityWarningReason,
+  QualityWarning,
+} from '../../../containers/logs/log_analysis/log_analysis_module_types';
 
 export const CategoryQualityWarnings: React.FC<{ qualityWarnings: QualityWarning[] }> = ({
   qualityWarnings,
diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/initial_configuration_step/initial_configuration_step.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/initial_configuration_step/initial_configuration_step.tsx
index c9b14a1ffe47a8..d4c3c727bd34e6 100644
--- a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/initial_configuration_step/initial_configuration_step.tsx
+++ b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/initial_configuration_step/initial_configuration_step.tsx
@@ -84,7 +84,7 @@ export const InitialConfigurationStep: React.FunctionComponent<InitialConfigurat
   );
 };
 
-const editableFormStatus = ['required', 'failed'];
+const editableFormStatus = ['required', 'failed', 'skipped'];
 
 const errorCalloutTitle = i18n.translate(
   'xpack.infra.analysisSetup.steps.initialConfigurationStep.errorCalloutTitle',
diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/manage_jobs_button.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/manage_jobs_button.tsx
new file mode 100644
index 00000000000000..cbab547e698922
--- /dev/null
+++ b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/manage_jobs_button.tsx
@@ -0,0 +1,18 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { EuiButton, PropsOf } from '@elastic/eui';
+import { FormattedMessage } from '@kbn/i18n/react';
+import React from 'react';
+
+export const ManageJobsButton: React.FunctionComponent<PropsOf<typeof EuiButton>> = (props) => (
+  <EuiButton {...props}>
+    <FormattedMessage
+      id="xpack.infra.logs.analysis.manageMlJobsButtonLabel"
+      defaultMessage="Manage ML jobs"
+    />
+  </EuiButton>
+);
diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/process_step/process_step.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/process_step/process_step.tsx
index 3fa72fe8a07e77..a9c94b59838030 100644
--- a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/process_step/process_step.tsx
+++ b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/process_step/process_step.tsx
@@ -101,11 +101,10 @@ export const ProcessStep: React.FunctionComponent<ProcessStepProps> = ({
             />
           </EuiButton>
         </>
-      ) : setupStatus.type === 'required' &&
-        (setupStatus.reason === 'update' || setupStatus.reason === 'reconfiguration') ? (
-        <RecreateMLJobsButton isDisabled={!isConfigurationValid} onClick={cleanUpAndSetUp} />
-      ) : (
+      ) : setupStatus.type === 'required' ? (
         <CreateMLJobsButton isDisabled={!isConfigurationValid} onClick={setUp} />
+      ) : (
+        <RecreateMLJobsButton isDisabled={!isConfigurationValid} onClick={cleanUpAndSetUp} />
       )}
     </EuiText>
   );
diff --git a/x-pack/plugins/security_solution/common/detection_engine/lists_common_deps.ts b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/index.tsx
similarity index 71%
rename from x-pack/plugins/security_solution/common/detection_engine/lists_common_deps.ts
rename to x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/index.tsx
index 0499fdd1ac8dbc..881996073871e1 100644
--- a/x-pack/plugins/security_solution/common/detection_engine/lists_common_deps.ts
+++ b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/index.tsx
@@ -4,4 +4,5 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-export { EntriesArray, exceptionListType, namespaceType } from '../../../lists/common/schemas';
+export * from './setup_flyout';
+export * from './setup_flyout_state';
diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/log_entry_categories_setup_view.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/log_entry_categories_setup_view.tsx
new file mode 100644
index 00000000000000..2bc5b08a1016ac
--- /dev/null
+++ b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/log_entry_categories_setup_view.tsx
@@ -0,0 +1,87 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { EuiSpacer, EuiSteps, EuiText, EuiTitle } from '@elastic/eui';
+import React, { useCallback, useMemo } from 'react';
+import { useLogEntryCategoriesSetup } from '../../../../containers/logs/log_analysis/modules/log_entry_categories';
+import { createInitialConfigurationStep } from '../initial_configuration_step';
+import { createProcessStep } from '../process_step';
+
+export const LogEntryCategoriesSetupView: React.FC<{
+  onClose: () => void;
+}> = ({ onClose }) => {
+  const {
+    cleanUpAndSetUp,
+    endTime,
+    isValidating,
+    lastSetupErrorMessages,
+    moduleDescriptor,
+    setEndTime,
+    setStartTime,
+    setValidatedIndices,
+    setUp,
+    setupStatus,
+    startTime,
+    validatedIndices,
+    validationErrors,
+    viewResults,
+  } = useLogEntryCategoriesSetup();
+
+  const viewResultsAndClose = useCallback(() => {
+    viewResults();
+    onClose();
+  }, [viewResults, onClose]);
+
+  const steps = useMemo(
+    () => [
+      createInitialConfigurationStep({
+        setStartTime,
+        setEndTime,
+        startTime,
+        endTime,
+        isValidating,
+        validatedIndices,
+        setupStatus,
+        setValidatedIndices,
+        validationErrors,
+      }),
+      createProcessStep({
+        cleanUpAndSetUp,
+        errorMessages: lastSetupErrorMessages,
+        isConfigurationValid: validationErrors.length <= 0 && !isValidating,
+        setUp,
+        setupStatus,
+        viewResults: viewResultsAndClose,
+      }),
+    ],
+    [
+      cleanUpAndSetUp,
+      endTime,
+      isValidating,
+      lastSetupErrorMessages,
+      setEndTime,
+      setStartTime,
+      setUp,
+      setValidatedIndices,
+      setupStatus,
+      startTime,
+      validatedIndices,
+      validationErrors,
+      viewResultsAndClose,
+    ]
+  );
+
+  return (
+    <>
+      <EuiTitle size="s">
+        <h3>{moduleDescriptor.moduleName} </h3>
+      </EuiTitle>
+      <EuiText size="s">{moduleDescriptor.moduleDescription}</EuiText>
+      <EuiSpacer />
+      <EuiSteps steps={steps} />
+    </>
+  );
+};
diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_rate/setup_flyout.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/log_entry_rate_setup_view.tsx
similarity index 50%
rename from x-pack/plugins/infra/public/pages/logs/log_entry_rate/setup_flyout.tsx
rename to x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/log_entry_rate_setup_view.tsx
index 0e9e34432f28bf..0b7037e60de0b2 100644
--- a/x-pack/plugins/infra/public/pages/logs/log_entry_rate/setup_flyout.tsx
+++ b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/log_entry_rate_setup_view.tsx
@@ -5,37 +5,20 @@
  */
 
 import React, { useMemo, useCallback } from 'react';
-import { FormattedMessage } from '@kbn/i18n/react';
-import {
-  EuiFlyout,
-  EuiFlyoutHeader,
-  EuiFlyoutBody,
-  EuiTitle,
-  EuiText,
-  EuiSpacer,
-  EuiSteps,
-} from '@elastic/eui';
+import { EuiTitle, EuiText, EuiSpacer, EuiSteps } from '@elastic/eui';
+import { createInitialConfigurationStep } from '../initial_configuration_step';
+import { createProcessStep } from '../process_step';
+import { useLogEntryRateSetup } from '../../../../containers/logs/log_analysis/modules/log_entry_rate';
 
-import {
-  createInitialConfigurationStep,
-  createProcessStep,
-} from '../../../components/logging/log_analysis_setup';
-import { useLogEntryRateSetup } from './use_log_entry_rate_setup';
-
-interface LogEntryRateSetupFlyoutProps {
-  isOpen: boolean;
+export const LogEntryRateSetupView: React.FC<{
   onClose: () => void;
-}
-
-export const LogEntryRateSetupFlyout: React.FC<LogEntryRateSetupFlyoutProps> = ({
-  isOpen,
-  onClose,
-}) => {
+}> = ({ onClose }) => {
   const {
     cleanUpAndSetUp,
     endTime,
     isValidating,
     lastSetupErrorMessages,
+    moduleDescriptor,
     setEndTime,
     setStartTime,
     setValidatedIndices,
@@ -91,39 +74,14 @@ export const LogEntryRateSetupFlyout: React.FC<LogEntryRateSetupFlyoutProps> = (
     ]
   );
 
-  if (!isOpen) {
-    return null;
-  }
   return (
-    <EuiFlyout onClose={onClose}>
-      <EuiFlyoutHeader hasBorder>
-        <EuiTitle size="s">
-          <h3>
-            <FormattedMessage
-              id="xpack.infra.logs.setupFlyout.setupFlyoutTitle"
-              defaultMessage="Anomaly detection with Machine Learning"
-            />
-          </h3>
-        </EuiTitle>
-      </EuiFlyoutHeader>
-      <EuiFlyoutBody>
-        <EuiTitle size="s">
-          <h3>
-            <FormattedMessage
-              id="xpack.infra.logs.setupFlyout.logRateTitle"
-              defaultMessage="Log rate"
-            />
-          </h3>
-        </EuiTitle>
-        <EuiText size="s">
-          <FormattedMessage
-            id="xpack.infra.logs.setupFlyout.logRateDescription"
-            defaultMessage="Use Machine Learning to automatically detect anomalous log rate counts."
-          />
-        </EuiText>
-        <EuiSpacer />
-        <EuiSteps steps={steps} />
-      </EuiFlyoutBody>
-    </EuiFlyout>
+    <>
+      <EuiTitle size="s">
+        <h3>{moduleDescriptor.moduleName} </h3>
+      </EuiTitle>
+      <EuiText size="s">{moduleDescriptor.moduleDescription}</EuiText>
+      <EuiSpacer />
+      <EuiSteps steps={steps} />
+    </>
   );
 };
diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/module_list.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/module_list.tsx
new file mode 100644
index 00000000000000..8239ab4a730ff4
--- /dev/null
+++ b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/module_list.tsx
@@ -0,0 +1,55 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
+import React, { useCallback } from 'react';
+import {
+  logEntryCategoriesModule,
+  useLogEntryCategoriesModuleContext,
+} from '../../../../containers/logs/log_analysis/modules/log_entry_categories';
+import {
+  logEntryRateModule,
+  useLogEntryRateModuleContext,
+} from '../../../../containers/logs/log_analysis/modules/log_entry_rate';
+import { LogAnalysisModuleListCard } from './module_list_card';
+import type { ModuleId } from './setup_flyout_state';
+
+export const LogAnalysisModuleList: React.FC<{
+  onViewModuleSetup: (module: ModuleId) => void;
+}> = ({ onViewModuleSetup }) => {
+  const { setupStatus: logEntryRateSetupStatus } = useLogEntryRateModuleContext();
+  const { setupStatus: logEntryCategoriesSetupStatus } = useLogEntryCategoriesModuleContext();
+
+  const viewLogEntryRateSetupFlyout = useCallback(() => {
+    onViewModuleSetup('logs_ui_analysis');
+  }, [onViewModuleSetup]);
+  const viewLogEntryCategoriesSetupFlyout = useCallback(() => {
+    onViewModuleSetup('logs_ui_categories');
+  }, [onViewModuleSetup]);
+
+  return (
+    <>
+      <EuiFlexGroup>
+        <EuiFlexItem>
+          <LogAnalysisModuleListCard
+            moduleDescription={logEntryRateModule.moduleDescription}
+            moduleName={logEntryRateModule.moduleName}
+            moduleStatus={logEntryRateSetupStatus}
+            onViewSetup={viewLogEntryRateSetupFlyout}
+          />
+        </EuiFlexItem>
+        <EuiFlexItem>
+          <LogAnalysisModuleListCard
+            moduleDescription={logEntryCategoriesModule.moduleDescription}
+            moduleName={logEntryCategoriesModule.moduleName}
+            moduleStatus={logEntryCategoriesSetupStatus}
+            onViewSetup={viewLogEntryCategoriesSetupFlyout}
+          />
+        </EuiFlexItem>
+      </EuiFlexGroup>
+    </>
+  );
+};
diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/module_list_card.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/module_list_card.tsx
new file mode 100644
index 00000000000000..17806dbe93797c
--- /dev/null
+++ b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/module_list_card.tsx
@@ -0,0 +1,46 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { EuiCard, EuiIcon } from '@elastic/eui';
+import React from 'react';
+import { EuiButton } from '@elastic/eui';
+import { FormattedMessage } from '@kbn/i18n/react';
+import { RecreateJobButton } from '../../log_analysis_job_status';
+import { SetupStatus } from '../../../../../common/log_analysis';
+
+export const LogAnalysisModuleListCard: React.FC<{
+  moduleDescription: string;
+  moduleName: string;
+  moduleStatus: SetupStatus;
+  onViewSetup: () => void;
+}> = ({ moduleDescription, moduleName, moduleStatus, onViewSetup }) => {
+  const icon =
+    moduleStatus.type === 'required' ? (
+      <EuiIcon size="xxl" type="machineLearningApp" />
+    ) : (
+      <EuiIcon color="secondary" size="xxl" type="check" />
+    );
+  const footerContent =
+    moduleStatus.type === 'required' ? (
+      <EuiButton onClick={onViewSetup}>
+        <FormattedMessage
+          id="xpack.infra.logs.analysis.enableAnomalyDetectionButtonLabel"
+          defaultMessage="Enable anomaly detection"
+        />
+      </EuiButton>
+    ) : (
+      <RecreateJobButton onClick={onViewSetup} />
+    );
+
+  return (
+    <EuiCard
+      description={moduleDescription}
+      footer={<div>{footerContent}</div>}
+      icon={icon}
+      title={moduleName}
+    />
+  );
+};
diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/setup_flyout.tsx b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/setup_flyout.tsx
new file mode 100644
index 00000000000000..8e00254431438f
--- /dev/null
+++ b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/setup_flyout.tsx
@@ -0,0 +1,80 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import {
+  EuiButtonEmpty,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiFlyout,
+  EuiFlyoutBody,
+  EuiFlyoutHeader,
+  EuiTitle,
+} from '@elastic/eui';
+import { FormattedMessage } from '@kbn/i18n/react';
+import React from 'react';
+import { LogEntryRateSetupView } from './log_entry_rate_setup_view';
+import { LogEntryCategoriesSetupView } from './log_entry_categories_setup_view';
+import { LogAnalysisModuleList } from './module_list';
+import { useLogAnalysisSetupFlyoutStateContext } from './setup_flyout_state';
+
+const FLYOUT_HEADING_ID = 'logAnalysisSetupFlyoutHeading';
+
+export const LogAnalysisSetupFlyout: React.FC = () => {
+  const {
+    closeFlyout,
+    flyoutView,
+    showModuleList,
+    showModuleSetup,
+  } = useLogAnalysisSetupFlyoutStateContext();
+
+  if (flyoutView.view === 'hidden') {
+    return null;
+  }
+
+  return (
+    <EuiFlyout aria-labelledby={FLYOUT_HEADING_ID} maxWidth={800} onClose={closeFlyout}>
+      <EuiFlyoutHeader hasBorder>
+        <EuiTitle>
+          <h2 id={FLYOUT_HEADING_ID}>
+            <FormattedMessage
+              id="xpack.infra.logs.analysis.setupFlyoutTitle"
+              defaultMessage="Anomaly detection with Machine Learning"
+            />
+          </h2>
+        </EuiTitle>
+      </EuiFlyoutHeader>
+      <EuiFlyoutBody>
+        {flyoutView.view === 'moduleList' ? (
+          <LogAnalysisModuleList onViewModuleSetup={showModuleSetup} />
+        ) : flyoutView.view === 'moduleSetup' && flyoutView.module === 'logs_ui_analysis' ? (
+          <LogAnalysisSetupFlyoutSubPage onViewModuleList={showModuleList}>
+            <LogEntryRateSetupView onClose={closeFlyout} />
+          </LogAnalysisSetupFlyoutSubPage>
+        ) : flyoutView.view === 'moduleSetup' && flyoutView.module === 'logs_ui_categories' ? (
+          <LogAnalysisSetupFlyoutSubPage onViewModuleList={showModuleList}>
+            <LogEntryCategoriesSetupView onClose={closeFlyout} />
+          </LogAnalysisSetupFlyoutSubPage>
+        ) : null}
+      </EuiFlyoutBody>
+    </EuiFlyout>
+  );
+};
+
+const LogAnalysisSetupFlyoutSubPage: React.FC<{
+  onViewModuleList: () => void;
+}> = ({ children, onViewModuleList }) => (
+  <EuiFlexGroup alignItems="flexStart" direction="column" gutterSize="none">
+    <EuiFlexItem grow={false}>
+      <EuiButtonEmpty flush="left" iconSide="left" iconType="arrowLeft" onClick={onViewModuleList}>
+        <FormattedMessage
+          id="xpack.infra.logs.analysis.setupFlyoutGotoListButtonLabel"
+          defaultMessage="All Machine Learning jobs"
+        />
+      </EuiButtonEmpty>
+    </EuiFlexItem>
+    <EuiFlexItem>{children}</EuiFlexItem>
+  </EuiFlexGroup>
+);
diff --git a/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/setup_flyout_state.ts b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/setup_flyout_state.ts
new file mode 100644
index 00000000000000..7a64584df43034
--- /dev/null
+++ b/x-pack/plugins/infra/public/components/logging/log_analysis_setup/setup_flyout/setup_flyout_state.ts
@@ -0,0 +1,45 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import createContainer from 'constate';
+import { useState, useCallback } from 'react';
+
+export type ModuleId = 'logs_ui_analysis' | 'logs_ui_categories';
+
+type FlyoutView =
+  | { view: 'hidden' }
+  | { view: 'moduleList' }
+  | { view: 'moduleSetup'; module: ModuleId };
+
+export const useLogAnalysisSetupFlyoutState = ({
+  initialFlyoutView = { view: 'hidden' },
+}: {
+  initialFlyoutView?: FlyoutView;
+}) => {
+  const [flyoutView, setFlyoutView] = useState<FlyoutView>(initialFlyoutView);
+
+  const closeFlyout = useCallback(() => setFlyoutView({ view: 'hidden' }), []);
+  const showModuleList = useCallback(() => setFlyoutView({ view: 'moduleList' }), []);
+  const showModuleSetup = useCallback(
+    (module: ModuleId) => {
+      setFlyoutView({ view: 'moduleSetup', module });
+    },
+    [setFlyoutView]
+  );
+
+  return {
+    closeFlyout,
+    flyoutView,
+    setFlyoutView,
+    showModuleList,
+    showModuleSetup,
+  };
+};
+
+export const [
+  LogAnalysisSetupFlyoutStateProvider,
+  useLogAnalysisSetupFlyoutStateContext,
+] = createContainer(useLogAnalysisSetupFlyoutState);
diff --git a/x-pack/plugins/infra/public/containers/logs/log_analysis/log_analysis_module.tsx b/x-pack/plugins/infra/public/containers/logs/log_analysis/log_analysis_module.tsx
index a70758e3aefd7d..79768302a7310c 100644
--- a/x-pack/plugins/infra/public/containers/logs/log_analysis/log_analysis_module.tsx
+++ b/x-pack/plugins/infra/public/containers/logs/log_analysis/log_analysis_module.tsx
@@ -111,14 +111,6 @@ export const useLogAnalysisModule = <JobType extends string>({
     [cleanUpModule, dispatchModuleStatus, setUpModule]
   );
 
-  const viewSetupForReconfiguration = useCallback(() => {
-    dispatchModuleStatus({ type: 'requestedJobConfigurationUpdate' });
-  }, [dispatchModuleStatus]);
-
-  const viewSetupForUpdate = useCallback(() => {
-    dispatchModuleStatus({ type: 'requestedJobDefinitionUpdate' });
-  }, [dispatchModuleStatus]);
-
   const viewResults = useCallback(() => {
     dispatchModuleStatus({ type: 'viewedResults' });
   }, [dispatchModuleStatus]);
@@ -143,7 +135,5 @@ export const useLogAnalysisModule = <JobType extends string>({
     setupStatus: moduleStatus.setupStatus,
     sourceConfiguration,
     viewResults,
-    viewSetupForReconfiguration,
-    viewSetupForUpdate,
   };
 };
diff --git a/x-pack/plugins/infra/public/containers/logs/log_analysis/log_analysis_module_status.tsx b/x-pack/plugins/infra/public/containers/logs/log_analysis/log_analysis_module_status.tsx
index a0046b630bfe18..84b5404fe96aa3 100644
--- a/x-pack/plugins/infra/public/containers/logs/log_analysis/log_analysis_module_status.tsx
+++ b/x-pack/plugins/infra/public/containers/logs/log_analysis/log_analysis_module_status.tsx
@@ -43,8 +43,6 @@ type StatusReducerAction =
       payload: FetchJobStatusResponsePayload;
     }
   | { type: 'failedFetchingJobStatuses' }
-  | { type: 'requestedJobConfigurationUpdate' }
-  | { type: 'requestedJobDefinitionUpdate' }
   | { type: 'viewedResults' };
 
 const createInitialState = <JobType extends string>({
@@ -173,18 +171,6 @@ const createStatusReducer = <JobType extends string>(jobTypes: JobType[]) => (
         ),
       };
     }
-    case 'requestedJobConfigurationUpdate': {
-      return {
-        ...state,
-        setupStatus: { type: 'required', reason: 'reconfiguration' },
-      };
-    }
-    case 'requestedJobDefinitionUpdate': {
-      return {
-        ...state,
-        setupStatus: { type: 'required', reason: 'update' },
-      };
-    }
     case 'viewedResults': {
       return {
         ...state,
@@ -251,7 +237,7 @@ const getSetupStatus = <JobType extends string>(everyJobStatus: Record<JobType,
 ): SetupStatus =>
   Object.entries<JobStatus>(everyJobStatus).reduce<SetupStatus>((setupStatus, [, jobStatus]) => {
     if (jobStatus === 'missing') {
-      return { type: 'required', reason: 'missing' };
+      return { type: 'required' };
     } else if (setupStatus.type === 'required' || setupStatus.type === 'succeeded') {
       return setupStatus;
     } else if (setupStatus.type === 'skipped' || isJobStatusWithResults(jobStatus)) {
diff --git a/x-pack/plugins/infra/public/containers/logs/log_analysis/log_analysis_module_types.ts b/x-pack/plugins/infra/public/containers/logs/log_analysis/log_analysis_module_types.ts
index cc9ef730198446..4930c8b478a9c7 100644
--- a/x-pack/plugins/infra/public/containers/logs/log_analysis/log_analysis_module_types.ts
+++ b/x-pack/plugins/infra/public/containers/logs/log_analysis/log_analysis_module_types.ts
@@ -4,18 +4,22 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-import { DeleteJobsResponsePayload } from './api/ml_cleanup';
-import { FetchJobStatusResponsePayload } from './api/ml_get_jobs_summary_api';
-import { GetMlModuleResponsePayload } from './api/ml_get_module';
-import { SetupMlModuleResponsePayload } from './api/ml_setup_module_api';
 import {
-  ValidationIndicesResponsePayload,
   ValidateLogEntryDatasetsResponsePayload,
+  ValidationIndicesResponsePayload,
 } from '../../../../common/http_api/log_analysis';
 import { DatasetFilter } from '../../../../common/log_analysis';
+import { DeleteJobsResponsePayload } from './api/ml_cleanup';
+import { FetchJobStatusResponsePayload } from './api/ml_get_jobs_summary_api';
+import { GetMlModuleResponsePayload } from './api/ml_get_module';
+import { SetupMlModuleResponsePayload } from './api/ml_setup_module_api';
+
+export { JobModelSizeStats, JobSummary } from './api/ml_get_jobs_summary_api';
 
 export interface ModuleDescriptor<JobType extends string> {
   moduleId: string;
+  moduleName: string;
+  moduleDescription: string;
   jobTypes: JobType[];
   bucketSpan: number;
   getJobIds: (spaceId: string, sourceId: string) => Record<JobType, string>;
@@ -46,3 +50,43 @@ export interface ModuleSourceConfiguration {
   spaceId: string;
   timestampField: string;
 }
+
+interface ManyCategoriesWarningReason {
+  type: 'manyCategories';
+  categoriesDocumentRatio: number;
+}
+
+interface ManyDeadCategoriesWarningReason {
+  type: 'manyDeadCategories';
+  deadCategoriesRatio: number;
+}
+
+interface ManyRareCategoriesWarningReason {
+  type: 'manyRareCategories';
+  rareCategoriesRatio: number;
+}
+
+interface NoFrequentCategoriesWarningReason {
+  type: 'noFrequentCategories';
+}
+
+interface SingleCategoryWarningReason {
+  type: 'singleCategory';
+}
+
+export type CategoryQualityWarningReason =
+  | ManyCategoriesWarningReason
+  | ManyDeadCategoriesWarningReason
+  | ManyRareCategoriesWarningReason
+  | NoFrequentCategoriesWarningReason
+  | SingleCategoryWarningReason;
+
+export type CategoryQualityWarningReasonType = CategoryQualityWarningReason['type'];
+
+export interface CategoryQualityWarning {
+  type: 'categoryQualityWarning';
+  jobId: string;
+  reasons: CategoryQualityWarningReason[];
+}
+
+export type QualityWarning = CategoryQualityWarning;
diff --git a/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/index.ts b/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/index.ts
new file mode 100644
index 00000000000000..63f10252143314
--- /dev/null
+++ b/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/index.ts
@@ -0,0 +1,10 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+export * from './module_descriptor';
+export * from './use_log_entry_categories_module';
+export * from './use_log_entry_categories_quality';
+export * from './use_log_entry_categories_setup';
diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/module_descriptor.ts b/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/module_descriptor.ts
similarity index 77%
rename from x-pack/plugins/infra/public/pages/logs/log_entry_categories/module_descriptor.ts
rename to x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/module_descriptor.ts
index 8d9b9130f74a40..9682b3e74db3bf 100644
--- a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/module_descriptor.ts
+++ b/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/module_descriptor.ts
@@ -4,6 +4,7 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
+import { i18n } from '@kbn/i18n';
 import {
   bucketSpan,
   categoriesMessageField,
@@ -12,19 +13,25 @@ import {
   LogEntryCategoriesJobType,
   logEntryCategoriesJobTypes,
   partitionField,
-} from '../../../../common/log_analysis';
-import {
-  cleanUpJobsAndDatafeeds,
-  ModuleDescriptor,
-  ModuleSourceConfiguration,
-} from '../../../containers/logs/log_analysis';
-import { callJobsSummaryAPI } from '../../../containers/logs/log_analysis/api/ml_get_jobs_summary_api';
-import { callGetMlModuleAPI } from '../../../containers/logs/log_analysis/api/ml_get_module';
-import { callSetupMlModuleAPI } from '../../../containers/logs/log_analysis/api/ml_setup_module_api';
-import { callValidateDatasetsAPI } from '../../../containers/logs/log_analysis/api/validate_datasets';
-import { callValidateIndicesAPI } from '../../../containers/logs/log_analysis/api/validate_indices';
+} from '../../../../../../common/log_analysis';
+import { callJobsSummaryAPI } from '../../api/ml_get_jobs_summary_api';
+import { callGetMlModuleAPI } from '../../api/ml_get_module';
+import { callSetupMlModuleAPI } from '../../api/ml_setup_module_api';
+import { callValidateDatasetsAPI } from '../../api/validate_datasets';
+import { callValidateIndicesAPI } from '../../api/validate_indices';
+import { cleanUpJobsAndDatafeeds } from '../../log_analysis_cleanup';
+import { ModuleDescriptor, ModuleSourceConfiguration } from '../../log_analysis_module_types';
 
 const moduleId = 'logs_ui_categories';
+const moduleName = i18n.translate('xpack.infra.logs.analysis.logEntryCategoriesModuleName', {
+  defaultMessage: 'Categorization',
+});
+const moduleDescription = i18n.translate(
+  'xpack.infra.logs.analysis.logEntryCategoriesModuleDescription',
+  {
+    defaultMessage: 'Use Machine Learning to automatically categorize log messages.',
+  }
+);
 
 const getJobIds = (spaceId: string, sourceId: string) =>
   logEntryCategoriesJobTypes.reduce(
@@ -138,6 +145,8 @@ const validateSetupDatasets = async (
 
 export const logEntryCategoriesModule: ModuleDescriptor<LogEntryCategoriesJobType> = {
   moduleId,
+  moduleName,
+  moduleDescription,
   jobTypes: logEntryCategoriesJobTypes,
   bucketSpan,
   getJobIds,
diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/use_log_entry_categories_module.tsx b/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/use_log_entry_categories_module.tsx
similarity index 88%
rename from x-pack/plugins/infra/public/pages/logs/log_entry_categories/use_log_entry_categories_module.tsx
rename to x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/use_log_entry_categories_module.tsx
index fe832d3fe3a540..0b12d6834d522d 100644
--- a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/use_log_entry_categories_module.tsx
+++ b/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/use_log_entry_categories_module.tsx
@@ -6,12 +6,10 @@
 
 import createContainer from 'constate';
 import { useMemo } from 'react';
-import {
-  ModuleSourceConfiguration,
-  useLogAnalysisModule,
-  useLogAnalysisModuleConfiguration,
-  useLogAnalysisModuleDefinition,
-} from '../../../containers/logs/log_analysis';
+import { useLogAnalysisModule } from '../../log_analysis_module';
+import { useLogAnalysisModuleConfiguration } from '../../log_analysis_module_configuration';
+import { useLogAnalysisModuleDefinition } from '../../log_analysis_module_definition';
+import { ModuleSourceConfiguration } from '../../log_analysis_module_types';
 import { logEntryCategoriesModule } from './module_descriptor';
 import { useLogEntryCategoriesQuality } from './use_log_entry_categories_quality';
 
diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/use_log_entry_categories_quality.ts b/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/use_log_entry_categories_quality.ts
similarity index 92%
rename from x-pack/plugins/infra/public/pages/logs/log_entry_categories/use_log_entry_categories_quality.ts
rename to x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/use_log_entry_categories_quality.ts
index 51e049d576235b..346281fa94e1bb 100644
--- a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/use_log_entry_categories_quality.ts
+++ b/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/use_log_entry_categories_quality.ts
@@ -5,9 +5,12 @@
  */
 
 import { useMemo } from 'react';
-
-import { JobModelSizeStats, JobSummary } from '../../../containers/logs/log_analysis';
-import { QualityWarning, CategoryQualityWarningReason } from './sections/notices/quality_warnings';
+import {
+  JobModelSizeStats,
+  JobSummary,
+  QualityWarning,
+  CategoryQualityWarningReason,
+} from '../../log_analysis_module_types';
 
 export const useLogEntryCategoriesQuality = ({ jobSummaries }: { jobSummaries: JobSummary[] }) => {
   const categoryQualityWarnings: QualityWarning[] = useMemo(
diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/use_log_entry_categories_setup.tsx b/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/use_log_entry_categories_setup.tsx
similarity index 92%
rename from x-pack/plugins/infra/public/pages/logs/log_entry_categories/use_log_entry_categories_setup.tsx
rename to x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/use_log_entry_categories_setup.tsx
index c011230942d7cf..399c30cf47e714 100644
--- a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/use_log_entry_categories_setup.tsx
+++ b/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_categories/use_log_entry_categories_setup.tsx
@@ -4,7 +4,7 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-import { useAnalysisSetupState } from '../../../containers/logs/log_analysis';
+import { useAnalysisSetupState } from '../../log_analysis_setup_state';
 import { useLogEntryCategoriesModuleContext } from './use_log_entry_categories_module';
 
 export const useLogEntryCategoriesSetup = () => {
@@ -41,6 +41,7 @@ export const useLogEntryCategoriesSetup = () => {
     endTime,
     isValidating,
     lastSetupErrorMessages,
+    moduleDescriptor,
     setEndTime,
     setStartTime,
     setValidatedIndices,
diff --git a/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_rate/index.ts b/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_rate/index.ts
new file mode 100644
index 00000000000000..7fc1e4558961a2
--- /dev/null
+++ b/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_rate/index.ts
@@ -0,0 +1,9 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+export * from './module_descriptor';
+export * from './use_log_entry_rate_module';
+export * from './use_log_entry_rate_setup';
diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_rate/module_descriptor.ts b/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_rate/module_descriptor.ts
similarity index 76%
rename from x-pack/plugins/infra/public/pages/logs/log_entry_rate/module_descriptor.ts
rename to x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_rate/module_descriptor.ts
index 6ca306f39e947d..001174a2b7558b 100644
--- a/x-pack/plugins/infra/public/pages/logs/log_entry_rate/module_descriptor.ts
+++ b/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_rate/module_descriptor.ts
@@ -4,6 +4,7 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
+import { i18n } from '@kbn/i18n';
 import {
   bucketSpan,
   DatasetFilter,
@@ -11,19 +12,25 @@ import {
   LogEntryRateJobType,
   logEntryRateJobTypes,
   partitionField,
-} from '../../../../common/log_analysis';
-import {
-  cleanUpJobsAndDatafeeds,
-  ModuleDescriptor,
-  ModuleSourceConfiguration,
-} from '../../../containers/logs/log_analysis';
-import { callJobsSummaryAPI } from '../../../containers/logs/log_analysis/api/ml_get_jobs_summary_api';
-import { callGetMlModuleAPI } from '../../../containers/logs/log_analysis/api/ml_get_module';
-import { callSetupMlModuleAPI } from '../../../containers/logs/log_analysis/api/ml_setup_module_api';
-import { callValidateDatasetsAPI } from '../../../containers/logs/log_analysis/api/validate_datasets';
-import { callValidateIndicesAPI } from '../../../containers/logs/log_analysis/api/validate_indices';
+} from '../../../../../../common/log_analysis';
+import { ModuleDescriptor, ModuleSourceConfiguration } from '../../log_analysis_module_types';
+import { cleanUpJobsAndDatafeeds } from '../../log_analysis_cleanup';
+import { callJobsSummaryAPI } from '../../api/ml_get_jobs_summary_api';
+import { callGetMlModuleAPI } from '../../api/ml_get_module';
+import { callSetupMlModuleAPI } from '../../api/ml_setup_module_api';
+import { callValidateDatasetsAPI } from '../../api/validate_datasets';
+import { callValidateIndicesAPI } from '../../api/validate_indices';
 
 const moduleId = 'logs_ui_analysis';
+const moduleName = i18n.translate('xpack.infra.logs.analysis.logEntryRateModuleName', {
+  defaultMessage: 'Log rate',
+});
+const moduleDescription = i18n.translate(
+  'xpack.infra.logs.analysis.logEntryRateModuleDescription',
+  {
+    defaultMessage: 'Use Machine Learning to automatically detect anomalous log entry rates.',
+  }
+);
 
 const getJobIds = (spaceId: string, sourceId: string) =>
   logEntryRateJobTypes.reduce(
@@ -126,6 +133,8 @@ const validateSetupDatasets = async (
 
 export const logEntryRateModule: ModuleDescriptor<LogEntryRateJobType> = {
   moduleId,
+  moduleName,
+  moduleDescription,
   jobTypes: logEntryRateJobTypes,
   bucketSpan,
   getJobIds,
diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_rate/use_log_entry_rate_module.tsx b/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_rate/use_log_entry_rate_module.tsx
similarity index 86%
rename from x-pack/plugins/infra/public/pages/logs/log_entry_rate/use_log_entry_rate_module.tsx
rename to x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_rate/use_log_entry_rate_module.tsx
index 07bdb0249cd3dc..f9832e2cdd7ec6 100644
--- a/x-pack/plugins/infra/public/pages/logs/log_entry_rate/use_log_entry_rate_module.tsx
+++ b/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_rate/use_log_entry_rate_module.tsx
@@ -6,12 +6,10 @@
 
 import createContainer from 'constate';
 import { useMemo } from 'react';
-import {
-  ModuleSourceConfiguration,
-  useLogAnalysisModule,
-  useLogAnalysisModuleConfiguration,
-  useLogAnalysisModuleDefinition,
-} from '../../../containers/logs/log_analysis';
+import { ModuleSourceConfiguration } from '../../log_analysis_module_types';
+import { useLogAnalysisModule } from '../../log_analysis_module';
+import { useLogAnalysisModuleConfiguration } from '../../log_analysis_module_configuration';
+import { useLogAnalysisModuleDefinition } from '../../log_analysis_module_definition';
 import { logEntryRateModule } from './module_descriptor';
 
 export const useLogEntryRateModule = ({
diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_rate/use_log_entry_rate_setup.tsx b/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_rate/use_log_entry_rate_setup.tsx
similarity index 82%
rename from x-pack/plugins/infra/public/pages/logs/log_entry_rate/use_log_entry_rate_setup.tsx
rename to x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_rate/use_log_entry_rate_setup.tsx
index 3595b6bf830fcc..f67ab1fef823ea 100644
--- a/x-pack/plugins/infra/public/pages/logs/log_entry_rate/use_log_entry_rate_setup.tsx
+++ b/x-pack/plugins/infra/public/containers/logs/log_analysis/modules/log_entry_rate/use_log_entry_rate_setup.tsx
@@ -4,7 +4,8 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-import { useAnalysisSetupState } from '../../../containers/logs/log_analysis';
+import createContainer from 'constate';
+import { useAnalysisSetupState } from '../../log_analysis_setup_state';
 import { useLogEntryRateModuleContext } from './use_log_entry_rate_module';
 
 export const useLogEntryRateSetup = () => {
@@ -41,6 +42,7 @@ export const useLogEntryRateSetup = () => {
     endTime,
     isValidating,
     lastSetupErrorMessages,
+    moduleDescriptor,
     setEndTime,
     setStartTime,
     setValidatedIndices,
@@ -52,3 +54,7 @@ export const useLogEntryRateSetup = () => {
     viewResults,
   };
 };
+
+export const [LogEntryRateSetupProvider, useLogEntryRateSetupContext] = createContainer(
+  useLogEntryRateSetup
+);
diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_content.tsx b/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_content.tsx
index 26633cd190a073..2880b1b794443f 100644
--- a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_content.tsx
+++ b/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_content.tsx
@@ -5,7 +5,7 @@
  */
 
 import { i18n } from '@kbn/i18n';
-import React, { useEffect, useState, useCallback } from 'react';
+import React, { useCallback, useEffect, useState } from 'react';
 import { isJobStatusWithResults } from '../../../../common/log_analysis';
 import { LoadingPage } from '../../../components/loading_page';
 import {
@@ -17,10 +17,10 @@ import {
 import { SourceErrorPage } from '../../../components/source_error_page';
 import { SourceLoadingPage } from '../../../components/source_loading_page';
 import { useLogAnalysisCapabilitiesContext } from '../../../containers/logs/log_analysis';
+import { useLogEntryCategoriesModuleContext } from '../../../containers/logs/log_analysis/modules/log_entry_categories';
 import { useLogSourceContext } from '../../../containers/logs/log_source';
 import { LogEntryCategoriesResultsContent } from './page_results_content';
 import { LogEntryCategoriesSetupContent } from './page_setup_content';
-import { useLogEntryCategoriesModuleContext } from './use_log_entry_categories_module';
 import { LogEntryCategoriesSetupFlyout } from './setup_flyout';
 
 export const LogEntryCategoriesPageContent = () => {
@@ -50,13 +50,6 @@ export const LogEntryCategoriesPageContent = () => {
     }
   }, [fetchJobStatus, hasLogAnalysisReadCapabilities]);
 
-  // Open flyout if there are no ML jobs
-  useEffect(() => {
-    if (setupStatus.type === 'required' && setupStatus.reason === 'missing') {
-      openFlyout();
-    }
-  }, [setupStatus, openFlyout]);
-
   if (isLoading || isUninitialized) {
     return <SourceLoadingPage />;
   } else if (hasFailedLoadingSource) {
diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_providers.tsx b/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_providers.tsx
index cecea733b49e4c..48ad156714ccfd 100644
--- a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_providers.tsx
+++ b/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_providers.tsx
@@ -5,10 +5,9 @@
  */
 
 import React from 'react';
-
+import { LogEntryCategoriesModuleProvider } from '../../../containers/logs/log_analysis/modules/log_entry_categories';
 import { useLogSourceContext } from '../../../containers/logs/log_source';
 import { useKibanaSpaceId } from '../../../utils/use_kibana_space_id';
-import { LogEntryCategoriesModuleProvider } from './use_log_entry_categories_module';
 
 export const LogEntryCategoriesPageProviders: React.FunctionComponent = ({ children }) => {
   const { sourceId, sourceConfiguration } = useLogSourceContext();
diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_results_content.tsx b/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_results_content.tsx
index 8ce582df7466ea..5e602e1f638629 100644
--- a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_results_content.tsx
+++ b/x-pack/plugins/infra/public/pages/logs/log_entry_categories/page_results_content.tsx
@@ -12,17 +12,17 @@ import React, { useCallback, useEffect, useMemo, useState } from 'react';
 import { useKibana } from '../../../../../../../src/plugins/kibana_react/public';
 import { euiStyled, useTrackPageview } from '../../../../../observability/public';
 import { TimeRange } from '../../../../common/http_api/shared/time_range';
+import { CategoryJobNoticesSection } from '../../../components/logging/log_analysis_job_status';
+import { useLogEntryCategoriesModuleContext } from '../../../containers/logs/log_analysis/modules/log_entry_categories';
+import { ViewLogInContext } from '../../../containers/logs/view_log_in_context';
 import { useInterval } from '../../../hooks/use_interval';
-import { CategoryJobNoticesSection } from './sections/notices/notices_section';
+import { PageViewLogInContext } from '../stream/page_view_log_in_context';
 import { TopCategoriesSection } from './sections/top_categories';
-import { useLogEntryCategoriesModuleContext } from './use_log_entry_categories_module';
 import { useLogEntryCategoriesResults } from './use_log_entry_categories_results';
 import {
   StringTimeRange,
   useLogEntryCategoriesResultsUrlState,
 } from './use_log_entry_categories_results_url_state';
-import { PageViewLogInContext } from '../stream/page_view_log_in_context';
-import { ViewLogInContext } from '../../../containers/logs/view_log_in_context';
 
 const JOB_STATUS_POLLING_INTERVAL = 30000;
 
@@ -39,9 +39,8 @@ export const LogEntryCategoriesResultsContent: React.FunctionComponent<LogEntryC
   const {
     fetchJobStatus,
     fetchModuleDefinition,
+    moduleDescriptor,
     setupStatus,
-    viewSetupForReconfiguration,
-    viewSetupForUpdate,
     hasOutdatedJobConfigurations,
     hasOutdatedJobDefinitions,
     hasStoppedJobs,
@@ -131,16 +130,6 @@ export const LogEntryCategoriesResultsContent: React.FunctionComponent<LogEntryC
     [setAutoRefresh]
   );
 
-  const viewSetupFlyoutForReconfiguration = useCallback(() => {
-    viewSetupForReconfiguration();
-    onOpenSetup();
-  }, [onOpenSetup, viewSetupForReconfiguration]);
-
-  const viewSetupFlyoutForUpdate = useCallback(() => {
-    viewSetupForUpdate();
-    onOpenSetup();
-  }, [onOpenSetup, viewSetupForUpdate]);
-
   const hasResults = useMemo(() => topLogEntryCategories.length > 0, [
     topLogEntryCategories.length,
   ]);
@@ -210,8 +199,9 @@ export const LogEntryCategoriesResultsContent: React.FunctionComponent<LogEntryC
               hasOutdatedJobDefinitions={hasOutdatedJobDefinitions}
               hasStoppedJobs={hasStoppedJobs}
               isFirstUse={isFirstUse}
-              onRecreateMlJobForReconfiguration={viewSetupFlyoutForReconfiguration}
-              onRecreateMlJobForUpdate={viewSetupFlyoutForUpdate}
+              moduleName={moduleDescriptor.moduleName}
+              onRecreateMlJobForReconfiguration={onOpenSetup}
+              onRecreateMlJobForUpdate={onOpenSetup}
               qualityWarnings={categoryQualityWarnings}
             />
           </EuiFlexItem>
@@ -223,7 +213,7 @@ export const LogEntryCategoriesResultsContent: React.FunctionComponent<LogEntryC
                 isLoadingTopCategories={isLoadingTopLogEntryCategories}
                 jobId={jobIds['log-entry-categories-count']}
                 onChangeDatasetSelection={setCategoryQueryDatasets}
-                onRequestRecreateMlJob={viewSetupFlyoutForReconfiguration}
+                onRequestRecreateMlJob={onOpenSetup}
                 selectedDatasets={categoryQueryDatasets}
                 sourceId={sourceId}
                 timeRange={categoryQueryTimeRange.timeRange}
diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/sections/notices/quality_warnings.tsx b/x-pack/plugins/infra/public/pages/logs/log_entry_categories/sections/notices/quality_warnings.tsx
deleted file mode 100644
index e0d3aa105e0049..00000000000000
--- a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/sections/notices/quality_warnings.tsx
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License;
- * you may not use this file except in compliance with the Elastic License.
- */
-
-interface ManyCategoriesWarningReason {
-  type: 'manyCategories';
-  categoriesDocumentRatio: number;
-}
-
-interface ManyDeadCategoriesWarningReason {
-  type: 'manyDeadCategories';
-  deadCategoriesRatio: number;
-}
-
-interface ManyRareCategoriesWarningReason {
-  type: 'manyRareCategories';
-  rareCategoriesRatio: number;
-}
-
-interface NoFrequentCategoriesWarningReason {
-  type: 'noFrequentCategories';
-}
-
-interface SingleCategoryWarningReason {
-  type: 'singleCategory';
-}
-
-export type CategoryQualityWarningReason =
-  | ManyCategoriesWarningReason
-  | ManyDeadCategoriesWarningReason
-  | ManyRareCategoriesWarningReason
-  | NoFrequentCategoriesWarningReason
-  | SingleCategoryWarningReason;
-
-export type CategoryQualityWarningReasonType = CategoryQualityWarningReason['type'];
-
-export interface CategoryQualityWarning {
-  type: 'categoryQualityWarning';
-  jobId: string;
-  reasons: CategoryQualityWarningReason[];
-}
-
-export type QualityWarning = CategoryQualityWarning;
diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/setup_flyout.tsx b/x-pack/plugins/infra/public/pages/logs/log_entry_categories/setup_flyout.tsx
index ab5eae1ab30048..a038765de2bf31 100644
--- a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/setup_flyout.tsx
+++ b/x-pack/plugins/infra/public/pages/logs/log_entry_categories/setup_flyout.tsx
@@ -4,23 +4,22 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-import React, { useMemo, useCallback } from 'react';
-import { FormattedMessage } from '@kbn/i18n/react';
 import {
   EuiFlyout,
-  EuiFlyoutHeader,
   EuiFlyoutBody,
-  EuiTitle,
-  EuiText,
+  EuiFlyoutHeader,
   EuiSpacer,
   EuiSteps,
+  EuiText,
+  EuiTitle,
 } from '@elastic/eui';
-
+import { FormattedMessage } from '@kbn/i18n/react';
+import React, { useCallback, useMemo } from 'react';
 import {
   createInitialConfigurationStep,
   createProcessStep,
 } from '../../../components/logging/log_analysis_setup';
-import { useLogEntryCategoriesSetup } from './use_log_entry_categories_setup';
+import { useLogEntryCategoriesSetup } from '../../../containers/logs/log_analysis/modules/log_entry_categories';
 
 interface LogEntryCategoriesSetupFlyoutProps {
   isOpen: boolean;
diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_rate/page_content.tsx b/x-pack/plugins/infra/public/pages/logs/log_entry_rate/page_content.tsx
index 012b694bdbd256..d8edcd87eb2a07 100644
--- a/x-pack/plugins/infra/public/pages/logs/log_entry_rate/page_content.tsx
+++ b/x-pack/plugins/infra/public/pages/logs/log_entry_rate/page_content.tsx
@@ -5,7 +5,7 @@
  */
 
 import { i18n } from '@kbn/i18n';
-import React, { useEffect, useState, useCallback } from 'react';
+import React, { memo, useEffect, useCallback } from 'react';
 import { isJobStatusWithResults } from '../../../../common/log_analysis';
 import { LoadingPage } from '../../../components/loading_page';
 import {
@@ -14,16 +14,23 @@ import {
   MissingSetupPrivilegesPrompt,
   SubscriptionSplashContent,
 } from '../../../components/logging/log_analysis_setup';
+import {
+  LogAnalysisSetupFlyout,
+  useLogAnalysisSetupFlyoutStateContext,
+} from '../../../components/logging/log_analysis_setup/setup_flyout';
 import { SourceErrorPage } from '../../../components/source_error_page';
 import { SourceLoadingPage } from '../../../components/source_loading_page';
 import { useLogAnalysisCapabilitiesContext } from '../../../containers/logs/log_analysis';
+import { useLogEntryCategoriesModuleContext } from '../../../containers/logs/log_analysis/modules/log_entry_categories';
+import { useLogEntryRateModuleContext } from '../../../containers/logs/log_analysis/modules/log_entry_rate';
 import { useLogSourceContext } from '../../../containers/logs/log_source';
 import { LogEntryRateResultsContent } from './page_results_content';
 import { LogEntryRateSetupContent } from './page_setup_content';
-import { useLogEntryRateModuleContext } from './use_log_entry_rate_module';
-import { LogEntryRateSetupFlyout } from './setup_flyout';
+import { useInterval } from '../../../hooks/use_interval';
+
+const JOB_STATUS_POLLING_INTERVAL = 30000;
 
-export const LogEntryRatePageContent = () => {
+export const LogEntryRatePageContent = memo(() => {
   const {
     hasFailedLoadingSource,
     isLoading,
@@ -38,24 +45,52 @@ export const LogEntryRatePageContent = () => {
     hasLogAnalysisSetupCapabilities,
   } = useLogAnalysisCapabilitiesContext();
 
-  const { fetchJobStatus, setupStatus, jobStatus } = useLogEntryRateModuleContext();
+  const {
+    fetchJobStatus: fetchLogEntryCategoriesJobStatus,
+    fetchModuleDefinition: fetchLogEntryCategoriesModuleDefinition,
+    jobStatus: logEntryCategoriesJobStatus,
+    setupStatus: logEntryCategoriesSetupStatus,
+  } = useLogEntryCategoriesModuleContext();
+  const {
+    fetchJobStatus: fetchLogEntryRateJobStatus,
+    fetchModuleDefinition: fetchLogEntryRateModuleDefinition,
+    jobStatus: logEntryRateJobStatus,
+    setupStatus: logEntryRateSetupStatus,
+  } = useLogEntryRateModuleContext();
 
-  const [isFlyoutOpen, setIsFlyoutOpen] = useState<boolean>(false);
-  const openFlyout = useCallback(() => setIsFlyoutOpen(true), []);
-  const closeFlyout = useCallback(() => setIsFlyoutOpen(false), []);
+  const { showModuleList } = useLogAnalysisSetupFlyoutStateContext();
+
+  const fetchAllJobStatuses = useCallback(
+    () => Promise.all([fetchLogEntryCategoriesJobStatus(), fetchLogEntryRateJobStatus()]),
+    [fetchLogEntryCategoriesJobStatus, fetchLogEntryRateJobStatus]
+  );
 
   useEffect(() => {
     if (hasLogAnalysisReadCapabilities) {
-      fetchJobStatus();
+      fetchAllJobStatuses();
     }
-  }, [fetchJobStatus, hasLogAnalysisReadCapabilities]);
+  }, [fetchAllJobStatuses, hasLogAnalysisReadCapabilities]);
 
-  // Open flyout if there are no ML jobs
   useEffect(() => {
-    if (setupStatus.type === 'required' && setupStatus.reason === 'missing') {
-      openFlyout();
+    if (hasLogAnalysisReadCapabilities) {
+      fetchLogEntryCategoriesModuleDefinition();
+    }
+  }, [fetchLogEntryCategoriesModuleDefinition, hasLogAnalysisReadCapabilities]);
+
+  useEffect(() => {
+    if (hasLogAnalysisReadCapabilities) {
+      fetchLogEntryRateModuleDefinition();
+    }
+  }, [fetchLogEntryRateModuleDefinition, hasLogAnalysisReadCapabilities]);
+
+  useInterval(() => {
+    if (logEntryCategoriesSetupStatus.type !== 'pending' && hasLogAnalysisReadCapabilities) {
+      fetchLogEntryCategoriesJobStatus();
+    }
+    if (logEntryRateSetupStatus.type !== 'pending' && hasLogAnalysisReadCapabilities) {
+      fetchLogEntryRateJobStatus();
     }
-  }, [setupStatus, openFlyout]);
+  }, JOB_STATUS_POLLING_INTERVAL);
 
   if (isLoading || isUninitialized) {
     return <SourceLoadingPage />;
@@ -65,7 +100,10 @@ export const LogEntryRatePageContent = () => {
     return <SubscriptionSplashContent />;
   } else if (!hasLogAnalysisReadCapabilities) {
     return <MissingResultsPrivilegesPrompt />;
-  } else if (setupStatus.type === 'initializing') {
+  } else if (
+    logEntryCategoriesSetupStatus.type === 'initializing' ||
+    logEntryRateSetupStatus.type === 'initializing'
+  ) {
     return (
       <LoadingPage
         message={i18n.translate('xpack.infra.logs.analysisPage.loadingMessage', {
@@ -73,13 +111,19 @@ export const LogEntryRatePageContent = () => {
         })}
       />
     );
-  } else if (setupStatus.type === 'unknown') {
-    return <LogAnalysisSetupStatusUnknownPrompt retry={fetchJobStatus} />;
-  } else if (isJobStatusWithResults(jobStatus['log-entry-rate'])) {
+  } else if (
+    logEntryCategoriesSetupStatus.type === 'unknown' ||
+    logEntryRateSetupStatus.type === 'unknown'
+  ) {
+    return <LogAnalysisSetupStatusUnknownPrompt retry={fetchAllJobStatuses} />;
+  } else if (
+    isJobStatusWithResults(logEntryCategoriesJobStatus['log-entry-categories-count']) ||
+    isJobStatusWithResults(logEntryRateJobStatus['log-entry-rate'])
+  ) {
     return (
       <>
-        <LogEntryRateResultsContent onOpenSetup={openFlyout} />
-        <LogEntryRateSetupFlyout isOpen={isFlyoutOpen} onClose={closeFlyout} />
+        <LogEntryRateResultsContent />
+        <LogAnalysisSetupFlyout />
       </>
     );
   } else if (!hasLogAnalysisSetupCapabilities) {
@@ -87,9 +131,9 @@ export const LogEntryRatePageContent = () => {
   } else {
     return (
       <>
-        <LogEntryRateSetupContent onOpenSetup={openFlyout} />
-        <LogEntryRateSetupFlyout isOpen={isFlyoutOpen} onClose={closeFlyout} />
+        <LogEntryRateSetupContent onOpenSetup={showModuleList} />
+        <LogAnalysisSetupFlyout />
       </>
     );
   }
-};
+});
diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_rate/page_providers.tsx b/x-pack/plugins/infra/public/pages/logs/log_entry_rate/page_providers.tsx
index e91ef87bdf34ae..ac11260d2075d5 100644
--- a/x-pack/plugins/infra/public/pages/logs/log_entry_rate/page_providers.tsx
+++ b/x-pack/plugins/infra/public/pages/logs/log_entry_rate/page_providers.tsx
@@ -5,10 +5,11 @@
  */
 
 import React from 'react';
-
+import { LogAnalysisSetupFlyoutStateProvider } from '../../../components/logging/log_analysis_setup/setup_flyout';
+import { LogEntryCategoriesModuleProvider } from '../../../containers/logs/log_analysis/modules/log_entry_categories';
+import { LogEntryRateModuleProvider } from '../../../containers/logs/log_analysis/modules/log_entry_rate';
 import { useLogSourceContext } from '../../../containers/logs/log_source';
 import { useKibanaSpaceId } from '../../../utils/use_kibana_space_id';
-import { LogEntryRateModuleProvider } from './use_log_entry_rate_module';
 
 export const LogEntryRatePageProviders: React.FunctionComponent = ({ children }) => {
   const { sourceId, sourceConfiguration } = useLogSourceContext();
@@ -21,7 +22,14 @@ export const LogEntryRatePageProviders: React.FunctionComponent = ({ children })
       spaceId={spaceId}
       timestampField={sourceConfiguration?.configuration.fields.timestamp ?? ''}
     >
-      {children}
+      <LogEntryCategoriesModuleProvider
+        indexPattern={sourceConfiguration?.configuration.logAlias ?? ''}
+        sourceId={sourceId}
+        spaceId={spaceId}
+        timestampField={sourceConfiguration?.configuration.fields.timestamp ?? ''}
+      >
+        <LogAnalysisSetupFlyoutStateProvider>{children}</LogAnalysisSetupFlyoutStateProvider>
+      </LogEntryCategoriesModuleProvider>
     </LogEntryRateModuleProvider>
   );
 };
diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_rate/page_results_content.tsx b/x-pack/plugins/infra/public/pages/logs/log_entry_rate/page_results_content.tsx
index 21c3e3ec70029d..f2a60541b3b3ce 100644
--- a/x-pack/plugins/infra/public/pages/logs/log_entry_rate/page_results_content.tsx
+++ b/x-pack/plugins/infra/public/pages/logs/log_entry_rate/page_results_content.tsx
@@ -11,19 +11,23 @@ import React, { useCallback, useEffect, useMemo, useState } from 'react';
 import { euiStyled, useTrackPageview } from '../../../../../observability/public';
 import { TimeRange } from '../../../../common/http_api/shared/time_range';
 import { bucketSpan } from '../../../../common/log_analysis';
-import { LogAnalysisJobProblemIndicator } from '../../../components/logging/log_analysis_job_status';
+import {
+  CategoryJobNoticesSection,
+  LogAnalysisJobProblemIndicator,
+} from '../../../components/logging/log_analysis_job_status';
+import { useLogAnalysisSetupFlyoutStateContext } from '../../../components/logging/log_analysis_setup/setup_flyout';
+import { useLogEntryCategoriesModuleContext } from '../../../containers/logs/log_analysis/modules/log_entry_categories';
+import { useLogEntryRateModuleContext } from '../../../containers/logs/log_analysis/modules/log_entry_rate';
+import { useLogSourceContext } from '../../../containers/logs/log_source';
 import { useInterval } from '../../../hooks/use_interval';
 import { AnomaliesResults } from './sections/anomalies';
-import { useLogEntryRateModuleContext } from './use_log_entry_rate_module';
-import { useLogEntryRateResults } from './use_log_entry_rate_results';
 import { useLogEntryAnomaliesResults } from './use_log_entry_anomalies_results';
+import { useLogEntryRateResults } from './use_log_entry_rate_results';
 import {
   StringTimeRange,
   useLogAnalysisResultsUrlState,
 } from './use_log_entry_rate_results_url_state';
 
-const JOB_STATUS_POLLING_INTERVAL = 30000;
-
 export const SORT_DEFAULTS = {
   direction: 'desc' as const,
   field: 'anomalyScore' as const,
@@ -33,28 +37,29 @@ export const PAGINATION_DEFAULTS = {
   pageSize: 25,
 };
 
-interface LogEntryRateResultsContentProps {
-  onOpenSetup: () => void;
-}
-
-export const LogEntryRateResultsContent: React.FunctionComponent<LogEntryRateResultsContentProps> = ({
-  onOpenSetup,
-}) => {
+export const LogEntryRateResultsContent: React.FunctionComponent = () => {
   useTrackPageview({ app: 'infra_logs', path: 'log_entry_rate_results' });
   useTrackPageview({ app: 'infra_logs', path: 'log_entry_rate_results', delay: 15000 });
 
+  const { sourceId } = useLogSourceContext();
+
   const {
-    fetchJobStatus,
-    fetchModuleDefinition,
-    setupStatus,
-    viewSetupForReconfiguration,
-    viewSetupForUpdate,
-    hasOutdatedJobConfigurations,
-    hasOutdatedJobDefinitions,
-    hasStoppedJobs,
-    sourceConfiguration: { sourceId },
+    hasOutdatedJobConfigurations: hasOutdatedLogEntryRateJobConfigurations,
+    hasOutdatedJobDefinitions: hasOutdatedLogEntryRateJobDefinitions,
+    hasStoppedJobs: hasStoppedLogEntryRateJobs,
+    moduleDescriptor: logEntryRateModuleDescriptor,
+    setupStatus: logEntryRateSetupStatus,
   } = useLogEntryRateModuleContext();
 
+  const {
+    categoryQualityWarnings,
+    hasOutdatedJobConfigurations: hasOutdatedLogEntryCategoriesJobConfigurations,
+    hasOutdatedJobDefinitions: hasOutdatedLogEntryCategoriesJobDefinitions,
+    hasStoppedJobs: hasStoppedLogEntryCategoriesJobs,
+    moduleDescriptor: logEntryCategoriesModuleDescriptor,
+    setupStatus: logEntryCategoriesSetupStatus,
+  } = useLogEntryCategoriesModuleContext();
+
   const {
     timeRange: selectedTimeRange,
     setTimeRange: setSelectedTimeRange,
@@ -145,41 +150,33 @@ export const LogEntryRateResultsContent: React.FunctionComponent<LogEntryRateRes
     [setAutoRefresh]
   );
 
-  const viewSetupFlyoutForReconfiguration = useCallback(() => {
-    viewSetupForReconfiguration();
-    onOpenSetup();
-  }, [viewSetupForReconfiguration, onOpenSetup]);
+  const { showModuleList, showModuleSetup } = useLogAnalysisSetupFlyoutStateContext();
 
-  const viewSetupFlyoutForUpdate = useCallback(() => {
-    viewSetupForUpdate();
-    onOpenSetup();
-  }, [viewSetupForUpdate, onOpenSetup]);
-
-  /* eslint-disable-next-line react-hooks/exhaustive-deps */
-  const hasResults = useMemo(() => (logEntryRate?.histogramBuckets?.length ?? 0) > 0, [
-    logEntryRate,
+  const showLogEntryRateSetup = useCallback(() => showModuleSetup('logs_ui_analysis'), [
+    showModuleSetup,
+  ]);
+  const showLogEntryCategoriesSetup = useCallback(() => showModuleSetup('logs_ui_categories'), [
+    showModuleSetup,
   ]);
 
+  const hasLogRateResults = (logEntryRate?.histogramBuckets?.length ?? 0) > 0;
+  const hasAnomalyResults = logEntryAnomalies.length > 0;
+
   const isFirstUse = useMemo(
     () =>
-      ((setupStatus.type === 'skipped' && !!setupStatus.newlyCreated) ||
-        setupStatus.type === 'succeeded') &&
-      !hasResults,
-    [hasResults, setupStatus]
+      ((logEntryCategoriesSetupStatus.type === 'skipped' &&
+        !!logEntryCategoriesSetupStatus.newlyCreated) ||
+        logEntryCategoriesSetupStatus.type === 'succeeded' ||
+        (logEntryRateSetupStatus.type === 'skipped' && !!logEntryRateSetupStatus.newlyCreated) ||
+        logEntryRateSetupStatus.type === 'succeeded') &&
+      !(hasLogRateResults || hasAnomalyResults),
+    [hasAnomalyResults, hasLogRateResults, logEntryCategoriesSetupStatus, logEntryRateSetupStatus]
   );
 
   useEffect(() => {
     getLogEntryRate();
   }, [getLogEntryRate, queryTimeRange.lastChangedTime]);
 
-  useEffect(() => {
-    fetchModuleDefinition();
-  }, [fetchModuleDefinition]);
-
-  useInterval(() => {
-    fetchJobStatus();
-  }, JOB_STATUS_POLLING_INTERVAL);
-
   useInterval(
     () => {
       handleQueryTimeRangeChange({
@@ -209,12 +206,23 @@ export const LogEntryRateResultsContent: React.FunctionComponent<LogEntryRateRes
         </EuiFlexItem>
         <EuiFlexItem grow={false}>
           <LogAnalysisJobProblemIndicator
-            hasOutdatedJobConfigurations={hasOutdatedJobConfigurations}
-            hasOutdatedJobDefinitions={hasOutdatedJobDefinitions}
-            hasStoppedJobs={hasStoppedJobs}
+            hasOutdatedJobConfigurations={hasOutdatedLogEntryRateJobConfigurations}
+            hasOutdatedJobDefinitions={hasOutdatedLogEntryRateJobDefinitions}
+            hasStoppedJobs={hasStoppedLogEntryRateJobs}
+            isFirstUse={false /* the first use message is already shown by the section below */}
+            moduleName={logEntryRateModuleDescriptor.moduleName}
+            onRecreateMlJobForReconfiguration={showLogEntryRateSetup}
+            onRecreateMlJobForUpdate={showLogEntryRateSetup}
+          />
+          <CategoryJobNoticesSection
+            hasOutdatedJobConfigurations={hasOutdatedLogEntryCategoriesJobConfigurations}
+            hasOutdatedJobDefinitions={hasOutdatedLogEntryCategoriesJobDefinitions}
+            hasStoppedJobs={hasStoppedLogEntryCategoriesJobs}
             isFirstUse={isFirstUse}
-            onRecreateMlJobForReconfiguration={viewSetupFlyoutForReconfiguration}
-            onRecreateMlJobForUpdate={viewSetupFlyoutForUpdate}
+            moduleName={logEntryCategoriesModuleDescriptor.moduleName}
+            onRecreateMlJobForReconfiguration={showLogEntryCategoriesSetup}
+            onRecreateMlJobForUpdate={showLogEntryCategoriesSetup}
+            qualityWarnings={categoryQualityWarnings}
           />
         </EuiFlexItem>
         <EuiFlexItem grow={false}>
@@ -222,7 +230,7 @@ export const LogEntryRateResultsContent: React.FunctionComponent<LogEntryRateRes
             <AnomaliesResults
               isLoadingLogRateResults={isLoading}
               isLoadingAnomaliesResults={isLoadingLogEntryAnomalies}
-              viewSetupForReconfiguration={viewSetupFlyoutForReconfiguration}
+              onViewModuleList={showModuleList}
               logEntryRateResults={logEntryRate}
               anomalies={logEntryAnomalies}
               setTimeRange={handleChartTimeRangeChange}
diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_rate/sections/anomalies/expanded_row.tsx b/x-pack/plugins/infra/public/pages/logs/log_entry_rate/sections/anomalies/expanded_row.tsx
index e4b12e199a048c..84ef13cc707065 100644
--- a/x-pack/plugins/infra/public/pages/logs/log_entry_rate/sections/anomalies/expanded_row.tsx
+++ b/x-pack/plugins/infra/public/pages/logs/log_entry_rate/sections/anomalies/expanded_row.tsx
@@ -4,18 +4,18 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-import { EuiFlexGroup, EuiFlexItem, EuiTitle, EuiStat } from '@elastic/eui';
+import { EuiFlexGroup, EuiFlexItem, EuiStat, EuiTitle } from '@elastic/eui';
 import numeral from '@elastic/numeral';
 import { i18n } from '@kbn/i18n';
 import React from 'react';
 import { useMount } from 'react-use';
-import { TimeRange } from '../../../../../../common/http_api/shared/time_range';
+import { euiStyled } from '../../../../../../../observability/public';
 import { LogEntryAnomaly } from '../../../../../../common/http_api';
-import { useLogEntryExamples } from '../../use_log_entry_examples';
+import { TimeRange } from '../../../../../../common/http_api/shared/time_range';
 import { LogEntryExampleMessages } from '../../../../../components/logging/log_entry_examples/log_entry_examples';
-import { LogEntryExampleMessage, LogEntryExampleMessageHeaders } from './log_entry_example';
-import { euiStyled } from '../../../../../../../observability/public';
 import { useLogSourceContext } from '../../../../../containers/logs/log_source';
+import { useLogEntryExamples } from '../../use_log_entry_examples';
+import { LogEntryExampleMessage, LogEntryExampleMessageHeaders } from './log_entry_example';
 
 const EXAMPLE_COUNT = 5;
 
diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_rate/sections/anomalies/index.tsx b/x-pack/plugins/infra/public/pages/logs/log_entry_rate/sections/anomalies/index.tsx
index 2442aca9f32991..ff9b9db2e50876 100644
--- a/x-pack/plugins/infra/public/pages/logs/log_entry_rate/sections/anomalies/index.tsx
+++ b/x-pack/plugins/infra/public/pages/logs/log_entry_rate/sections/anomalies/index.tsx
@@ -20,16 +20,16 @@ import { TimeRange } from '../../../../../../common/http_api/shared/time_range';
 import { getAnnotationsForAll, getLogEntryRateCombinedSeries } from '../helpers/data_formatters';
 import { AnomaliesChart } from './chart';
 import { AnomaliesTable } from './table';
-import { RecreateJobButton } from '../../../../../components/logging/log_analysis_job_status';
+import { ManageJobsButton } from '../../../../../components/logging/log_analysis_setup/manage_jobs_button';
 import {
-  Page,
+  ChangePaginationOptions,
+  ChangeSortOptions,
   FetchNextPage,
   FetchPreviousPage,
-  ChangeSortOptions,
-  ChangePaginationOptions,
-  SortOptions,
-  PaginationOptions,
   LogEntryAnomalies,
+  Page,
+  PaginationOptions,
+  SortOptions,
 } from '../../use_log_entry_anomalies_results';
 import { LoadingOverlayWrapper } from '../../../../../components/loading_overlay_wrapper';
 
@@ -40,7 +40,7 @@ export const AnomaliesResults: React.FunctionComponent<{
   anomalies: LogEntryAnomalies;
   setTimeRange: (timeRange: TimeRange) => void;
   timeRange: TimeRange;
-  viewSetupForReconfiguration: () => void;
+  onViewModuleList: () => void;
   page: Page;
   fetchNextPage?: FetchNextPage;
   fetchPreviousPage?: FetchPreviousPage;
@@ -54,7 +54,7 @@ export const AnomaliesResults: React.FunctionComponent<{
   logEntryRateResults,
   setTimeRange,
   timeRange,
-  viewSetupForReconfiguration,
+  onViewModuleList,
   anomalies,
   changeSortOptions,
   sortOptions,
@@ -93,7 +93,7 @@ export const AnomaliesResults: React.FunctionComponent<{
           </EuiTitle>
         </EuiFlexItem>
         <EuiFlexItem grow={false}>
-          <RecreateJobButton onClick={viewSetupForReconfiguration} size="s" />
+          <ManageJobsButton onClick={onViewModuleList} size="s" />
         </EuiFlexItem>
       </EuiFlexGroup>
       <EuiSpacer size="m" />
diff --git a/x-pack/plugins/infra/public/pages/logs/page_content.tsx b/x-pack/plugins/infra/public/pages/logs/page_content.tsx
index c5047dbdf3bb57..426ae8e9d05a88 100644
--- a/x-pack/plugins/infra/public/pages/logs/page_content.tsx
+++ b/x-pack/plugins/infra/public/pages/logs/page_content.tsx
@@ -42,10 +42,10 @@ export const LogsPageContent: React.FunctionComponent = () => {
     pathname: '/stream',
   };
 
-  const logRateTab = {
+  const anomaliesTab = {
     app: 'logs',
-    title: logRateTabTitle,
-    pathname: '/log-rate',
+    title: anomaliesTabTitle,
+    pathname: '/anomalies',
   };
 
   const logCategoriesTab = {
@@ -77,7 +77,7 @@ export const LogsPageContent: React.FunctionComponent = () => {
       <AppNavigation aria-label={pageTitle}>
         <EuiFlexGroup gutterSize={'none'} alignItems={'center'}>
           <EuiFlexItem>
-            <RoutedTabs tabs={[streamTab, logRateTab, logCategoriesTab, settingsTab]} />
+            <RoutedTabs tabs={[streamTab, anomaliesTab, logCategoriesTab, settingsTab]} />
           </EuiFlexItem>
           <EuiFlexItem grow={false}>
             <AlertDropdown />
@@ -96,10 +96,11 @@ export const LogsPageContent: React.FunctionComponent = () => {
       </AppNavigation>
       <Switch>
         <Route path={streamTab.pathname} component={StreamPage} />
-        <Route path={logRateTab.pathname} component={LogEntryRatePage} />
+        <Route path={anomaliesTab.pathname} component={LogEntryRatePage} />
         <Route path={logCategoriesTab.pathname} component={LogEntryCategoriesPage} />
         <Route path={settingsTab.pathname} component={LogsSettingsPage} />
-        <RedirectWithQueryParams from={'/analysis'} to={logRateTab.pathname} exact />
+        <RedirectWithQueryParams from={'/analysis'} to={anomaliesTab.pathname} exact />
+        <RedirectWithQueryParams from={'/log-rate'} to={anomaliesTab.pathname} exact />
         <RedirectWithQueryParams from={'/'} to={streamTab.pathname} exact />
       </Switch>
     </ColumnarPage>
@@ -114,8 +115,8 @@ const streamTabTitle = i18n.translate('xpack.infra.logs.index.streamTabTitle', {
   defaultMessage: 'Stream',
 });
 
-const logRateTabTitle = i18n.translate('xpack.infra.logs.index.logRateBetaBadgeTitle', {
-  defaultMessage: 'Log Rate',
+const anomaliesTabTitle = i18n.translate('xpack.infra.logs.index.anomaliesTabTitle', {
+  defaultMessage: 'Anomalies',
 });
 
 const logCategoriesTabTitle = i18n.translate('xpack.infra.logs.index.logCategoriesBetaBadgeTitle', {
diff --git a/x-pack/plugins/ingest_manager/README.md b/x-pack/plugins/ingest_manager/README.md
index eebafc76a5e00e..1a19672331035c 100644
--- a/x-pack/plugins/ingest_manager/README.md
+++ b/x-pack/plugins/ingest_manager/README.md
@@ -4,11 +4,11 @@
 
 - The plugin is disabled by default. See the TypeScript type for the [the available plugin configuration options](https://github.com/elastic/kibana/blob/master/x-pack/plugins/ingest_manager/common/types/index.ts#L9-L27)
 - Setting `xpack.ingestManager.enabled=true` enables the plugin including the EPM and Fleet features. It also adds the `PACKAGE_CONFIG_API_ROUTES` and `AGENT_CONFIG_API_ROUTES` values in [`common/constants/routes.ts`](./common/constants/routes.ts)
-- Adding `--xpack.ingestManager.epm.enabled=false` will disable the EPM API & UI
 - Adding `--xpack.ingestManager.fleet.enabled=false` will disable the Fleet API & UI
   - [code for adding the routes](https://github.com/elastic/kibana/blob/1f27d349533b1c2865c10c45b2cf705d7416fb36/x-pack/plugins/ingest_manager/server/plugin.ts#L115-L133)
   - [Integration tests](server/integration_tests/router.test.ts)
 - Both EPM and Fleet require `ingestManager` be enabled. They are not standalone features.
+- For Gold+ license, a custom package registry URL can be used by setting `xpack.ingestManager.registryUrl=http://localhost:8080`
 
 ## Fleet Requirements
 
diff --git a/x-pack/plugins/ingest_manager/common/types/index.ts b/x-pack/plugins/ingest_manager/common/types/index.ts
index ff08b8a9252046..0fce5cfa6226ff 100644
--- a/x-pack/plugins/ingest_manager/common/types/index.ts
+++ b/x-pack/plugins/ingest_manager/common/types/index.ts
@@ -8,10 +8,7 @@ export * from './rest_spec';
 
 export interface IngestManagerConfigType {
   enabled: boolean;
-  epm: {
-    enabled: boolean;
-    registryUrl?: string;
-  };
+  registryUrl?: string;
   fleet: {
     enabled: boolean;
     tlsCheckDisabled: boolean;
diff --git a/x-pack/plugins/ingest_manager/public/applications/ingest_manager/components/alpha_flyout.tsx b/x-pack/plugins/ingest_manager/public/applications/ingest_manager/components/alpha_flyout.tsx
index 1e7a14e3502296..03c70f71529c9e 100644
--- a/x-pack/plugins/ingest_manager/public/applications/ingest_manager/components/alpha_flyout.tsx
+++ b/x-pack/plugins/ingest_manager/public/applications/ingest_manager/components/alpha_flyout.tsx
@@ -38,50 +38,34 @@ export const AlphaFlyout: React.FunctionComponent<Props> = ({ onClose }) => {
           <p>
             <FormattedMessage
               id="xpack.ingestManager.alphaMessaging.introText"
-              defaultMessage="This release is experimental and is not subject to the support SLA. It is designed for users to test and offer feedback about Ingest
-            Manager and the new Elastic Agent. It is not intended for use in production environments since certain features may change or go away in a future release."
+              defaultMessage="Ingest Manager is under active development and is not intended for use in production environments. This beta release is designed for users to test and offer feedback about Ingest
+            Manager and the new Elastic Agent. This plugin is not subject to the support SLA."
             />
           </p>
-          <FormattedMessage
-            id="xpack.ingestManager.alphaMessaging.feedbackText"
-            defaultMessage="We encourage you to read our {docsLink} or to ask questions and send feedback in our {forumLink}."
-            values={{
-              docsLink: (
-                <EuiLink href="https://ela.st/ingest-manager-docs" external target="_blank">
-                  <FormattedMessage
-                    id="xpack.ingestManager.alphaMessaging.docsLink"
-                    defaultMessage="documentation"
-                  />
-                </EuiLink>
-              ),
-              forumLink: (
-                <EuiLink href="https://ela.st/ingest-manager-forum" external target="_blank">
-                  <FormattedMessage
-                    id="xpack.ingestManager.alphaMessaging.forumLink"
-                    defaultMessage="Discuss forum"
-                  />
-                </EuiLink>
-              ),
-            }}
-          />
-          <p />
-
           <p>
             <FormattedMessage
-              id="xpack.ingestManager.alphaMessaging.warningText"
-              defaultMessage="{note}: you should not store important data with Ingest Manager
-              since you will have limited visibility to it in a future release. This version uses an
-              indexing strategy that will be deprecated in a future release and there is no migration
-              path. Also, licensing for certain features is under consideration and may change in the future. As a result, you may lose access to certain features based on your license
-              tier."
+              id="xpack.ingestManager.alphaMessaging.feedbackText"
+              defaultMessage="We encourage you to read our {docsLink} or to ask questions and send feedback in our {forumLink}."
               values={{
-                note: (
-                  <strong>
+                docsLink: (
+                  <EuiLink
+                    href="https://www.elastic.co/guide/en/ingest-management/current/index.html"
+                    external
+                    target="_blank"
+                  >
+                    <FormattedMessage
+                      id="xpack.ingestManager.alphaMessaging.docsLink"
+                      defaultMessage="documentation"
+                    />
+                  </EuiLink>
+                ),
+                forumLink: (
+                  <EuiLink href="https://ela.st/ingest-manager-forum" external target="_blank">
                     <FormattedMessage
-                      id="xpack.ingestManager.alphaMessaging.warningNote"
-                      defaultMessage="Note"
+                      id="xpack.ingestManager.alphaMessaging.forumLink"
+                      defaultMessage="Discuss forum"
                     />
-                  </strong>
+                  </EuiLink>
                 ),
               }}
             />
diff --git a/x-pack/plugins/ingest_manager/public/applications/ingest_manager/components/alpha_messaging.tsx b/x-pack/plugins/ingest_manager/public/applications/ingest_manager/components/alpha_messaging.tsx
index f43419fc52ef0d..ca4dfcb685e7b2 100644
--- a/x-pack/plugins/ingest_manager/public/applications/ingest_manager/components/alpha_messaging.tsx
+++ b/x-pack/plugins/ingest_manager/public/applications/ingest_manager/components/alpha_messaging.tsx
@@ -28,17 +28,20 @@ export const AlphaMessaging: React.FC<{}> = () => {
           <strong>
             <FormattedMessage
               id="xpack.ingestManager.alphaMessageTitle"
-              defaultMessage="Experimental"
+              defaultMessage="Beta release"
             />
           </strong>
           {' – '}
           <FormattedMessage
             id="xpack.ingestManager.alphaMessageDescription"
-            defaultMessage="Ingest Manager is under active development and is not
-          intended for production purposes."
+            defaultMessage="Ingest Manager is not
+            recommended for production environments."
           />{' '}
           <EuiLink color="subdued" onClick={() => setIsAlphaFlyoutOpen(true)}>
-            View more details.
+            <FormattedMessage
+              id="xpack.ingestManager.alphaMessageLinkText"
+              defaultMessage="See more details."
+            />
           </EuiLink>
         </p>
       </Message>
diff --git a/x-pack/plugins/ingest_manager/public/applications/ingest_manager/index.tsx b/x-pack/plugins/ingest_manager/public/applications/ingest_manager/index.tsx
index 94d3379f35e051..0eaf7854055903 100644
--- a/x-pack/plugins/ingest_manager/public/applications/ingest_manager/index.tsx
+++ b/x-pack/plugins/ingest_manager/public/applications/ingest_manager/index.tsx
@@ -59,7 +59,7 @@ const ErrorLayout = ({ children }: { children: JSX.Element }) => (
 
 const IngestManagerRoutes = memo<{ history: AppMountParameters['history']; basepath: string }>(
   ({ history, ...rest }) => {
-    const { epm, fleet } = useConfig();
+    const { fleet } = useConfig();
     const { notifications } = useCore();
 
     const [isPermissionsLoading, setIsPermissionsLoading] = useState<boolean>(false);
@@ -186,11 +186,11 @@ const IngestManagerRoutes = memo<{ history: AppMountParameters['history']; basep
             <Router {...rest}>
               <PackageInstallProvider notifications={notifications}>
                 <Switch>
-                  <ProtectedRoute path={PAGE_ROUTING_PATHS.integrations} isAllowed={epm.enabled}>
+                  <Route path={PAGE_ROUTING_PATHS.integrations}>
                     <DefaultLayout section="epm">
                       <EPMApp />
                     </DefaultLayout>
-                  </ProtectedRoute>
+                  </Route>
                   <Route path={PAGE_ROUTING_PATHS.configurations}>
                     <DefaultLayout section="agent_config">
                       <AgentConfigApp />
diff --git a/x-pack/plugins/ingest_manager/public/applications/ingest_manager/layouts/default.tsx b/x-pack/plugins/ingest_manager/public/applications/ingest_manager/layouts/default.tsx
index 1f356301b714ac..09da96fac4462f 100644
--- a/x-pack/plugins/ingest_manager/public/applications/ingest_manager/layouts/default.tsx
+++ b/x-pack/plugins/ingest_manager/public/applications/ingest_manager/layouts/default.tsx
@@ -41,7 +41,7 @@ export const DefaultLayout: React.FunctionComponent<Props> = ({
   children,
 }) => {
   const { getHref } = useLink();
-  const { epm, fleet } = useConfig();
+  const { fleet } = useConfig();
   const { uiSettings } = useCore();
   const [isSettingsFlyoutOpen, setIsSettingsFlyoutOpen] = React.useState(false);
 
@@ -71,11 +71,7 @@ export const DefaultLayout: React.FunctionComponent<Props> = ({
                       defaultMessage="Overview"
                     />
                   </EuiTab>
-                  <EuiTab
-                    isSelected={section === 'epm'}
-                    href={getHref('integrations_all')}
-                    disabled={!epm?.enabled}
-                  >
+                  <EuiTab isSelected={section === 'epm'} href={getHref('integrations_all')}>
                     <FormattedMessage
                       id="xpack.ingestManager.appNavigation.epmLinkText"
                       defaultMessage="Integrations"
diff --git a/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/agent_config/create_package_config_page/step_select_config.tsx b/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/agent_config/create_package_config_page/step_select_config.tsx
index d3120f9051f454..91c80b7eee4c87 100644
--- a/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/agent_config/create_package_config_page/step_select_config.tsx
+++ b/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/agent_config/create_package_config_page/step_select_config.tsx
@@ -148,6 +148,7 @@ export const StepSelectConfig: React.FunctionComponent<{
                 setSelectedConfigId(newAgentConfig.id);
               }
             }}
+            ownFocus={true}
           />
         </EuiPortal>
       ) : null}
diff --git a/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/agent_config/list_page/components/create_config.tsx b/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/agent_config/list_page/components/create_config.tsx
index 795c46ec282c57..37fce340da6eaa 100644
--- a/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/agent_config/list_page/components/create_config.tsx
+++ b/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/agent_config/list_page/components/create_config.tsx
@@ -4,6 +4,7 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 import React, { useState } from 'react';
+import styled from 'styled-components';
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n/react';
 import {
@@ -17,16 +18,24 @@ import {
   EuiButtonEmpty,
   EuiButton,
   EuiText,
+  EuiFlyoutProps,
 } from '@elastic/eui';
 import { NewAgentConfig, AgentConfig } from '../../../../types';
 import { useCapabilities, useCore, sendCreateAgentConfig } from '../../../../hooks';
 import { AgentConfigForm, agentConfigFormValidation } from '../../components';
 
-interface Props {
+const FlyoutWithHigherZIndex = styled(EuiFlyout)`
+  z-index: ${(props) => props.theme.eui.euiZLevel5};
+`;
+
+interface Props extends EuiFlyoutProps {
   onClose: (createdAgentConfig?: AgentConfig) => void;
 }
 
-export const CreateAgentConfigFlyout: React.FunctionComponent<Props> = ({ onClose }) => {
+export const CreateAgentConfigFlyout: React.FunctionComponent<Props> = ({
+  onClose,
+  ...restOfProps
+}) => {
   const { notifications } = useCore();
   const hasWriteCapabilites = useCapabilities().write;
   const [agentConfig, setAgentConfig] = useState<NewAgentConfig>({
@@ -147,10 +156,10 @@ export const CreateAgentConfigFlyout: React.FunctionComponent<Props> = ({ onClos
   );
 
   return (
-    <EuiFlyout onClose={onClose} size="l" maxWidth={400}>
+    <FlyoutWithHigherZIndex onClose={onClose} size="l" maxWidth={400} {...restOfProps}>
       {header}
       {body}
       {footer}
-    </EuiFlyout>
+    </FlyoutWithHigherZIndex>
   );
 };
diff --git a/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/epm/index.tsx b/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/epm/index.tsx
index cb0664143bb34f..f15b7d7f182a8d 100644
--- a/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/epm/index.tsx
+++ b/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/epm/index.tsx
@@ -7,16 +7,15 @@
 import React from 'react';
 import { HashRouter as Router, Switch, Route } from 'react-router-dom';
 import { PAGE_ROUTING_PATHS } from '../../constants';
-import { useConfig, useBreadcrumbs } from '../../hooks';
+import { useBreadcrumbs } from '../../hooks';
 import { CreatePackageConfigPage } from '../agent_config/create_package_config_page';
 import { EPMHomePage } from './screens/home';
 import { Detail } from './screens/detail';
 
 export const EPMApp: React.FunctionComponent = () => {
   useBreadcrumbs('integrations');
-  const { epm } = useConfig();
 
-  return epm.enabled ? (
+  return (
     <Router>
       <Switch>
         <Route path={PAGE_ROUTING_PATHS.add_integration_to_configuration}>
@@ -30,5 +29,5 @@ export const EPMApp: React.FunctionComponent = () => {
         </Route>
       </Switch>
     </Router>
-  ) : null;
+  );
 };
diff --git a/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/overview/components/agent_section.tsx b/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/overview/components/agent_section.tsx
index 6e61a55466e879..7e33589bffea12 100644
--- a/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/overview/components/agent_section.tsx
+++ b/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/overview/components/agent_section.tsx
@@ -5,13 +5,13 @@
  */
 
 import React from 'react';
-import { EuiFlexItem, EuiI18nNumber } from '@elastic/eui';
 import { FormattedMessage } from '@kbn/i18n/react';
+import { i18n } from '@kbn/i18n';
 import {
-  EuiTitle,
-  EuiButtonEmpty,
+  EuiI18nNumber,
   EuiDescriptionListTitle,
   EuiDescriptionListDescription,
+  EuiFlexItem,
 } from '@elastic/eui';
 import { OverviewPanel } from './overview_panel';
 import { OverviewStats } from './overview_stats';
@@ -24,23 +24,19 @@ export const OverviewAgentSection = () => {
 
   return (
     <EuiFlexItem component="section">
-      <OverviewPanel>
-        <header>
-          <EuiTitle size="xs">
-            <h2>
-              <FormattedMessage
-                id="xpack.ingestManager.overviewPageFleetPanelTitle"
-                defaultMessage="Fleet"
-              />
-            </h2>
-          </EuiTitle>
-          <EuiButtonEmpty size="xs" flush="right" href={getHref('fleet_agent_list')}>
-            <FormattedMessage
-              id="xpack.ingestManager.overviewPageFleetPanelAction"
-              defaultMessage="View agents"
-            />
-          </EuiButtonEmpty>
-        </header>
+      <OverviewPanel
+        title={i18n.translate('xpack.ingestManager.overviewPageFleetPanelTitle', {
+          defaultMessage: 'Fleet',
+        })}
+        tooltip={i18n.translate('xpack.ingestManager.overviewPageFleetPanelTooltip', {
+          defaultMessage:
+            'Use Fleet to enroll agents and manage their configurations from a central location.',
+        })}
+        linkTo={getHref('fleet_agent_list')}
+        linkToText={i18n.translate('xpack.ingestManager.overviewPageFleetPanelAction', {
+          defaultMessage: 'View agents',
+        })}
+      >
         <OverviewStats>
           {agentStatusRequest.isLoading ? (
             <Loading />
diff --git a/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/overview/components/configuration_section.tsx b/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/overview/components/configuration_section.tsx
index 5a5e901d629b5e..56aaba1d433212 100644
--- a/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/overview/components/configuration_section.tsx
+++ b/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/overview/components/configuration_section.tsx
@@ -5,11 +5,11 @@
  */
 
 import React from 'react';
-import { EuiFlexItem, EuiI18nNumber } from '@elastic/eui';
 import { FormattedMessage } from '@kbn/i18n/react';
+import { i18n } from '@kbn/i18n';
 import {
-  EuiTitle,
-  EuiButtonEmpty,
+  EuiFlexItem,
+  EuiI18nNumber,
   EuiDescriptionListTitle,
   EuiDescriptionListDescription,
 } from '@elastic/eui';
@@ -30,23 +30,18 @@ export const OverviewConfigurationSection: React.FC<{ agentConfigs: AgentConfig[
 
   return (
     <EuiFlexItem component="section">
-      <OverviewPanel>
-        <header>
-          <EuiTitle size="xs">
-            <h2>
-              <FormattedMessage
-                id="xpack.ingestManager.overviewPageConfigurationsPanelTitle"
-                defaultMessage="Agent configurations"
-              />
-            </h2>
-          </EuiTitle>
-          <EuiButtonEmpty size="xs" flush="right" href={getHref('configurations_list')}>
-            <FormattedMessage
-              id="xpack.ingestManager.overviewPageConfigurationsPanelAction"
-              defaultMessage="View configs"
-            />
-          </EuiButtonEmpty>
-        </header>
+      <OverviewPanel
+        title={i18n.translate('xpack.ingestManager.overviewPageConfigurationsPanelTitle', {
+          defaultMessage: 'Agent configurations',
+        })}
+        tooltip={i18n.translate('xpack.ingestManager.overviewPageConfigurationsPanelTooltip', {
+          defaultMessage: 'Use agent configurations to control the data that your agents collect.',
+        })}
+        linkTo={getHref('configurations_list')}
+        linkToText={i18n.translate('xpack.ingestManager.overviewPageConfigurationsPanelAction', {
+          defaultMessage: 'View configurations',
+        })}
+      >
         <OverviewStats>
           {packageConfigsRequest.isLoading ? (
             <Loading />
diff --git a/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/overview/components/datastream_section.tsx b/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/overview/components/datastream_section.tsx
index eab6cf087e1274..41c011de2da5c2 100644
--- a/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/overview/components/datastream_section.tsx
+++ b/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/overview/components/datastream_section.tsx
@@ -5,11 +5,11 @@
  */
 
 import React from 'react';
-import { EuiFlexItem, EuiI18nNumber } from '@elastic/eui';
 import { FormattedMessage } from '@kbn/i18n/react';
+import { i18n } from '@kbn/i18n';
 import {
-  EuiTitle,
-  EuiButtonEmpty,
+  EuiFlexItem,
+  EuiI18nNumber,
   EuiDescriptionListTitle,
   EuiDescriptionListDescription,
 } from '@elastic/eui';
@@ -45,23 +45,18 @@ export const OverviewDatastreamSection: React.FC = () => {
 
   return (
     <EuiFlexItem component="section">
-      <OverviewPanel>
-        <header>
-          <EuiTitle size="xs">
-            <h2>
-              <FormattedMessage
-                id="xpack.ingestManager.overviewPageDataStreamsPanelTitle"
-                defaultMessage="Datasets"
-              />
-            </h2>
-          </EuiTitle>
-          <EuiButtonEmpty size="xs" flush="right" href={getHref('data_streams')}>
-            <FormattedMessage
-              id="xpack.ingestManager.overviewPageDataStreamsPanelAction"
-              defaultMessage="View datasets"
-            />
-          </EuiButtonEmpty>
-        </header>
+      <OverviewPanel
+        title={i18n.translate('xpack.ingestManager.overviewPageDataStreamsPanelTitle', {
+          defaultMessage: 'Datasets',
+        })}
+        tooltip={i18n.translate('xpack.ingestManager.overviewPageDataStreamsPanelTooltip', {
+          defaultMessage: 'Data that your agents collect are organized into various datasets.',
+        })}
+        linkTo={getHref('data_streams')}
+        linkToText={i18n.translate('xpack.ingestManager.overviewPageDataStreamsPanelAction', {
+          defaultMessage: 'View datasets',
+        })}
+      >
         <OverviewStats>
           {datastreamRequest.isLoading ? (
             <Loading />
diff --git a/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/overview/components/integration_section.tsx b/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/overview/components/integration_section.tsx
index b4669b0a0569ba..ba16b47e73051f 100644
--- a/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/overview/components/integration_section.tsx
+++ b/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/overview/components/integration_section.tsx
@@ -5,11 +5,11 @@
  */
 
 import React from 'react';
-import { EuiFlexItem, EuiI18nNumber } from '@elastic/eui';
 import { FormattedMessage } from '@kbn/i18n/react';
+import { i18n } from '@kbn/i18n';
 import {
-  EuiTitle,
-  EuiButtonEmpty,
+  EuiFlexItem,
+  EuiI18nNumber,
   EuiDescriptionListTitle,
   EuiDescriptionListDescription,
 } from '@elastic/eui';
@@ -31,23 +31,19 @@ export const OverviewIntegrationSection: React.FC = () => {
     )?.length ?? 0;
   return (
     <EuiFlexItem component="section">
-      <OverviewPanel>
-        <header>
-          <EuiTitle size="xs">
-            <h2>
-              <FormattedMessage
-                id="xpack.ingestManager.overviewPageIntegrationsPanelTitle"
-                defaultMessage="Integrations"
-              />
-            </h2>
-          </EuiTitle>
-          <EuiButtonEmpty size="xs" flush="right" href={getHref('integrations_all')}>
-            <FormattedMessage
-              id="xpack.ingestManager.overviewPageIntegrationsPanelAction"
-              defaultMessage="View integrations"
-            />
-          </EuiButtonEmpty>
-        </header>
+      <OverviewPanel
+        title={i18n.translate('xpack.ingestManager.overviewPageIntegrationsPanelTitle', {
+          defaultMessage: 'Integrations',
+        })}
+        tooltip={i18n.translate('xpack.ingestManager.overviewPageIntegrationsPanelTooltip', {
+          defaultMessage:
+            'Browse and install integrations for the Elastic Stack. Add integrations to your agent configurations to start sending data.',
+        })}
+        linkTo={getHref('integrations_all')}
+        linkToText={i18n.translate('xpack.ingestManager.overviewPageIntegrationsPanelAction', {
+          defaultMessage: 'View integrations',
+        })}
+      >
         <OverviewStats>
           {packagesRequest.isLoading ? (
             <Loading />
diff --git a/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/overview/components/overview_panel.tsx b/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/overview/components/overview_panel.tsx
index 2e75d1e4690d63..65811261a6d6b3 100644
--- a/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/overview/components/overview_panel.tsx
+++ b/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/overview/components/overview_panel.tsx
@@ -4,10 +4,18 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
+import React from 'react';
 import styled from 'styled-components';
-import { EuiPanel } from '@elastic/eui';
+import {
+  EuiPanel,
+  EuiFlexGroup,
+  EuiFlexItem,
+  EuiTitle,
+  EuiIconTip,
+  EuiButtonEmpty,
+} from '@elastic/eui';
 
-export const OverviewPanel = styled(EuiPanel).attrs((props) => ({
+const StyledPanel = styled(EuiPanel).attrs((props) => ({
   paddingSize: 'm',
 }))`
   header {
@@ -26,3 +34,40 @@ export const OverviewPanel = styled(EuiPanel).attrs((props) => ({
     padding: ${(props) => props.theme.eui.paddingSizes.xs} 0;
   }
 `;
+
+interface OverviewPanelProps {
+  title: string;
+  tooltip: string;
+  linkToText: string;
+  linkTo: string;
+  children: React.ReactNode;
+}
+
+export const OverviewPanel = ({
+  title,
+  tooltip,
+  linkToText,
+  linkTo,
+  children,
+}: OverviewPanelProps) => {
+  return (
+    <StyledPanel>
+      <header>
+        <EuiFlexGroup responsive={false} gutterSize="xs" alignItems="center">
+          <EuiFlexItem grow={false}>
+            <EuiTitle size="xs">
+              <h2>{title}</h2>
+            </EuiTitle>
+          </EuiFlexItem>
+          <EuiFlexItem grow={false}>
+            <EuiIconTip content={tooltip} position="top" type="iInCircle" />
+          </EuiFlexItem>
+        </EuiFlexGroup>
+        <EuiButtonEmpty size="xs" flush="right" href={linkTo}>
+          {linkToText}
+        </EuiButtonEmpty>
+      </header>
+      {children}
+    </StyledPanel>
+  );
+};
diff --git a/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/overview/index.tsx b/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/overview/index.tsx
index ca4151fa5c46f0..f4b68f0c5107ee 100644
--- a/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/overview/index.tsx
+++ b/x-pack/plugins/ingest_manager/public/applications/ingest_manager/sections/overview/index.tsx
@@ -4,11 +4,11 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 import React, { useState } from 'react';
-import styled from 'styled-components';
 import {
   EuiButton,
   EuiBetaBadge,
   EuiText,
+  EuiTitle,
   EuiFlexGrid,
   EuiFlexGroup,
   EuiFlexItem,
@@ -23,11 +23,6 @@ import { OverviewConfigurationSection } from './components/configuration_section
 import { OverviewIntegrationSection } from './components/integration_section';
 import { OverviewDatastreamSection } from './components/datastream_section';
 
-const AlphaBadge = styled(EuiBetaBadge)`
-  vertical-align: top;
-  margin-left: ${(props) => props.theme.eui.paddingSizes.s};
-`;
-
 export const IngestManagerOverview: React.FunctionComponent = () => {
   useBreadcrumbs('overview');
 
@@ -46,26 +41,30 @@ export const IngestManagerOverview: React.FunctionComponent = () => {
       leftColumn={
         <EuiFlexGroup direction="column" gutterSize="m">
           <EuiFlexItem>
-            <EuiText>
-              <h1>
-                <FormattedMessage
-                  id="xpack.ingestManager.overviewPageTitle"
-                  defaultMessage="Ingest Manager"
-                />
-                <AlphaBadge
-                  label={i18n.translate('xpack.ingestManager.alphaBadge.labelText', {
-                    defaultMessage: 'Experimental',
-                  })}
-                  title={i18n.translate('xpack.ingestManager.alphaBadge.titleText', {
-                    defaultMessage: 'Experimental',
+            <EuiFlexGroup responsive={false} gutterSize="s" alignItems="center">
+              <EuiFlexItem grow={false}>
+                <EuiTitle size="l">
+                  <h1>
+                    <FormattedMessage
+                      id="xpack.ingestManager.overviewPageTitle"
+                      defaultMessage="Ingest Manager"
+                    />
+                  </h1>
+                </EuiTitle>
+              </EuiFlexItem>
+
+              <EuiFlexItem grow={false}>
+                <EuiBetaBadge
+                  label={i18n.translate('xpack.ingestManager.betaBadge.labelText', {
+                    defaultMessage: 'Beta',
                   })}
-                  tooltipContent={i18n.translate('xpack.ingestManager.alphaBadge.tooltipText', {
+                  tooltipContent={i18n.translate('xpack.ingestManager.betaBadge.tooltipText', {
                     defaultMessage:
-                      'This plugin might change or be removed in a future release and is not subject to the support SLA.',
+                      'This plugin is not recommended for production environments. Please report bugs in our Discuss forum.',
                   })}
                 />
-              </h1>
-            </EuiText>
+              </EuiFlexItem>
+            </EuiFlexGroup>
           </EuiFlexItem>
           <EuiFlexItem>
             <EuiText color="subdued">
@@ -102,9 +101,7 @@ export const IngestManagerOverview: React.FunctionComponent = () => {
       <EuiFlexGrid gutterSize="l" columns={2}>
         <OverviewIntegrationSection />
         <OverviewConfigurationSection agentConfigs={agentConfigs} />
-
         <OverviewAgentSection />
-
         <OverviewDatastreamSection />
       </EuiFlexGrid>
     </WithHeaderLayout>
diff --git a/x-pack/plugins/ingest_manager/server/index.ts b/x-pack/plugins/ingest_manager/server/index.ts
index 811ec8a3d02224..1823cc35616937 100644
--- a/x-pack/plugins/ingest_manager/server/index.ts
+++ b/x-pack/plugins/ingest_manager/server/index.ts
@@ -21,10 +21,7 @@ export const config = {
   },
   schema: schema.object({
     enabled: schema.boolean({ defaultValue: false }),
-    epm: schema.object({
-      enabled: schema.boolean({ defaultValue: true }),
-      registryUrl: schema.maybe(schema.uri()),
-    }),
+    registryUrl: schema.maybe(schema.uri()),
     fleet: schema.object({
       enabled: schema.boolean({ defaultValue: true }),
       tlsCheckDisabled: schema.boolean({ defaultValue: false }),
diff --git a/x-pack/plugins/ingest_manager/server/plugin.ts b/x-pack/plugins/ingest_manager/server/plugin.ts
index db6bccd8c134c2..be96ea3fc4ef83 100644
--- a/x-pack/plugins/ingest_manager/server/plugin.ts
+++ b/x-pack/plugins/ingest_manager/server/plugin.ts
@@ -216,12 +216,9 @@ export class IngestManagerPlugin
       registerOutputRoutes(router);
       registerSettingsRoutes(router);
       registerDataStreamRoutes(router);
+      registerEPMRoutes(router);
 
       // Conditional config routes
-      if (config.epm.enabled) {
-        registerEPMRoutes(router);
-      }
-
       if (config.fleet.enabled) {
         const isESOUsingEphemeralEncryptionKey =
           deps.encryptedSavedObjects.usingEphemeralEncryptionKey;
diff --git a/x-pack/plugins/ingest_manager/server/services/epm/registry/registry_url.ts b/x-pack/plugins/ingest_manager/server/services/epm/registry/registry_url.ts
index d92d6faf8472ef..47c91218089883 100644
--- a/x-pack/plugins/ingest_manager/server/services/epm/registry/registry_url.ts
+++ b/x-pack/plugins/ingest_manager/server/services/epm/registry/registry_url.ts
@@ -8,7 +8,7 @@ import { appContextService, licenseService } from '../../';
 
 export const getRegistryUrl = (): string => {
   const license = licenseService.getLicenseInformation();
-  const customUrl = appContextService.getConfig()?.epm.registryUrl;
+  const customUrl = appContextService.getConfig()?.registryUrl;
 
   if (
     customUrl &&
@@ -20,5 +20,9 @@ export const getRegistryUrl = (): string => {
     return customUrl;
   }
 
+  if (customUrl) {
+    appContextService.getLogger().warn('Gold license is required to use a custom registry url.');
+  }
+
   return DEFAULT_REGISTRY_URL;
 };
diff --git a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/_data_panel_wrapper.scss b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/_data_panel_wrapper.scss
index 261d6672df93a1..a7c8e4dfc6baa4 100644
--- a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/_data_panel_wrapper.scss
+++ b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/_data_panel_wrapper.scss
@@ -1,6 +1,7 @@
 .lnsDataPanelWrapper {
   flex: 1 0 100%;
   overflow: hidden;
+  background-color: lightOrDarkTheme($euiColorLightestShade, $euiColorInk);
 }
 
 .lnsDataPanelWrapper__switchSource {
diff --git a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/_frame_layout.scss b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/_frame_layout.scss
index 35c28595a59c0c..c2e8d4f6c00493 100644
--- a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/_frame_layout.scss
+++ b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/_frame_layout.scss
@@ -22,7 +22,7 @@
   // Leave out bottom padding so the suggestions scrollbar stays flush to window edge
   // Leave out left padding so the left sidebar's focus states are visible outside of content bounds
   // This also means needing to add same amount of margin to page content and suggestion items
-  padding: $euiSize $euiSize 0 0;
+  padding: $euiSize $euiSize 0;
 
   &:first-child {
     padding-left: $euiSize;
@@ -40,9 +40,10 @@
 
 .lnsFrameLayout__sidebar--right {
   @include euiScrollBar;
-  min-width: $lnsPanelMinWidth + $euiSize;
+  background-color: lightOrDarkTheme($euiColorLightestShade, $euiColorInk);
+  min-width: $lnsPanelMinWidth + $euiSizeXL;
   overflow-x: hidden;
   overflow-y: scroll;
-  padding-top: $euiSize;
+  padding: $euiSize 0 $euiSize $euiSize;
   max-height: 100%;
 }
diff --git a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/config_panel/_layer_panel.scss b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/config_panel/_layer_panel.scss
index 924f44a37c4591..4e13fd95d19618 100644
--- a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/config_panel/_layer_panel.scss
+++ b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/config_panel/_layer_panel.scss
@@ -2,6 +2,10 @@
   margin-bottom: $euiSizeS;
 }
 
+.lnsLayerPanel__sourceFlexItem {
+  max-width: calc(100% - #{$euiSize * 3.625});
+}
+
 .lnsLayerPanel__row {
   background: $euiColorLightestShade;
   padding: $euiSizeS;
@@ -32,5 +36,6 @@
 }
 
 .lnsLayerPanel__styleEditor {
-  width: $euiSize * 28;
+  width: $euiSize * 30;
+  padding: $euiSizeS;
 }
diff --git a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/config_panel/dimension_popover.tsx b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/config_panel/dimension_popover.tsx
index cc8d97a445016a..8d31e1bcc2e6a0 100644
--- a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/config_panel/dimension_popover.tsx
+++ b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/config_panel/dimension_popover.tsx
@@ -40,8 +40,7 @@ export function DimensionPopover({
       }}
       button={trigger}
       anchorPosition="leftUp"
-      withTitle
-      panelPaddingSize="s"
+      panelPaddingSize="none"
     >
       {panel}
     </EuiPopover>
diff --git a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/config_panel/layer_panel.tsx b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/config_panel/layer_panel.tsx
index 36d5bfd965e262..e51a155a199358 100644
--- a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/config_panel/layer_panel.tsx
+++ b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/config_panel/layer_panel.tsx
@@ -103,7 +103,7 @@ export function LayerPanel(
           </EuiFlexItem>
 
           {layerDatasource && (
-            <EuiFlexItem className="eui-textTruncate">
+            <EuiFlexItem className="lnsLayerPanel__sourceFlexItem">
               <NativeRenderer
                 render={layerDatasource.renderLayerPanel}
                 nativeProps={{
@@ -170,18 +170,15 @@ export function LayerPanel(
                         defaultMessage: 'Quick functions',
                       }),
                       content: (
-                        <>
-                          <EuiSpacer size="s" />
-                          <NativeRenderer
-                            render={props.datasourceMap[datasourceId].renderDimensionEditor}
-                            nativeProps={{
-                              ...layerDatasourceConfigProps,
-                              core: props.core,
-                              columnId: accessor,
-                              filterOperations: group.filterOperations,
-                            }}
-                          />
-                        </>
+                        <NativeRenderer
+                          render={props.datasourceMap[datasourceId].renderDimensionEditor}
+                          nativeProps={{
+                            ...layerDatasourceConfigProps,
+                            core: props.core,
+                            columnId: accessor,
+                            filterOperations: group.filterOperations,
+                          }}
+                        />
                       ),
                     },
                   ];
@@ -194,7 +191,6 @@ export function LayerPanel(
                       }),
                       content: (
                         <div className="lnsLayerPanel__styleEditor">
-                          <EuiSpacer size="s" />
                           <NativeRenderer
                             render={activeVisualization.renderDimensionEditor}
                             nativeProps={{
diff --git a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/config_panel/layer_settings.tsx b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/config_panel/layer_settings.tsx
index 49f2224bf4231f..682316a586626e 100644
--- a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/config_panel/layer_settings.tsx
+++ b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/config_panel/layer_settings.tsx
@@ -5,10 +5,11 @@
  */
 
 import React, { useState } from 'react';
-import { EuiPopover, EuiButtonIcon, EuiToolTip } from '@elastic/eui';
+import { EuiPopover, EuiToolTip } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 import { NativeRenderer } from '../../../native_renderer';
 import { Visualization, VisualizationLayerWidgetProps } from '../../../types';
+import { ToolbarButton } from '../../../toolbar_button';
 
 export function LayerSettings({
   layerId,
@@ -25,6 +26,10 @@ export function LayerSettings({
     return null;
   }
 
+  const a11yText = i18n.translate('xpack.lens.editLayerSettings', {
+    defaultMessage: 'Edit layer settings',
+  });
+
   return (
     <EuiPopover
       id={`lnsLayerPopover_${layerId}`}
@@ -36,11 +41,11 @@ export function LayerSettings({
             defaultMessage: 'Edit layer settings',
           })}
         >
-          <EuiButtonIcon
+          <ToolbarButton
+            size="s"
             iconType={activeVisualization.getLayerContextMenuIcon?.(layerConfigProps) || 'gear'}
-            aria-label={i18n.translate('xpack.lens.editLayerSettings', {
-              defaultMessage: 'Edit layer settings',
-            })}
+            aria-label={a11yText}
+            title={a11yText}
             onClick={() => setIsOpen(!isOpen)}
             data-test-subj="lns_layer_settings"
           />
diff --git a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/chart_switch.scss b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/chart_switch.scss
index ae4a7861b1d90a..8a44d59ff1c0df 100644
--- a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/chart_switch.scss
+++ b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/chart_switch.scss
@@ -5,15 +5,9 @@
   }
 }
 
-.lnsChartSwitch__triggerButton {
-  @include euiTitle('xs');
-  background-color: $euiColorEmptyShade;
-  border-color: $euiColorLightShade;
-}
-
 .lnsChartSwitch__summaryIcon {
   margin-right: $euiSizeS;
-  transform: translateY(-2px);
+  transform: translateY(-1px);
 }
 
 // Targeting img as this won't target normal EuiIcon's only the custom svgs's
diff --git a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/chart_switch.tsx b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/chart_switch.tsx
index 4c5a44ecc695ec..fa87d80e5cf408 100644
--- a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/chart_switch.tsx
+++ b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/chart_switch.tsx
@@ -4,6 +4,7 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
+import './chart_switch.scss';
 import React, { useState, useMemo } from 'react';
 import {
   EuiIcon,
@@ -11,7 +12,6 @@ import {
   EuiPopoverTitle,
   EuiKeyPadMenu,
   EuiKeyPadMenuItem,
-  EuiButton,
 } from '@elastic/eui';
 import { flatten } from 'lodash';
 import { i18n } from '@kbn/i18n';
@@ -19,6 +19,7 @@ import { Visualization, FramePublicAPI, Datasource } from '../../../types';
 import { Action } from '../state_management';
 import { getSuggestions, switchToSuggestion, Suggestion } from '../suggestion_helpers';
 import { trackUiEvent } from '../../../lens_ui_telemetry';
+import { ToolbarButton } from '../../../toolbar_button';
 
 interface VisualizationSelection {
   visualizationId: string;
@@ -72,8 +73,6 @@ function VisualizationSummary(props: Props) {
   );
 }
 
-import './chart_switch.scss';
-
 export function ChartSwitch(props: Props) {
   const [flyoutOpen, setFlyoutOpen] = useState<boolean>(false);
 
@@ -202,16 +201,13 @@ export function ChartSwitch(props: Props) {
       panelClassName="lnsChartSwitch__popoverPanel"
       panelPaddingSize="s"
       button={
-        <EuiButton
-          className="lnsChartSwitch__triggerButton"
+        <ToolbarButton
           onClick={() => setFlyoutOpen(!flyoutOpen)}
           data-test-subj="lnsChartSwitchPopover"
-          iconSide="right"
-          iconType="arrowDown"
-          color="text"
+          fontWeight="bold"
         >
           <VisualizationSummary {...props} />
-        </EuiButton>
+        </ToolbarButton>
       }
       isOpen={flyoutOpen}
       closePopover={() => setFlyoutOpen(false)}
diff --git a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/workspace_panel.tsx b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/workspace_panel.tsx
index beb69525560679..9f5b6665b31d3c 100644
--- a/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/workspace_panel.tsx
+++ b/x-pack/plugins/lens/public/editor_frame_service/editor_frame/workspace_panel/workspace_panel.tsx
@@ -15,6 +15,7 @@ import {
   EuiText,
   EuiBetaBadge,
   EuiButtonEmpty,
+  EuiLink,
 } from '@elastic/eui';
 import { CoreStart, CoreSetup } from 'kibana/public';
 import {
@@ -208,18 +209,20 @@ export function InnerWorkspacePanel({
             />{' '}
             <EuiBetaBadge label="Beta" tooltipContent={tooltipContent} />
           </p>
-          <EuiButtonEmpty
-            href="https://www.elastic.co/products/kibana/feedback"
-            iconType="popout"
-            iconSide="right"
-            size="xs"
-            target="_blank"
-          >
-            <FormattedMessage
-              id="xpack.lens.editorFrame.goToForums"
-              defaultMessage="Make requests and give feedback"
-            />
-          </EuiButtonEmpty>
+          <p>
+            <small>
+              <EuiLink
+                href="https://www.elastic.co/products/kibana/feedback"
+                target="_blank"
+                external
+              >
+                <FormattedMessage
+                  id="xpack.lens.editorFrame.goToForums"
+                  defaultMessage="Make requests and give feedback"
+                />
+              </EuiLink>
+            </small>
+          </p>
         </EuiText>
       </div>
     );
diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/change_indexpattern.tsx b/x-pack/plugins/lens/public/indexpattern_datasource/change_indexpattern.tsx
index 94c0f4083dfee9..5e2fe9d7bbc14b 100644
--- a/x-pack/plugins/lens/public/indexpattern_datasource/change_indexpattern.tsx
+++ b/x-pack/plugins/lens/public/indexpattern_datasource/change_indexpattern.tsx
@@ -6,18 +6,13 @@
 
 import { i18n } from '@kbn/i18n';
 import React, { useState } from 'react';
-import {
-  EuiButtonEmpty,
-  EuiPopover,
-  EuiPopoverTitle,
-  EuiSelectable,
-  EuiButtonEmptyProps,
-} from '@elastic/eui';
+import { EuiPopover, EuiPopoverTitle, EuiSelectable } from '@elastic/eui';
 import { EuiSelectableProps } from '@elastic/eui/src/components/selectable/selectable';
 import { IndexPatternRef } from './types';
 import { trackUiEvent } from '../lens_ui_telemetry';
+import { ToolbarButtonProps, ToolbarButton } from '../toolbar_button';
 
-export type ChangeIndexPatternTriggerProps = EuiButtonEmptyProps & {
+export type ChangeIndexPatternTriggerProps = ToolbarButtonProps & {
   label: string;
   title?: string;
 };
@@ -40,29 +35,24 @@ export function ChangeIndexPattern({
   const createTrigger = function () {
     const { label, title, ...rest } = trigger;
     return (
-      <EuiButtonEmpty
-        className="eui-textTruncate"
-        flush="left"
-        color="text"
-        iconSide="right"
-        iconType="arrowDown"
+      <ToolbarButton
         title={title}
         onClick={() => setPopoverIsOpen(!isPopoverOpen)}
+        fullWidth
         {...rest}
       >
         {label}
-      </EuiButtonEmpty>
+      </ToolbarButton>
     );
   };
 
   return (
     <>
       <EuiPopover
+        style={{ width: '100%' }}
         button={createTrigger()}
         isOpen={isPopoverOpen}
         closePopover={() => setPopoverIsOpen(false)}
-        className="eui-textTruncate"
-        anchorClassName="eui-textTruncate"
         display="block"
         panelPaddingSize="s"
         ownFocus
diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/datapanel.scss b/x-pack/plugins/lens/public/indexpattern_datasource/datapanel.scss
index 3e767502fae3b5..70fb57ee79ee55 100644
--- a/x-pack/plugins/lens/public/indexpattern_datasource/datapanel.scss
+++ b/x-pack/plugins/lens/public/indexpattern_datasource/datapanel.scss
@@ -7,13 +7,7 @@
 .lnsInnerIndexPatternDataPanel__header {
   display: flex;
   align-items: center;
-  height: $euiSize * 3;
-  margin-top: -$euiSizeS;
-}
-
-.lnsInnerIndexPatternDataPanel__triggerButton {
-  @include euiTitle('xs');
-  line-height: $euiSizeXXL;
+  margin-bottom: $euiSizeS;
 }
 
 /**
diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/datapanel.tsx b/x-pack/plugins/lens/public/indexpattern_datasource/datapanel.tsx
index 91c068c2b4fab8..6854452fd02a4a 100644
--- a/x-pack/plugins/lens/public/indexpattern_datasource/datapanel.tsx
+++ b/x-pack/plugins/lens/public/indexpattern_datasource/datapanel.tsx
@@ -424,7 +424,7 @@ export const InnerIndexPatternDataPanel = function InnerIndexPatternDataPanel({
                 label: currentIndexPattern.title,
                 title: currentIndexPattern.title,
                 'data-test-subj': 'indexPattern-switch-link',
-                className: 'lnsInnerIndexPatternDataPanel__triggerButton',
+                fontWeight: 'bold',
               }}
               indexPatternId={currentIndexPatternId}
               indexPatternRefs={indexPatternRefs}
diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/popover_editor.scss b/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/popover_editor.scss
index f619fa55f9ceb0..b8986cea48d4e7 100644
--- a/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/popover_editor.scss
+++ b/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/popover_editor.scss
@@ -1,7 +1,6 @@
 .lnsIndexPatternDimensionEditor {
-  flex-grow: 1;
-  line-height: 0;
-  overflow: hidden;
+  width: $euiSize * 30;
+  padding: $euiSizeS;
 }
 
 .lnsIndexPatternDimensionEditor__left,
@@ -11,10 +10,7 @@
 
 .lnsIndexPatternDimensionEditor__left {
   background-color: $euiPageBackgroundColor;
-}
-
-.lnsIndexPatternDimensionEditor__right {
-  width: $euiSize * 20;
+  width: $euiSize * 8;
 }
 
 .lnsIndexPatternDimensionEditor__operation > button {
diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/popover_editor.tsx b/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/popover_editor.tsx
index 5b84108b99dd97..2fb7382f992e72 100644
--- a/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/popover_editor.tsx
+++ b/x-pack/plugins/lens/public/indexpattern_datasource/dimension_panel/popover_editor.tsx
@@ -299,25 +299,31 @@ export function PopoverEditor(props: PopoverEditorProps) {
             </EuiFlexItem>
             <EuiFlexItem grow={true} className="lnsIndexPatternDimensionEditor__right">
               {incompatibleSelectedOperationType && selectedColumn && (
-                <EuiCallOut
-                  data-test-subj="indexPattern-invalid-operation"
-                  title={i18n.translate('xpack.lens.indexPattern.invalidOperationLabel', {
-                    defaultMessage: 'To use this function, select a different field.',
-                  })}
-                  color="warning"
-                  size="s"
-                  iconType="sortUp"
-                />
+                <>
+                  <EuiCallOut
+                    data-test-subj="indexPattern-invalid-operation"
+                    title={i18n.translate('xpack.lens.indexPattern.invalidOperationLabel', {
+                      defaultMessage: 'To use this function, select a different field.',
+                    })}
+                    color="warning"
+                    size="s"
+                    iconType="sortUp"
+                  />
+                  <EuiSpacer size="m" />
+                </>
               )}
               {incompatibleSelectedOperationType && !selectedColumn && (
-                <EuiCallOut
-                  size="s"
-                  data-test-subj="indexPattern-fieldless-operation"
-                  title={i18n.translate('xpack.lens.indexPattern.fieldlessOperationLabel', {
-                    defaultMessage: 'To use this function, select a field.',
-                  })}
-                  iconType="sortUp"
-                />
+                <>
+                  <EuiCallOut
+                    size="s"
+                    data-test-subj="indexPattern-fieldless-operation"
+                    title={i18n.translate('xpack.lens.indexPattern.fieldlessOperationLabel', {
+                      defaultMessage: 'To use this function, select a field.',
+                    })}
+                    iconType="sortUp"
+                  />
+                  <EuiSpacer size="m" />
+                </>
               )}
               {!incompatibleSelectedOperationType && ParamEditor && (
                 <>
diff --git a/x-pack/plugins/lens/public/indexpattern_datasource/layerpanel.tsx b/x-pack/plugins/lens/public/indexpattern_datasource/layerpanel.tsx
index 1ae10e07b0c243..dac451013826ef 100644
--- a/x-pack/plugins/lens/public/indexpattern_datasource/layerpanel.tsx
+++ b/x-pack/plugins/lens/public/indexpattern_datasource/layerpanel.tsx
@@ -27,7 +27,8 @@ export function LayerPanel({ state, layerId, onChangeIndexPattern }: IndexPatter
           label: state.indexPatterns[layer.indexPatternId].title,
           title: state.indexPatterns[layer.indexPatternId].title,
           'data-test-subj': 'lns_layerIndexPatternLabel',
-          size: 'xs',
+          size: 's',
+          fontWeight: 'normal',
         }}
         indexPatternId={layer.indexPatternId}
         indexPatternRefs={state.indexPatternRefs}
diff --git a/x-pack/plugins/lens/public/toolbar_button/index.tsx b/x-pack/plugins/lens/public/toolbar_button/index.tsx
new file mode 100644
index 00000000000000..ee6489726a0a71
--- /dev/null
+++ b/x-pack/plugins/lens/public/toolbar_button/index.tsx
@@ -0,0 +1,7 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+export { ToolbarButtonProps, ToolbarButton } from './toolbar_button';
diff --git a/x-pack/plugins/lens/public/toolbar_button/toolbar_button.scss b/x-pack/plugins/lens/public/toolbar_button/toolbar_button.scss
new file mode 100644
index 00000000000000..f36fdfdf02abaa
--- /dev/null
+++ b/x-pack/plugins/lens/public/toolbar_button/toolbar_button.scss
@@ -0,0 +1,30 @@
+.lnsToolbarButton {
+  line-height: $euiButtonHeight; // Keeps alignment of text and chart icon
+  background-color: $euiColorEmptyShade;
+  border-color: $euiBorderColor;
+
+  // Some toolbar buttons are just icons, but EuiButton comes with margin and min-width that need to be removed
+  min-width: 0;
+
+  .lnsToolbarButton__text:empty {
+    margin: 0;
+  }
+
+  // Toolbar buttons don't look good with centered text when fullWidth
+  &[class*='fullWidth'] {
+    text-align: left;
+
+    .lnsToolbarButton__content {
+      justify-content: space-between;
+    }
+  }
+}
+
+.lnsToolbarButton--bold {
+  font-weight: $euiFontWeightBold;
+}
+
+.lnsToolbarButton--s {
+  box-shadow: none !important; // sass-lint:disable-line no-important
+  font-size: $euiFontSizeS;
+}
diff --git a/x-pack/plugins/lens/public/toolbar_button/toolbar_button.tsx b/x-pack/plugins/lens/public/toolbar_button/toolbar_button.tsx
new file mode 100644
index 00000000000000..0a63781818171e
--- /dev/null
+++ b/x-pack/plugins/lens/public/toolbar_button/toolbar_button.tsx
@@ -0,0 +1,53 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import './toolbar_button.scss';
+import React from 'react';
+import classNames from 'classnames';
+import { EuiButton, PropsOf, EuiButtonProps } from '@elastic/eui';
+
+export type ToolbarButtonProps = PropsOf<typeof EuiButton> & {
+  /**
+   * Determines prominence
+   */
+  fontWeight?: 'normal' | 'bold';
+  /**
+   * Smaller buttons also remove extra shadow for less prominence
+   */
+  size?: EuiButtonProps['size'];
+};
+
+export const ToolbarButton: React.FunctionComponent<ToolbarButtonProps> = ({
+  children,
+  className,
+  fontWeight = 'normal',
+  size = 'm',
+  ...rest
+}) => {
+  const classes = classNames(
+    'lnsToolbarButton',
+    [`lnsToolbarButton--${fontWeight}`, `lnsToolbarButton--${size}`],
+    className
+  );
+  return (
+    <EuiButton
+      className={classes}
+      iconSide="right"
+      iconType="arrowDown"
+      color="text"
+      contentProps={{
+        className: 'lnsToolbarButton__content',
+      }}
+      textProps={{
+        className: 'lnsToolbarButton__text',
+      }}
+      {...rest}
+      size={size}
+    >
+      {children}
+    </EuiButton>
+  );
+};
diff --git a/x-pack/plugins/lens/public/xy_visualization/xy_config_panel.tsx b/x-pack/plugins/lens/public/xy_visualization/xy_config_panel.tsx
index 84ea53fb4dc3dc..d22b3ec0a44a61 100644
--- a/x-pack/plugins/lens/public/xy_visualization/xy_config_panel.tsx
+++ b/x-pack/plugins/lens/public/xy_visualization/xy_config_panel.tsx
@@ -4,11 +4,11 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
+import './xy_config_panel.scss';
 import React, { useState } from 'react';
 import { i18n } from '@kbn/i18n';
 import { debounce } from 'lodash';
 import {
-  EuiButtonEmpty,
   EuiButtonGroup,
   EuiFlexGroup,
   EuiFlexItem,
@@ -32,8 +32,7 @@ import { State, SeriesType, visualizationTypes, YAxisMode } from './types';
 import { isHorizontalChart, isHorizontalSeries, getSeriesColor } from './state_helpers';
 import { trackUiEvent } from '../lens_ui_telemetry';
 import { fittingFunctionDefinitions } from './fitting_functions';
-
-import './xy_config_panel.scss';
+import { ToolbarButton } from '../toolbar_button';
 
 type UnwrapArray<T> = T extends Array<infer P> ? P : T;
 
@@ -101,17 +100,16 @@ export function XyToolbar(props: VisualizationToolbarProps<State>) {
       <EuiFlexItem grow={false}>
         <EuiPopover
           panelClassName="lnsXyToolbar__popover"
+          ownFocus
           button={
-            <EuiButtonEmpty
-              color="text"
-              iconType="arrowDown"
-              iconSide="right"
+            <ToolbarButton
+              fontWeight="normal"
               onClick={() => {
                 setOpen(!open);
               }}
             >
               {i18n.translate('xpack.lens.xyChart.settingsLabel', { defaultMessage: 'Settings' })}
-            </EuiButtonEmpty>
+            </ToolbarButton>
           }
           isOpen={open}
           closePopover={() => {
@@ -119,12 +117,9 @@ export function XyToolbar(props: VisualizationToolbarProps<State>) {
           }}
           anchorPosition="downRight"
         >
-          <EuiFormRow
-            display="columnCompressed"
-            label={i18n.translate('xpack.lens.xyChart.fittingLabel', {
-              defaultMessage: 'Fill missing values',
-            })}
-            helpText={
+          <EuiToolTip
+            anchorClassName="eui-displayBlock"
+            content={
               !hasNonBarSeries &&
               i18n.translate('xpack.lens.xyChart.fittingDisabledHelpText', {
                 defaultMessage:
@@ -132,29 +127,36 @@ export function XyToolbar(props: VisualizationToolbarProps<State>) {
               })
             }
           >
-            <EuiSuperSelect
-              compressed
-              disabled={!hasNonBarSeries}
-              options={fittingFunctionDefinitions.map(({ id, title, description }) => {
-                return {
-                  value: id,
-                  dropdownDisplay: (
-                    <>
-                      <strong>{title}</strong>
-                      <EuiText size="xs" color="subdued">
-                        <p>{description}</p>
-                      </EuiText>
-                    </>
-                  ),
-                  inputDisplay: title,
-                };
+            <EuiFormRow
+              display="columnCompressed"
+              label={i18n.translate('xpack.lens.xyChart.fittingLabel', {
+                defaultMessage: 'Fill missing values',
               })}
-              valueOfSelected={props.state?.fittingFunction || 'None'}
-              onChange={(value) => props.setState({ ...props.state, fittingFunction: value })}
-              itemLayoutAlign="top"
-              hasDividers
-            />
-          </EuiFormRow>
+            >
+              <EuiSuperSelect
+                compressed
+                disabled={!hasNonBarSeries}
+                options={fittingFunctionDefinitions.map(({ id, title, description }) => {
+                  return {
+                    value: id,
+                    dropdownDisplay: (
+                      <>
+                        <strong>{title}</strong>
+                        <EuiText size="xs" color="subdued">
+                          <p>{description}</p>
+                        </EuiText>
+                      </>
+                    ),
+                    inputDisplay: title,
+                  };
+                })}
+                valueOfSelected={props.state?.fittingFunction || 'None'}
+                onChange={(value) => props.setState({ ...props.state, fittingFunction: value })}
+                itemLayoutAlign="top"
+                hasDividers
+              />
+            </EuiFormRow>
+          </EuiToolTip>
         </EuiPopover>
       </EuiFlexItem>
     </EuiFlexGroup>
@@ -183,12 +185,12 @@ export function DimensionEditor(props: VisualizationDimensionEditorProps<State>)
         })}
       >
         <EuiButtonGroup
+          isFullWidth
           legend={i18n.translate('xpack.lens.xyChart.axisSide.label', {
             defaultMessage: 'Axis side',
           })}
           name="axisSide"
           buttonSize="compressed"
-          className="eui-displayInlineBlock"
           options={[
             {
               id: `${idPrefix}auto`,
@@ -241,7 +243,7 @@ const tooltipContent = {
   }),
   disabled: i18n.translate('xpack.lens.configPanel.color.tooltip.disabled', {
     defaultMessage:
-      'Individual series cannot be custom colored when the layer includes a “Break down by“',
+      'Individual series cannot be custom colored when the layer includes a “Break down by.“',
   }),
 };
 
@@ -286,6 +288,22 @@ const ColorPicker = ({
     [state, layer, accessor, index]
   );
 
+  const colorPicker = (
+    <EuiColorPicker
+      compressed
+      isClearable
+      onChange={handleColor}
+      color={disabled ? '' : color}
+      disabled={disabled}
+      placeholder={i18n.translate('xpack.lens.xyChart.seriesColor.auto', {
+        defaultMessage: 'Auto',
+      })}
+      aria-label={i18n.translate('xpack.lens.xyChart.seriesColor.label', {
+        defaultMessage: 'Series color',
+      })}
+    />
+  );
+
   return (
     <EuiFormRow
       display="columnCompressed"
@@ -312,25 +330,10 @@ const ColorPicker = ({
           delay="long"
           anchorClassName="eui-displayBlock"
         >
-          <EuiColorPicker
-            compressed
-            onChange={handleColor}
-            color=""
-            disabled
-            aria-label={i18n.translate('xpack.lens.xyChart.seriesColor.label', {
-              defaultMessage: 'Series color',
-            })}
-          />
+          {colorPicker}
         </EuiToolTip>
       ) : (
-        <EuiColorPicker
-          compressed
-          onChange={handleColor}
-          color={color}
-          aria-label={i18n.translate('xpack.lens.xyChart.seriesColor.label', {
-            defaultMessage: 'Series color',
-          })}
-        />
+        colorPicker
       )}
     </EuiFormRow>
   );
diff --git a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/sections/notices/index.ts b/x-pack/plugins/lists/common/index.ts
similarity index 87%
rename from x-pack/plugins/infra/public/pages/logs/log_entry_categories/sections/notices/index.ts
rename to x-pack/plugins/lists/common/index.ts
index 41bc2aa2588073..b55ca5db30a44f 100644
--- a/x-pack/plugins/infra/public/pages/logs/log_entry_categories/sections/notices/index.ts
+++ b/x-pack/plugins/lists/common/index.ts
@@ -3,3 +3,5 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
+
+export * from './shared_exports';
diff --git a/x-pack/plugins/lists/common/shared_exports.ts b/x-pack/plugins/lists/common/shared_exports.ts
new file mode 100644
index 00000000000000..2ad7e63d38c048
--- /dev/null
+++ b/x-pack/plugins/lists/common/shared_exports.ts
@@ -0,0 +1,42 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+export {
+  ListSchema,
+  CommentsArray,
+  CreateCommentsArray,
+  Comments,
+  CreateComments,
+  ExceptionListSchema,
+  ExceptionListItemSchema,
+  CreateExceptionListItemSchema,
+  UpdateExceptionListItemSchema,
+  Entry,
+  EntryExists,
+  EntryMatch,
+  EntryMatchAny,
+  EntryNested,
+  EntryList,
+  EntriesArray,
+  NamespaceType,
+  Operator,
+  OperatorEnum,
+  OperatorType,
+  OperatorTypeEnum,
+  ExceptionListTypeEnum,
+  exceptionListItemSchema,
+  exceptionListType,
+  createExceptionListItemSchema,
+  listSchema,
+  entry,
+  entriesNested,
+  entriesMatch,
+  entriesMatchAny,
+  entriesExists,
+  entriesList,
+  namespaceType,
+  ExceptionListType,
+} from './schemas';
diff --git a/x-pack/plugins/lists/common/shared_imports.ts b/x-pack/plugins/lists/common/shared_imports.ts
new file mode 100644
index 00000000000000..ad7c24b3db610b
--- /dev/null
+++ b/x-pack/plugins/lists/common/shared_imports.ts
@@ -0,0 +1,17 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+export {
+  NonEmptyString,
+  DefaultUuid,
+  DefaultStringArray,
+  exactCheck,
+  getPaths,
+  foldLeftRight,
+  validate,
+  validateEither,
+  formatErrors,
+} from '../../security_solution/common';
diff --git a/x-pack/plugins/lists/common/siem_common_deps.ts b/x-pack/plugins/lists/common/siem_common_deps.ts
index dccc548985e779..2b37e2b7bf106c 100644
--- a/x-pack/plugins/lists/common/siem_common_deps.ts
+++ b/x-pack/plugins/lists/common/siem_common_deps.ts
@@ -4,10 +4,6 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-export { NonEmptyString } from '../../security_solution/common/detection_engine/schemas/types/non_empty_string';
-export { DefaultUuid } from '../../security_solution/common/detection_engine/schemas/types/default_uuid';
-export { DefaultStringArray } from '../../security_solution/common/detection_engine/schemas/types/default_string_array';
-export { exactCheck } from '../../security_solution/common/exact_check';
-export { getPaths, foldLeftRight } from '../../security_solution/common/test_utils';
-export { validate, validateEither } from '../../security_solution/common/validate';
-export { formatErrors } from '../../security_solution/common/format_errors';
+// DEPRECATED: Do not add exports to this file; please import from shared_imports instead
+
+export * from './shared_imports';
diff --git a/x-pack/plugins/lists/kibana.json b/x-pack/plugins/lists/kibana.json
index b7aaac6d3fc760..1e25fd987552d4 100644
--- a/x-pack/plugins/lists/kibana.json
+++ b/x-pack/plugins/lists/kibana.json
@@ -1,10 +1,12 @@
 {
   "configPath": ["xpack", "lists"],
+  "extraPublicDirs": ["common"],
   "id": "lists",
   "kibanaVersion": "kibana",
   "requiredPlugins": [],
   "optionalPlugins": ["spaces", "security"],
+  "requiredBundles": ["securitySolution"],
   "server": true,
-  "ui": false,
+  "ui": true,
   "version": "8.0.0"
 }
diff --git a/x-pack/plugins/lists/public/common/fp_utils.ts b/x-pack/plugins/lists/public/common/fp_utils.ts
index 04e10338794762..196bfee0b501b4 100644
--- a/x-pack/plugins/lists/public/common/fp_utils.ts
+++ b/x-pack/plugins/lists/public/common/fp_utils.ts
@@ -16,3 +16,5 @@ export const toPromise = async <E, A>(taskEither: TaskEither<E, A>): Promise<A>
       (a) => Promise.resolve(a)
     )
   );
+
+export const toError = (e: unknown): Error => (e instanceof Error ? e : new Error(String(e)));
diff --git a/x-pack/plugins/lists/public/index.ts b/x-pack/plugins/lists/public/index.ts
new file mode 100644
index 00000000000000..2cff5af613d9ac
--- /dev/null
+++ b/x-pack/plugins/lists/public/index.ts
@@ -0,0 +1,16 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+export * from './shared_exports';
+
+import { PluginInitializerContext } from '../../../../src/core/public';
+
+import { Plugin } from './plugin';
+import { PluginSetup, PluginStart } from './types';
+
+export const plugin = (context: PluginInitializerContext): Plugin => new Plugin(context);
+
+export { Plugin, PluginSetup, PluginStart };
diff --git a/x-pack/plugins/lists/public/lists/api.test.ts b/x-pack/plugins/lists/public/lists/api.test.ts
index 38556e2eabc18c..d54a3ca6549438 100644
--- a/x-pack/plugins/lists/public/lists/api.test.ts
+++ b/x-pack/plugins/lists/public/lists/api.test.ts
@@ -6,10 +6,19 @@
 
 import { HttpFetchOptions } from '../../../../../src/core/public';
 import { httpServiceMock } from '../../../../../src/core/public/mocks';
+import { getAcknowledgeSchemaResponseMock } from '../../common/schemas/response/acknowledge_schema.mock';
 import { getListResponseMock } from '../../common/schemas/response/list_schema.mock';
+import { getListItemIndexExistSchemaResponseMock } from '../../common/schemas/response/list_item_index_exist_schema.mock';
 import { getFoundListSchemaMock } from '../../common/schemas/response/found_list_schema.mock';
 
-import { deleteList, exportList, findLists, importList } from './api';
+import {
+  createListIndex,
+  deleteList,
+  exportList,
+  findLists,
+  importList,
+  readListIndex,
+} from './api';
 import {
   ApiPayload,
   DeleteListParams,
@@ -60,7 +69,7 @@ describe('Value Lists API', () => {
           ...((payload as unknown) as ApiPayload<DeleteListParams>),
           signal: abortCtrl.signal,
         })
-      ).rejects.toEqual('Invalid value "23" supplied to "id"');
+      ).rejects.toEqual(new Error('Invalid value "23" supplied to "id"'));
       expect(httpMock.fetch).not.toHaveBeenCalled();
     });
 
@@ -76,7 +85,7 @@ describe('Value Lists API', () => {
           ...payload,
           signal: abortCtrl.signal,
         })
-      ).rejects.toEqual('Invalid value "undefined" supplied to "id"');
+      ).rejects.toEqual(new Error('Invalid value "undefined" supplied to "id"'));
     });
   });
 
@@ -129,7 +138,7 @@ describe('Value Lists API', () => {
           ...payload,
           signal: abortCtrl.signal,
         })
-      ).rejects.toEqual('Invalid value "0" supplied to "per_page"');
+      ).rejects.toEqual(new Error('Invalid value "0" supplied to "per_page"'));
       expect(httpMock.fetch).not.toHaveBeenCalled();
     });
 
@@ -145,7 +154,7 @@ describe('Value Lists API', () => {
           ...payload,
           signal: abortCtrl.signal,
         })
-      ).rejects.toEqual('Invalid value "undefined" supplied to "cursor"');
+      ).rejects.toEqual(new Error('Invalid value "undefined" supplied to "cursor"'));
     });
   });
 
@@ -214,7 +223,7 @@ describe('Value Lists API', () => {
           ...payload,
           signal: abortCtrl.signal,
         })
-      ).rejects.toEqual('Invalid value "undefined" supplied to "file"');
+      ).rejects.toEqual(new Error('Invalid value "undefined" supplied to "file"'));
       expect(httpMock.fetch).not.toHaveBeenCalled();
     });
 
@@ -233,7 +242,7 @@ describe('Value Lists API', () => {
           ...payload,
           signal: abortCtrl.signal,
         })
-      ).rejects.toEqual('Invalid value "other" supplied to "type"');
+      ).rejects.toEqual(new Error('Invalid value "other" supplied to "type"'));
       expect(httpMock.fetch).not.toHaveBeenCalled();
     });
 
@@ -254,7 +263,7 @@ describe('Value Lists API', () => {
           ...payload,
           signal: abortCtrl.signal,
         })
-      ).rejects.toEqual('Invalid value "undefined" supplied to "id"');
+      ).rejects.toEqual(new Error('Invalid value "undefined" supplied to "id"'));
     });
   });
 
@@ -307,7 +316,7 @@ describe('Value Lists API', () => {
           ...payload,
           signal: abortCtrl.signal,
         })
-      ).rejects.toEqual('Invalid value "23" supplied to "list_id"');
+      ).rejects.toEqual(new Error('Invalid value "23" supplied to "list_id"'));
       expect(httpMock.fetch).not.toHaveBeenCalled();
     });
 
@@ -325,7 +334,95 @@ describe('Value Lists API', () => {
           ...payload,
           signal: abortCtrl.signal,
         })
-      ).rejects.toEqual('Invalid value "undefined" supplied to "id"');
+      ).rejects.toEqual(new Error('Invalid value "undefined" supplied to "id"'));
+    });
+
+    describe('readListIndex', () => {
+      beforeEach(() => {
+        httpMock.fetch.mockResolvedValue(getListItemIndexExistSchemaResponseMock());
+      });
+
+      it('GETs the list index', async () => {
+        const abortCtrl = new AbortController();
+        await readListIndex({
+          http: httpMock,
+          signal: abortCtrl.signal,
+        });
+
+        expect(httpMock.fetch).toHaveBeenCalledWith(
+          '/api/lists/index',
+          expect.objectContaining({
+            method: 'GET',
+          })
+        );
+      });
+
+      it('returns the response when valid', async () => {
+        const abortCtrl = new AbortController();
+        const result = await readListIndex({
+          http: httpMock,
+          signal: abortCtrl.signal,
+        });
+
+        expect(result).toEqual(getListItemIndexExistSchemaResponseMock());
+      });
+
+      it('rejects with an error if response payload is invalid', async () => {
+        const abortCtrl = new AbortController();
+        const badResponse = { ...getListItemIndexExistSchemaResponseMock(), list_index: undefined };
+        httpMock.fetch.mockResolvedValue(badResponse);
+
+        await expect(
+          readListIndex({
+            http: httpMock,
+            signal: abortCtrl.signal,
+          })
+        ).rejects.toEqual(new Error('Invalid value "undefined" supplied to "list_index"'));
+      });
+    });
+  });
+
+  describe('createListIndex', () => {
+    beforeEach(() => {
+      httpMock.fetch.mockResolvedValue(getAcknowledgeSchemaResponseMock());
+    });
+
+    it('GETs the list index', async () => {
+      const abortCtrl = new AbortController();
+      await createListIndex({
+        http: httpMock,
+        signal: abortCtrl.signal,
+      });
+
+      expect(httpMock.fetch).toHaveBeenCalledWith(
+        '/api/lists/index',
+        expect.objectContaining({
+          method: 'POST',
+        })
+      );
+    });
+
+    it('returns the response when valid', async () => {
+      const abortCtrl = new AbortController();
+      const result = await createListIndex({
+        http: httpMock,
+        signal: abortCtrl.signal,
+      });
+
+      expect(result).toEqual(getAcknowledgeSchemaResponseMock());
+    });
+
+    it('rejects with an error if response payload is invalid', async () => {
+      const abortCtrl = new AbortController();
+      const badResponse = { acknowledged: undefined };
+      httpMock.fetch.mockResolvedValue(badResponse);
+
+      await expect(
+        createListIndex({
+          http: httpMock,
+          signal: abortCtrl.signal,
+        })
+      ).rejects.toEqual(new Error('Invalid value "undefined" supplied to "acknowledged"'));
     });
   });
 });
diff --git a/x-pack/plugins/lists/public/lists/api.ts b/x-pack/plugins/lists/public/lists/api.ts
index d615239f4eb010..a1efae2af877ae 100644
--- a/x-pack/plugins/lists/public/lists/api.ts
+++ b/x-pack/plugins/lists/public/lists/api.ts
@@ -9,24 +9,28 @@ import { flow } from 'fp-ts/lib/function';
 import { pipe } from 'fp-ts/lib/pipeable';
 
 import {
+  AcknowledgeSchema,
   DeleteListSchemaEncoded,
   ExportListItemQuerySchemaEncoded,
   FindListSchemaEncoded,
   FoundListSchema,
   ImportListItemQuerySchemaEncoded,
   ImportListItemSchemaEncoded,
+  ListItemIndexExistSchema,
   ListSchema,
+  acknowledgeSchema,
   deleteListSchema,
   exportListItemQuerySchema,
   findListSchema,
   foundListSchema,
   importListItemQuerySchema,
   importListItemSchema,
+  listItemIndexExistSchema,
   listSchema,
 } from '../../common/schemas';
-import { LIST_ITEM_URL, LIST_URL } from '../../common/constants';
+import { LIST_INDEX, LIST_ITEM_URL, LIST_PRIVILEGES_URL, LIST_URL } from '../../common/constants';
 import { validateEither } from '../../common/siem_common_deps';
-import { toPromise } from '../common/fp_utils';
+import { toError, toPromise } from '../common/fp_utils';
 
 import {
   ApiParams,
@@ -66,7 +70,7 @@ const findListsWithValidation = async ({
       per_page: String(pageSize),
     },
     (payload) => fromEither(validateEither(findListSchema, payload)),
-    chain((payload) => tryCatch(() => findLists({ http, signal, ...payload }), String)),
+    chain((payload) => tryCatch(() => findLists({ http, signal, ...payload }), toError)),
     chain((response) => fromEither(validateEither(foundListSchema, response))),
     flow(toPromise)
   );
@@ -113,7 +117,7 @@ const importListWithValidation = async ({
         map((body) => ({ ...body, ...query }))
       )
     ),
-    chain((payload) => tryCatch(() => importList({ http, signal, ...payload }), String)),
+    chain((payload) => tryCatch(() => importList({ http, signal, ...payload }), toError)),
     chain((response) => fromEither(validateEither(listSchema, response))),
     flow(toPromise)
   );
@@ -139,7 +143,7 @@ const deleteListWithValidation = async ({
   pipe(
     { id },
     (payload) => fromEither(validateEither(deleteListSchema, payload)),
-    chain((payload) => tryCatch(() => deleteList({ http, signal, ...payload }), String)),
+    chain((payload) => tryCatch(() => deleteList({ http, signal, ...payload }), toError)),
     chain((response) => fromEither(validateEither(listSchema, response))),
     flow(toPromise)
   );
@@ -165,9 +169,52 @@ const exportListWithValidation = async ({
   pipe(
     { list_id: listId },
     (payload) => fromEither(validateEither(exportListItemQuerySchema, payload)),
-    chain((payload) => tryCatch(() => exportList({ http, signal, ...payload }), String)),
+    chain((payload) => tryCatch(() => exportList({ http, signal, ...payload }), toError)),
     chain((response) => fromEither(validateEither(listSchema, response))),
     flow(toPromise)
   );
 
 export { exportListWithValidation as exportList };
+
+const readListIndex = async ({ http, signal }: ApiParams): Promise<ListItemIndexExistSchema> =>
+  http.fetch<ListItemIndexExistSchema>(LIST_INDEX, {
+    method: 'GET',
+    signal,
+  });
+
+const readListIndexWithValidation = async ({
+  http,
+  signal,
+}: ApiParams): Promise<ListItemIndexExistSchema> =>
+  flow(
+    () => tryCatch(() => readListIndex({ http, signal }), toError),
+    chain((response) => fromEither(validateEither(listItemIndexExistSchema, response))),
+    flow(toPromise)
+  )();
+
+export { readListIndexWithValidation as readListIndex };
+
+// TODO add types and validation
+export const readListPrivileges = async ({ http, signal }: ApiParams): Promise<unknown> =>
+  http.fetch<unknown>(LIST_PRIVILEGES_URL, {
+    method: 'GET',
+    signal,
+  });
+
+const createListIndex = async ({ http, signal }: ApiParams): Promise<AcknowledgeSchema> =>
+  http.fetch<AcknowledgeSchema>(LIST_INDEX, {
+    method: 'POST',
+    signal,
+  });
+
+const createListIndexWithValidation = async ({
+  http,
+  signal,
+}: ApiParams): Promise<AcknowledgeSchema> =>
+  flow(
+    () => tryCatch(() => createListIndex({ http, signal }), toError),
+    chain((response) => fromEither(validateEither(acknowledgeSchema, response))),
+    flow(toPromise)
+  )();
+
+export { createListIndexWithValidation as createListIndex };
diff --git a/x-pack/plugins/lists/public/lists/hooks/use_create_list_index.test.ts b/x-pack/plugins/lists/public/lists/hooks/use_create_list_index.test.ts
new file mode 100644
index 00000000000000..9f784dd8790bf1
--- /dev/null
+++ b/x-pack/plugins/lists/public/lists/hooks/use_create_list_index.test.ts
@@ -0,0 +1,34 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { act, renderHook } from '@testing-library/react-hooks';
+
+import * as Api from '../api';
+import { httpServiceMock } from '../../../../../../src/core/public/mocks';
+import { getAcknowledgeSchemaResponseMock } from '../../../common/schemas/response/acknowledge_schema.mock';
+
+import { useCreateListIndex } from './use_create_list_index';
+
+jest.mock('../api');
+
+describe('useCreateListIndex', () => {
+  let httpMock: ReturnType<typeof httpServiceMock.createStartContract>;
+
+  beforeEach(() => {
+    httpMock = httpServiceMock.createStartContract();
+    (Api.createListIndex as jest.Mock).mockResolvedValue(getAcknowledgeSchemaResponseMock());
+  });
+
+  it('invokes Api.createListIndex', async () => {
+    const { result, waitForNextUpdate } = renderHook(() => useCreateListIndex());
+    act(() => {
+      result.current.start({ http: httpMock });
+    });
+    await waitForNextUpdate();
+
+    expect(Api.createListIndex).toHaveBeenCalledWith(expect.objectContaining({ http: httpMock }));
+  });
+});
diff --git a/x-pack/plugins/lists/public/lists/hooks/use_create_list_index.ts b/x-pack/plugins/lists/public/lists/hooks/use_create_list_index.ts
new file mode 100644
index 00000000000000..18df26c2ecfd73
--- /dev/null
+++ b/x-pack/plugins/lists/public/lists/hooks/use_create_list_index.ts
@@ -0,0 +1,14 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { withOptionalSignal } from '../../common/with_optional_signal';
+import { useAsync } from '../../common/hooks/use_async';
+import { createListIndex } from '../api';
+
+const createListIndexWithOptionalSignal = withOptionalSignal(createListIndex);
+
+// eslint-disable-next-line @typescript-eslint/explicit-function-return-type
+export const useCreateListIndex = () => useAsync(createListIndexWithOptionalSignal);
diff --git a/x-pack/plugins/lists/public/lists/hooks/use_read_list_index.test.ts b/x-pack/plugins/lists/public/lists/hooks/use_read_list_index.test.ts
new file mode 100644
index 00000000000000..9f4e41f1cdc9e3
--- /dev/null
+++ b/x-pack/plugins/lists/public/lists/hooks/use_read_list_index.test.ts
@@ -0,0 +1,34 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { act, renderHook } from '@testing-library/react-hooks';
+
+import * as Api from '../api';
+import { httpServiceMock } from '../../../../../../src/core/public/mocks';
+import { getAcknowledgeSchemaResponseMock } from '../../../common/schemas/response/acknowledge_schema.mock';
+
+import { useReadListIndex } from './use_read_list_index';
+
+jest.mock('../api');
+
+describe('useReadListIndex', () => {
+  let httpMock: ReturnType<typeof httpServiceMock.createStartContract>;
+
+  beforeEach(() => {
+    httpMock = httpServiceMock.createStartContract();
+    (Api.readListIndex as jest.Mock).mockResolvedValue(getAcknowledgeSchemaResponseMock());
+  });
+
+  it('invokes Api.readListIndex', async () => {
+    const { result, waitForNextUpdate } = renderHook(() => useReadListIndex());
+    act(() => {
+      result.current.start({ http: httpMock });
+    });
+    await waitForNextUpdate();
+
+    expect(Api.readListIndex).toHaveBeenCalledWith(expect.objectContaining({ http: httpMock }));
+  });
+});
diff --git a/x-pack/plugins/lists/public/lists/hooks/use_read_list_index.ts b/x-pack/plugins/lists/public/lists/hooks/use_read_list_index.ts
new file mode 100644
index 00000000000000..7d15a0b1e08c96
--- /dev/null
+++ b/x-pack/plugins/lists/public/lists/hooks/use_read_list_index.ts
@@ -0,0 +1,14 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { withOptionalSignal } from '../../common/with_optional_signal';
+import { useAsync } from '../../common/hooks/use_async';
+import { readListIndex } from '../api';
+
+const readListIndexWithOptionalSignal = withOptionalSignal(readListIndex);
+
+// eslint-disable-next-line @typescript-eslint/explicit-function-return-type
+export const useReadListIndex = () => useAsync(readListIndexWithOptionalSignal);
diff --git a/x-pack/plugins/lists/public/lists/hooks/use_read_list_privileges.ts b/x-pack/plugins/lists/public/lists/hooks/use_read_list_privileges.ts
new file mode 100644
index 00000000000000..313f17a3bac4bb
--- /dev/null
+++ b/x-pack/plugins/lists/public/lists/hooks/use_read_list_privileges.ts
@@ -0,0 +1,14 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { withOptionalSignal } from '../../common/with_optional_signal';
+import { useAsync } from '../../common/hooks/use_async';
+import { readListPrivileges } from '../api';
+
+const readListPrivilegesWithOptionalSignal = withOptionalSignal(readListPrivileges);
+
+// eslint-disable-next-line @typescript-eslint/explicit-function-return-type
+export const useReadListPrivileges = () => useAsync(readListPrivilegesWithOptionalSignal);
diff --git a/x-pack/plugins/lists/public/plugin.ts b/x-pack/plugins/lists/public/plugin.ts
new file mode 100644
index 00000000000000..717e5d2885910e
--- /dev/null
+++ b/x-pack/plugins/lists/public/plugin.ts
@@ -0,0 +1,29 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import {
+  CoreSetup,
+  CoreStart,
+  Plugin as IPlugin,
+  PluginInitializerContext,
+} from '../../../../src/core/public';
+
+import { PluginSetup, PluginStart, SetupPlugins, StartPlugins } from './types';
+
+export class Plugin implements IPlugin<PluginSetup, PluginStart, SetupPlugins, StartPlugins> {
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars
+  constructor(initializerContext: PluginInitializerContext) {} // eslint-disable-line @typescript-eslint/no-useless-constructor
+
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars
+  public setup(core: CoreSetup<StartPlugins, PluginStart>, plugins: SetupPlugins): PluginSetup {
+    return {};
+  }
+
+  // eslint-disable-next-line @typescript-eslint/no-unused-vars
+  public start(core: CoreStart, plugins: StartPlugins): PluginStart {
+    return {};
+  }
+}
diff --git a/x-pack/plugins/lists/public/index.tsx b/x-pack/plugins/lists/public/shared_exports.ts
similarity index 79%
rename from x-pack/plugins/lists/public/index.tsx
rename to x-pack/plugins/lists/public/shared_exports.ts
index 72bd46d6e2ce8e..dc2e28634e1e8c 100644
--- a/x-pack/plugins/lists/public/index.tsx
+++ b/x-pack/plugins/lists/public/shared_exports.ts
@@ -5,6 +5,7 @@
  */
 
 // Exports to be shared with plugins
+export { useIsMounted } from './common/hooks/use_is_mounted';
 export { useApi } from './exceptions/hooks/use_api';
 export { usePersistExceptionItem } from './exceptions/hooks/persist_exception_item';
 export { usePersistExceptionList } from './exceptions/hooks/persist_exception_list';
@@ -13,6 +14,9 @@ export { useFindLists } from './lists/hooks/use_find_lists';
 export { useImportList } from './lists/hooks/use_import_list';
 export { useDeleteList } from './lists/hooks/use_delete_list';
 export { useExportList } from './lists/hooks/use_export_list';
+export { useReadListIndex } from './lists/hooks/use_read_list_index';
+export { useCreateListIndex } from './lists/hooks/use_create_list_index';
+export { useReadListPrivileges } from './lists/hooks/use_read_list_privileges';
 export {
   addExceptionListItem,
   updateExceptionListItem,
diff --git a/x-pack/plugins/lists/public/types.ts b/x-pack/plugins/lists/public/types.ts
new file mode 100644
index 00000000000000..0a9b0460614bd0
--- /dev/null
+++ b/x-pack/plugins/lists/public/types.ts
@@ -0,0 +1,14 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+// eslint-disable-next-line @typescript-eslint/no-empty-interface
+export interface PluginSetup {}
+// eslint-disable-next-line @typescript-eslint/no-empty-interface
+export interface PluginStart {}
+// eslint-disable-next-line @typescript-eslint/no-empty-interface
+export interface SetupPlugins {}
+// eslint-disable-next-line @typescript-eslint/no-empty-interface
+export interface StartPlugins {}
diff --git a/x-pack/plugins/maps/public/meta.test.js b/x-pack/plugins/maps/public/meta.test.js
index 5c04a57c00058f..3486bf003aee08 100644
--- a/x-pack/plugins/maps/public/meta.test.js
+++ b/x-pack/plugins/maps/public/meta.test.js
@@ -36,6 +36,11 @@ describe('getGlyphUrl', () => {
     beforeAll(() => {
       require('./kibana_services').getIsEmsEnabled = () => true;
       require('./kibana_services').getEmsFontLibraryUrl = () => EMS_FONTS_URL_MOCK;
+      require('./kibana_services').getHttp = () => ({
+        basePath: {
+          prepend: (url) => url, // No need to actually prepend a dev basepath for test
+        },
+      });
     });
 
     describe('EMS proxy enabled', () => {
diff --git a/x-pack/plugins/maps/public/meta.ts b/x-pack/plugins/maps/public/meta.ts
index 54c5eac7fe1b0c..34c5f004fd7f3a 100644
--- a/x-pack/plugins/maps/public/meta.ts
+++ b/x-pack/plugins/maps/public/meta.ts
@@ -30,8 +30,6 @@ import {
   getKibanaVersion,
 } from './kibana_services';
 
-const GIS_API_RELATIVE = `../${GIS_API_PATH}`;
-
 export function getKibanaRegionList(): unknown[] {
   return getRegionmapLayers();
 }
@@ -69,10 +67,14 @@ export function getEMSClient(): EMSClient {
     const proxyElasticMapsServiceInMaps = getProxyElasticMapsServiceInMaps();
     const proxyPath = '';
     const tileApiUrl = proxyElasticMapsServiceInMaps
-      ? relativeToAbsolute(`${GIS_API_RELATIVE}/${EMS_TILES_CATALOGUE_PATH}`)
+      ? relativeToAbsolute(
+          getHttp().basePath.prepend(`/${GIS_API_PATH}/${EMS_TILES_CATALOGUE_PATH}`)
+        )
       : getEmsTileApiUrl();
     const fileApiUrl = proxyElasticMapsServiceInMaps
-      ? relativeToAbsolute(`${GIS_API_RELATIVE}/${EMS_FILES_CATALOGUE_PATH}`)
+      ? relativeToAbsolute(
+          getHttp().basePath.prepend(`/${GIS_API_PATH}/${EMS_FILES_CATALOGUE_PATH}`)
+        )
       : getEmsFileApiUrl();
 
     emsClient = new EMSClient({
@@ -101,8 +103,11 @@ export function getGlyphUrl(): string {
     return getHttp().basePath.prepend(`/${FONTS_API_PATH}/{fontstack}/{range}`);
   }
   return getProxyElasticMapsServiceInMaps()
-    ? relativeToAbsolute(`../${GIS_API_PATH}/${EMS_TILES_CATALOGUE_PATH}/${EMS_GLYPHS_PATH}`) +
-        `/{fontstack}/{range}`
+    ? relativeToAbsolute(
+        getHttp().basePath.prepend(
+          `/${GIS_API_PATH}/${EMS_TILES_CATALOGUE_PATH}/${EMS_GLYPHS_PATH}`
+        )
+      ) + `/{fontstack}/{range}`
     : getEmsFontLibraryUrl();
 }
 
diff --git a/x-pack/plugins/maps/server/plugin.ts b/x-pack/plugins/maps/server/plugin.ts
index dbcce50ac2b9af..7d091099c1aaa8 100644
--- a/x-pack/plugins/maps/server/plugin.ts
+++ b/x-pack/plugins/maps/server/plugin.ts
@@ -26,12 +26,14 @@ import { initRoutes } from './routes';
 import { ILicense } from '../../licensing/common/types';
 import { LicensingPluginSetup } from '../../licensing/server';
 import { HomeServerPluginSetup } from '../../../../src/plugins/home/server';
+import { MapsLegacyPluginSetup } from '../../../../src/plugins/maps_legacy/server';
 
 interface SetupDeps {
   features: FeaturesPluginSetupContract;
   usageCollection: UsageCollectionSetup;
   home: HomeServerPluginSetup;
   licensing: LicensingPluginSetup;
+  mapsLegacy: MapsLegacyPluginSetup;
 }
 
 export class MapsPlugin implements Plugin {
@@ -129,9 +131,10 @@ export class MapsPlugin implements Plugin {
 
   // @ts-ignore
   async setup(core: CoreSetup, plugins: SetupDeps) {
-    const { usageCollection, home, licensing, features } = plugins;
+    const { usageCollection, home, licensing, features, mapsLegacy } = plugins;
     // @ts-ignore
     const config$ = this._initializerContext.config.create();
+    const mapsLegacyConfig = await mapsLegacy.config$.pipe(take(1)).toPromise();
     const currentConfig = await config$.pipe(take(1)).toPromise();
 
     // @ts-ignore
@@ -150,7 +153,7 @@ export class MapsPlugin implements Plugin {
         initRoutes(
           core.http.createRouter(),
           license.uid,
-          currentConfig,
+          mapsLegacyConfig,
           this.kibanaVersion,
           this._logger
         );
diff --git a/x-pack/plugins/maps/server/routes.js b/x-pack/plugins/maps/server/routes.js
index ad66712eb3ad6b..1876c0de19c560 100644
--- a/x-pack/plugins/maps/server/routes.js
+++ b/x-pack/plugins/maps/server/routes.js
@@ -73,9 +73,10 @@ export function initRoutes(router, licenseUid, mapConfig, kbnVersion, logger) {
       validate: {
         query: schema.object({
           id: schema.maybe(schema.string()),
-          x: schema.maybe(schema.number()),
-          y: schema.maybe(schema.number()),
-          z: schema.maybe(schema.number()),
+          elastic_tile_service_tos: schema.maybe(schema.string()),
+          my_app_name: schema.maybe(schema.string()),
+          my_app_version: schema.maybe(schema.string()),
+          license: schema.maybe(schema.string()),
         }),
       },
     },
@@ -111,9 +112,9 @@ export function initRoutes(router, licenseUid, mapConfig, kbnVersion, logger) {
       path: `${ROOT}/${EMS_TILES_API_PATH}/${EMS_TILES_RASTER_TILE_PATH}`,
       validate: false,
     },
-    async (context, request, { ok, badRequest }) => {
+    async (context, request, response) => {
       if (!checkEMSProxyEnabled()) {
-        return badRequest('map.proxyElasticMapsServiceInMaps disabled');
+        return response.badRequest('map.proxyElasticMapsServiceInMaps disabled');
       }
 
       if (
@@ -138,7 +139,7 @@ export function initRoutes(router, licenseUid, mapConfig, kbnVersion, logger) {
         .replace('{y}', request.query.y)
         .replace('{z}', request.query.z);
 
-      return await proxyResource({ url, contentType: 'image/png' }, { ok, badRequest });
+      return await proxyResource({ url, contentType: 'image/png' }, response);
     }
   );
 
@@ -203,7 +204,9 @@ export function initRoutes(router, licenseUid, mapConfig, kbnVersion, logger) {
       });
       //rewrite
       return ok({
-        body: layers,
+        body: {
+          layers,
+        },
       });
     }
   );
@@ -293,7 +296,11 @@ export function initRoutes(router, licenseUid, mapConfig, kbnVersion, logger) {
       path: `${ROOT}/${EMS_TILES_API_PATH}/${EMS_TILES_VECTOR_STYLE_PATH}`,
       validate: {
         query: schema.object({
-          id: schema.maybe(schema.string()),
+          id: schema.string(),
+          elastic_tile_service_tos: schema.maybe(schema.string()),
+          my_app_name: schema.maybe(schema.string()),
+          my_app_version: schema.maybe(schema.string()),
+          license: schema.maybe(schema.string()),
         }),
       },
     },
@@ -302,11 +309,6 @@ export function initRoutes(router, licenseUid, mapConfig, kbnVersion, logger) {
         return badRequest('map.proxyElasticMapsServiceInMaps disabled');
       }
 
-      if (!request.query.id) {
-        logger.warn('Must supply id parameter to retrieve EMS vector style');
-        return null;
-      }
-
       const tmsServices = await emsClient.getTMSServices();
       const tmsService = tmsServices.find((layer) => layer.getId() === request.query.id);
       if (!tmsService) {
@@ -342,8 +344,12 @@ export function initRoutes(router, licenseUid, mapConfig, kbnVersion, logger) {
       path: `${ROOT}/${EMS_TILES_API_PATH}/${EMS_TILES_VECTOR_SOURCE_PATH}`,
       validate: {
         query: schema.object({
-          id: schema.maybe(schema.string()),
+          id: schema.string(),
           sourceId: schema.maybe(schema.string()),
+          elastic_tile_service_tos: schema.maybe(schema.string()),
+          my_app_name: schema.maybe(schema.string()),
+          my_app_version: schema.maybe(schema.string()),
+          license: schema.maybe(schema.string()),
         }),
       },
     },
@@ -352,11 +358,6 @@ export function initRoutes(router, licenseUid, mapConfig, kbnVersion, logger) {
         return badRequest('map.proxyElasticMapsServiceInMaps disabled');
       }
 
-      if (!request.query.id || !request.query.sourceId) {
-        logger.warn('Must supply id and sourceId parameter to retrieve EMS vector source');
-        return null;
-      }
-
       const tmsServices = await emsClient.getTMSServices();
       const tmsService = tmsServices.find((layer) => layer.getId() === request.query.id);
       if (!tmsService) {
@@ -381,28 +382,21 @@ export function initRoutes(router, licenseUid, mapConfig, kbnVersion, logger) {
       path: `${ROOT}/${EMS_TILES_API_PATH}/${EMS_TILES_VECTOR_TILE_PATH}`,
       validate: {
         query: schema.object({
-          id: schema.maybe(schema.string()),
-          sourceId: schema.maybe(schema.string()),
-          x: schema.maybe(schema.number()),
-          y: schema.maybe(schema.number()),
-          z: schema.maybe(schema.number()),
+          id: schema.string(),
+          sourceId: schema.string(),
+          x: schema.number(),
+          y: schema.number(),
+          z: schema.number(),
+          elastic_tile_service_tos: schema.maybe(schema.string()),
+          my_app_name: schema.maybe(schema.string()),
+          my_app_version: schema.maybe(schema.string()),
+          license: schema.maybe(schema.string()),
         }),
       },
     },
-    async (context, request, { ok, badRequest }) => {
+    async (context, request, response) => {
       if (!checkEMSProxyEnabled()) {
-        return badRequest('map.proxyElasticMapsServiceInMaps disabled');
-      }
-
-      if (
-        !request.query.id ||
-        !request.query.sourceId ||
-        typeof parseInt(request.query.x, 10) !== 'number' ||
-        typeof parseInt(request.query.y, 10) !== 'number' ||
-        typeof parseInt(request.query.z, 10) !== 'number'
-      ) {
-        logger.warn('Must supply id/sourceId/x/y/z parameters to retrieve EMS vector tile');
-        return null;
+        return response.badRequest('map.proxyElasticMapsServiceInMaps disabled');
       }
 
       const tmsServices = await emsClient.getTMSServices();
@@ -417,24 +411,29 @@ export function initRoutes(router, licenseUid, mapConfig, kbnVersion, logger) {
         .replace('{y}', request.query.y)
         .replace('{z}', request.query.z);
 
-      return await proxyResource({ url }, { ok, badRequest });
+      return await proxyResource({ url }, response);
     }
   );
 
   router.get(
     {
       path: `${ROOT}/${EMS_TILES_API_PATH}/${EMS_GLYPHS_PATH}/{fontstack}/{range}`,
-      validate: false,
+      validate: {
+        params: schema.object({
+          fontstack: schema.string(),
+          range: schema.string(),
+        }),
+      },
     },
-    async (context, request, { ok, badRequest }) => {
+    async (context, request, response) => {
       if (!checkEMSProxyEnabled()) {
-        return badRequest('map.proxyElasticMapsServiceInMaps disabled');
+        return response.badRequest('map.proxyElasticMapsServiceInMaps disabled');
       }
       const url = mapConfig.emsFontLibraryUrl
         .replace('{fontstack}', request.params.fontstack)
         .replace('{range}', request.params.range);
 
-      return await proxyResource({ url }, { ok, badRequest });
+      return await proxyResource({ url }, response);
     }
   );
 
@@ -442,19 +441,22 @@ export function initRoutes(router, licenseUid, mapConfig, kbnVersion, logger) {
     {
       path: `${ROOT}/${EMS_TILES_API_PATH}/${EMS_SPRITES_PATH}/{id}/sprite{scaling?}.{extension}`,
       validate: {
+        query: schema.object({
+          elastic_tile_service_tos: schema.maybe(schema.string()),
+          my_app_name: schema.maybe(schema.string()),
+          my_app_version: schema.maybe(schema.string()),
+          license: schema.maybe(schema.string()),
+        }),
         params: schema.object({
           id: schema.string(),
+          scaling: schema.maybe(schema.string()),
+          extension: schema.string(),
         }),
       },
     },
-    async (context, request, { ok, badRequest }) => {
+    async (context, request, response) => {
       if (!checkEMSProxyEnabled()) {
-        return badRequest('map.proxyElasticMapsServiceInMaps disabled');
-      }
-
-      if (!request.params.id) {
-        logger.warn('Must supply id parameter to retrieve EMS vector source sprite');
-        return null;
+        return response.badRequest('map.proxyElasticMapsServiceInMaps disabled');
       }
 
       const tmsServices = await emsClient.getTMSServices();
@@ -479,7 +481,7 @@ export function initRoutes(router, licenseUid, mapConfig, kbnVersion, logger) {
           url: proxyPathUrl,
           contentType: request.params.extension === 'png' ? 'image/png' : '',
         },
-        { ok, badRequest }
+        response
       );
     }
   );
@@ -570,25 +572,23 @@ export function initRoutes(router, licenseUid, mapConfig, kbnVersion, logger) {
     return proxyEMSInMaps;
   }
 
-  async function proxyResource({ url, contentType }, { ok, badRequest }) {
+  async function proxyResource({ url, contentType }, response) {
     try {
       const resource = await fetch(url);
       const arrayBuffer = await resource.arrayBuffer();
-      const bufferedResponse = Buffer.from(arrayBuffer);
-      const headers = {
-        'Content-Disposition': 'inline',
-      };
-      if (contentType) {
-        headers['Content-type'] = contentType;
-      }
-
-      return ok({
-        body: bufferedResponse,
-        headers,
+      const buffer = Buffer.from(arrayBuffer);
+
+      return response.ok({
+        body: buffer,
+        headers: {
+          'content-disposition': 'inline',
+          'content-length': buffer.length,
+          ...(contentType ? { 'Content-type': contentType } : {}),
+        },
       });
     } catch (e) {
       logger.warn(`Cannot connect to EMS for resource, error: ${e.message}`);
-      return badRequest(`Cannot connect to EMS`);
+      return response.badRequest(`Cannot connect to EMS`);
     }
   }
 }
diff --git a/x-pack/plugins/ml/public/application/data_frame_analytics/common/analytics.ts b/x-pack/plugins/ml/public/application/data_frame_analytics/common/analytics.ts
index 618ea5184007d8..06254f0de092ed 100644
--- a/x-pack/plugins/ml/public/application/data_frame_analytics/common/analytics.ts
+++ b/x-pack/plugins/ml/public/application/data_frame_analytics/common/analytics.ts
@@ -339,6 +339,7 @@ export interface UpdateDataFrameAnalyticsConfig {
   allow_lazy_start?: string;
   description?: string;
   model_memory_limit?: string;
+  max_num_threads?: number;
 }
 
 export interface DataFrameAnalyticsConfig {
@@ -358,6 +359,7 @@ export interface DataFrameAnalyticsConfig {
     excludes: string[];
   };
   model_memory_limit: string;
+  max_num_threads?: number;
   create_time: number;
   version: string;
   allow_lazy_start?: boolean;
diff --git a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/advanced_step/advanced_step_details.tsx b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/advanced_step/advanced_step_details.tsx
index a9c8b6d4040ad1..875590d0f9ee47 100644
--- a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/advanced_step/advanced_step_details.tsx
+++ b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/advanced_step/advanced_step_details.tsx
@@ -45,6 +45,7 @@ export const AdvancedStepDetails: FC<{ setCurrentStep: any; state: State }> = ({
     jobType,
     lambda,
     method,
+    maxNumThreads,
     maxTrees,
     modelMemoryLimit,
     nNeighbors,
@@ -214,6 +215,15 @@ export const AdvancedStepDetails: FC<{ setCurrentStep: any; state: State }> = ({
     );
   }
 
+  if (maxNumThreads !== undefined) {
+    advancedFirstCol.push({
+      title: i18n.translate('xpack.ml.dataframe.analytics.create.configDetails.maxNumThreads', {
+        defaultMessage: 'Maximum number of threads',
+      }),
+      description: `${maxNumThreads}`,
+    });
+  }
+
   return (
     <Fragment>
       <EuiTitle size="xs">
diff --git a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/advanced_step/advanced_step_form.tsx b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/advanced_step/advanced_step_form.tsx
index 21b0d3d7dd89e0..11184afb0e715c 100644
--- a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/advanced_step/advanced_step_form.tsx
+++ b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/advanced_step/advanced_step_form.tsx
@@ -9,7 +9,7 @@ import {
   EuiAccordion,
   EuiFieldNumber,
   EuiFieldText,
-  EuiFlexGroup,
+  EuiFlexGrid,
   EuiFlexItem,
   EuiFormRow,
   EuiSelect,
@@ -57,6 +57,7 @@ export const AdvancedStepForm: FC<CreateAnalyticsStepProps> = ({
     gamma,
     jobType,
     lambda,
+    maxNumThreads,
     maxTrees,
     method,
     modelMemoryLimit,
@@ -82,7 +83,8 @@ export const AdvancedStepForm: FC<CreateAnalyticsStepProps> = ({
   const isStepInvalid =
     mmlInvalid ||
     Object.keys(advancedParamErrors).length > 0 ||
-    fetchingAdvancedParamErrors === true;
+    fetchingAdvancedParamErrors === true ||
+    maxNumThreads === 0;
 
   useEffect(() => {
     setFetchingAdvancedParamErrors(true);
@@ -112,6 +114,7 @@ export const AdvancedStepForm: FC<CreateAnalyticsStepProps> = ({
     featureInfluenceThreshold,
     gamma,
     lambda,
+    maxNumThreads,
     maxTrees,
     method,
     nNeighbors,
@@ -123,7 +126,7 @@ export const AdvancedStepForm: FC<CreateAnalyticsStepProps> = ({
 
   const outlierDetectionAdvancedConfig = (
     <Fragment>
-      <EuiFlexItem style={{ minWidth: '30%' }}>
+      <EuiFlexItem>
         <EuiFormRow
           label={i18n.translate(
             'xpack.ml.dataframe.analytics.create.computeFeatureInfluenceLabel',
@@ -171,7 +174,7 @@ export const AdvancedStepForm: FC<CreateAnalyticsStepProps> = ({
           />
         </EuiFormRow>
       </EuiFlexItem>
-      <EuiFlexItem style={{ minWidth: '30%' }}>
+      <EuiFlexItem>
         <EuiFormRow
           label={i18n.translate(
             'xpack.ml.dataframe.analytics.create.featureInfluenceThresholdLabel',
@@ -210,7 +213,7 @@ export const AdvancedStepForm: FC<CreateAnalyticsStepProps> = ({
 
   const regAndClassAdvancedConfig = (
     <Fragment>
-      <EuiFlexItem style={{ minWidth: '30%' }}>
+      <EuiFlexItem>
         <EuiFormRow
           label={i18n.translate(
             'xpack.ml.dataframe.analytics.create.numTopFeatureImportanceValuesLabel',
@@ -261,7 +264,7 @@ export const AdvancedStepForm: FC<CreateAnalyticsStepProps> = ({
           />
         </EuiFormRow>
       </EuiFlexItem>
-      <EuiFlexItem style={{ minWidth: '30%' }}>
+      <EuiFlexItem>
         <EuiFormRow
           label={i18n.translate('xpack.ml.dataframe.analytics.create.predictionFieldNameLabel', {
             defaultMessage: 'Prediction field name',
@@ -294,11 +297,11 @@ export const AdvancedStepForm: FC<CreateAnalyticsStepProps> = ({
           })}
         </h3>
       </EuiTitle>
-      <EuiFlexGroup wrap>
+      <EuiFlexGrid columns={3}>
         {jobType === ANALYSIS_CONFIG_TYPE.OUTLIER_DETECTION && outlierDetectionAdvancedConfig}
         {isRegOrClassJob && regAndClassAdvancedConfig}
         {jobType === ANALYSIS_CONFIG_TYPE.CLASSIFICATION && (
-          <EuiFlexItem style={{ minWidth: '30%' }}>
+          <EuiFlexItem>
             <EuiFormRow
               label={i18n.translate('xpack.ml.dataframe.analytics.create.numTopClassesLabel', {
                 defaultMessage: 'Top classes',
@@ -332,7 +335,7 @@ export const AdvancedStepForm: FC<CreateAnalyticsStepProps> = ({
             </EuiFormRow>
           </EuiFlexItem>
         )}
-        <EuiFlexItem style={{ width: '30%', minWidth: '30%' }}>
+        <EuiFlexItem>
           <EuiFormRow
             label={i18n.translate('xpack.ml.dataframe.analytics.create.modelMemoryLimitLabel', {
               defaultMessage: 'Model memory limit',
@@ -361,7 +364,43 @@ export const AdvancedStepForm: FC<CreateAnalyticsStepProps> = ({
             />
           </EuiFormRow>
         </EuiFlexItem>
-      </EuiFlexGroup>
+        <EuiFlexItem>
+          <EuiFormRow
+            label={i18n.translate('xpack.ml.dataframe.analytics.create.maxNumThreadsLabel', {
+              defaultMessage: 'Maximum number of threads',
+            })}
+            helpText={i18n.translate('xpack.ml.dataframe.analytics.create.maxNumThreadsHelpText', {
+              defaultMessage:
+                'The maximum number of threads to be used by the analysis. The default value is 1',
+            })}
+            isInvalid={maxNumThreads === 0}
+            error={
+              maxNumThreads === 0 &&
+              i18n.translate('xpack.ml.dataframe.analytics.create.maxNumThreadsError', {
+                defaultMessage: 'The minimum value is 1.',
+              })
+            }
+          >
+            <EuiFieldNumber
+              aria-label={i18n.translate(
+                'xpack.ml.dataframe.analytics.create.maxNumThreadsInputAriaLabel',
+                {
+                  defaultMessage: 'The maximum number of threads to be used by the analysis.',
+                }
+              )}
+              data-test-subj="mlAnalyticsCreateJobWizardMaxNumThreadsInput"
+              min={1}
+              onChange={(e) =>
+                setFormState({
+                  maxNumThreads: e.target.value === '' ? undefined : +e.target.value,
+                })
+              }
+              step={1}
+              value={getNumberValue(maxNumThreads)}
+            />
+          </EuiFormRow>
+        </EuiFlexItem>
+      </EuiFlexGrid>
       <EuiSpacer />
       <EuiAccordion
         id="hyper-parameters"
@@ -377,7 +416,7 @@ export const AdvancedStepForm: FC<CreateAnalyticsStepProps> = ({
         initialIsOpen={false}
         data-test-subj="mlAnalyticsCreateJobWizardHyperParametersSection"
       >
-        <EuiFlexGroup wrap>
+        <EuiFlexGrid columns={3}>
           {jobType === ANALYSIS_CONFIG_TYPE.OUTLIER_DETECTION && (
             <OutlierHyperParameters
               actions={actions}
@@ -392,7 +431,7 @@ export const AdvancedStepForm: FC<CreateAnalyticsStepProps> = ({
               advancedParamErrors={advancedParamErrors}
             />
           )}
-        </EuiFlexGroup>
+        </EuiFlexGrid>
       </EuiAccordion>
       <EuiSpacer />
       <ContinueButton
diff --git a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/advanced_step/hyper_parameters.tsx b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/advanced_step/hyper_parameters.tsx
index 620e81e30a0c48..60ee0dda6dc246 100644
--- a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/advanced_step/hyper_parameters.tsx
+++ b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/advanced_step/hyper_parameters.tsx
@@ -24,7 +24,7 @@ export const HyperParameters: FC<Props> = ({ actions, state, advancedParamErrors
 
   return (
     <Fragment>
-      <EuiFlexItem style={{ minWidth: '30%' }}>
+      <EuiFlexItem>
         <EuiFormRow
           label={i18n.translate('xpack.ml.dataframe.analytics.create.lambdaLabel', {
             defaultMessage: 'Lambda',
@@ -51,7 +51,7 @@ export const HyperParameters: FC<Props> = ({ actions, state, advancedParamErrors
           />
         </EuiFormRow>
       </EuiFlexItem>
-      <EuiFlexItem style={{ minWidth: '30%' }}>
+      <EuiFlexItem>
         <EuiFormRow
           label={i18n.translate('xpack.ml.dataframe.analytics.create.maxTreesLabel', {
             defaultMessage: 'Max trees',
@@ -81,7 +81,7 @@ export const HyperParameters: FC<Props> = ({ actions, state, advancedParamErrors
           />
         </EuiFormRow>
       </EuiFlexItem>
-      <EuiFlexItem style={{ minWidth: '30%' }}>
+      <EuiFlexItem>
         <EuiFormRow
           label={i18n.translate('xpack.ml.dataframe.analytics.create.gammaLabel', {
             defaultMessage: 'Gamma',
@@ -108,7 +108,7 @@ export const HyperParameters: FC<Props> = ({ actions, state, advancedParamErrors
           />
         </EuiFormRow>
       </EuiFlexItem>
-      <EuiFlexItem style={{ minWidth: '30%' }}>
+      <EuiFlexItem>
         <EuiFormRow
           label={i18n.translate('xpack.ml.dataframe.analytics.create.etaLabel', {
             defaultMessage: 'Eta',
@@ -134,7 +134,7 @@ export const HyperParameters: FC<Props> = ({ actions, state, advancedParamErrors
           />
         </EuiFormRow>
       </EuiFlexItem>
-      <EuiFlexItem style={{ minWidth: '30%' }}>
+      <EuiFlexItem>
         <EuiFormRow
           label={i18n.translate('xpack.ml.dataframe.analytics.create.featureBagFractionLabel', {
             defaultMessage: 'Feature bag fraction',
@@ -172,7 +172,7 @@ export const HyperParameters: FC<Props> = ({ actions, state, advancedParamErrors
           />
         </EuiFormRow>
       </EuiFlexItem>
-      <EuiFlexItem style={{ minWidth: '30%' }}>
+      <EuiFlexItem>
         <EuiFormRow
           label={i18n.translate('xpack.ml.dataframe.analytics.create.randomizeSeedLabel', {
             defaultMessage: 'Randomize seed',
diff --git a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/advanced_step/outlier_hyper_parameters.tsx b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/advanced_step/outlier_hyper_parameters.tsx
index bbb4539bf9b3cf..6e9e446e4babb7 100644
--- a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/advanced_step/outlier_hyper_parameters.tsx
+++ b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_creation/components/advanced_step/outlier_hyper_parameters.tsx
@@ -22,7 +22,7 @@ export const OutlierHyperParameters: FC<Props> = ({ actions, state, advancedPara
 
   return (
     <Fragment>
-      <EuiFlexItem style={{ minWidth: '30%' }}>
+      <EuiFlexItem>
         <EuiFormRow
           label={i18n.translate('xpack.ml.dataframe.analytics.create.methodLabel', {
             defaultMessage: 'Method',
@@ -48,7 +48,7 @@ export const OutlierHyperParameters: FC<Props> = ({ actions, state, advancedPara
           />
         </EuiFormRow>
       </EuiFlexItem>
-      <EuiFlexItem style={{ minWidth: '30%' }}>
+      <EuiFlexItem>
         <EuiFormRow
           label={i18n.translate('xpack.ml.dataframe.analytics.create.nNeighborsLabel', {
             defaultMessage: 'N neighbors',
@@ -78,7 +78,7 @@ export const OutlierHyperParameters: FC<Props> = ({ actions, state, advancedPara
           />
         </EuiFormRow>
       </EuiFlexItem>
-      <EuiFlexItem style={{ minWidth: '30%' }}>
+      <EuiFlexItem>
         <EuiFormRow
           label={i18n.translate('xpack.ml.dataframe.analytics.create.outlierFractionLabel', {
             defaultMessage: 'Outlier fraction',
@@ -109,7 +109,7 @@ export const OutlierHyperParameters: FC<Props> = ({ actions, state, advancedPara
           />
         </EuiFormRow>
       </EuiFlexItem>
-      <EuiFlexItem style={{ minWidth: '30%' }}>
+      <EuiFlexItem>
         <EuiFormRow
           label={i18n.translate('xpack.ml.dataframe.analytics.create.standardizationEnabledLabel', {
             defaultMessage: 'Standardization enabled',
diff --git a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_management/components/action_clone/clone_button.tsx b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_management/components/action_clone/clone_button.tsx
index 280ec544c1e5ec..13f3805cdf613e 100644
--- a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_management/components/action_clone/clone_button.tsx
+++ b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_management/components/action_clone/clone_button.tsx
@@ -255,6 +255,10 @@ const getAnalyticsJobMeta = (config: CloneDataFrameAnalyticsConfig): AnalyticsJo
     optional: true,
     formKey: 'modelMemoryLimit',
   },
+  max_num_threads: {
+    optional: true,
+    formKey: 'maxNumThreads',
+  },
 });
 
 /**
diff --git a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_management/components/action_edit/edit_button_flyout.tsx b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_management/components/action_edit/edit_button_flyout.tsx
index 728f53bf69ee2a..4b708d48ca0eca 100644
--- a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_management/components/action_edit/edit_button_flyout.tsx
+++ b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_management/components/action_edit/edit_button_flyout.tsx
@@ -11,6 +11,7 @@ import { i18n } from '@kbn/i18n';
 import {
   EuiButton,
   EuiButtonEmpty,
+  EuiFieldNumber,
   EuiFieldText,
   EuiFlexGroup,
   EuiFlexItem,
@@ -52,6 +53,7 @@ export const EditButtonFlyout: FC<Required<EditAction>> = ({ closeFlyout, item }
   const [description, setDescription] = useState<string>(config.description || '');
   const [modelMemoryLimit, setModelMemoryLimit] = useState<string>(config.model_memory_limit);
   const [mmlValidationError, setMmlValidationError] = useState<string | undefined>();
+  const [maxNumThreads, setMaxNumThreads] = useState<number | undefined>(config.max_num_threads);
 
   const {
     services: { notifications },
@@ -59,7 +61,7 @@ export const EditButtonFlyout: FC<Required<EditAction>> = ({ closeFlyout, item }
   const { refresh } = useRefreshAnalyticsList();
 
   // Disable if mml is not valid
-  const updateButtonDisabled = mmlValidationError !== undefined;
+  const updateButtonDisabled = mmlValidationError !== undefined || maxNumThreads === 0;
 
   useEffect(() => {
     if (mmLValidator === undefined) {
@@ -93,7 +95,8 @@ export const EditButtonFlyout: FC<Required<EditAction>> = ({ closeFlyout, item }
         allow_lazy_start: allowLazyStart,
         description,
       },
-      modelMemoryLimit && { model_memory_limit: modelMemoryLimit }
+      modelMemoryLimit && { model_memory_limit: modelMemoryLimit },
+      maxNumThreads && { max_num_threads: maxNumThreads }
     );
 
     try {
@@ -210,7 +213,7 @@ export const EditButtonFlyout: FC<Required<EditAction>> = ({ closeFlyout, item }
               helpText={
                 state !== DATA_FRAME_TASK_STATE.STOPPED &&
                 i18n.translate('xpack.ml.dataframe.analyticsList.editFlyout.modelMemoryHelpText', {
-                  defaultMessage: 'Model memory limit cannot be edited while the job is running.',
+                  defaultMessage: 'Model memory limit cannot be edited until the job has stopped.',
                 })
               }
               label={i18n.translate(
@@ -236,6 +239,49 @@ export const EditButtonFlyout: FC<Required<EditAction>> = ({ closeFlyout, item }
                 )}
               />
             </EuiFormRow>
+            <EuiFormRow
+              helpText={
+                state !== DATA_FRAME_TASK_STATE.STOPPED &&
+                i18n.translate(
+                  'xpack.ml.dataframe.analyticsList.editFlyout.maxNumThreadsHelpText',
+                  {
+                    defaultMessage:
+                      'Maximum number of threads cannot be edited until the job has stopped.',
+                  }
+                )
+              }
+              label={i18n.translate(
+                'xpack.ml.dataframe.analyticsList.editFlyout.maxNumThreadsLabel',
+                {
+                  defaultMessage: 'Maximum number of threads',
+                }
+              )}
+              isInvalid={maxNumThreads === 0}
+              error={
+                maxNumThreads === 0 &&
+                i18n.translate('xpack.ml.dataframe.analyticsList.editFlyout.maxNumThreadsError', {
+                  defaultMessage: 'The minimum value is 1.',
+                })
+              }
+            >
+              <EuiFieldNumber
+                aria-label={i18n.translate(
+                  'xpack.ml.dataframe.analyticsList.editFlyout.maxNumThreadsAriaLabel',
+                  {
+                    defaultMessage:
+                      'Update the maximum number of threads to be used by the analysis.',
+                  }
+                )}
+                data-test-subj="mlAnalyticsEditFlyoutMaxNumThreadsLimitInput"
+                onChange={(e) =>
+                  setMaxNumThreads(e.target.value === '' ? undefined : +e.target.value)
+                }
+                step={1}
+                min={1}
+                readOnly={state !== DATA_FRAME_TASK_STATE.STOPPED}
+                value={maxNumThreads}
+              />
+            </EuiFormRow>
           </EuiForm>
         </EuiFlyoutBody>
         <EuiFlyoutFooter>
diff --git a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_management/hooks/use_create_analytics_form/state.ts b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_management/hooks/use_create_analytics_form/state.ts
index 0d425c8ead4a2e..68a3613f91b5e2 100644
--- a/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_management/hooks/use_create_analytics_form/state.ts
+++ b/x-pack/plugins/ml/public/application/data_frame_analytics/pages/analytics_management/hooks/use_create_analytics_form/state.ts
@@ -23,6 +23,7 @@ export enum DEFAULT_MODEL_MEMORY_LIMIT {
 }
 
 export const DEFAULT_NUM_TOP_FEATURE_IMPORTANCE_VALUES = 0;
+export const DEFAULT_MAX_NUM_THREADS = 1;
 export const UNSET_CONFIG_ITEM = '--';
 
 export type EsIndexName = string;
@@ -68,6 +69,7 @@ export interface State {
     jobConfigQueryString: string | undefined;
     lambda: number | undefined;
     loadingFieldOptions: boolean;
+    maxNumThreads: undefined | number;
     maxTrees: undefined | number;
     method: undefined | string;
     modelMemoryLimit: string | undefined;
@@ -134,6 +136,7 @@ export const getInitialState = (): State => ({
     jobConfigQueryString: undefined,
     lambda: undefined,
     loadingFieldOptions: false,
+    maxNumThreads: DEFAULT_MAX_NUM_THREADS,
     maxTrees: undefined,
     method: undefined,
     modelMemoryLimit: undefined,
@@ -200,6 +203,10 @@ export const getJobConfigFromFormState = (
     model_memory_limit: formState.modelMemoryLimit,
   };
 
+  if (formState.maxNumThreads !== undefined) {
+    jobConfig.max_num_threads = formState.maxNumThreads;
+  }
+
   const resultsFieldEmpty =
     typeof formState?.resultsField === 'string' && formState?.resultsField.trim() === '';
 
@@ -291,6 +298,7 @@ export function getCloneFormStateFromJobConfig(
       ? analyticsJobConfig.source.index.join(',')
       : analyticsJobConfig.source.index,
     modelMemoryLimit: analyticsJobConfig.model_memory_limit,
+    maxNumThreads: analyticsJobConfig.max_num_threads,
     includes: analyticsJobConfig.analyzed_fields.includes,
   };
 
diff --git a/x-pack/plugins/ml/server/routes/schemas/data_analytics_schema.ts b/x-pack/plugins/ml/server/routes/schemas/data_analytics_schema.ts
index 5469c2fefdf33a..0c3e186c314ccc 100644
--- a/x-pack/plugins/ml/server/routes/schemas/data_analytics_schema.ts
+++ b/x-pack/plugins/ml/server/routes/schemas/data_analytics_schema.ts
@@ -28,6 +28,7 @@ export const dataAnalyticsJobConfigSchema = schema.object({
   analysis: schema.any(),
   analyzed_fields: schema.any(),
   model_memory_limit: schema.string(),
+  max_num_threads: schema.maybe(schema.number()),
 });
 
 export const dataAnalyticsEvaluateSchema = schema.object({
@@ -52,6 +53,7 @@ export const dataAnalyticsExplainSchema = schema.object({
   analysis: schema.any(),
   analyzed_fields: schema.maybe(schema.any()),
   model_memory_limit: schema.maybe(schema.string()),
+  max_num_threads: schema.maybe(schema.number()),
 });
 
 export const analyticsIdSchema = schema.object({
@@ -73,6 +75,7 @@ export const dataAnalyticsJobUpdateSchema = schema.object({
   description: schema.maybe(schema.string()),
   model_memory_limit: schema.maybe(schema.string()),
   allow_lazy_start: schema.maybe(schema.boolean()),
+  max_num_threads: schema.maybe(schema.number()),
 });
 
 export const stopsDataFrameAnalyticsJobQuerySchema = schema.object({
diff --git a/x-pack/plugins/reporting/common/types.ts b/x-pack/plugins/reporting/common/types.ts
index 2b9e9299852f54..2819c28cfb54fa 100644
--- a/x-pack/plugins/reporting/common/types.ts
+++ b/x-pack/plugins/reporting/common/types.ts
@@ -6,6 +6,8 @@
 
 // eslint-disable-next-line @kbn/eslint/no-restricted-paths
 export { ReportingConfigType } from '../server/config';
+// eslint-disable-next-line @kbn/eslint/no-restricted-paths
+export { LayoutInstance } from '../server/export_types/common/layouts';
 
 export type JobId = string;
 export type JobStatus =
diff --git a/x-pack/plugins/reporting/public/plugin.tsx b/x-pack/plugins/reporting/public/plugin.tsx
index aad3d9b026c6ee..8a25df0a74bbf7 100644
--- a/x-pack/plugins/reporting/public/plugin.tsx
+++ b/x-pack/plugins/reporting/public/plugin.tsx
@@ -26,7 +26,7 @@ import {
 import { ManagementSectionId, ManagementSetup } from '../../../../src/plugins/management/public';
 import { SharePluginSetup } from '../../../../src/plugins/share/public';
 import { LicensingPluginSetup } from '../../licensing/public';
-import { ReportingConfigType, JobId, JobStatusBuckets } from '../common/types';
+import { JobId, JobStatusBuckets, ReportingConfigType } from '../common/types';
 import { JOB_COMPLETION_NOTIFICATIONS_SESSION_KEY } from '../constants';
 import { getGeneralErrorToast } from './components';
 import { ReportListing } from './components/report_listing';
@@ -144,7 +144,7 @@ export class ReportingPublicPlugin implements Plugin<void, void> {
 
     uiActions.addTriggerAction(CONTEXT_MENU_TRIGGER, action);
 
-    share.register(csvReportingProvider({ apiClient, toasts, license$ }));
+    share.register(csvReportingProvider({ apiClient, toasts, license$, uiSettings }));
     share.register(
       reportingPDFPNGProvider({
         apiClient,
diff --git a/x-pack/plugins/reporting/public/share_context_menu/register_csv_reporting.tsx b/x-pack/plugins/reporting/public/share_context_menu/register_csv_reporting.tsx
index ea4ecaa60ab2c4..4ad35fd7688254 100644
--- a/x-pack/plugins/reporting/public/share_context_menu/register_csv_reporting.tsx
+++ b/x-pack/plugins/reporting/public/share_context_menu/register_csv_reporting.tsx
@@ -5,22 +5,29 @@
  */
 
 import { i18n } from '@kbn/i18n';
+import moment from 'moment-timezone';
 import React from 'react';
-
-import { ToastsSetup } from 'src/core/public';
+import { IUiSettingsClient, ToastsSetup } from 'src/core/public';
+import { ShareContext } from '../../../../../src/plugins/share/public';
+import { LicensingPluginSetup } from '../../../licensing/public';
+import { JobParamsDiscoverCsv, SearchRequest } from '../../server/export_types/csv/types';
 import { ReportingPanelContent } from '../components/reporting_panel_content';
-import { ReportingAPIClient } from '../lib/reporting_api_client';
 import { checkLicense } from '../lib/license_check';
-import { LicensingPluginSetup } from '../../../licensing/public';
-import { ShareContext } from '../../../../../src/plugins/share/public';
+import { ReportingAPIClient } from '../lib/reporting_api_client';
 
 interface ReportingProvider {
   apiClient: ReportingAPIClient;
   toasts: ToastsSetup;
   license$: LicensingPluginSetup['license$'];
+  uiSettings: IUiSettingsClient;
 }
 
-export const csvReportingProvider = ({ apiClient, toasts, license$ }: ReportingProvider) => {
+export const csvReportingProvider = ({
+  apiClient,
+  toasts,
+  license$,
+  uiSettings,
+}: ReportingProvider) => {
   let toolTipContent = '';
   let disabled = true;
   let hasCSVReporting = false;
@@ -33,6 +40,14 @@ export const csvReportingProvider = ({ apiClient, toasts, license$ }: ReportingP
     disabled = !enableLinks;
   });
 
+  // If the TZ is set to the default "Browser", it will not be useful for
+  // server-side export. We need to derive the timezone and pass it as a param
+  // to the export API.
+  const browserTimezone =
+    uiSettings.get('dateFormat:tz') === 'Browser'
+      ? moment.tz.guess()
+      : uiSettings.get('dateFormat:tz');
+
   const getShareMenuItems = ({
     objectType,
     objectId,
@@ -44,13 +59,19 @@ export const csvReportingProvider = ({ apiClient, toasts, license$ }: ReportingP
       return [];
     }
 
-    const getJobParams = () => {
-      return {
-        ...sharingData,
-        type: objectType,
-      };
+    const jobParams: JobParamsDiscoverCsv = {
+      browserTimezone,
+      objectType,
+      title: sharingData.title as string,
+      indexPatternId: sharingData.indexPatternId as string,
+      searchRequest: sharingData.searchRequest as SearchRequest,
+      fields: sharingData.fields as string[],
+      metaFields: sharingData.metaFields as string[],
+      conflictedTypesFields: sharingData.conflictedTypesFields as string[],
     };
 
+    const getJobParams = () => jobParams;
+
     const shareActions = [];
 
     if (hasCSVReporting) {
diff --git a/x-pack/plugins/reporting/public/share_context_menu/register_pdf_png_reporting.tsx b/x-pack/plugins/reporting/public/share_context_menu/register_pdf_png_reporting.tsx
index 2343947a6d383c..e10d04ea5fc6bd 100644
--- a/x-pack/plugins/reporting/public/share_context_menu/register_pdf_png_reporting.tsx
+++ b/x-pack/plugins/reporting/public/share_context_menu/register_pdf_png_reporting.tsx
@@ -7,12 +7,15 @@
 import { i18n } from '@kbn/i18n';
 import moment from 'moment-timezone';
 import React from 'react';
-import { ToastsSetup, IUiSettingsClient } from 'src/core/public';
-import { ReportingAPIClient } from '../lib/reporting_api_client';
-import { checkLicense } from '../lib/license_check';
-import { ScreenCapturePanelContent } from '../components/screen_capture_panel_content';
-import { LicensingPluginSetup } from '../../../licensing/public';
+import { IUiSettingsClient, ToastsSetup } from 'src/core/public';
 import { ShareContext } from '../../../../../src/plugins/share/public';
+import { LicensingPluginSetup } from '../../../licensing/public';
+import { LayoutInstance } from '../../common/types';
+import { JobParamsPNG } from '../../server/export_types/png/types';
+import { JobParamsPDF } from '../../server/export_types/printable_pdf/types';
+import { ScreenCapturePanelContent } from '../components/screen_capture_panel_content';
+import { checkLicense } from '../lib/license_check';
+import { ReportingAPIClient } from '../lib/reporting_api_client';
 
 interface ReportingPDFPNGProvider {
   apiClient: ReportingAPIClient;
@@ -39,6 +42,14 @@ export const reportingPDFPNGProvider = ({
     disabled = !enableLinks;
   });
 
+  // If the TZ is set to the default "Browser", it will not be useful for
+  // server-side export. We need to derive the timezone and pass it as a param
+  // to the export API.
+  const browserTimezone =
+    uiSettings.get('dateFormat:tz') === 'Browser'
+      ? moment.tz.guess()
+      : uiSettings.get('dateFormat:tz');
+
   const getShareMenuItems = ({
     objectType,
     objectId,
@@ -57,7 +68,7 @@ export const reportingPDFPNGProvider = ({
       return [];
     }
 
-    const getReportingJobParams = () => {
+    const getPdfJobParams = (): JobParamsPDF => {
       // Relative URL must have URL prefix (Spaces ID prefix), but not server basePath
       // Replace hashes with original RISON values.
       const relativeUrl = shareableUrl.replace(
@@ -65,36 +76,28 @@ export const reportingPDFPNGProvider = ({
         ''
       );
 
-      const browserTimezone =
-        uiSettings.get('dateFormat:tz') === 'Browser'
-          ? moment.tz.guess()
-          : uiSettings.get('dateFormat:tz');
-
       return {
-        ...sharingData,
         objectType,
         browserTimezone,
-        relativeUrls: [relativeUrl],
+        relativeUrls: [relativeUrl], // multi URL for PDF
+        layout: sharingData.layout as LayoutInstance,
+        title: sharingData.title as string,
       };
     };
 
-    const getPngJobParams = () => {
+    const getPngJobParams = (): JobParamsPNG => {
       // Replace hashes with original RISON values.
       const relativeUrl = shareableUrl.replace(
         window.location.origin + apiClient.getServerBasePath(),
         ''
       );
 
-      const browserTimezone =
-        uiSettings.get('dateFormat:tz') === 'Browser'
-          ? moment.tz.guess()
-          : uiSettings.get('dateFormat:tz');
-
       return {
-        ...sharingData,
         objectType,
         browserTimezone,
-        relativeUrl,
+        relativeUrl, // single URL for PNG
+        layout: sharingData.layout as LayoutInstance,
+        title: sharingData.title as string,
       };
     };
 
@@ -161,7 +164,7 @@ export const reportingPDFPNGProvider = ({
               reportType="printablePdf"
               objectType={objectType}
               objectId={objectId}
-              getJobParams={getReportingJobParams}
+              getJobParams={getPdfJobParams}
               isDirty={isDirty}
               onClose={onClose}
             />
diff --git a/x-pack/plugins/reporting/server/export_types/csv/server/create_job.ts b/x-pack/plugins/reporting/server/export_types/csv/server/create_job.ts
index c4fa1cd8e4fa6e..fb2d9bfdc58382 100644
--- a/x-pack/plugins/reporting/server/export_types/csv/server/create_job.ts
+++ b/x-pack/plugins/reporting/server/export_types/csv/server/create_job.ts
@@ -13,7 +13,6 @@ export const scheduleTaskFnFactory: ScheduleTaskFnFactory<ESQueueCreateJobFn<
 >> = function createJobFactoryFn(reporting) {
   const config = reporting.getConfig();
   const crypto = cryptoFactory(config.get('encryptionKey'));
-  const setupDeps = reporting.getPluginSetupDeps();
 
   return async function scheduleTask(jobParams, context, request) {
     const serializedEncryptedHeaders = await crypto.encrypt(request.headers);
@@ -21,13 +20,12 @@ export const scheduleTaskFnFactory: ScheduleTaskFnFactory<ESQueueCreateJobFn<
     const savedObjectsClient = context.core.savedObjects.client;
     const indexPatternSavedObject = await savedObjectsClient.get(
       'index-pattern',
-      jobParams.indexPatternId!
+      jobParams.indexPatternId
     );
 
     return {
       headers: serializedEncryptedHeaders,
       indexPatternSavedObject,
-      basePath: setupDeps.basePath(request),
       ...jobParams,
     };
   };
diff --git a/x-pack/plugins/reporting/server/export_types/csv/server/execute_job.ts b/x-pack/plugins/reporting/server/export_types/csv/server/execute_job.ts
index 89fd014502f744..b38cd8c5af9e72 100644
--- a/x-pack/plugins/reporting/server/export_types/csv/server/execute_job.ts
+++ b/x-pack/plugins/reporting/server/export_types/csv/server/execute_job.ts
@@ -4,20 +4,55 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
+import { Crypto } from '@elastic/node-crypto';
 import { i18n } from '@kbn/i18n';
 import Hapi from 'hapi';
-import { IUiSettingsClient, KibanaRequest } from '../../../../../../../src/core/server';
-import {
-  CSV_QUOTE_VALUES_SETTING,
-  CSV_SEPARATOR_SETTING,
-} from '../../../../../../../src/plugins/share/server';
-import { CSV_BOM_CHARS, CSV_JOB_TYPE } from '../../../../common/constants';
-import { getFieldFormats } from '../../../../server/services';
-import { cryptoFactory } from '../../../lib';
+import { KibanaRequest } from '../../../../../../../src/core/server';
+import { CONTENT_TYPE_CSV, CSV_JOB_TYPE } from '../../../../common/constants';
+import { cryptoFactory, LevelLogger } from '../../../lib';
 import { ESQueueWorkerExecuteFn, RunTaskFnFactory } from '../../../types';
 import { ScheduledTaskParamsCSV } from '../types';
-import { fieldFormatMapFactory } from './lib/field_format_map';
-import { createGenerateCsv } from './lib/generate_csv';
+import { createGenerateCsv } from './generate_csv';
+
+const getRequest = async (headers: string | undefined, crypto: Crypto, logger: LevelLogger) => {
+  const decryptHeaders = async () => {
+    try {
+      if (typeof headers !== 'string') {
+        throw new Error(
+          i18n.translate(
+            'xpack.reporting.exportTypes.csv.executeJob.missingJobHeadersErrorMessage',
+            {
+              defaultMessage: 'Job headers are missing',
+            }
+          )
+        );
+      }
+      return await crypto.decrypt(headers);
+    } catch (err) {
+      logger.error(err);
+      throw new Error(
+          i18n.translate(
+            'xpack.reporting.exportTypes.csv.executeJob.failedToDecryptReportJobDataErrorMessage',
+            {
+              defaultMessage: 'Failed to decrypt report job data. Please ensure that {encryptionKey} is set and re-generate this report. {err}',
+              values: { encryptionKey: 'xpack.reporting.encryptionKey', err: err.toString() },
+            }
+          )
+        ); // prettier-ignore
+    }
+  };
+
+  return KibanaRequest.from({
+    headers: await decryptHeaders(),
+    // This is used by the spaces SavedObjectClientWrapper to determine the existing space.
+    // We use the basePath from the saved job, which we'll have post spaces being implemented;
+    // or we use the server base path, which uses the default space
+    path: '/',
+    route: { settings: {} },
+    url: { href: '/' },
+    raw: { req: { url: '/' } },
+  } as Hapi.Request);
+};
 
 export const runTaskFnFactory: RunTaskFnFactory<ESQueueWorkerExecuteFn<
   ScheduledTaskParamsCSV
@@ -25,60 +60,14 @@ export const runTaskFnFactory: RunTaskFnFactory<ESQueueWorkerExecuteFn<
   const config = reporting.getConfig();
   const crypto = cryptoFactory(config.get('encryptionKey'));
   const logger = parentLogger.clone([CSV_JOB_TYPE, 'execute-job']);
-  const serverBasePath = config.kbnConfig.get('server', 'basePath');
 
   return async function runTask(jobId, job, cancellationToken) {
     const elasticsearch = reporting.getElasticsearchService();
     const jobLogger = logger.clone([jobId]);
+    const generateCsv = createGenerateCsv(jobLogger);
 
-    const {
-      searchRequest,
-      fields,
-      indexPatternSavedObject,
-      metaFields,
-      conflictedTypesFields,
-      headers,
-      basePath,
-    } = job;
-
-    const decryptHeaders = async () => {
-      try {
-        if (typeof headers !== 'string') {
-          throw new Error(
-            i18n.translate(
-              'xpack.reporting.exportTypes.csv.executeJob.missingJobHeadersErrorMessage',
-              {
-                defaultMessage: 'Job headers are missing',
-              }
-            )
-          );
-        }
-        return await crypto.decrypt(headers);
-      } catch (err) {
-        logger.error(err);
-        throw new Error(
-          i18n.translate(
-            'xpack.reporting.exportTypes.csv.executeJob.failedToDecryptReportJobDataErrorMessage',
-            {
-              defaultMessage: 'Failed to decrypt report job data. Please ensure that {encryptionKey} is set and re-generate this report. {err}',
-              values: { encryptionKey: 'xpack.reporting.encryptionKey', err: err.toString() },
-            }
-          )
-        ); // prettier-ignore
-      }
-    };
-
-    const fakeRequest = KibanaRequest.from({
-      headers: await decryptHeaders(),
-      // This is used by the spaces SavedObjectClientWrapper to determine the existing space.
-      // We use the basePath from the saved job, which we'll have post spaces being implemented;
-      // or we use the server base path, which uses the default space
-      getBasePath: () => basePath || serverBasePath,
-      path: '/',
-      route: { settings: {} },
-      url: { href: '/' },
-      raw: { req: { url: '/' } },
-    } as Hapi.Request);
+    const { headers } = job;
+    const fakeRequest = await getRequest(headers, crypto, logger);
 
     const { callAsCurrentUser } = elasticsearch.legacy.client.asScoped(fakeRequest);
     const callEndpoint = (endpoint: string, clientParams = {}, options = {}) =>
@@ -87,62 +76,18 @@ export const runTaskFnFactory: RunTaskFnFactory<ESQueueWorkerExecuteFn<
     const savedObjectsClient = await reporting.getSavedObjectsClient(fakeRequest);
     const uiSettingsClient = await reporting.getUiSettingsServiceFactory(savedObjectsClient);
 
-    const getFormatsMap = async (client: IUiSettingsClient) => {
-      const fieldFormats = await getFieldFormats().fieldFormatServiceFactory(client);
-      return fieldFormatMapFactory(indexPatternSavedObject, fieldFormats);
-    };
-    const getUiSettings = async (client: IUiSettingsClient) => {
-      const [separator, quoteValues, timezone] = await Promise.all([
-        client.get(CSV_SEPARATOR_SETTING),
-        client.get(CSV_QUOTE_VALUES_SETTING),
-        client.get('dateFormat:tz'),
-      ]);
-
-      if (timezone === 'Browser') {
-        logger.warn(
-          i18n.translate('xpack.reporting.exportTypes.csv.executeJob.dateFormateSetting', {
-            defaultMessage: 'Kibana Advanced Setting "{dateFormatTimezone}" is set to "Browser". Dates will be formatted as UTC to avoid ambiguity.',
-            values: { dateFormatTimezone: 'dateFormat:tz' }
-          })
-        ); // prettier-ignore
-      }
-
-      return {
-        separator,
-        quoteValues,
-        timezone,
-      };
-    };
-
-    const [formatsMap, uiSettings] = await Promise.all([
-      getFormatsMap(uiSettingsClient),
-      getUiSettings(uiSettingsClient),
-    ]);
-
-    const generateCsv = createGenerateCsv(jobLogger);
-    const bom = config.get('csv', 'useByteOrderMarkEncoding') ? CSV_BOM_CHARS : '';
-
-    const { content, maxSizeReached, size, csvContainsFormulas, warnings } = await generateCsv({
-      searchRequest,
-      fields,
-      metaFields,
-      conflictedTypesFields,
+    const { content, maxSizeReached, size, csvContainsFormulas, warnings } = await generateCsv(
+      job,
+      config,
+      uiSettingsClient,
       callEndpoint,
-      cancellationToken,
-      formatsMap,
-      settings: {
-        ...uiSettings,
-        checkForFormulas: config.get('csv', 'checkForFormulas'),
-        maxSizeBytes: config.get('csv', 'maxSizeBytes'),
-        scroll: config.get('csv', 'scroll'),
-        escapeFormulaValues: config.get('csv', 'escapeFormulaValues'),
-      },
-    });
+      cancellationToken
+    );
 
     // @TODO: Consolidate these one-off warnings into the warnings array (max-size reached and csv contains formulas)
     return {
-      content_type: 'text/csv',
-      content: bom + content,
+      content_type: CONTENT_TYPE_CSV,
+      content,
       max_size_reached: maxSizeReached,
       size,
       csv_contains_formulas: csvContainsFormulas,
diff --git a/x-pack/plugins/reporting/server/export_types/csv/server/lib/cell_has_formula.ts b/x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/cell_has_formula.ts
similarity index 100%
rename from x-pack/plugins/reporting/server/export_types/csv/server/lib/cell_has_formula.ts
rename to x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/cell_has_formula.ts
diff --git a/x-pack/plugins/reporting/server/export_types/csv/server/lib/check_cells_for_formulas.test.ts b/x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/check_cells_for_formulas.test.ts
similarity index 100%
rename from x-pack/plugins/reporting/server/export_types/csv/server/lib/check_cells_for_formulas.test.ts
rename to x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/check_cells_for_formulas.test.ts
diff --git a/x-pack/plugins/reporting/server/export_types/csv/server/lib/check_cells_for_formulas.ts b/x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/check_cells_for_formulas.ts
similarity index 100%
rename from x-pack/plugins/reporting/server/export_types/csv/server/lib/check_cells_for_formulas.ts
rename to x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/check_cells_for_formulas.ts
diff --git a/x-pack/plugins/reporting/server/export_types/csv/server/lib/escape_value.test.ts b/x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/escape_value.test.ts
similarity index 100%
rename from x-pack/plugins/reporting/server/export_types/csv/server/lib/escape_value.test.ts
rename to x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/escape_value.test.ts
diff --git a/x-pack/plugins/reporting/server/export_types/csv/server/lib/escape_value.ts b/x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/escape_value.ts
similarity index 100%
rename from x-pack/plugins/reporting/server/export_types/csv/server/lib/escape_value.ts
rename to x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/escape_value.ts
diff --git a/x-pack/plugins/reporting/server/export_types/csv/server/lib/field_format_map.test.ts b/x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/field_format_map.test.ts
similarity index 74%
rename from x-pack/plugins/reporting/server/export_types/csv/server/lib/field_format_map.test.ts
rename to x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/field_format_map.test.ts
index 83aa23de676639..1f0e450da698f1 100644
--- a/x-pack/plugins/reporting/server/export_types/csv/server/lib/field_format_map.test.ts
+++ b/x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/field_format_map.test.ts
@@ -5,25 +5,17 @@
  */
 
 import expect from '@kbn/expect';
-
-import {
-  fieldFormats,
-  FieldFormatsGetConfigFn,
-  UI_SETTINGS,
-} from '../../../../../../../../src/plugins/data/server';
+import { fieldFormats, FieldFormatsGetConfigFn, UI_SETTINGS } from 'src/plugins/data/server';
+import { IndexPatternSavedObject } from '../../types';
 import { fieldFormatMapFactory } from './field_format_map';
 
 type ConfigValue = { number: { id: string; params: {} } } | string;
 
 describe('field format map', function () {
-  const indexPatternSavedObject = {
-    id: 'logstash-*',
-    type: 'index-pattern',
-    version: 'abc',
+  const indexPatternSavedObject: IndexPatternSavedObject = {
+    timeFieldName: '@timestamp',
+    title: 'logstash-*',
     attributes: {
-      title: 'logstash-*',
-      timeFieldName: '@timestamp',
-      notExpandable: true,
       fields: '[{"name":"field1","type":"number"}, {"name":"field2","type":"number"}]',
       fieldFormatMap: '{"field1":{"id":"bytes","params":{"pattern":"0,0.[0]b"}}}',
     },
@@ -35,11 +27,16 @@ describe('field format map', function () {
   configMock[UI_SETTINGS.FORMAT_NUMBER_DEFAULT_PATTERN] = '0,0.[000]';
   const getConfig = ((key: string) => configMock[key]) as FieldFormatsGetConfigFn;
   const testValue = '4000';
+  const mockTimezone = 'Browser';
 
   const fieldFormatsRegistry = new fieldFormats.FieldFormatsRegistry();
   fieldFormatsRegistry.init(getConfig, {}, [fieldFormats.BytesFormat, fieldFormats.NumberFormat]);
 
-  const formatMap = fieldFormatMapFactory(indexPatternSavedObject, fieldFormatsRegistry);
+  const formatMap = fieldFormatMapFactory(
+    indexPatternSavedObject,
+    fieldFormatsRegistry,
+    mockTimezone
+  );
 
   it('should build field format map with entry per index pattern field', function () {
     expect(formatMap.has('field1')).to.be(true);
@@ -48,10 +45,10 @@ describe('field format map', function () {
   });
 
   it('should create custom FieldFormat for fields with configured field formatter', function () {
-    expect(formatMap.get('field1').convert(testValue)).to.be('3.9KB');
+    expect(formatMap.get('field1')!.convert(testValue)).to.be('3.9KB');
   });
 
   it('should create default FieldFormat for fields with no field formatter', function () {
-    expect(formatMap.get('field2').convert(testValue)).to.be('4,000');
+    expect(formatMap.get('field2')!.convert(testValue)).to.be('4,000');
   });
 });
diff --git a/x-pack/plugins/reporting/server/export_types/csv/server/lib/field_format_map.ts b/x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/field_format_map.ts
similarity index 56%
rename from x-pack/plugins/reporting/server/export_types/csv/server/lib/field_format_map.ts
rename to x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/field_format_map.ts
index 6cb4d0bbb1c65e..848cf569bc8d75 100644
--- a/x-pack/plugins/reporting/server/export_types/csv/server/lib/field_format_map.ts
+++ b/x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/field_format_map.ts
@@ -5,19 +5,9 @@
  */
 
 import _ from 'lodash';
-import {
-  FieldFormatConfig,
-  IFieldFormatsRegistry,
-} from '../../../../../../../../src/plugins/data/server';
-
-interface IndexPatternSavedObject {
-  attributes: {
-    fieldFormatMap: string;
-  };
-  id: string;
-  type: string;
-  version: string;
-}
+import { FieldFormat } from 'src/plugins/data/common';
+import { FieldFormatConfig, IFieldFormatsRegistry } from 'src/plugins/data/server';
+import { IndexPatternSavedObject } from '../../types';
 
 /**
  *  Create a map of FieldFormat instances for index pattern fields
@@ -28,30 +18,39 @@ interface IndexPatternSavedObject {
  */
 export function fieldFormatMapFactory(
   indexPatternSavedObject: IndexPatternSavedObject,
-  fieldFormatsRegistry: IFieldFormatsRegistry
+  fieldFormatsRegistry: IFieldFormatsRegistry,
+  timezone: string | undefined
 ) {
-  const formatsMap = new Map();
+  const formatsMap = new Map<string, FieldFormat>();
+
+  // From here, the browser timezone can't be determined, so we accept a
+  // timezone field from job params posted to the API. Here is where it gets used.
+  const serverDateParams = { timezone };
 
   // Add FieldFormat instances for fields with custom formatters
   if (_.has(indexPatternSavedObject, 'attributes.fieldFormatMap')) {
     const fieldFormatMap = JSON.parse(indexPatternSavedObject.attributes.fieldFormatMap);
     Object.keys(fieldFormatMap).forEach((fieldName) => {
       const formatConfig: FieldFormatConfig = fieldFormatMap[fieldName];
+      const formatParams = {
+        ...formatConfig.params,
+        ...serverDateParams,
+      };
 
       if (!_.isEmpty(formatConfig)) {
-        formatsMap.set(
-          fieldName,
-          fieldFormatsRegistry.getInstance(formatConfig.id, formatConfig.params)
-        );
+        formatsMap.set(fieldName, fieldFormatsRegistry.getInstance(formatConfig.id, formatParams));
       }
     });
   }
 
-  // Add default FieldFormat instances for all other fields
+  // Add default FieldFormat instances for non-custom formatted fields
   const indexFields = JSON.parse(_.get(indexPatternSavedObject, 'attributes.fields', '[]'));
   indexFields.forEach((field: any) => {
     if (!formatsMap.has(field.name)) {
-      formatsMap.set(field.name, fieldFormatsRegistry.getDefaultInstance(field.type));
+      formatsMap.set(
+        field.name,
+        fieldFormatsRegistry.getDefaultInstance(field.type, [], serverDateParams)
+      );
     }
   });
 
diff --git a/x-pack/plugins/reporting/server/export_types/csv/server/lib/flatten_hit.test.ts b/x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/flatten_hit.test.ts
similarity index 100%
rename from x-pack/plugins/reporting/server/export_types/csv/server/lib/flatten_hit.test.ts
rename to x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/flatten_hit.test.ts
diff --git a/x-pack/plugins/reporting/server/export_types/csv/server/lib/flatten_hit.ts b/x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/flatten_hit.ts
similarity index 100%
rename from x-pack/plugins/reporting/server/export_types/csv/server/lib/flatten_hit.ts
rename to x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/flatten_hit.ts
diff --git a/x-pack/plugins/reporting/server/export_types/csv/server/lib/format_csv_values.test.ts b/x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/format_csv_values.test.ts
similarity index 100%
rename from x-pack/plugins/reporting/server/export_types/csv/server/lib/format_csv_values.test.ts
rename to x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/format_csv_values.test.ts
diff --git a/x-pack/plugins/reporting/server/export_types/csv/server/lib/format_csv_values.ts b/x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/format_csv_values.ts
similarity index 86%
rename from x-pack/plugins/reporting/server/export_types/csv/server/lib/format_csv_values.ts
rename to x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/format_csv_values.ts
index bb4e2be86f5df7..387066415a1bca 100644
--- a/x-pack/plugins/reporting/server/export_types/csv/server/lib/format_csv_values.ts
+++ b/x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/format_csv_values.ts
@@ -5,13 +5,14 @@
  */
 
 import { isNull, isObject, isUndefined } from 'lodash';
+import { FieldFormat } from 'src/plugins/data/common';
 import { RawValue } from '../../types';
 
 export function createFormatCsvValues(
   escapeValue: (value: RawValue, index: number, array: RawValue[]) => string,
   separator: string,
   fields: string[],
-  formatsMap: any
+  formatsMap: Map<string, FieldFormat>
 ) {
   return function formatCsvValues(values: Record<string, RawValue>) {
     return fields
@@ -29,7 +30,9 @@ export function createFormatCsvValues(
         let formattedValue = value;
         if (formatsMap.has(field)) {
           const formatter = formatsMap.get(field);
-          formattedValue = formatter.convert(value);
+          if (formatter) {
+            formattedValue = formatter.convert(value);
+          }
         }
 
         return formattedValue;
diff --git a/x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/get_ui_settings.ts b/x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/get_ui_settings.ts
new file mode 100644
index 00000000000000..8f72c467b0711c
--- /dev/null
+++ b/x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/get_ui_settings.ts
@@ -0,0 +1,54 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { i18n } from '@kbn/i18n';
+import { IUiSettingsClient } from 'kibana/server';
+import { ReportingConfig } from '../../../..';
+import { LevelLogger } from '../../../../lib';
+
+export const getUiSettings = async (
+  timezone: string | undefined,
+  client: IUiSettingsClient,
+  config: ReportingConfig,
+  logger: LevelLogger
+) => {
+  // Timezone
+  let setTimezone: string;
+  // look for timezone in job params
+  if (timezone) {
+    setTimezone = timezone;
+  } else {
+    // if empty, look for timezone in settings
+    setTimezone = await client.get('dateFormat:tz');
+    if (setTimezone === 'Browser') {
+      // if `Browser`, hardcode it to 'UTC' so the export has data that makes sense
+      logger.warn(
+        i18n.translate('xpack.reporting.exportTypes.csv.executeJob.dateFormateSetting', {
+          defaultMessage:
+            'Kibana Advanced Setting "{dateFormatTimezone}" is set to "Browser". Dates will be formatted as UTC to avoid ambiguity.',
+          values: { dateFormatTimezone: 'dateFormat:tz' },
+        })
+      );
+      setTimezone = 'UTC';
+    }
+  }
+
+  // Separator, QuoteValues
+  const [separator, quoteValues] = await Promise.all([
+    client.get('csv:separator'),
+    client.get('csv:quoteValues'),
+  ]);
+
+  return {
+    timezone: setTimezone,
+    separator,
+    quoteValues,
+    escapeFormulaValues: config.get('csv', 'escapeFormulaValues'),
+    maxSizeBytes: config.get('csv', 'maxSizeBytes'),
+    scroll: config.get('csv', 'scroll'),
+    checkForFormulas: config.get('csv', 'checkForFormulas'),
+  };
+};
diff --git a/x-pack/plugins/reporting/server/export_types/csv/server/lib/hit_iterator.test.ts b/x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/hit_iterator.test.ts
similarity index 100%
rename from x-pack/plugins/reporting/server/export_types/csv/server/lib/hit_iterator.test.ts
rename to x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/hit_iterator.test.ts
diff --git a/x-pack/plugins/reporting/server/export_types/csv/server/lib/hit_iterator.ts b/x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/hit_iterator.ts
similarity index 82%
rename from x-pack/plugins/reporting/server/export_types/csv/server/lib/hit_iterator.ts
rename to x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/hit_iterator.ts
index 38b28573d602db..b877023064ac67 100644
--- a/x-pack/plugins/reporting/server/export_types/csv/server/lib/hit_iterator.ts
+++ b/x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/hit_iterator.ts
@@ -10,8 +10,10 @@ import { CancellationToken } from '../../../../../common';
 import { LevelLogger } from '../../../../lib';
 import { ScrollConfig } from '../../../../types';
 
-async function parseResponse(request: SearchResponse<any>) {
-  const response = await request;
+export type EndpointCaller = (method: string, params: object) => Promise<SearchResponse<any>>;
+
+function parseResponse(request: SearchResponse<any>) {
+  const response = request;
   if (!response || !response._scroll_id) {
     throw new Error(
       i18n.translate('xpack.reporting.exportTypes.csv.hitIterator.expectedScrollIdErrorMessage', {
@@ -39,14 +41,15 @@ async function parseResponse(request: SearchResponse<any>) {
 export function createHitIterator(logger: LevelLogger) {
   return async function* hitIterator(
     scrollSettings: ScrollConfig,
-    callEndpoint: Function,
+    callEndpoint: EndpointCaller,
     searchRequest: SearchParams,
     cancellationToken: CancellationToken
   ) {
     logger.debug('executing search request');
-    function search(index: string | boolean | string[] | undefined, body: object) {
+    async function search(index: string | boolean | string[] | undefined, body: object) {
       return parseResponse(
-        callEndpoint('search', {
+        await callEndpoint('search', {
+          ignore_unavailable: true, // ignores if the index pattern contains any aliases that point to closed indices
           index,
           body,
           scroll: scrollSettings.duration,
@@ -55,10 +58,10 @@ export function createHitIterator(logger: LevelLogger) {
       );
     }
 
-    function scroll(scrollId: string | undefined) {
+    async function scroll(scrollId: string | undefined) {
       logger.debug('executing scroll request');
       return parseResponse(
-        callEndpoint('scroll', {
+        await callEndpoint('scroll', {
           scrollId,
           scroll: scrollSettings.duration,
         })
diff --git a/x-pack/plugins/reporting/server/export_types/csv/server/lib/generate_csv.ts b/x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/index.ts
similarity index 55%
rename from x-pack/plugins/reporting/server/export_types/csv/server/lib/generate_csv.ts
rename to x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/index.ts
index 019fa3c9c8e9d2..2cb10e291619cb 100644
--- a/x-pack/plugins/reporting/server/export_types/csv/server/lib/generate_csv.ts
+++ b/x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/index.ts
@@ -5,30 +5,68 @@
  */
 
 import { i18n } from '@kbn/i18n';
+import { IUiSettingsClient } from 'src/core/server';
+import { getFieldFormats } from '../../../../services';
+import { ReportingConfig } from '../../../..';
+import { CancellationToken } from '../../../../../../../plugins/reporting/common';
+import { CSV_BOM_CHARS } from '../../../../../common/constants';
 import { LevelLogger } from '../../../../lib';
-import { GenerateCsvParams, SavedSearchGeneratorResult } from '../../types';
+import { IndexPatternSavedObject, SavedSearchGeneratorResult } from '../../types';
+import { checkIfRowsHaveFormulas } from './check_cells_for_formulas';
+import { createEscapeValue } from './escape_value';
+import { fieldFormatMapFactory } from './field_format_map';
 import { createFlattenHit } from './flatten_hit';
 import { createFormatCsvValues } from './format_csv_values';
-import { createEscapeValue } from './escape_value';
-import { createHitIterator } from './hit_iterator';
+import { getUiSettings } from './get_ui_settings';
+import { createHitIterator, EndpointCaller } from './hit_iterator';
 import { MaxSizeStringBuilder } from './max_size_string_builder';
-import { checkIfRowsHaveFormulas } from './check_cells_for_formulas';
+
+interface SearchRequest {
+  index: string;
+  body:
+    | {
+        _source: { excludes: string[]; includes: string[] };
+        docvalue_fields: string[];
+        query: { bool: { filter: any[]; must_not: any[]; should: any[]; must: any[] } } | any;
+        script_fields: any;
+        sort: Array<{ [key: string]: { order: string } }>;
+        stored_fields: string[];
+      }
+    | any;
+}
+
+export interface GenerateCsvParams {
+  jobParams: {
+    browserTimezone: string;
+  };
+  searchRequest: SearchRequest;
+  indexPatternSavedObject: IndexPatternSavedObject;
+  fields: string[];
+  metaFields: string[];
+  conflictedTypesFields: string[];
+}
 
 export function createGenerateCsv(logger: LevelLogger) {
   const hitIterator = createHitIterator(logger);
 
-  return async function generateCsv({
-    searchRequest,
-    fields,
-    formatsMap,
-    metaFields,
-    conflictedTypesFields,
-    callEndpoint,
-    cancellationToken,
-    settings,
-  }: GenerateCsvParams): Promise<SavedSearchGeneratorResult> {
+  return async function generateCsv(
+    job: GenerateCsvParams,
+    config: ReportingConfig,
+    uiSettingsClient: IUiSettingsClient,
+    callEndpoint: EndpointCaller,
+    cancellationToken: CancellationToken
+  ): Promise<SavedSearchGeneratorResult> {
+    const settings = await getUiSettings(
+      job.jobParams?.browserTimezone,
+      uiSettingsClient,
+      config,
+      logger
+    );
     const escapeValue = createEscapeValue(settings.quoteValues, settings.escapeFormulaValues);
-    const builder = new MaxSizeStringBuilder(settings.maxSizeBytes);
+    const bom = config.get('csv', 'useByteOrderMarkEncoding') ? CSV_BOM_CHARS : '';
+    const builder = new MaxSizeStringBuilder(settings.maxSizeBytes, bom);
+
+    const { fields, metaFields, conflictedTypesFields } = job;
     const header = `${fields.map(escapeValue).join(settings.separator)}\n`;
     const warnings: string[] = [];
 
@@ -41,11 +79,22 @@ export function createGenerateCsv(logger: LevelLogger) {
       };
     }
 
-    const iterator = hitIterator(settings.scroll, callEndpoint, searchRequest, cancellationToken);
+    const iterator = hitIterator(
+      settings.scroll,
+      callEndpoint,
+      job.searchRequest,
+      cancellationToken
+    );
     let maxSizeReached = false;
     let csvContainsFormulas = false;
 
     const flattenHit = createFlattenHit(fields, metaFields, conflictedTypesFields);
+    const formatsMap = await getFieldFormats()
+      .fieldFormatServiceFactory(uiSettingsClient)
+      .then((fieldFormats) =>
+        fieldFormatMapFactory(job.indexPatternSavedObject, fieldFormats, settings.timezone)
+      );
+
     const formatCsvValues = createFormatCsvValues(
       escapeValue,
       settings.separator,
@@ -76,7 +125,9 @@ export function createGenerateCsv(logger: LevelLogger) {
         if (!builder.tryAppend(rows + '\n')) {
           logger.warn('max Size Reached');
           maxSizeReached = true;
-          cancellationToken.cancel();
+          if (cancellationToken) {
+            cancellationToken.cancel();
+          }
           break;
         }
       }
diff --git a/x-pack/plugins/reporting/server/export_types/csv/server/lib/max_size_string_builder.test.ts b/x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/max_size_string_builder.test.ts
similarity index 91%
rename from x-pack/plugins/reporting/server/export_types/csv/server/lib/max_size_string_builder.test.ts
rename to x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/max_size_string_builder.test.ts
index 7a35de1cea19b3..e3cd1f32856e67 100644
--- a/x-pack/plugins/reporting/server/export_types/csv/server/lib/max_size_string_builder.test.ts
+++ b/x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/max_size_string_builder.test.ts
@@ -62,6 +62,14 @@ describe('MaxSizeStringBuilder', function () {
       builder.tryAppend(str);
       expect(builder.getString()).to.be('a');
     });
+
+    it('should return string with bom character prepended', function () {
+      const str = 'a'; // each a is one byte
+      const builder = new MaxSizeStringBuilder(1, '∆');
+      builder.tryAppend(str);
+      builder.tryAppend(str);
+      expect(builder.getString()).to.be('∆a');
+    });
   });
 
   describe('getSizeInBytes', function () {
diff --git a/x-pack/plugins/reporting/server/export_types/csv/server/lib/max_size_string_builder.ts b/x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/max_size_string_builder.ts
similarity index 82%
rename from x-pack/plugins/reporting/server/export_types/csv/server/lib/max_size_string_builder.ts
rename to x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/max_size_string_builder.ts
index 70bc2030d290c6..147031c104c8ef 100644
--- a/x-pack/plugins/reporting/server/export_types/csv/server/lib/max_size_string_builder.ts
+++ b/x-pack/plugins/reporting/server/export_types/csv/server/generate_csv/max_size_string_builder.ts
@@ -8,11 +8,13 @@ export class MaxSizeStringBuilder {
   private _buffer: Buffer;
   private _size: number;
   private _maxSize: number;
+  private _bom: string;
 
-  constructor(maxSizeBytes: number) {
+  constructor(maxSizeBytes: number, bom = '') {
     this._buffer = Buffer.alloc(maxSizeBytes);
     this._size = 0;
     this._maxSize = maxSizeBytes;
+    this._bom = bom;
   }
 
   tryAppend(str: string) {
@@ -31,6 +33,6 @@ export class MaxSizeStringBuilder {
   }
 
   getString() {
-    return this._buffer.slice(0, this._size).toString();
+    return this._bom + this._buffer.slice(0, this._size).toString();
   }
 }
diff --git a/x-pack/plugins/reporting/server/export_types/csv/server/lib/get_request.ts b/x-pack/plugins/reporting/server/export_types/csv/server/lib/get_request.ts
new file mode 100644
index 00000000000000..21e49bd62ccc7e
--- /dev/null
+++ b/x-pack/plugins/reporting/server/export_types/csv/server/lib/get_request.ts
@@ -0,0 +1,55 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { Crypto } from '@elastic/node-crypto';
+import { i18n } from '@kbn/i18n';
+import Hapi from 'hapi';
+import { KibanaRequest } from '../../../../../../../../src/core/server';
+import { LevelLogger } from '../../../../lib';
+
+export const getRequest = async (
+  headers: string | undefined,
+  crypto: Crypto,
+  logger: LevelLogger
+) => {
+  const decryptHeaders = async () => {
+    try {
+      if (typeof headers !== 'string') {
+        throw new Error(
+          i18n.translate(
+            'xpack.reporting.exportTypes.csv.executeJob.missingJobHeadersErrorMessage',
+            {
+              defaultMessage: 'Job headers are missing',
+            }
+          )
+        );
+      }
+      return await crypto.decrypt(headers);
+    } catch (err) {
+      logger.error(err);
+      throw new Error(
+          i18n.translate(
+            'xpack.reporting.exportTypes.csv.executeJob.failedToDecryptReportJobDataErrorMessage',
+            {
+              defaultMessage: 'Failed to decrypt report job data. Please ensure that {encryptionKey} is set and re-generate this report. {err}',
+              values: { encryptionKey: 'xpack.reporting.encryptionKey', err: err.toString() },
+            }
+          )
+        ); // prettier-ignore
+    }
+  };
+
+  return KibanaRequest.from({
+    headers: await decryptHeaders(),
+    // This is used by the spaces SavedObjectClientWrapper to determine the existing space.
+    // We use the basePath from the saved job, which we'll have post spaces being implemented;
+    // or we use the server base path, which uses the default space
+    path: '/',
+    route: { settings: {} },
+    url: { href: '/' },
+    raw: { req: { url: '/' } },
+  } as Hapi.Request);
+};
diff --git a/x-pack/plugins/reporting/server/export_types/csv/types.d.ts b/x-pack/plugins/reporting/server/export_types/csv/types.d.ts
index ab3e114c7c9952..9e86a5bb254a31 100644
--- a/x-pack/plugins/reporting/server/export_types/csv/types.d.ts
+++ b/x-pack/plugins/reporting/server/export_types/csv/types.d.ts
@@ -4,8 +4,7 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-import { CancellationToken } from '../../../common';
-import { JobParamPostPayload, ScheduledTaskParams, ScrollConfig } from '../../types';
+import { ScheduledTaskParams } from '../../types';
 
 export type RawValue = string | object | null | undefined;
 
@@ -19,17 +18,25 @@ interface SortOptions {
   unmapped_type: string;
 }
 
-export interface JobParamPostPayloadDiscoverCsv extends JobParamPostPayload {
-  state?: {
-    query: any;
-    sort: Array<Record<string, SortOptions>>;
-    docvalue_fields: DocValueField[];
+export interface IndexPatternSavedObject {
+  title: string;
+  timeFieldName: string;
+  fields?: any[];
+  attributes: {
+    fields: string;
+    fieldFormatMap: string;
   };
 }
 
 export interface JobParamsDiscoverCsv {
-  indexPatternId?: string;
-  post?: JobParamPostPayloadDiscoverCsv;
+  browserTimezone: string;
+  indexPatternId: string;
+  objectType: string;
+  title: string;
+  searchRequest: SearchRequest;
+  fields: string[];
+  metaFields: string[];
+  conflictedTypesFields: string[];
 }
 
 export interface ScheduledTaskParamsCSV extends ScheduledTaskParams<JobParamsDiscoverCsv> {
@@ -71,8 +78,6 @@ export interface SearchRequest {
     | any;
 }
 
-type EndpointCaller = (method: string, params: any) => Promise<any>;
-
 type FormatsMap = Map<
   string,
   {
@@ -95,22 +100,3 @@ export interface CsvResultFromSearch {
   type: string;
   result: SavedSearchGeneratorResult;
 }
-
-export interface GenerateCsvParams {
-  searchRequest: SearchRequest;
-  callEndpoint: EndpointCaller;
-  fields: string[];
-  formatsMap: FormatsMap;
-  metaFields: string[];
-  conflictedTypesFields: string[];
-  cancellationToken: CancellationToken;
-  settings: {
-    separator: string;
-    quoteValues: boolean;
-    timezone: string | null;
-    maxSizeBytes: number;
-    scroll: ScrollConfig;
-    checkForFormulas?: boolean;
-    escapeFormulaValues: boolean;
-  };
-}
diff --git a/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/create_job/index.ts b/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/create_job.ts
similarity index 76%
rename from x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/create_job/index.ts
rename to x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/create_job.ts
index da9810b03aff6e..96fb2033f09540 100644
--- a/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/create_job/index.ts
+++ b/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/create_job.ts
@@ -7,18 +7,18 @@
 import { notFound, notImplemented } from 'boom';
 import { get } from 'lodash';
 import { KibanaRequest, RequestHandlerContext } from 'src/core/server';
-import { CSV_FROM_SAVEDOBJECT_JOB_TYPE } from '../../../../../common/constants';
-import { cryptoFactory } from '../../../../lib';
-import { ScheduleTaskFnFactory, TimeRangeParams } from '../../../../types';
+import { CSV_FROM_SAVEDOBJECT_JOB_TYPE } from '../../../../common/constants';
+import { cryptoFactory } from '../../../lib';
+import { ScheduleTaskFnFactory, TimeRangeParams } from '../../../types';
 import {
   JobParamsPanelCsv,
   SavedObject,
+  SavedObjectReference,
   SavedObjectServiceError,
   SavedSearchObjectAttributesJSON,
   SearchPanel,
   VisObjectAttributesJSON,
-} from '../../types';
-import { createJobSearch } from './create_job_search';
+} from '../types';
 
 export type ImmediateCreateJobFn = (
   jobParams: JobParamsPanelCsv,
@@ -26,7 +26,7 @@ export type ImmediateCreateJobFn = (
   context: RequestHandlerContext,
   req: KibanaRequest
 ) => Promise<{
-  type: string | null;
+  type: string;
   title: string;
   jobParams: JobParamsPanelCsv;
 }>;
@@ -73,7 +73,28 @@ export const scheduleTaskFnFactory: ScheduleTaskFnFactory<ImmediateCreateJobFn>
         }
 
         // saved search type
-        return await createJobSearch(timerange, attributes, references, kibanaSavedObjectMeta);
+        const { searchSource } = kibanaSavedObjectMeta;
+        if (!searchSource || !references) {
+          throw new Error('The saved search object is missing configuration fields!');
+        }
+
+        const indexPatternMeta = references.find(
+          (ref: SavedObjectReference) => ref.type === 'index-pattern'
+        );
+        if (!indexPatternMeta) {
+          throw new Error('Could not find index pattern for the saved search!');
+        }
+
+        const sPanel = {
+          attributes: {
+            ...attributes,
+            kibanaSavedObjectMeta: { searchSource },
+          },
+          indexPatternSavedObjectId: indexPatternMeta.id,
+          timerange,
+        };
+
+        return { panel: sPanel, title: attributes.title, visType: 'search' };
       })
       .catch((err: Error) => {
         const boomErr = (err as unknown) as { isBoom: boolean };
@@ -93,7 +114,7 @@ export const scheduleTaskFnFactory: ScheduleTaskFnFactory<ImmediateCreateJobFn>
     return {
       headers: serializedEncryptedHeaders,
       jobParams: { ...jobParams, panel, visType },
-      type: null,
+      type: visType,
       title,
     };
   };
diff --git a/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/create_job/create_job_search.ts b/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/create_job/create_job_search.ts
deleted file mode 100644
index 02abfb90091a1d..00000000000000
--- a/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/create_job/create_job_search.ts
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License;
- * you may not use this file except in compliance with the Elastic License.
- */
-
-import { TimeRangeParams } from '../../../../types';
-import {
-  SavedObjectMeta,
-  SavedObjectReference,
-  SavedSearchObjectAttributes,
-  SearchPanel,
-} from '../../types';
-
-interface SearchPanelData {
-  title: string;
-  visType: string;
-  panel: SearchPanel;
-}
-
-export async function createJobSearch(
-  timerange: TimeRangeParams,
-  attributes: SavedSearchObjectAttributes,
-  references: SavedObjectReference[],
-  kibanaSavedObjectMeta: SavedObjectMeta
-): Promise<SearchPanelData> {
-  const { searchSource } = kibanaSavedObjectMeta;
-  if (!searchSource || !references) {
-    throw new Error('The saved search object is missing configuration fields!');
-  }
-
-  const indexPatternMeta = references.find(
-    (ref: SavedObjectReference) => ref.type === 'index-pattern'
-  );
-  if (!indexPatternMeta) {
-    throw new Error('Could not find index pattern for the saved search!');
-  }
-
-  const sPanel = {
-    attributes: {
-      ...attributes,
-      kibanaSavedObjectMeta: { searchSource },
-    },
-    indexPatternSavedObjectId: indexPatternMeta.id,
-    timerange,
-  };
-
-  return { panel: sPanel, title: attributes.title, visType: 'search' };
-}
diff --git a/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/execute_job.ts b/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/execute_job.ts
index 912ae0809cf924..a7992c34a88f11 100644
--- a/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/execute_job.ts
+++ b/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/execute_job.ts
@@ -4,13 +4,14 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-import { i18n } from '@kbn/i18n';
 import { KibanaRequest, RequestHandlerContext } from 'src/core/server';
+import { CancellationToken } from '../../../../common';
 import { CONTENT_TYPE_CSV, CSV_FROM_SAVEDOBJECT_JOB_TYPE } from '../../../../common/constants';
 import { RunTaskFnFactory, ScheduledTaskParams, TaskRunResult } from '../../../types';
-import { CsvResultFromSearch } from '../../csv/types';
+import { createGenerateCsv } from '../../csv/server/generate_csv';
 import { JobParamsPanelCsv, SearchPanel } from '../types';
-import { createGenerateCsv } from './lib';
+import { getFakeRequest } from './lib/get_fake_request';
+import { getGenerateCsvParams } from './lib/get_csv_job';
 
 /*
  * The run function receives the full request which provides the un-encrypted
@@ -33,45 +34,47 @@ export const runTaskFnFactory: RunTaskFnFactory<ImmediateExecuteFn> = function e
   reporting,
   parentLogger
 ) {
+  const config = reporting.getConfig();
   const logger = parentLogger.clone([CSV_FROM_SAVEDOBJECT_JOB_TYPE, 'execute-job']);
-  const generateCsv = createGenerateCsv(reporting, parentLogger);
 
-  return async function runTask(jobId: string | null, job, context, request) {
+  return async function runTask(jobId: string | null, jobPayload, context, req) {
     // There will not be a jobID for "immediate" generation.
     // jobID is only for "queued" jobs
     // Use the jobID as a logging tag or "immediate"
+    const { jobParams } = jobPayload;
     const jobLogger = logger.clone([jobId === null ? 'immediate' : jobId]);
+    const generateCsv = createGenerateCsv(jobLogger);
+    const { isImmediate, panel, visType } = jobParams as JobParamsPanelCsv & {
+      panel: SearchPanel;
+    };
 
-    const { jobParams } = job;
-    const { panel, visType } = jobParams as JobParamsPanelCsv & { panel: SearchPanel };
+    jobLogger.debug(`Execute job generating [${visType}] csv`);
 
-    if (!panel) {
-      i18n.translate(
-        'xpack.reporting.exportTypes.csv_from_savedobject.executeJob.failedToAccessPanel',
-        { defaultMessage: 'Failed to access panel metadata for job execution' }
-      );
+    if (isImmediate && req) {
+      jobLogger.info(`Executing job from Immediate API using request context`);
+    } else {
+      jobLogger.info(`Executing job async using encrypted headers`);
+      req = await getFakeRequest(jobPayload, config.get('encryptionKey')!, jobLogger);
     }
 
-    jobLogger.debug(`Execute job generating [${visType}] csv`);
+    const savedObjectsClient = context.core.savedObjects.client;
+
+    const uiConfig = await reporting.getUiSettingsServiceFactory(savedObjectsClient);
+    const job = await getGenerateCsvParams(jobParams, panel, savedObjectsClient, uiConfig);
+
+    const elasticsearch = reporting.getElasticsearchService();
+    const { callAsCurrentUser } = elasticsearch.legacy.client.asScoped(req);
 
-    let content: string;
-    let maxSizeReached = false;
-    let size = 0;
-    try {
-      const generateResults: CsvResultFromSearch = await generateCsv(
-        context,
-        request,
-        visType as string,
-        panel,
-        jobParams
-      );
+    const { content, maxSizeReached, size, csvContainsFormulas, warnings } = await generateCsv(
+      job,
+      config,
+      uiConfig,
+      callAsCurrentUser,
+      new CancellationToken() // can not be cancelled
+    );
 
-      ({
-        result: { content, maxSizeReached, size },
-      } = generateResults);
-    } catch (err) {
-      jobLogger.error(`Generate CSV Error! ${err}`);
-      throw err;
+    if (csvContainsFormulas) {
+      jobLogger.warn(`CSV may contain formulas whose values have been escaped`);
     }
 
     if (maxSizeReached) {
@@ -83,6 +86,8 @@ export const runTaskFnFactory: RunTaskFnFactory<ImmediateExecuteFn> = function e
       content,
       max_size_reached: maxSizeReached,
       size,
+      csv_contains_formulas: csvContainsFormulas,
+      warnings,
     };
   };
 };
diff --git a/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/lib/generate_csv.ts b/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/lib/generate_csv.ts
deleted file mode 100644
index dd0fb34668e9e6..00000000000000
--- a/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/lib/generate_csv.ts
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License;
- * you may not use this file except in compliance with the Elastic License.
- */
-
-import { badRequest } from 'boom';
-import { KibanaRequest, RequestHandlerContext } from 'src/core/server';
-import { ReportingCore } from '../../../..';
-import { LevelLogger } from '../../../../lib';
-import { FakeRequest, JobParamsPanelCsv, SearchPanel, VisPanel } from '../../types';
-import { generateCsvSearch } from './generate_csv_search';
-
-export function createGenerateCsv(reporting: ReportingCore, logger: LevelLogger) {
-  return async function generateCsv(
-    context: RequestHandlerContext,
-    request: KibanaRequest | FakeRequest,
-    visType: string,
-    panel: VisPanel | SearchPanel,
-    jobParams: JobParamsPanelCsv
-  ) {
-    // This should support any vis type that is able to fetch
-    // and model data on the server-side
-
-    // This structure will not be needed when the vis data just consists of an
-    // expression that we could run through the interpreter to get csv
-    switch (visType) {
-      case 'search':
-        return await generateCsvSearch(
-          reporting,
-          context,
-          request as KibanaRequest,
-          panel as SearchPanel,
-          jobParams,
-          logger
-        );
-      default:
-        throw badRequest(`Unsupported or unrecognized saved object type: ${visType}`);
-    }
-  };
-}
diff --git a/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/lib/generate_csv_search.ts b/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/lib/generate_csv_search.ts
deleted file mode 100644
index aee3e40025ff29..00000000000000
--- a/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/lib/generate_csv_search.ts
+++ /dev/null
@@ -1,187 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License;
- * you may not use this file except in compliance with the Elastic License.
- */
-
-import { ReportingCore } from '../../../../';
-import {
-  IUiSettingsClient,
-  KibanaRequest,
-  RequestHandlerContext,
-} from '../../../../../../../../src/core/server';
-import {
-  esQuery,
-  EsQueryConfig,
-  Filter,
-  IIndexPattern,
-  Query,
-  UI_SETTINGS,
-} from '../../../../../../../../src/plugins/data/server';
-import {
-  CSV_SEPARATOR_SETTING,
-  CSV_QUOTE_VALUES_SETTING,
-} from '../../../../../../../../src/plugins/share/server';
-import { CancellationToken } from '../../../../../common';
-import { LevelLogger } from '../../../../lib';
-import { createGenerateCsv } from '../../../csv/server/lib/generate_csv';
-import {
-  CsvResultFromSearch,
-  GenerateCsvParams,
-  JobParamsDiscoverCsv,
-  SearchRequest,
-} from '../../../csv/types';
-import { IndexPatternField, QueryFilter, SearchPanel, SearchSource } from '../../types';
-import { getDataSource } from './get_data_source';
-import { getFilters } from './get_filters';
-
-const getEsQueryConfig = async (config: IUiSettingsClient) => {
-  const configs = await Promise.all([
-    config.get(UI_SETTINGS.QUERY_ALLOW_LEADING_WILDCARDS),
-    config.get(UI_SETTINGS.QUERY_STRING_OPTIONS),
-    config.get(UI_SETTINGS.COURIER_IGNORE_FILTER_IF_FIELD_NOT_IN_INDEX),
-  ]);
-  const [allowLeadingWildcards, queryStringOptions, ignoreFilterIfFieldNotInIndex] = configs;
-  return {
-    allowLeadingWildcards,
-    queryStringOptions,
-    ignoreFilterIfFieldNotInIndex,
-  } as EsQueryConfig;
-};
-
-const getUiSettings = async (config: IUiSettingsClient) => {
-  const configs = await Promise.all([
-    config.get(CSV_SEPARATOR_SETTING),
-    config.get(CSV_QUOTE_VALUES_SETTING),
-  ]);
-  const [separator, quoteValues] = configs;
-  return { separator, quoteValues };
-};
-
-export async function generateCsvSearch(
-  reporting: ReportingCore,
-  context: RequestHandlerContext,
-  req: KibanaRequest,
-  searchPanel: SearchPanel,
-  jobParams: JobParamsDiscoverCsv,
-  logger: LevelLogger
-): Promise<CsvResultFromSearch> {
-  const savedObjectsClient = context.core.savedObjects.client;
-  const { indexPatternSavedObjectId, timerange } = searchPanel;
-  const savedSearchObjectAttr = searchPanel.attributes;
-  const { indexPatternSavedObject } = await getDataSource(
-    savedObjectsClient,
-    indexPatternSavedObjectId
-  );
-
-  const uiConfig = await reporting.getUiSettingsServiceFactory(savedObjectsClient);
-  const esQueryConfig = await getEsQueryConfig(uiConfig);
-
-  const {
-    kibanaSavedObjectMeta: {
-      searchSource: {
-        filter: [searchSourceFilter],
-        query: searchSourceQuery,
-      },
-    },
-  } = savedSearchObjectAttr as { kibanaSavedObjectMeta: { searchSource: SearchSource } };
-
-  const {
-    timeFieldName: indexPatternTimeField,
-    title: esIndex,
-    fields: indexPatternFields,
-  } = indexPatternSavedObject;
-
-  let payloadQuery: QueryFilter | undefined;
-  let payloadSort: any[] = [];
-  let docValueFields: any[] | undefined;
-  if (jobParams.post && jobParams.post.state) {
-    ({
-      post: {
-        state: { query: payloadQuery, sort: payloadSort = [], docvalue_fields: docValueFields },
-      },
-    } = jobParams);
-  }
-
-  const { includes, timezone, combinedFilter } = getFilters(
-    indexPatternSavedObjectId,
-    indexPatternTimeField,
-    timerange,
-    savedSearchObjectAttr,
-    searchSourceFilter,
-    payloadQuery
-  );
-
-  const savedSortConfigs = savedSearchObjectAttr.sort;
-  const sortConfig = [...payloadSort];
-  savedSortConfigs.forEach(([savedSortField, savedSortOrder]) => {
-    sortConfig.push({ [savedSortField]: { order: savedSortOrder } });
-  });
-  const scriptFieldsConfig = indexPatternFields
-    .filter((f: IndexPatternField) => f.scripted)
-    .reduce((accum: any, curr: IndexPatternField) => {
-      return {
-        ...accum,
-        [curr.name]: {
-          script: {
-            source: curr.script,
-            lang: curr.lang,
-          },
-        },
-      };
-    }, {});
-
-  if (indexPatternTimeField) {
-    if (docValueFields) {
-      docValueFields = [indexPatternTimeField].concat(docValueFields);
-    } else {
-      docValueFields = [indexPatternTimeField];
-    }
-  }
-
-  const searchRequest: SearchRequest = {
-    index: esIndex,
-    body: {
-      _source: { includes },
-      docvalue_fields: docValueFields,
-      query: esQuery.buildEsQuery(
-        indexPatternSavedObject as IIndexPattern,
-        (searchSourceQuery as unknown) as Query,
-        (combinedFilter as unknown) as Filter,
-        esQueryConfig
-      ),
-      script_fields: scriptFieldsConfig,
-      sort: sortConfig,
-    },
-  };
-
-  const config = reporting.getConfig();
-  const elasticsearch = reporting.getElasticsearchService();
-  const { callAsCurrentUser } = elasticsearch.legacy.client.asScoped(req);
-  const callCluster = (...params: [string, object]) => callAsCurrentUser(...params);
-  const uiSettings = await getUiSettings(uiConfig);
-
-  const generateCsvParams: GenerateCsvParams = {
-    searchRequest,
-    callEndpoint: callCluster,
-    fields: includes,
-    formatsMap: new Map(), // there is no field formatting in this API; this is required for generateCsv
-    metaFields: [],
-    conflictedTypesFields: [],
-    cancellationToken: new CancellationToken(),
-    settings: {
-      ...uiSettings,
-      maxSizeBytes: config.get('csv', 'maxSizeBytes'),
-      scroll: config.get('csv', 'scroll'),
-      escapeFormulaValues: config.get('csv', 'escapeFormulaValues'),
-      timezone,
-    },
-  };
-
-  const generateCsv = createGenerateCsv(logger);
-
-  return {
-    type: 'CSV from Saved Search',
-    result: await generateCsv(generateCsvParams),
-  };
-}
diff --git a/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/lib/get_csv_job.test.ts b/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/lib/get_csv_job.test.ts
new file mode 100644
index 00000000000000..3271c6fdae24d9
--- /dev/null
+++ b/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/lib/get_csv_job.test.ts
@@ -0,0 +1,341 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { JobParamsPanelCsv, SearchPanel } from '../../types';
+import { getGenerateCsvParams } from './get_csv_job';
+
+describe('Get CSV Job', () => {
+  let mockJobParams: JobParamsPanelCsv;
+  let mockSearchPanel: SearchPanel;
+  let mockSavedObjectsClient: any;
+  let mockUiSettingsClient: any;
+  beforeEach(() => {
+    mockJobParams = { isImmediate: true, savedObjectType: 'search', savedObjectId: '234-ididid' };
+    mockSearchPanel = {
+      indexPatternSavedObjectId: '123-indexId',
+      attributes: {
+        title: 'my search',
+        sort: [],
+        kibanaSavedObjectMeta: {
+          searchSource: { query: { isSearchSourceQuery: true }, filter: [] },
+        },
+        uiState: 56,
+      },
+      timerange: { timezone: 'PST', min: 0, max: 100 },
+    };
+    mockSavedObjectsClient = {
+      get: () => ({
+        attributes: { fields: null, title: null, timeFieldName: null },
+      }),
+    };
+    mockUiSettingsClient = {
+      get: () => ({}),
+    };
+  });
+
+  it('creates a data structure needed by generateCsv', async () => {
+    const result = await getGenerateCsvParams(
+      mockJobParams,
+      mockSearchPanel,
+      mockSavedObjectsClient,
+      mockUiSettingsClient
+    );
+    expect(result).toMatchInlineSnapshot(`
+      Object {
+        "conflictedTypesFields": Array [],
+        "fields": Array [],
+        "indexPatternSavedObject": Object {
+          "attributes": Object {
+            "fields": null,
+            "timeFieldName": null,
+            "title": null,
+          },
+          "fields": Array [],
+          "timeFieldName": null,
+          "title": null,
+        },
+        "jobParams": Object {
+          "browserTimezone": "PST",
+        },
+        "metaFields": Array [],
+        "searchRequest": Object {
+          "body": Object {
+            "_source": Object {
+              "includes": Array [],
+            },
+            "docvalue_fields": undefined,
+            "query": Object {
+              "bool": Object {
+                "filter": Array [],
+                "must": Array [],
+                "must_not": Array [],
+                "should": Array [],
+              },
+            },
+            "script_fields": Object {},
+            "sort": Array [],
+          },
+          "index": null,
+        },
+      }
+    `);
+  });
+
+  it('uses query and sort from the payload', async () => {
+    mockJobParams.post = {
+      state: {
+        query: ['this is the query'],
+        sort: ['this is the sort'],
+      },
+    };
+    const result = await getGenerateCsvParams(
+      mockJobParams,
+      mockSearchPanel,
+      mockSavedObjectsClient,
+      mockUiSettingsClient
+    );
+    expect(result).toMatchInlineSnapshot(`
+      Object {
+        "conflictedTypesFields": Array [],
+        "fields": Array [],
+        "indexPatternSavedObject": Object {
+          "attributes": Object {
+            "fields": null,
+            "timeFieldName": null,
+            "title": null,
+          },
+          "fields": Array [],
+          "timeFieldName": null,
+          "title": null,
+        },
+        "jobParams": Object {
+          "browserTimezone": "PST",
+        },
+        "metaFields": Array [],
+        "searchRequest": Object {
+          "body": Object {
+            "_source": Object {
+              "includes": Array [],
+            },
+            "docvalue_fields": undefined,
+            "query": Object {
+              "bool": Object {
+                "filter": Array [
+                  Object {
+                    "0": "this is the query",
+                  },
+                ],
+                "must": Array [],
+                "must_not": Array [],
+                "should": Array [],
+              },
+            },
+            "script_fields": Object {},
+            "sort": Array [
+              "this is the sort",
+            ],
+          },
+          "index": null,
+        },
+      }
+    `);
+  });
+
+  it('uses timerange timezone from the payload', async () => {
+    mockJobParams.post = {
+      timerange: { timezone: 'Africa/Timbuktu', min: 0, max: 9000 },
+    };
+    const result = await getGenerateCsvParams(
+      mockJobParams,
+      mockSearchPanel,
+      mockSavedObjectsClient,
+      mockUiSettingsClient
+    );
+    expect(result).toMatchInlineSnapshot(`
+      Object {
+        "conflictedTypesFields": Array [],
+        "fields": Array [],
+        "indexPatternSavedObject": Object {
+          "attributes": Object {
+            "fields": null,
+            "timeFieldName": null,
+            "title": null,
+          },
+          "fields": Array [],
+          "timeFieldName": null,
+          "title": null,
+        },
+        "jobParams": Object {
+          "browserTimezone": "Africa/Timbuktu",
+        },
+        "metaFields": Array [],
+        "searchRequest": Object {
+          "body": Object {
+            "_source": Object {
+              "includes": Array [],
+            },
+            "docvalue_fields": undefined,
+            "query": Object {
+              "bool": Object {
+                "filter": Array [],
+                "must": Array [],
+                "must_not": Array [],
+                "should": Array [],
+              },
+            },
+            "script_fields": Object {},
+            "sort": Array [],
+          },
+          "index": null,
+        },
+      }
+    `);
+  });
+
+  it('uses timerange min and max (numeric) when index pattern has timefieldName', async () => {
+    mockJobParams.post = {
+      timerange: { timezone: 'Africa/Timbuktu', min: 0, max: 900000000 },
+    };
+    mockSavedObjectsClient = {
+      get: () => ({
+        attributes: { fields: null, title: 'test search', timeFieldName: '@test_time' },
+      }),
+    };
+    const result = await getGenerateCsvParams(
+      mockJobParams,
+      mockSearchPanel,
+      mockSavedObjectsClient,
+      mockUiSettingsClient
+    );
+    expect(result).toMatchInlineSnapshot(`
+      Object {
+        "conflictedTypesFields": Array [],
+        "fields": Array [
+          "@test_time",
+        ],
+        "indexPatternSavedObject": Object {
+          "attributes": Object {
+            "fields": null,
+            "timeFieldName": "@test_time",
+            "title": "test search",
+          },
+          "fields": Array [],
+          "timeFieldName": "@test_time",
+          "title": "test search",
+        },
+        "jobParams": Object {
+          "browserTimezone": "Africa/Timbuktu",
+        },
+        "metaFields": Array [],
+        "searchRequest": Object {
+          "body": Object {
+            "_source": Object {
+              "includes": Array [
+                "@test_time",
+              ],
+            },
+            "docvalue_fields": undefined,
+            "query": Object {
+              "bool": Object {
+                "filter": Array [
+                  Object {
+                    "range": Object {
+                      "@test_time": Object {
+                        "format": "strict_date_time",
+                        "gte": "1970-01-01T00:00:00Z",
+                        "lte": "1970-01-11T10:00:00Z",
+                      },
+                    },
+                  },
+                ],
+                "must": Array [],
+                "must_not": Array [],
+                "should": Array [],
+              },
+            },
+            "script_fields": Object {},
+            "sort": Array [],
+          },
+          "index": "test search",
+        },
+      }
+    `);
+  });
+
+  it('uses timerange min and max (string) when index pattern has timefieldName', async () => {
+    mockJobParams.post = {
+      timerange: {
+        timezone: 'Africa/Timbuktu',
+        min: '1980-01-01T00:00:00Z',
+        max: '1990-01-01T00:00:00Z',
+      },
+    };
+    mockSavedObjectsClient = {
+      get: () => ({
+        attributes: { fields: null, title: 'test search', timeFieldName: '@test_time' },
+      }),
+    };
+    const result = await getGenerateCsvParams(
+      mockJobParams,
+      mockSearchPanel,
+      mockSavedObjectsClient,
+      mockUiSettingsClient
+    );
+    expect(result).toMatchInlineSnapshot(`
+      Object {
+        "conflictedTypesFields": Array [],
+        "fields": Array [
+          "@test_time",
+        ],
+        "indexPatternSavedObject": Object {
+          "attributes": Object {
+            "fields": null,
+            "timeFieldName": "@test_time",
+            "title": "test search",
+          },
+          "fields": Array [],
+          "timeFieldName": "@test_time",
+          "title": "test search",
+        },
+        "jobParams": Object {
+          "browserTimezone": "Africa/Timbuktu",
+        },
+        "metaFields": Array [],
+        "searchRequest": Object {
+          "body": Object {
+            "_source": Object {
+              "includes": Array [
+                "@test_time",
+              ],
+            },
+            "docvalue_fields": undefined,
+            "query": Object {
+              "bool": Object {
+                "filter": Array [
+                  Object {
+                    "range": Object {
+                      "@test_time": Object {
+                        "format": "strict_date_time",
+                        "gte": "1980-01-01T00:00:00Z",
+                        "lte": "1990-01-01T00:00:00Z",
+                      },
+                    },
+                  },
+                ],
+                "must": Array [],
+                "must_not": Array [],
+                "should": Array [],
+              },
+            },
+            "script_fields": Object {},
+            "sort": Array [],
+          },
+          "index": "test search",
+        },
+      }
+    `);
+  });
+});
diff --git a/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/lib/get_csv_job.ts b/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/lib/get_csv_job.ts
new file mode 100644
index 00000000000000..5f1954b80e1bc9
--- /dev/null
+++ b/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/lib/get_csv_job.ts
@@ -0,0 +1,146 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { IUiSettingsClient, SavedObjectsClientContract } from 'kibana/server';
+import { EsQueryConfig } from 'src/plugins/data/server';
+import {
+  esQuery,
+  Filter,
+  IIndexPattern,
+  Query,
+} from '../../../../../../../../src/plugins/data/server';
+import {
+  DocValueFields,
+  IndexPatternField,
+  JobParamsPanelCsv,
+  QueryFilter,
+  SavedSearchObjectAttributes,
+  SearchPanel,
+  SearchSource,
+} from '../../types';
+import { getDataSource } from './get_data_source';
+import { getFilters } from './get_filters';
+import { GenerateCsvParams } from '../../../csv/server/generate_csv';
+
+export const getEsQueryConfig = async (config: IUiSettingsClient) => {
+  const configs = await Promise.all([
+    config.get('query:allowLeadingWildcards'),
+    config.get('query:queryString:options'),
+    config.get('courier:ignoreFilterIfFieldNotInIndex'),
+  ]);
+  const [allowLeadingWildcards, queryStringOptions, ignoreFilterIfFieldNotInIndex] = configs;
+  return {
+    allowLeadingWildcards,
+    queryStringOptions,
+    ignoreFilterIfFieldNotInIndex,
+  } as EsQueryConfig;
+};
+
+/*
+ * Create a CSV Job object for CSV From SavedObject to use as a job parameter
+ * for generateCsv
+ */
+export const getGenerateCsvParams = async (
+  jobParams: JobParamsPanelCsv,
+  panel: SearchPanel,
+  savedObjectsClient: SavedObjectsClientContract,
+  uiConfig: IUiSettingsClient
+): Promise<GenerateCsvParams> => {
+  let timerange;
+  if (jobParams.post?.timerange) {
+    timerange = jobParams.post?.timerange;
+  } else {
+    timerange = panel.timerange;
+  }
+  const { indexPatternSavedObjectId } = panel;
+  const savedSearchObjectAttr = panel.attributes as SavedSearchObjectAttributes;
+  const { indexPatternSavedObject } = await getDataSource(
+    savedObjectsClient,
+    indexPatternSavedObjectId
+  );
+  const esQueryConfig = await getEsQueryConfig(uiConfig);
+
+  const {
+    kibanaSavedObjectMeta: {
+      searchSource: {
+        filter: [searchSourceFilter],
+        query: searchSourceQuery,
+      },
+    },
+  } = savedSearchObjectAttr as { kibanaSavedObjectMeta: { searchSource: SearchSource } };
+
+  const {
+    timeFieldName: indexPatternTimeField,
+    title: esIndex,
+    fields: indexPatternFields,
+  } = indexPatternSavedObject;
+
+  let payloadQuery: QueryFilter | undefined;
+  let payloadSort: any[] = [];
+  let docValueFields: DocValueFields[] | undefined;
+  if (jobParams.post && jobParams.post.state) {
+    ({
+      post: {
+        state: { query: payloadQuery, sort: payloadSort = [], docvalue_fields: docValueFields },
+      },
+    } = jobParams);
+  }
+  const { includes, combinedFilter } = getFilters(
+    indexPatternSavedObjectId,
+    indexPatternTimeField,
+    timerange,
+    savedSearchObjectAttr,
+    searchSourceFilter,
+    payloadQuery
+  );
+
+  const savedSortConfigs = savedSearchObjectAttr.sort;
+  const sortConfig = [...payloadSort];
+  savedSortConfigs.forEach(([savedSortField, savedSortOrder]) => {
+    sortConfig.push({ [savedSortField]: { order: savedSortOrder } });
+  });
+
+  const scriptFieldsConfig =
+    indexPatternFields &&
+    indexPatternFields
+      .filter((f: IndexPatternField) => f.scripted)
+      .reduce((accum: any, curr: IndexPatternField) => {
+        return {
+          ...accum,
+          [curr.name]: {
+            script: {
+              source: curr.script,
+              lang: curr.lang,
+            },
+          },
+        };
+      }, {});
+
+  const searchRequest = {
+    index: esIndex,
+    body: {
+      _source: { includes },
+      docvalue_fields: docValueFields,
+      query: esQuery.buildEsQuery(
+        indexPatternSavedObject as IIndexPattern,
+        (searchSourceQuery as unknown) as Query,
+        (combinedFilter as unknown) as Filter,
+        esQueryConfig
+      ),
+      script_fields: scriptFieldsConfig,
+      sort: sortConfig,
+    },
+  };
+
+  return {
+    jobParams: { browserTimezone: timerange.timezone },
+    indexPatternSavedObject,
+    searchRequest,
+    fields: includes,
+    metaFields: [],
+    conflictedTypesFields: [],
+  };
+};
diff --git a/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/lib/get_data_source.ts b/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/lib/get_data_source.ts
index b7e560853e89e7..bf915696c89743 100644
--- a/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/lib/get_data_source.ts
+++ b/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/lib/get_data_source.ts
@@ -4,12 +4,8 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-import {
-  IndexPatternSavedObject,
-  SavedObjectReference,
-  SavedSearchObjectAttributesJSON,
-  SearchSource,
-} from '../../types';
+import { IndexPatternSavedObject } from '../../../csv/types';
+import { SavedObjectReference, SavedSearchObjectAttributesJSON, SearchSource } from '../../types';
 
 export async function getDataSource(
   savedObjectsClient: any,
diff --git a/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/lib/get_fake_request.ts b/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/lib/get_fake_request.ts
new file mode 100644
index 00000000000000..09c58806de120d
--- /dev/null
+++ b/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/lib/get_fake_request.ts
@@ -0,0 +1,51 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { i18n } from '@kbn/i18n';
+import { KibanaRequest } from 'kibana/server';
+import { cryptoFactory, LevelLogger } from '../../../../lib';
+import { ScheduledTaskParams } from '../../../../types';
+import { JobParamsPanelCsv } from '../../types';
+
+export const getFakeRequest = async (
+  job: ScheduledTaskParams<JobParamsPanelCsv>,
+  encryptionKey: string,
+  jobLogger: LevelLogger
+) => {
+  // TODO remove this block: csv from savedobject download is always "sync"
+  const crypto = cryptoFactory(encryptionKey);
+  let decryptedHeaders: KibanaRequest['headers'];
+  const serializedEncryptedHeaders = job.headers;
+  try {
+    if (typeof serializedEncryptedHeaders !== 'string') {
+      throw new Error(
+        i18n.translate(
+          'xpack.reporting.exportTypes.csv_from_savedobject.executeJob.missingJobHeadersErrorMessage',
+          {
+            defaultMessage: 'Job headers are missing',
+          }
+        )
+      );
+    }
+    decryptedHeaders = (await crypto.decrypt(
+      serializedEncryptedHeaders
+    )) as KibanaRequest['headers'];
+  } catch (err) {
+    jobLogger.error(err);
+    throw new Error(
+      i18n.translate(
+        'xpack.reporting.exportTypes.csv_from_savedobject.executeJob.failedToDecryptReportJobDataErrorMessage',
+        {
+          defaultMessage:
+            'Failed to decrypt report job data. Please ensure that {encryptionKey} is set and re-generate this report. {err}',
+          values: { encryptionKey: 'xpack.reporting.encryptionKey', err },
+        }
+      )
+    );
+  }
+
+  return { headers: decryptedHeaders } as KibanaRequest;
+};
diff --git a/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/lib/get_filters.ts b/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/lib/get_filters.ts
index 26631548cc7972..1258b03d3051b1 100644
--- a/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/lib/get_filters.ts
+++ b/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/lib/get_filters.ts
@@ -22,7 +22,7 @@ export function getFilters(
   let timezone: string | null;
 
   if (indexPatternTimeField) {
-    if (!timerange || !timerange.min || !timerange.max) {
+    if (!timerange || timerange.min == null || timerange.max == null) {
       throw badRequest(
         `Time range params are required for index pattern [${indexPatternId}], using time field [${indexPatternTimeField}]`
       );
diff --git a/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/types.d.ts b/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/types.d.ts
index c182fe49a31f63..0d19a24114f06d 100644
--- a/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/types.d.ts
+++ b/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/types.d.ts
@@ -95,20 +95,6 @@ export interface SavedObject {
   references: SavedObjectReference[];
 }
 
-/* This object is passed to different helpers in different parts of the code
-   - packages/kbn-es-query/src/es_query/build_es_query
-   The structure has redundant parts and json-parsed / json-unparsed versions of the same data
- */
-export interface IndexPatternSavedObject {
-  title: string;
-  timeFieldName: string;
-  fields: any[];
-  attributes: {
-    fieldFormatMap: string;
-    fields: string;
-  };
-}
-
 export interface VisPanel {
   indexPatternSavedObjectId?: string;
   savedSearchObjectId?: string;
@@ -122,6 +108,11 @@ export interface SearchPanel {
   timerange: TimeRangeParams;
 }
 
+export interface DocValueFields {
+  field: string;
+  format: string;
+}
+
 export interface SearchSourceQuery {
   isSearchSourceQuery: boolean;
 }
diff --git a/x-pack/plugins/reporting/server/routes/generate_from_savedobject_immediate.ts b/x-pack/plugins/reporting/server/routes/generate_from_savedobject_immediate.ts
index 97441bba709847..773295deea954a 100644
--- a/x-pack/plugins/reporting/server/routes/generate_from_savedobject_immediate.ts
+++ b/x-pack/plugins/reporting/server/routes/generate_from_savedobject_immediate.ts
@@ -9,10 +9,10 @@ import { ReportingCore } from '../';
 import { API_BASE_GENERATE_V1 } from '../../common/constants';
 import { scheduleTaskFnFactory } from '../export_types/csv_from_savedobject/server/create_job';
 import { runTaskFnFactory } from '../export_types/csv_from_savedobject/server/execute_job';
-import { getJobParamsFromRequest } from '../export_types/csv_from_savedobject/server/lib/get_job_params_from_request';
 import { LevelLogger as Logger } from '../lib';
 import { TaskRunResult } from '../types';
 import { authorizedUserPreRoutingFactory } from './lib/authorized_user_pre_routing';
+import { getJobParamsFromRequest } from './lib/get_job_params_from_request';
 import { HandlerErrorFunction } from './types';
 
 /*
diff --git a/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/lib/get_job_params_from_request.ts b/x-pack/plugins/reporting/server/routes/lib/get_job_params_from_request.ts
similarity index 87%
rename from x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/lib/get_job_params_from_request.ts
rename to x-pack/plugins/reporting/server/routes/lib/get_job_params_from_request.ts
index 5aed02c10b9610..e5c1f382413497 100644
--- a/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/lib/get_job_params_from_request.ts
+++ b/x-pack/plugins/reporting/server/routes/lib/get_job_params_from_request.ts
@@ -5,7 +5,10 @@
  */
 
 import { KibanaRequest } from 'src/core/server';
-import { JobParamsPanelCsv, JobParamsPostPayloadPanelCsv } from '../../types';
+import {
+  JobParamsPanelCsv,
+  JobParamsPostPayloadPanelCsv,
+} from '../../export_types/csv_from_savedobject/types';
 
 export function getJobParamsFromRequest(
   request: KibanaRequest,
diff --git a/x-pack/plugins/reporting/server/types.ts b/x-pack/plugins/reporting/server/types.ts
index 96eef81672610d..667c1546c61473 100644
--- a/x-pack/plugins/reporting/server/types.ts
+++ b/x-pack/plugins/reporting/server/types.ts
@@ -50,19 +50,19 @@ export type ReportingRequestPayload = GenerateExportTypePayload | JobParamPostPa
 
 export interface TimeRangeParams {
   timezone: string;
-  min: Date | string | number | null;
-  max: Date | string | number | null;
+  min?: Date | string | number | null;
+  max?: Date | string | number | null;
 }
 
 export interface JobParamPostPayload {
-  timerange: TimeRangeParams;
+  timerange?: TimeRangeParams;
 }
 
 export interface ScheduledTaskParams<JobParamsType> {
   headers?: string; // serialized encrypted headers
   jobParams: JobParamsType;
   title: string;
-  type: string | null;
+  type: string;
 }
 
 export interface JobSource<JobParamsType> {
@@ -80,6 +80,7 @@ export interface TaskRunResult {
   content_type: string;
   content: string | null;
   size: number;
+  csv_contains_formulas?: boolean;
   max_size_reached?: boolean;
   warnings?: string[];
 }
diff --git a/x-pack/plugins/security/server/authorization/check_saved_objects_privileges.test.ts b/x-pack/plugins/security/server/authorization/check_saved_objects_privileges.test.ts
index 4ab00b511b48ba..5e38045b88c748 100644
--- a/x-pack/plugins/security/server/authorization/check_saved_objects_privileges.test.ts
+++ b/x-pack/plugins/security/server/authorization/check_saved_objects_privileges.test.ts
@@ -43,17 +43,6 @@ describe('#checkSavedObjectsPrivileges', () => {
   describe('when checking multiple namespaces', () => {
     const namespaces = [namespace1, namespace2];
 
-    test(`throws an error when Spaces is disabled`, async () => {
-      mockSpacesService = undefined;
-      const checkSavedObjectsPrivileges = createFactory();
-
-      await expect(
-        checkSavedObjectsPrivileges(actions, namespaces)
-      ).rejects.toThrowErrorMatchingInlineSnapshot(
-        `"Can't check saved object privileges for multiple namespaces if Spaces is disabled"`
-      );
-    });
-
     test(`throws an error when using an empty namespaces array`, async () => {
       const checkSavedObjectsPrivileges = createFactory();
 
diff --git a/x-pack/plugins/security/server/authorization/check_saved_objects_privileges.ts b/x-pack/plugins/security/server/authorization/check_saved_objects_privileges.ts
index d9b070c72f9463..0c2260542bf728 100644
--- a/x-pack/plugins/security/server/authorization/check_saved_objects_privileges.ts
+++ b/x-pack/plugins/security/server/authorization/check_saved_objects_privileges.ts
@@ -29,21 +29,21 @@ export const checkSavedObjectsPrivilegesWithRequestFactory = (
       namespaceOrNamespaces?: string | string[]
     ) {
       const spacesService = getSpacesService();
-      if (Array.isArray(namespaceOrNamespaces)) {
-        if (spacesService === undefined) {
-          throw new Error(
-            `Can't check saved object privileges for multiple namespaces if Spaces is disabled`
-          );
-        } else if (!namespaceOrNamespaces.length) {
+      if (!spacesService) {
+        // Spaces disabled, authorizing globally
+        return await checkPrivilegesWithRequest(request).globally(actions);
+      } else if (Array.isArray(namespaceOrNamespaces)) {
+        // Spaces enabled, authorizing against multiple spaces
+        if (!namespaceOrNamespaces.length) {
           throw new Error(`Can't check saved object privileges for 0 namespaces`);
         }
         const spaceIds = namespaceOrNamespaces.map((x) => spacesService.namespaceToSpaceId(x));
         return await checkPrivilegesWithRequest(request).atSpaces(spaceIds, actions);
-      } else if (spacesService) {
+      } else {
+        // Spaces enabled, authorizing against a single space
         const spaceId = spacesService.namespaceToSpaceId(namespaceOrNamespaces);
         return await checkPrivilegesWithRequest(request).atSpace(spaceId, actions);
       }
-      return await checkPrivilegesWithRequest(request).globally(actions);
     };
   };
 };
diff --git a/x-pack/plugins/security/server/saved_objects/secure_saved_objects_client_wrapper.test.ts b/x-pack/plugins/security/server/saved_objects/secure_saved_objects_client_wrapper.test.ts
index c646cd95228f0e..1cf879adc54154 100644
--- a/x-pack/plugins/security/server/saved_objects/secure_saved_objects_client_wrapper.test.ts
+++ b/x-pack/plugins/security/server/saved_objects/secure_saved_objects_client_wrapper.test.ts
@@ -27,6 +27,7 @@ const createSecureSavedObjectsClientWrapperOptions = () => {
   const errors = ({
     decorateForbiddenError: jest.fn().mockReturnValue(forbiddenError),
     decorateGeneralError: jest.fn().mockReturnValue(generalError),
+    createBadRequestError: jest.fn().mockImplementation((message) => new Error(message)),
     isNotFoundError: jest.fn().mockReturnValue(false),
   } as unknown) as jest.Mocked<SavedObjectsClientContract['errors']>;
   const getSpacesService = jest.fn().mockReturnValue(true);
@@ -73,7 +74,9 @@ const expectForbiddenError = async (fn: Function, args: Record<string, any>) =>
     SavedObjectActions['get']
   >).mock.calls;
   const actions = clientOpts.checkSavedObjectsPrivilegesAsCurrentUser.mock.calls[0][0];
-  const spaceId = args.options?.namespace || 'default';
+  const spaceId = args.options?.namespaces
+    ? args.options?.namespaces[0]
+    : args.options?.namespace || 'default';
 
   const ACTION = getCalls[0][1];
   const types = getCalls.map((x) => x[0]);
@@ -100,7 +103,7 @@ const expectSuccess = async (fn: Function, args: Record<string, any>) => {
   >).mock.calls;
   const ACTION = getCalls[0][1];
   const types = getCalls.map((x) => x[0]);
-  const spaceIds = [args.options?.namespace || 'default'];
+  const spaceIds = args.options?.namespaces || [args.options?.namespace || 'default'];
 
   expect(clientOpts.auditLogger.savedObjectsAuthorizationFailure).not.toHaveBeenCalled();
   expect(clientOpts.auditLogger.savedObjectsAuthorizationSuccess).toHaveBeenCalledTimes(1);
@@ -128,7 +131,7 @@ const expectPrivilegeCheck = async (fn: Function, args: Record<string, any>) =>
   expect(clientOpts.checkSavedObjectsPrivilegesAsCurrentUser).toHaveBeenCalledTimes(1);
   expect(clientOpts.checkSavedObjectsPrivilegesAsCurrentUser).toHaveBeenCalledWith(
     actions,
-    args.options?.namespace
+    args.options?.namespace ?? args.options?.namespaces
   );
 };
 
@@ -344,7 +347,7 @@ describe('#addToNamespaces', () => {
     );
   });
 
-  test(`checks privileges for user, actions, and namespace`, async () => {
+  test(`checks privileges for user, actions, and namespaces`, async () => {
     clientOpts.checkSavedObjectsPrivilegesAsCurrentUser.mockImplementationOnce(
       getMockCheckPrivilegesSuccess // create
     );
@@ -539,12 +542,12 @@ describe('#find', () => {
   });
 
   test(`throws decorated ForbiddenError when type's singular and unauthorized`, async () => {
-    const options = Object.freeze({ type: type1, namespace: 'some-ns' });
+    const options = Object.freeze({ type: type1, namespaces: ['some-ns'] });
     await expectForbiddenError(client.find, { options });
   });
 
   test(`throws decorated ForbiddenError when type's an array and unauthorized`, async () => {
-    const options = Object.freeze({ type: [type1, type2], namespace: 'some-ns' });
+    const options = Object.freeze({ type: [type1, type2], namespaces: ['some-ns'] });
     await expectForbiddenError(client.find, { options });
   });
 
@@ -552,18 +555,34 @@ describe('#find', () => {
     const apiCallReturnValue = { saved_objects: [], foo: 'bar' };
     clientOpts.baseClient.find.mockReturnValue(apiCallReturnValue as any);
 
-    const options = Object.freeze({ type: type1, namespace: 'some-ns' });
+    const options = Object.freeze({ type: type1, namespaces: ['some-ns'] });
     const result = await expectSuccess(client.find, { options });
     expect(result).toEqual(apiCallReturnValue);
   });
 
-  test(`checks privileges for user, actions, and namespace`, async () => {
-    const options = Object.freeze({ type: [type1, type2], namespace: 'some-ns' });
+  test(`throws BadRequestError when searching across namespaces when spaces is disabled`, async () => {
+    clientOpts = createSecureSavedObjectsClientWrapperOptions();
+    clientOpts.getSpacesService.mockReturnValue(undefined);
+    client = new SecureSavedObjectsClientWrapper(clientOpts);
+
+    // succeed privilege checks by default
+    clientOpts.checkSavedObjectsPrivilegesAsCurrentUser.mockImplementation(
+      getMockCheckPrivilegesSuccess
+    );
+
+    const options = Object.freeze({ type: [type1, type2], namespaces: ['some-ns'] });
+    await expect(client.find(options)).rejects.toThrowErrorMatchingInlineSnapshot(
+      `"_find across namespaces is not permitted when the Spaces plugin is disabled."`
+    );
+  });
+
+  test(`checks privileges for user, actions, and namespaces`, async () => {
+    const options = Object.freeze({ type: [type1, type2], namespaces: ['some-ns'] });
     await expectPrivilegeCheck(client.find, { options });
   });
 
   test(`filters namespaces that the user doesn't have access to`, async () => {
-    const options = Object.freeze({ type: [type1, type2], namespace: 'some-ns' });
+    const options = Object.freeze({ type: [type1, type2], namespaces: ['some-ns'] });
     await expectObjectsNamespaceFiltering(client.find, { options });
   });
 });
diff --git a/x-pack/plugins/security/server/saved_objects/secure_saved_objects_client_wrapper.ts b/x-pack/plugins/security/server/saved_objects/secure_saved_objects_client_wrapper.ts
index 969344afae5e37..621299a0f025e1 100644
--- a/x-pack/plugins/security/server/saved_objects/secure_saved_objects_client_wrapper.ts
+++ b/x-pack/plugins/security/server/saved_objects/secure_saved_objects_client_wrapper.ts
@@ -99,7 +99,16 @@ export class SecureSavedObjectsClientWrapper implements SavedObjectsClientContra
   }
 
   public async find<T = unknown>(options: SavedObjectsFindOptions) {
-    await this.ensureAuthorized(options.type, 'find', options.namespace, { options });
+    if (
+      this.getSpacesService() == null &&
+      Array.isArray(options.namespaces) &&
+      options.namespaces.length > 0
+    ) {
+      throw this.errors.createBadRequestError(
+        `_find across namespaces is not permitted when the Spaces plugin is disabled.`
+      );
+    }
+    await this.ensureAuthorized(options.type, 'find', options.namespaces, { options });
 
     const response = await this.baseClient.find<T>(options);
     return await this.redactSavedObjectsNamespaces(response);
@@ -293,7 +302,11 @@ export class SecureSavedObjectsClientWrapper implements SavedObjectsClientContra
   private async redactSavedObjectNamespaces<T extends SavedObjectNamespaces>(
     savedObject: T
   ): Promise<T> {
-    if (this.getSpacesService() === undefined || savedObject.namespaces == null) {
+    if (
+      this.getSpacesService() === undefined ||
+      savedObject.namespaces == null ||
+      savedObject.namespaces.length === 0
+    ) {
       return savedObject;
     }
 
diff --git a/x-pack/plugins/security_solution/common/detection_engine/build_exceptions_query.ts b/x-pack/plugins/security_solution/common/detection_engine/build_exceptions_query.ts
index a69ee809987f78..d3ac5d1490703d 100644
--- a/x-pack/plugins/security_solution/common/detection_engine/build_exceptions_query.ts
+++ b/x-pack/plugins/security_solution/common/detection_engine/build_exceptions_query.ts
@@ -17,7 +17,7 @@ import {
   entriesMatch,
   entriesNested,
   ExceptionListItemSchema,
-} from '../../../lists/common/schemas';
+} from '../shared_imports';
 import { Language, Query } from './schemas/common/schemas';
 
 type Operators = 'and' | 'or' | 'not';
diff --git a/x-pack/plugins/security_solution/common/detection_engine/schemas/types/lists.ts b/x-pack/plugins/security_solution/common/detection_engine/schemas/types/lists.ts
index cadc32a37a05dd..e5aaee6d3ec74e 100644
--- a/x-pack/plugins/security_solution/common/detection_engine/schemas/types/lists.ts
+++ b/x-pack/plugins/security_solution/common/detection_engine/schemas/types/lists.ts
@@ -6,7 +6,7 @@
 
 import * as t from 'io-ts';
 
-import { exceptionListType, namespaceType } from '../../lists_common_deps';
+import { exceptionListType, namespaceType } from '../../../shared_imports';
 
 export const list = t.exact(
   t.type({
diff --git a/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/lib/index.ts b/x-pack/plugins/security_solution/common/index.ts
similarity index 82%
rename from x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/lib/index.ts
rename to x-pack/plugins/security_solution/common/index.ts
index 90f90ba168a2fe..b55ca5db30a44f 100644
--- a/x-pack/plugins/reporting/server/export_types/csv_from_savedobject/server/lib/index.ts
+++ b/x-pack/plugins/security_solution/common/index.ts
@@ -4,4 +4,4 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-export { createGenerateCsv } from './generate_csv';
+export * from './shared_exports';
diff --git a/x-pack/plugins/security_solution/common/shared_exports.ts b/x-pack/plugins/security_solution/common/shared_exports.ts
new file mode 100644
index 00000000000000..1b5b17ef35caea
--- /dev/null
+++ b/x-pack/plugins/security_solution/common/shared_exports.ts
@@ -0,0 +1,13 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+export { NonEmptyString } from './detection_engine/schemas/types/non_empty_string';
+export { DefaultUuid } from './detection_engine/schemas/types/default_uuid';
+export { DefaultStringArray } from './detection_engine/schemas/types/default_string_array';
+export { exactCheck } from './exact_check';
+export { getPaths, foldLeftRight } from './test_utils';
+export { validate, validateEither } from './validate';
+export { formatErrors } from './format_errors';
diff --git a/x-pack/plugins/security_solution/common/shared_imports.ts b/x-pack/plugins/security_solution/common/shared_imports.ts
new file mode 100644
index 00000000000000..f56f184a5a4677
--- /dev/null
+++ b/x-pack/plugins/security_solution/common/shared_imports.ts
@@ -0,0 +1,42 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+export {
+  ListSchema,
+  CommentsArray,
+  CreateCommentsArray,
+  Comments,
+  CreateComments,
+  ExceptionListSchema,
+  ExceptionListItemSchema,
+  CreateExceptionListItemSchema,
+  UpdateExceptionListItemSchema,
+  Entry,
+  EntryExists,
+  EntryMatch,
+  EntryMatchAny,
+  EntryNested,
+  EntryList,
+  EntriesArray,
+  NamespaceType,
+  Operator,
+  OperatorEnum,
+  OperatorType,
+  OperatorTypeEnum,
+  ExceptionListTypeEnum,
+  exceptionListItemSchema,
+  exceptionListType,
+  createExceptionListItemSchema,
+  listSchema,
+  entry,
+  entriesNested,
+  entriesMatch,
+  entriesMatchAny,
+  entriesExists,
+  entriesList,
+  namespaceType,
+  ExceptionListType,
+} from '../../lists/common';
diff --git a/x-pack/plugins/security_solution/common/validate.test.ts b/x-pack/plugins/security_solution/common/validate.test.ts
index b2217099fca19a..8cd322a25b5c02 100644
--- a/x-pack/plugins/security_solution/common/validate.test.ts
+++ b/x-pack/plugins/security_solution/common/validate.test.ts
@@ -43,6 +43,6 @@ describe('validateEither', () => {
     const payload = { a: 'some other value' };
     const result = validateEither(schema, payload);
 
-    expect(result).toEqual(left('Invalid value "some other value" supplied to "a"'));
+    expect(result).toEqual(left(new Error('Invalid value "some other value" supplied to "a"')));
   });
 });
diff --git a/x-pack/plugins/security_solution/common/validate.ts b/x-pack/plugins/security_solution/common/validate.ts
index f36df38c2a90d2..9745c21a191f0a 100644
--- a/x-pack/plugins/security_solution/common/validate.ts
+++ b/x-pack/plugins/security_solution/common/validate.ts
@@ -27,9 +27,9 @@ export const validate = <T extends t.Mixed>(
 export const validateEither = <T extends t.Mixed, A extends unknown>(
   schema: T,
   obj: A
-): Either<string, A> =>
+): Either<Error, A> =>
   pipe(
     obj,
     (a) => schema.validate(a, t.getDefaultContext(schema.asDecoder())),
-    mapLeft((errors) => formatErrors(errors).join(','))
+    mapLeft((errors) => new Error(formatErrors(errors).join(',')))
   );
diff --git a/x-pack/plugins/security_solution/kibana.json b/x-pack/plugins/security_solution/kibana.json
index 29d0ab58e8b554..92fc93453b9f1d 100644
--- a/x-pack/plugins/security_solution/kibana.json
+++ b/x-pack/plugins/security_solution/kibana.json
@@ -1,6 +1,7 @@
 {
   "id": "securitySolution",
   "version": "8.0.0",
+  "extraPublicDirs": ["common"],
   "kibanaVersion": "kibana",
   "configPath": ["xpack", "securitySolution"],
   "requiredPlugins": [
@@ -30,10 +31,5 @@
   ],
   "server": true,
   "ui": true,
-  "requiredBundles": [
-    "kibanaUtils",
-    "esUiShared",
-    "kibanaReact",
-    "ingestManager"
-  ]
+  "requiredBundles": ["esUiShared", "ingestManager", "kibanaUtils", "kibanaReact", "lists"]
 }
diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/__snapshots__/page_view.test.tsx.snap b/x-pack/plugins/security_solution/public/common/components/endpoint/__snapshots__/page_view.test.tsx.snap
index 096df5ceab2560..bed5ac6950a2b7 100644
--- a/x-pack/plugins/security_solution/public/common/components/endpoint/__snapshots__/page_view.test.tsx.snap
+++ b/x-pack/plugins/security_solution/public/common/components/endpoint/__snapshots__/page_view.test.tsx.snap
@@ -25,6 +25,10 @@ exports[`PageView component should display body header custom element 1`] = `
   margin-left: 12px;
 }
 
+.c0 .endpoint-header-leftSection {
+  overflow: hidden;
+}
+
 <PageView
   bodyHeader={
     <p>
@@ -120,6 +124,10 @@ exports[`PageView component should display body header wrapped in EuiTitle 1`] =
   margin-left: 12px;
 }
 
+.c0 .endpoint-header-leftSection {
+  overflow: hidden;
+}
+
 <PageView
   bodyHeader="body header"
   viewType="list"
@@ -218,6 +226,10 @@ exports[`PageView component should display header left and right 1`] = `
   margin-left: 12px;
 }
 
+.c0 .endpoint-header-leftSection {
+  overflow: hidden;
+}
+
 <PageView
   headerLeft="page title"
   headerRight="right side actions"
@@ -243,10 +255,11 @@ exports[`PageView component should display header left and right 1`] = `
                 className="euiPageHeader euiPageHeader--responsive endpoint-header"
               >
                 <EuiPageHeaderSection
+                  className="endpoint-header-leftSection"
                   data-test-subj="pageViewHeaderLeft"
                 >
                   <div
-                    className="euiPageHeaderSection"
+                    className="euiPageHeaderSection endpoint-header-leftSection"
                     data-test-subj="pageViewHeaderLeft"
                   >
                     <PageViewHeaderTitle>
@@ -331,6 +344,10 @@ exports[`PageView component should display only body if not header props used 1`
   margin-left: 12px;
 }
 
+.c0 .endpoint-header-leftSection {
+  overflow: hidden;
+}
+
 <PageView
   viewType="list"
 >
@@ -403,6 +420,10 @@ exports[`PageView component should display only header left 1`] = `
   margin-left: 12px;
 }
 
+.c0 .endpoint-header-leftSection {
+  overflow: hidden;
+}
+
 <PageView
   headerLeft="page title"
   viewType="list"
@@ -427,10 +448,11 @@ exports[`PageView component should display only header left 1`] = `
                 className="euiPageHeader euiPageHeader--responsive endpoint-header"
               >
                 <EuiPageHeaderSection
+                  className="endpoint-header-leftSection"
                   data-test-subj="pageViewHeaderLeft"
                 >
                   <div
-                    className="euiPageHeaderSection"
+                    className="euiPageHeaderSection endpoint-header-leftSection"
                     data-test-subj="pageViewHeaderLeft"
                   >
                     <PageViewHeaderTitle>
@@ -505,6 +527,10 @@ exports[`PageView component should display only header right but include an empt
   margin-left: 12px;
 }
 
+.c0 .endpoint-header-leftSection {
+  overflow: hidden;
+}
+
 <PageView
   headerRight="right side actions"
   viewType="list"
@@ -529,10 +555,11 @@ exports[`PageView component should display only header right but include an empt
                 className="euiPageHeader euiPageHeader--responsive endpoint-header"
               >
                 <EuiPageHeaderSection
+                  className="endpoint-header-leftSection"
                   data-test-subj="pageViewHeaderLeft"
                 >
                   <div
-                    className="euiPageHeaderSection"
+                    className="euiPageHeaderSection endpoint-header-leftSection"
                     data-test-subj="pageViewHeaderLeft"
                   />
                 </EuiPageHeaderSection>
@@ -604,6 +631,10 @@ exports[`PageView component should pass through EuiPage props 1`] = `
   margin-left: 12px;
 }
 
+.c0 .endpoint-header-leftSection {
+  overflow: hidden;
+}
+
 <PageView
   aria-label="test-aria-label-here"
   className="test-class-name-here"
@@ -693,6 +724,10 @@ exports[`PageView component should use custom element for header left and not wr
   margin-left: 12px;
 }
 
+.c0 .endpoint-header-leftSection {
+  overflow: hidden;
+}
+
 <PageView
   headerLeft={
     <p>
@@ -721,10 +756,11 @@ exports[`PageView component should use custom element for header left and not wr
                 className="euiPageHeader euiPageHeader--responsive endpoint-header"
               >
                 <EuiPageHeaderSection
+                  className="endpoint-header-leftSection"
                   data-test-subj="pageViewHeaderLeft"
                 >
                   <div
-                    className="euiPageHeaderSection"
+                    className="euiPageHeaderSection endpoint-header-leftSection"
                     data-test-subj="pageViewHeaderLeft"
                   >
                     <p>
diff --git a/x-pack/plugins/security_solution/public/common/components/endpoint/page_view.tsx b/x-pack/plugins/security_solution/public/common/components/endpoint/page_view.tsx
index 3d2a1d2d6fc9b3..d4753b3a64e24b 100644
--- a/x-pack/plugins/security_solution/public/common/components/endpoint/page_view.tsx
+++ b/x-pack/plugins/security_solution/public/common/components/endpoint/page_view.tsx
@@ -17,6 +17,7 @@ import {
   EuiTab,
   EuiTabs,
   EuiTitle,
+  EuiTitleProps,
 } from '@elastic/eui';
 import React, { memo, MouseEventHandler, ReactNode, useMemo } from 'react';
 import styled from 'styled-components';
@@ -45,6 +46,9 @@ const StyledEuiPage = styled(EuiPage)`
   .endpoint-navTabs {
     margin-left: ${(props) => props.theme.eui.euiSizeM};
   }
+  .endpoint-header-leftSection {
+    overflow: hidden;
+  }
 `;
 
 const isStringOrNumber = /(string|number)/;
@@ -54,13 +58,15 @@ const isStringOrNumber = /(string|number)/;
  * Can be used when wanting to customize the `headerLeft` value but still use the standard
  * title component
  */
-export const PageViewHeaderTitle = memo<{ children: ReactNode }>(({ children }) => {
-  return (
-    <EuiTitle size="l">
-      <h1 data-test-subj="pageViewHeaderLeftTitle">{children}</h1>
-    </EuiTitle>
-  );
-});
+export const PageViewHeaderTitle = memo<Omit<EuiTitleProps, 'children'> & { children: ReactNode }>(
+  ({ children, size = 'l', ...otherProps }) => {
+    return (
+      <EuiTitle {...otherProps} size={size}>
+        <h1 data-test-subj="pageViewHeaderLeftTitle">{children}</h1>
+      </EuiTitle>
+    );
+  }
+);
 
 PageViewHeaderTitle.displayName = 'PageViewHeaderTitle';
 
@@ -135,7 +141,10 @@ export const PageView = memo<PageViewProps>(
         <EuiPageBody>
           {(headerLeft || headerRight) && (
             <EuiPageHeader className="endpoint-header">
-              <EuiPageHeaderSection data-test-subj="pageViewHeaderLeft">
+              <EuiPageHeaderSection
+                className="endpoint-header-leftSection"
+                data-test-subj="pageViewHeaderLeft"
+              >
                 {isStringOrNumber.test(typeof headerLeft) ? (
                   <PageViewHeaderTitle>{headerLeft}</PageViewHeaderTitle>
                 ) : (
diff --git a/x-pack/plugins/security_solution/public/common/lib/kibana/hooks.ts b/x-pack/plugins/security_solution/public/common/lib/kibana/hooks.ts
index 813907d9af4164..184aa4d8e673c8 100644
--- a/x-pack/plugins/security_solution/public/common/lib/kibana/hooks.ts
+++ b/x-pack/plugins/security_solution/public/common/lib/kibana/hooks.ts
@@ -13,6 +13,7 @@ import { useUiSetting, useKibana } from './kibana_react';
 import { errorToToaster, useStateToaster } from '../../components/toasters';
 import { AuthenticatedUser } from '../../../../../security/common/model';
 import { convertToCamelCase } from '../../../cases/containers/utils';
+import { StartServices } from '../../../types';
 
 export const useDateFormat = (): string => useUiSetting<string>(DEFAULT_DATE_FORMAT);
 
@@ -124,3 +125,8 @@ export const useGetUserSavedObjectPermissions = () => {
 
   return savedObjectsPermissions;
 };
+
+export const useToasts = (): StartServices['notifications']['toasts'] =>
+  useKibana().services.notifications.toasts;
+
+export const useHttp = (): StartServices['http'] => useKibana().services.http;
diff --git a/x-pack/plugins/security_solution/public/common/utils/api/index.ts b/x-pack/plugins/security_solution/public/common/utils/api/index.ts
index e47e03ce4e6275..ab442d0d09cf92 100644
--- a/x-pack/plugins/security_solution/public/common/utils/api/index.ts
+++ b/x-pack/plugins/security_solution/public/common/utils/api/index.ts
@@ -7,6 +7,7 @@
 import { has } from 'lodash/fp';
 
 export interface KibanaApiError {
+  name: string;
   message: string;
   body: {
     message: string;
diff --git a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/lists/__mocks__/use_lists_config.tsx b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/lists/__mocks__/use_lists_config.tsx
new file mode 100644
index 00000000000000..0f8e0fba1e3af5
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/lists/__mocks__/use_lists_config.tsx
@@ -0,0 +1,7 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+export const useListsConfig = jest.fn().mockReturnValue({});
diff --git a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/lists/translations.ts b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/lists/translations.ts
new file mode 100644
index 00000000000000..8c72f092918c9a
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/lists/translations.ts
@@ -0,0 +1,28 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { i18n } from '@kbn/i18n';
+
+export const LISTS_INDEX_FETCH_FAILURE = i18n.translate(
+  'xpack.securitySolution.containers.detectionEngine.alerts.fetchListsIndex.errorDescription',
+  {
+    defaultMessage: 'Failed to retrieve the lists index',
+  }
+);
+
+export const LISTS_INDEX_CREATE_FAILURE = i18n.translate(
+  'xpack.securitySolution.containers.detectionEngine.alerts.createListsIndex.errorDescription',
+  {
+    defaultMessage: 'Failed to create the lists index',
+  }
+);
+
+export const LISTS_PRIVILEGES_READ_FAILURE = i18n.translate(
+  'xpack.securitySolution.containers.detectionEngine.alerts.readListsPrivileges.errorDescription',
+  {
+    defaultMessage: 'Failed to retrieve lists privileges',
+  }
+);
diff --git a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/lists/use_lists_config.tsx b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/lists/use_lists_config.tsx
new file mode 100644
index 00000000000000..ea5e075811d4b5
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/lists/use_lists_config.tsx
@@ -0,0 +1,38 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { useEffect } from 'react';
+
+import { useKibana } from '../../../../common/lib/kibana';
+import { useListsIndex } from './use_lists_index';
+import { useListsPrivileges } from './use_lists_privileges';
+
+export interface UseListsConfigReturn {
+  canManageIndex: boolean | null;
+  canWriteIndex: boolean | null;
+  enabled: boolean;
+  loading: boolean;
+  needsConfiguration: boolean;
+}
+
+export const useListsConfig = (): UseListsConfigReturn => {
+  const { createIndex, indexExists, loading: indexLoading } = useListsIndex();
+  const { canManageIndex, canWriteIndex, loading: privilegesLoading } = useListsPrivileges();
+  const { lists } = useKibana().services;
+
+  const enabled = lists != null;
+  const loading = indexLoading || privilegesLoading;
+  const needsIndex = indexExists === false;
+  const needsConfiguration = !enabled || needsIndex || canWriteIndex === false;
+
+  useEffect(() => {
+    if (canManageIndex && needsIndex) {
+      createIndex();
+    }
+  }, [canManageIndex, createIndex, needsIndex]);
+
+  return { canManageIndex, canWriteIndex, enabled, loading, needsConfiguration };
+};
diff --git a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/lists/use_lists_index.tsx b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/lists/use_lists_index.tsx
new file mode 100644
index 00000000000000..a9497fd4971c1c
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/lists/use_lists_index.tsx
@@ -0,0 +1,100 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { useEffect, useState, useCallback } from 'react';
+
+import { useReadListIndex, useCreateListIndex } from '../../../../shared_imports';
+import { useHttp, useToasts, useKibana } from '../../../../common/lib/kibana';
+import { isApiError } from '../../../../common/utils/api';
+import * as i18n from './translations';
+
+export interface UseListsIndexState {
+  indexExists: boolean | null;
+}
+
+export interface UseListsIndexReturn extends UseListsIndexState {
+  loading: boolean;
+  createIndex: () => void;
+}
+
+export const useListsIndex = (): UseListsIndexReturn => {
+  const [state, setState] = useState<UseListsIndexState>({
+    indexExists: null,
+  });
+  const { lists } = useKibana().services;
+  const http = useHttp();
+  const toasts = useToasts();
+  const { loading: readLoading, start: readListIndex, ...readListIndexState } = useReadListIndex();
+  const {
+    loading: createLoading,
+    start: createListIndex,
+    ...createListIndexState
+  } = useCreateListIndex();
+  const loading = readLoading || createLoading;
+
+  const readIndex = useCallback(() => {
+    if (lists) {
+      readListIndex({ http });
+    }
+  }, [http, lists, readListIndex]);
+
+  const createIndex = useCallback(() => {
+    if (lists) {
+      createListIndex({ http });
+    }
+  }, [createListIndex, http, lists]);
+
+  // initial read list
+  useEffect(() => {
+    if (!readLoading && state.indexExists === null) {
+      readIndex();
+    }
+  }, [readIndex, readLoading, state.indexExists]);
+
+  // handle read result
+  useEffect(() => {
+    if (readListIndexState.result != null) {
+      setState({
+        indexExists:
+          readListIndexState.result.list_index && readListIndexState.result.list_item_index,
+      });
+    }
+  }, [readListIndexState.result]);
+
+  // refetch index after creation
+  useEffect(() => {
+    if (createListIndexState.result != null) {
+      readIndex();
+    }
+  }, [createListIndexState.result, readIndex]);
+
+  // handle read error
+  useEffect(() => {
+    const error = readListIndexState.error;
+    if (isApiError(error)) {
+      setState({ indexExists: false });
+      if (error.body.status_code !== 404) {
+        toasts.addError(error, {
+          title: i18n.LISTS_INDEX_FETCH_FAILURE,
+          toastMessage: error.body.message,
+        });
+      }
+    }
+  }, [readListIndexState.error, toasts]);
+
+  // handle create error
+  useEffect(() => {
+    const error = createListIndexState.error;
+    if (isApiError(error)) {
+      toasts.addError(error, {
+        title: i18n.LISTS_INDEX_CREATE_FAILURE,
+        toastMessage: error.body.message,
+      });
+    }
+  }, [createListIndexState.error, toasts]);
+
+  return { loading, createIndex, ...state };
+};
diff --git a/x-pack/plugins/security_solution/public/detections/containers/detection_engine/lists/use_lists_privileges.tsx b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/lists/use_lists_privileges.tsx
new file mode 100644
index 00000000000000..fbbcff33402c33
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/detections/containers/detection_engine/lists/use_lists_privileges.tsx
@@ -0,0 +1,132 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+
+import { useEffect, useState, useCallback } from 'react';
+
+import { useReadListPrivileges } from '../../../../shared_imports';
+import { useHttp, useToasts, useKibana } from '../../../../common/lib/kibana';
+import { isApiError } from '../../../../common/utils/api';
+import * as i18n from './translations';
+
+export interface UseListsPrivilegesState {
+  isAuthenticated: boolean | null;
+  canManageIndex: boolean | null;
+  canWriteIndex: boolean | null;
+}
+
+export interface UseListsPrivilegesReturn extends UseListsPrivilegesState {
+  loading: boolean;
+}
+
+interface ListIndexPrivileges {
+  [indexName: string]: {
+    all: boolean;
+    create: boolean;
+    create_doc: boolean;
+    create_index: boolean;
+    delete: boolean;
+    delete_index: boolean;
+    index: boolean;
+    manage: boolean;
+    manage_follow_index: boolean;
+    manage_ilm: boolean;
+    manage_leader_index: boolean;
+    monitor: boolean;
+    read: boolean;
+    read_cross_cluster: boolean;
+    view_index_metadata: boolean;
+    write: boolean;
+  };
+}
+
+interface ListPrivileges {
+  is_authenticated: boolean;
+  lists: {
+    index: ListIndexPrivileges;
+  };
+  listItems: {
+    index: ListIndexPrivileges;
+  };
+}
+
+const canManageIndex = (indexPrivileges: ListIndexPrivileges): boolean => {
+  const [indexName] = Object.keys(indexPrivileges);
+  const privileges = indexPrivileges[indexName];
+  if (privileges == null) {
+    return false;
+  }
+  return privileges.manage;
+};
+
+const canWriteIndex = (indexPrivileges: ListIndexPrivileges): boolean => {
+  const [indexName] = Object.keys(indexPrivileges);
+  const privileges = indexPrivileges[indexName];
+  if (privileges == null) {
+    return false;
+  }
+
+  return privileges.create || privileges.create_doc || privileges.index || privileges.write;
+};
+
+export const useListsPrivileges = (): UseListsPrivilegesReturn => {
+  const [state, setState] = useState<UseListsPrivilegesState>({
+    isAuthenticated: null,
+    canManageIndex: null,
+    canWriteIndex: null,
+  });
+  const { lists } = useKibana().services;
+  const http = useHttp();
+  const toasts = useToasts();
+  const { loading, start: readListPrivileges, ...privilegesState } = useReadListPrivileges();
+
+  const readPrivileges = useCallback(() => {
+    if (lists) {
+      readListPrivileges({ http });
+    }
+  }, [http, lists, readListPrivileges]);
+
+  // initRead
+  useEffect(() => {
+    if (!loading && state.isAuthenticated === null) {
+      readPrivileges();
+    }
+  }, [loading, readPrivileges, state.isAuthenticated]);
+
+  // handleReadResult
+  useEffect(() => {
+    if (privilegesState.result != null) {
+      try {
+        const {
+          is_authenticated: isAuthenticated,
+          lists: { index: listsPrivileges },
+          listItems: { index: listItemsPrivileges },
+        } = privilegesState.result as ListPrivileges;
+
+        setState({
+          isAuthenticated,
+          canManageIndex: canManageIndex(listsPrivileges) && canManageIndex(listItemsPrivileges),
+          canWriteIndex: canWriteIndex(listsPrivileges) && canWriteIndex(listItemsPrivileges),
+        });
+      } catch (e) {
+        setState({ isAuthenticated: null, canManageIndex: false, canWriteIndex: false });
+      }
+    }
+  }, [privilegesState.result]);
+
+  // handleReadError
+  useEffect(() => {
+    const error = privilegesState.error;
+    if (isApiError(error)) {
+      setState({ isAuthenticated: null, canManageIndex: false, canWriteIndex: false });
+      toasts.addError(error, {
+        title: i18n.LISTS_PRIVILEGES_READ_FAILURE,
+        toastMessage: error.body.message,
+      });
+    }
+  }, [privilegesState.error, toasts]);
+
+  return { loading, ...state };
+};
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/detection_engine.test.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/detection_engine.test.tsx
index fa7c85c95d87b5..d5aa57ddd87547 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/detection_engine.test.tsx
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/detection_engine.test.tsx
@@ -14,6 +14,7 @@ import { DetectionEnginePageComponent } from './detection_engine';
 import { useUserInfo } from '../../components/user_info';
 import { useWithSource } from '../../../common/containers/source';
 
+jest.mock('../../containers/detection_engine/lists/use_lists_config');
 jest.mock('../../components/user_info');
 jest.mock('../../../common/containers/source');
 jest.mock('../../../common/components/link_to');
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/detection_engine.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/detection_engine.tsx
index 11f738320db6e6..84cfc744312f91 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/detection_engine.tsx
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/detection_engine.tsx
@@ -34,6 +34,7 @@ import { useUserInfo } from '../../components/user_info';
 import { OverviewEmpty } from '../../../overview/components/overview_empty';
 import { DetectionEngineNoIndex } from './detection_engine_no_signal_index';
 import { DetectionEngineHeaderPage } from '../../components/detection_engine_header_page';
+import { useListsConfig } from '../../containers/detection_engine/lists/use_lists_config';
 import { DetectionEngineUserUnauthenticated } from './detection_engine_user_unauthenticated';
 import * as i18n from './translations';
 import { LinkButton } from '../../../common/components/links';
@@ -46,7 +47,7 @@ export const DetectionEnginePageComponent: React.FC<PropsFromRedux> = ({
 }) => {
   const { to, from, deleteQuery, setQuery } = useGlobalTime();
   const {
-    loading,
+    loading: userInfoLoading,
     isSignalIndexExists,
     isAuthenticated: isUserAuthenticated,
     hasEncryptionKey,
@@ -54,9 +55,14 @@ export const DetectionEnginePageComponent: React.FC<PropsFromRedux> = ({
     signalIndexName,
     hasIndexWrite,
   } = useUserInfo();
+  const {
+    loading: listsConfigLoading,
+    needsConfiguration: needsListsConfiguration,
+  } = useListsConfig();
   const history = useHistory();
   const [lastAlerts] = useAlertInfo({});
   const { formatUrl } = useFormatUrl(SecurityPageName.detections);
+  const loading = userInfoLoading || listsConfigLoading;
 
   const updateDateRangeCallback = useCallback<UpdateDateRange>(
     ({ x }) => {
@@ -90,7 +96,8 @@ export const DetectionEnginePageComponent: React.FC<PropsFromRedux> = ({
       </WrapperPage>
     );
   }
-  if (isSignalIndexExists != null && !isSignalIndexExists && !loading) {
+
+  if (!loading && (isSignalIndexExists === false || needsListsConfiguration)) {
     return (
       <WrapperPage>
         <DetectionEngineHeaderPage border title={i18n.PAGE_TITLE} />
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/index.test.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/index.test.tsx
index b7a2d017c3666c..f7430a56c74d32 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/index.test.tsx
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/index.test.tsx
@@ -22,6 +22,7 @@ jest.mock('react-router-dom', () => {
   };
 });
 
+jest.mock('../../../../containers/detection_engine/lists/use_lists_config');
 jest.mock('../../../../../common/components/link_to');
 jest.mock('../../../../components/user_info');
 
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/index.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/index.tsx
index 6475b6f6b6b541..f6e13786e98d01 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/index.tsx
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/create/index.tsx
@@ -10,6 +10,7 @@ import { useHistory } from 'react-router-dom';
 import styled, { StyledComponent } from 'styled-components';
 
 import { usePersistRule } from '../../../../containers/detection_engine/rules';
+import { useListsConfig } from '../../../../containers/detection_engine/lists/use_lists_config';
 
 import {
   getRulesUrl,
@@ -84,12 +85,17 @@ StepDefineRuleAccordion.displayName = 'StepDefineRuleAccordion';
 
 const CreateRulePageComponent: React.FC = () => {
   const {
-    loading,
+    loading: userInfoLoading,
     isSignalIndexExists,
     isAuthenticated,
     hasEncryptionKey,
     canUserCRUD,
   } = useUserInfo();
+  const {
+    loading: listsConfigLoading,
+    needsConfiguration: needsListsConfiguration,
+  } = useListsConfig();
+  const loading = userInfoLoading || listsConfigLoading;
   const [, dispatchToaster] = useStateToaster();
   const [openAccordionId, setOpenAccordionId] = useState<RuleStep>(RuleStep.defineRule);
   const defineRuleRef = useRef<EuiAccordion | null>(null);
@@ -278,7 +284,14 @@ const CreateRulePageComponent: React.FC = () => {
     return null;
   }
 
-  if (redirectToDetections(isSignalIndexExists, isAuthenticated, hasEncryptionKey)) {
+  if (
+    redirectToDetections(
+      isSignalIndexExists,
+      isAuthenticated,
+      hasEncryptionKey,
+      needsListsConfiguration
+    )
+  ) {
     history.replace(getDetectionEngineUrl());
     return null;
   } else if (userHasNoPermissions(canUserCRUD)) {
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.test.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.test.tsx
index 11099e8cfc7550..0a42602e5fbb28 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.test.tsx
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.test.tsx
@@ -15,6 +15,7 @@ import { useUserInfo } from '../../../../components/user_info';
 import { useWithSource } from '../../../../../common/containers/source';
 import { useParams } from 'react-router-dom';
 
+jest.mock('../../../../containers/detection_engine/lists/use_lists_config');
 jest.mock('../../../../../common/components/link_to');
 jest.mock('../../../../components/user_info');
 jest.mock('../../../../../common/containers/source');
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx
index 6ab08d94fa7813..c74a2a3cf993a4 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx
@@ -34,6 +34,7 @@ import {
 import { SiemSearchBar } from '../../../../../common/components/search_bar';
 import { WrapperPage } from '../../../../../common/components/wrapper_page';
 import { useRule } from '../../../../containers/detection_engine/rules';
+import { useListsConfig } from '../../../../containers/detection_engine/lists/use_lists_config';
 
 import { useWithSource } from '../../../../../common/containers/source';
 import { SpyRoute } from '../../../../../common/utils/route/spy_routes';
@@ -105,7 +106,7 @@ export const RuleDetailsPageComponent: FC<PropsFromRedux> = ({
 }) => {
   const { to, from, deleteQuery, setQuery } = useGlobalTime();
   const {
-    loading,
+    loading: userInfoLoading,
     isSignalIndexExists,
     isAuthenticated,
     hasEncryptionKey,
@@ -113,6 +114,11 @@ export const RuleDetailsPageComponent: FC<PropsFromRedux> = ({
     hasIndexWrite,
     signalIndexName,
   } = useUserInfo();
+  const {
+    loading: listsConfigLoading,
+    needsConfiguration: needsListsConfiguration,
+  } = useListsConfig();
+  const loading = userInfoLoading || listsConfigLoading;
   const { detailName: ruleId } = useParams();
   const [isLoading, rule] = useRule(ruleId);
   // This is used to re-trigger api rule status when user de/activate rule
@@ -282,7 +288,14 @@ export const RuleDetailsPageComponent: FC<PropsFromRedux> = ({
     }
   }, [rule]);
 
-  if (redirectToDetections(isSignalIndexExists, isAuthenticated, hasEncryptionKey)) {
+  if (
+    redirectToDetections(
+      isSignalIndexExists,
+      isAuthenticated,
+      hasEncryptionKey,
+      needsListsConfiguration
+    )
+  ) {
     history.replace(getDetectionEngineUrl());
     return null;
   }
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/edit/index.test.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/edit/index.test.tsx
index d754329bdd97f4..71930e15235495 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/edit/index.test.tsx
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/edit/index.test.tsx
@@ -12,6 +12,7 @@ import { EditRulePage } from './index';
 import { useUserInfo } from '../../../../components/user_info';
 import { useParams } from 'react-router-dom';
 
+jest.mock('../../../../containers/detection_engine/lists/use_lists_config');
 jest.mock('../../../../../common/components/link_to');
 jest.mock('../../../../components/user_info');
 jest.mock('react-router-dom', () => {
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/edit/index.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/edit/index.tsx
index 777f7766993d01..87cb5e77697b5f 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/edit/index.tsx
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/edit/index.tsx
@@ -20,6 +20,7 @@ import React, { FC, memo, useCallback, useEffect, useMemo, useRef, useState } fr
 import { useParams, useHistory } from 'react-router-dom';
 
 import { useRule, usePersistRule } from '../../../../containers/detection_engine/rules';
+import { useListsConfig } from '../../../../containers/detection_engine/lists/use_lists_config';
 import { WrapperPage } from '../../../../../common/components/wrapper_page';
 import {
   getRuleDetailsUrl,
@@ -74,12 +75,17 @@ const EditRulePageComponent: FC = () => {
   const history = useHistory();
   const [, dispatchToaster] = useStateToaster();
   const {
-    loading: initLoading,
+    loading: userInfoLoading,
     isSignalIndexExists,
     isAuthenticated,
     hasEncryptionKey,
     canUserCRUD,
   } = useUserInfo();
+  const {
+    loading: listsConfigLoading,
+    needsConfiguration: needsListsConfiguration,
+  } = useListsConfig();
+  const initLoading = userInfoLoading || listsConfigLoading;
   const { detailName: ruleId } = useParams();
   const [loading, rule] = useRule(ruleId);
 
@@ -365,7 +371,14 @@ const EditRulePageComponent: FC = () => {
     return null;
   }
 
-  if (redirectToDetections(isSignalIndexExists, isAuthenticated, hasEncryptionKey)) {
+  if (
+    redirectToDetections(
+      isSignalIndexExists,
+      isAuthenticated,
+      hasEncryptionKey,
+      needsListsConfiguration
+    )
+  ) {
     history.replace(getDetectionEngineUrl());
     return null;
   } else if (userHasNoPermissions(canUserCRUD)) {
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.tsx
index bf49ed5be90fbc..6a98280076b309 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.tsx
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/helpers.tsx
@@ -236,12 +236,13 @@ export const setFieldValue = (
 export const redirectToDetections = (
   isSignalIndexExists: boolean | null,
   isAuthenticated: boolean | null,
-  hasEncryptionKey: boolean | null
+  hasEncryptionKey: boolean | null,
+  needsListsConfiguration: boolean
 ) =>
-  isSignalIndexExists != null &&
-  isAuthenticated != null &&
-  hasEncryptionKey != null &&
-  (!isSignalIndexExists || !isAuthenticated || !hasEncryptionKey);
+  isSignalIndexExists === false ||
+  isAuthenticated === false ||
+  hasEncryptionKey === false ||
+  needsListsConfiguration;
 
 export const getActionMessageRuleParams = (ruleType: RuleType): string[] => {
   const commonRuleParamsKeys = [
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/index.test.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/index.test.tsx
index f0ad670ddb665d..9e30a735367b37 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/index.test.tsx
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/index.test.tsx
@@ -22,6 +22,7 @@ jest.mock('react-router-dom', () => {
   };
 });
 
+jest.mock('../../../containers/detection_engine/lists/use_lists_config');
 jest.mock('../../../../common/components/link_to');
 jest.mock('../../../components/user_info');
 jest.mock('../../../containers/detection_engine/rules');
diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/index.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/index.tsx
index 9cbc0e2aabfbee..84c34f2bed93c8 100644
--- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/index.tsx
+++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/index.tsx
@@ -9,6 +9,7 @@ import React, { useCallback, useRef, useState } from 'react';
 import { useHistory } from 'react-router-dom';
 
 import { usePrePackagedRules, importRules } from '../../../containers/detection_engine/rules';
+import { useListsConfig } from '../../../containers/detection_engine/lists/use_lists_config';
 import {
   getDetectionEngineUrl,
   getCreateRuleUrl,
@@ -35,13 +36,18 @@ const RulesPageComponent: React.FC = () => {
   const [showImportModal, setShowImportModal] = useState(false);
   const refreshRulesData = useRef<null | Func>(null);
   const {
-    loading,
+    loading: userInfoLoading,
     isSignalIndexExists,
     isAuthenticated,
     hasEncryptionKey,
     canUserCRUD,
     hasIndexWrite,
   } = useUserInfo();
+  const {
+    loading: listsConfigLoading,
+    needsConfiguration: needsListsConfiguration,
+  } = useListsConfig();
+  const loading = userInfoLoading || listsConfigLoading;
   const {
     createPrePackagedRules,
     loading: prePackagedRuleLoading,
@@ -58,12 +64,12 @@ const RulesPageComponent: React.FC = () => {
     isAuthenticated,
     hasEncryptionKey,
   });
+  const { formatUrl } = useFormatUrl(SecurityPageName.detections);
   const prePackagedRuleStatus = getPrePackagedRuleStatus(
     rulesInstalled,
     rulesNotInstalled,
     rulesNotUpdated
   );
-  const { formatUrl } = useFormatUrl(SecurityPageName.detections);
 
   const handleRefreshRules = useCallback(async () => {
     if (refreshRulesData.current != null) {
@@ -96,7 +102,14 @@ const RulesPageComponent: React.FC = () => {
     [history]
   );
 
-  if (redirectToDetections(isSignalIndexExists, isAuthenticated, hasEncryptionKey)) {
+  if (
+    redirectToDetections(
+      isSignalIndexExists,
+      isAuthenticated,
+      hasEncryptionKey,
+      needsListsConfiguration
+    )
+  ) {
     history.replace(getDetectionEngineUrl());
     return null;
   }
diff --git a/x-pack/plugins/security_solution/public/lists_plugin_deps.ts b/x-pack/plugins/security_solution/public/lists_plugin_deps.ts
index e55fe13e6c9a07..2b37e2b7bf106c 100644
--- a/x-pack/plugins/security_solution/public/lists_plugin_deps.ts
+++ b/x-pack/plugins/security_solution/public/lists_plugin_deps.ts
@@ -4,48 +4,6 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-export {
-  useApi,
-  useExceptionList,
-  usePersistExceptionItem,
-  usePersistExceptionList,
-  useFindLists,
-  addExceptionListItem,
-  updateExceptionListItem,
-  fetchExceptionListById,
-  addExceptionList,
-  ExceptionIdentifiers,
-  ExceptionList,
-  Pagination,
-  UseExceptionListSuccess,
-} from '../../lists/public';
-export {
-  ListSchema,
-  CommentsArray,
-  CreateCommentsArray,
-  Comments,
-  CreateComments,
-  ExceptionListSchema,
-  ExceptionListItemSchema,
-  CreateExceptionListItemSchema,
-  UpdateExceptionListItemSchema,
-  Entry,
-  EntryExists,
-  EntryNested,
-  EntryList,
-  EntriesArray,
-  NamespaceType,
-  Operator,
-  OperatorEnum,
-  OperatorType,
-  OperatorTypeEnum,
-  ExceptionListTypeEnum,
-  exceptionListItemSchema,
-  createExceptionListItemSchema,
-  listSchema,
-  entry,
-  entriesNested,
-  entriesExists,
-  entriesList,
-  ExceptionListType,
-} from '../../lists/common/schemas';
+// DEPRECATED: Do not add exports to this file; please import from shared_imports instead
+
+export * from './shared_imports';
diff --git a/x-pack/plugins/security_solution/public/management/components/management_empty_state.tsx b/x-pack/plugins/security_solution/public/management/components/management_empty_state.tsx
index 6486b1f3be6d12..fb9f97f3f7570e 100644
--- a/x-pack/plugins/security_solution/public/management/components/management_empty_state.tsx
+++ b/x-pack/plugins/security_solution/public/management/components/management_empty_state.tsx
@@ -18,14 +18,21 @@ import {
   EuiSelectableProps,
   EuiIcon,
   EuiLoadingSpinner,
+  EuiLink,
 } from '@elastic/eui';
 import { i18n } from '@kbn/i18n';
 import { FormattedMessage } from '@kbn/i18n/react';
+import onboardingLogo from '../images/security_administration_onboarding.svg';
 
 const TEXT_ALIGN_CENTER: CSSProperties = Object.freeze({
   textAlign: 'center',
 });
 
+const MAX_SIZE_ONBOARDING_LOGO: CSSProperties = Object.freeze({
+  maxWidth: 550,
+  maxHeight: 420,
+});
+
 interface ManagementStep {
   title: string;
   children: JSX.Element;
@@ -45,7 +52,7 @@ const PolicyEmptyState = React.memo<{
           </EuiFlexItem>
         </EuiFlexGroup>
       ) : (
-        <EuiFlexGroup data-test-subj="policyOnboardingInstructions">
+        <EuiFlexGroup data-test-subj="policyOnboardingInstructions" alignItems="center">
           <EuiFlexItem>
             <EuiText>
               <h3>
@@ -55,26 +62,26 @@ const PolicyEmptyState = React.memo<{
                 />
               </h3>
             </EuiText>
-            <EuiSpacer size="xl" />
+            <EuiSpacer size="m" />
             <EuiText size="s" color="subdued">
               <FormattedMessage
                 id="xpack.securitySolution.endpoint.policyList.onboardingSectionOne"
-                defaultMessage="Elastic Endpoint Security gives you the power to keep your endpoints safe from attack, as well as unparalleled visibility into any threat in your environment."
+                defaultMessage="Elastic Endpoint Security protects your hosts with threat prevention, detection, and deep security data visibility."
               />
             </EuiText>
-            <EuiSpacer size="xl" />
+            <EuiSpacer size="m" />
             <EuiText size="s" color="subdued">
               <FormattedMessage
                 id="xpack.securitySolution.endpoint.policyList.onboardingSectionTwo"
-                defaultMessage="You’ll be able to view and manage hosts in your environment running the Elastic Endpoint from this page."
+                defaultMessage="From this page, you’ll be able to view and manage the hosts in your environment running Elastic Endpoint Security."
               />
             </EuiText>
-            <EuiSpacer size="xl" />
-            <EuiFlexGroup>
+            <EuiSpacer size="m" />
+            <EuiFlexGroup alignItems="center" style={{ maxWidth: '90%' }}>
               <EuiFlexItem>
                 <EuiFlexGroup>
                   <EuiFlexItem grow={false} style={{ marginRight: '10px' }}>
-                    <EuiIcon type="search" />
+                    <EuiIcon type="grid" />
                   </EuiFlexItem>
                   <EuiFlexItem grow={false} style={{ marginLeft: '0' }}>
                     <EuiText>
@@ -91,14 +98,14 @@ const PolicyEmptyState = React.memo<{
                 <EuiText size="xs" color="subdued">
                   <FormattedMessage
                     id="xpack.securitySolution.endpoint.policyList.onboardingHostInfo"
-                    defaultMessage="Hosts running the Elastic Endpoint"
+                    defaultMessage="Hosts running Elastic Endpoint Security"
                   />
                 </EuiText>
               </EuiFlexItem>
               <EuiFlexItem>
                 <EuiFlexGroup>
                   <EuiFlexItem grow={false} style={{ marginRight: '10px' }}>
-                    <EuiIcon type="tableDensityExpanded" />
+                    <EuiIcon type="controlsHorizontal" />
                   </EuiFlexItem>
                   <EuiFlexItem grow={false} style={{ marginLeft: '0' }}>
                     <EuiText>
@@ -120,14 +127,20 @@ const PolicyEmptyState = React.memo<{
                 </EuiText>
               </EuiFlexItem>
             </EuiFlexGroup>
-            <EuiSpacer size="xl" />
+            <EuiSpacer size="m" />
             <EuiText size="s" color="subdued">
               <FormattedMessage
                 id="xpack.securitySolution.endpoint.policyList.onboardingSectionThree"
-                defaultMessage="To get started, you’ll have to add the Elastic Endpoint integration to your Agents. Let’s do that now!"
+                defaultMessage="To get started, add the Elastic Endpoint Security integration to your Agents. For more information, "
               />
+              <EuiLink external href="https://www.elastic.co/guide/en/security/current/index.html">
+                <FormattedMessage
+                  id="xpack.securitySolution.endpoint.policyList.onboardingDocsLink"
+                  defaultMessage="view the Security app documentation"
+                />
+              </EuiLink>
             </EuiText>
-            <EuiSpacer size="xl" />
+            <EuiSpacer size="l" />
             <EuiFlexGroup>
               <EuiFlexItem grow={false}>
                 <EuiButton
@@ -146,7 +159,7 @@ const PolicyEmptyState = React.memo<{
             </EuiFlexGroup>
           </EuiFlexItem>
           <EuiFlexItem>
-            <EuiIcon type="logoSecurity" size="xl" />
+            <EuiIcon type={onboardingLogo} size="original" style={MAX_SIZE_ONBOARDING_LOGO} />
           </EuiFlexItem>
         </EuiFlexGroup>
       )}
diff --git a/x-pack/plugins/security_solution/public/management/images/security_administration_onboarding.svg b/x-pack/plugins/security_solution/public/management/images/security_administration_onboarding.svg
new file mode 100644
index 00000000000000..33bdae381fc1ca
--- /dev/null
+++ b/x-pack/plugins/security_solution/public/management/images/security_administration_onboarding.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 550 420"><defs><style>.cls-1,.cls-14{fill:#f5f7fa;}.cls-2{fill:#ff957d;}.cls-11,.cls-12,.cls-13,.cls-14,.cls-15,.cls-2{fill-rule:evenodd;}.cls-15,.cls-3{fill:#07c;}.cls-4{fill:#343741;}.cls-5{fill:#fff;}.cls-13,.cls-6{fill:#e6ebf2;}.cls-7{fill:#7de2d1;}.cls-8{fill:#fa744e;}.cls-9{fill:#0066b1;}.cls-10{fill:#dce2ea;}.cls-11,.cls-17{fill:#fec514;}.cls-12{fill:#1ba9f5;}.cls-16{fill:#00bfb3;}.cls-18{fill:#294492;}</style></defs><g id="Layer_2" data-name="Layer 2"><path class="cls-1" d="M114.37,283.86a1.58,1.58,0,0,0,.24-1.76.69.69,0,0,0-1-.3c-.8.46-1.11,1.1-.82,1.62A1.58,1.58,0,0,0,114.37,283.86Z"/><path class="cls-1" d="M102.44,289.88a1.61,1.61,0,0,0-.46,2.29,1.56,1.56,0,0,0,2.17.57,1.33,1.33,0,0,0,.41-2C104,289.78,103.2,289.44,102.44,289.88Z"/><path class="cls-1" d="M110.92,287.51a.81.81,0,1,0-1.29,1,.81.81,0,0,0,1,.36.7.7,0,0,0,.1.51A.76.76,0,0,0,112,289a.78.78,0,0,0-.65-.78.69.69,0,0,0-.36.09A1,1,0,0,0,110.92,287.51Z"/><path class="cls-1" d="M112.17,280.33a1,1,0,0,0-.29,1.27,1,1,0,0,0,1.31.21.89.89,0,0,0,.26-1.19A1,1,0,0,0,112.17,280.33Z"/><path class="cls-1" d="M114.66,293.38a.79.79,0,0,0-.65-.78c-.44,0-.59.22-.62,1.12A.76.76,0,0,0,114.66,293.38Z"/><path class="cls-1" d="M101.35,294.79c.78-.42.93-1.17.42-2.05a1.33,1.33,0,0,0-2-.64,1.56,1.56,0,0,0,1.58,2.69Z"/><path class="cls-1" d="M100.32,279.88a1.64,1.64,0,0,0,1.52.86,1.25,1.25,0,0,0-.19,1c.24,1.13,1,1.67,1.72,1.57a1.94,1.94,0,0,0,1.25-1.17.81.81,0,0,0,1,.2.92.92,0,0,0,.25-1.2.86.86,0,0,0-1.15-.35.71.71,0,0,0-.14.1,1.58,1.58,0,0,0-1.48-.81H103a1.46,1.46,0,0,0-.08-1.64,1.94,1.94,0,0,0-.47-.57.75.75,0,0,0,.46-.41,1.14,1.14,0,0,0-.76-1.42,1.48,1.48,0,0,0-1.49.47,1.16,1.16,0,0,0,.15,1.37A1.61,1.61,0,0,0,100.32,279.88Z"/><path class="cls-1" d="M108.13,293.92a3,3,0,0,1,1.33.3s0,0,0,0a.88.88,0,0,0,1,.34,1.7,1.7,0,0,0,2.14-.6,1.57,1.57,0,0,0-.4-2.41c-.56-.22-1.28,0-1.59-.23s.57-.06-.1-1.22-2.78-1.1-2.73.5c0,.25-1.59.1-1.58,1.46S106.91,294.06,108.13,293.92Z"/><path class="cls-1" d="M99.26,287.75a1.63,1.63,0,0,0-2.11-.45,1.76,1.76,0,0,0-.66,2.16,1.73,1.73,0,0,0,2.14.75A2.36,2.36,0,0,0,99.26,287.75Z"/><path class="cls-1" d="M112.22,288.92a.79.79,0,0,0,1.27.31c.25-.18.09-.76-.22-1S112.11,288.43,112.22,288.92Z"/><path class="cls-1" d="M99.67,284.94a1.09,1.09,0,0,0,.75,1.29,1,1,0,0,0,1-.51,1.88,1.88,0,0,0-.2.62,2.29,2.29,0,0,0,1.52,1.93c.63.09,1-.64,1.14-.64s.66.93,1.46,1a1.94,1.94,0,0,0,1.73-1.41,1.92,1.92,0,0,0-.17-1.4,1.56,1.56,0,0,0-1.6-.69c-.57.19-1.07,1-1.31.91s-.62-1-1.42-1a1.23,1.23,0,0,0-1.09.59,1.42,1.42,0,0,0,.14-.36.79.79,0,0,0-.66-1A1.1,1.1,0,0,0,99.67,284.94Z"/><path class="cls-1" d="M98.74,295.66a.69.69,0,0,0,0-1.1c-.39-.35-1.14-.36-1.3.09a1.43,1.43,0,0,1-1.24,1,1.35,1.35,0,0,0-.73,1.39,1.78,1.78,0,0,0,1.62.84c.39-.09.94-.16.93-.67A2.06,2.06,0,0,1,98.74,295.66Z"/><path class="cls-1" d="M107.09,284.12a1.62,1.62,0,0,0,2.39.39,1.24,1.24,0,0,0,.18-.14,1.73,1.73,0,0,0,0,1.38,1.13,1.13,0,0,0,1.5.22,1.17,1.17,0,0,0,.41-1.75c-.28-.53-1-.84-1.4-.59l-.15.12a1.72,1.72,0,0,0-.19-1.46,1.53,1.53,0,0,0-.39-.41,2.27,2.27,0,0,0,1.64-1.38,1.65,1.65,0,0,0-1-1.71c-.49-.2-.94-.3-1.07-1-.08-.48-.58-.51-1-.38-.32.58-.2,1,.3,1.24a9,9,0,0,0-.38,1.57,2,2,0,0,0,.83,1.38,1.82,1.82,0,0,0-1,.39C106.7,282.74,106.58,283.24,107.09,284.12Z"/><path class="cls-1" d="M104,272.69a.91.91,0,0,0,1.25.39.86.86,0,0,0,.18-1.2.79.79,0,0,0-1.06-.32A.77.77,0,0,0,104,272.69Z"/><path class="cls-1" d="M105.15,275.37a1.75,1.75,0,0,0-.34,2.05,1,1,0,0,0,1.45.27,1.07,1.07,0,0,0,.39-1.7C106.28,275.38,105.57,275.09,105.15,275.37Z"/><path class="cls-1" d="M107.81,268c.33-.24.22-.52.07-.78a.57.57,0,0,0-.92-.2,2.3,2.3,0,0,0-.35.73A.84.84,0,0,0,107.81,268Z"/><path class="cls-1" d="M107.24,271.51a.83.83,0,0,0,1.2.25c.33-.24.22-.51.07-.78a.57.57,0,0,0-.93-.19A2.44,2.44,0,0,0,107.24,271.51Z"/><path class="cls-1" d="M110.54,273.36a1.17,1.17,0,0,0,.39-1.66c-.25-.48-.92-.57-1.59-.2a.85.85,0,0,0-.45,1.2A1.79,1.79,0,0,0,110.54,273.36Z"/><path class="cls-1" d="M98.06,282.05a.76.76,0,0,0-.26,1.08,1.15,1.15,0,0,0,1.44.55,1,1,0,0,0,.45-1.24A1.37,1.37,0,0,0,98.06,282.05Z"/><path class="cls-1" d="M104,268.89a2.06,2.06,0,0,0,.08-2.75c-.52-.48-1.22.13-1.31.63s-.12.33-.61.51a.88.88,0,0,0-.48,1.46A1.76,1.76,0,0,0,104,268.89Z"/><path class="cls-1" d="M99.94,271.16a1.28,1.28,0,0,0,.52,1.38,1.77,1.77,0,0,0,1.71-.57c.26-.41.55-.83.08-1.31s-.64-.76-1-1.14a.72.72,0,0,0-1-.51.94.94,0,0,0-.46,1.22A2.52,2.52,0,0,1,99.94,271.16Z"/><path class="cls-1" d="M106.94,301.07a.69.69,0,0,0,1-.2,1.39,1.39,0,0,0,.19-1c-.29-.7-.93-.39-1.53-.36C106.41,300.17,106.29,300.73,106.94,301.07Z"/><path class="cls-1" d="M112.43,268.37a1.85,1.85,0,0,0,.57-2.21,1.66,1.66,0,0,0-2.15-.69,2.4,2.4,0,0,0-.63,2.48A1.63,1.63,0,0,0,112.43,268.37Z"/><path class="cls-1" d="M108.05,302.53c.12-.13.3-.47.18-.66s-.55,0-.6.06a.79.79,0,0,0,0,.57C107.61,302.55,108,302.6,108.05,302.53Z"/><path class="cls-1" d="M117.52,282.76h0c-.13.07-.37.49-.25.65a.31.31,0,0,0,.21.08,1.66,1.66,0,0,0,.07.64Z"/><path class="cls-1" d="M117.52,293.81a1.52,1.52,0,0,0-.24,1.55,1,1,0,0,0,.24.27Z"/><path class="cls-1" d="M117.52,279.17a1.06,1.06,0,0,0-.65.09,1,1,0,0,0-.2.15,1.48,1.48,0,0,0-.11-.72,2.74,2.74,0,0,0-1.27-1.37,1.24,1.24,0,0,1-.48-.51,1.11,1.11,0,0,0-1.75-.61.6.6,0,0,0-.1-.31,1.1,1.1,0,0,0-1.69,1.3.84.84,0,0,0,1.2.19h0a1.7,1.7,0,0,0,.42.74,1.61,1.61,0,0,1,.56,1c0,.68.59,1,1.1,1.34a1.55,1.55,0,0,0,1.68-.28l.11-.12a1.45,1.45,0,0,0,.15,1.07.91.91,0,0,0,1,.32Z"/><path class="cls-1" d="M113.2,269.7a1.06,1.06,0,0,0,.57.57c.48.16.77-.11,1.16-1-.33-.36-.59-.9-1.24-.61A.81.81,0,0,0,113.2,269.7Z"/><path class="cls-1" d="M114.17,272.66a.87.87,0,0,0-.27,1.18.88.88,0,0,0,1.15.41.91.91,0,0,0,.38-1.17A1,1,0,0,0,114.17,272.66Z"/><path class="cls-1" d="M94.41,281.84a1.8,1.8,0,0,0-.61,1.79,1.11,1.11,0,0,0,1.67.29c.53-.32.59-.92.18-1.6A.93.93,0,0,0,94.41,281.84Z"/><path class="cls-1" d="M111.33,304.79c.44.51,1,.48,1.68-.08a1.19,1.19,0,0,0,.13-1.44,1,1,0,0,0-.4-.27c.39-.33.36-.91.28-1.5-.6-.27-1.23-.6-1.78-.05a.94.94,0,0,0,0,1.38l.06.05a.16.16,0,0,0-.09.05A1.47,1.47,0,0,0,111.33,304.79Z"/><path class="cls-1" d="M106.23,302.37c.3-.32-.18-1.65-.67-1.75s-.83.66-.77,1.18a1.22,1.22,0,0,0-1,0c-.31.15-.36,1.08.22,1.43a1,1,0,0,0,.82,0,.8.8,0,0,0,.36-.88C105.51,302.57,106,302.63,106.23,302.37Z"/><path class="cls-1" d="M117.52,306a1,1,0,0,0-.25-.55,1.48,1.48,0,0,0-1.59,0,1,1,0,0,0-.08,1.25c.59.65,1.25.85,1.66.48a1,1,0,0,0,.26-.54Z"/><path class="cls-1" d="M116.2,298.18c0-.15,0-.3,0-.44.26-.16.32-.42.3-.83s-.06-1.26-.76-1.22a.94.94,0,0,0-.48.14,1.74,1.74,0,0,0-1.5-.25c-.73.27-1.34,1.29-1.64,1.26s-.87-1.29-1.91-1.27a1.78,1.78,0,0,0-1.68,1.78,1.22,1.22,0,0,0,0,.26c-.56-.35-1.15-.45-1.43-.17a.79.79,0,0,0-.15,1c.33.65.62.75,1.46.56a12.7,12.7,0,0,0,1.39.85.6.6,0,0,0,.65-.09l.13,0c.83.08,1.22-.88,1.45-.89S113,300,114,300.11A2.5,2.5,0,0,0,116.2,298.18Z"/><path class="cls-1" d="M108.54,312.62a.86.86,0,0,0,1.17.28.94.94,0,0,0,.23-1.28.92.92,0,0,0-1.19-.22A1,1,0,0,0,108.54,312.62Z"/><path class="cls-1" d="M109.72,302.1c.33-.21.5-.73.27-1a.76.76,0,0,0-1-.21.74.74,0,0,0-.16,1.08A.65.65,0,0,0,109.72,302.1Z"/><path class="cls-1" d="M116,311.91a1.41,1.41,0,0,0-.29.25.84.84,0,0,0-.33.1c-.62.34-.92.76-.77,1.08a1.42,1.42,0,0,0,1.12.51,1.32,1.32,0,0,0,1.45.3,1.37,1.37,0,0,0,.35-1.07v-.16a1.44,1.44,0,0,0-.19-.74A1.2,1.2,0,0,0,116,311.91Z"/><path class="cls-1" d="M117.52,301.14a1.64,1.64,0,0,0-.2-.26,1.17,1.17,0,0,0-1.15-.16,1.38,1.38,0,0,0-.89.94c0,.44-.27.9-.1,1.23a.87.87,0,0,0-.49.11,1.24,1.24,0,0,0-.11,1.26.9.9,0,0,0,1.28.26,1.09,1.09,0,0,0,.37-1.11.82.82,0,0,0,.45-.05,2.12,2.12,0,0,0,.84-.66Z"/><path class="cls-1" d="M117.48,266.26h0v-.95a.68.68,0,0,0-.41.19C116.9,265.74,117.33,266.2,117.48,266.26Z"/><path class="cls-1" d="M117.52,307.32a1.39,1.39,0,0,0-.75.84,1.58,1.58,0,0,0,.32,1.62,1,1,0,0,0-.36.22.64.64,0,0,0,.14,1,1.9,1.9,0,0,0,.65.37Z"/><path class="cls-1" d="M133.3,328.54A1,1,0,0,0,134,328a1,1,0,0,0-.89-1.25.87.87,0,0,0-.71,1.27A1.17,1.17,0,0,0,133.3,328.54Z"/><path class="cls-1" d="M126.56,325.5a.81.81,0,0,0,.09-1.11.61.61,0,0,0-1,0,2.22,2.22,0,0,0-.23.82C125.83,325.67,126.26,325.74,126.56,325.5Z"/><path class="cls-1" d="M117.11,287.9a1.33,1.33,0,0,0,.41-.37v-1.59a1.57,1.57,0,0,0-2.08-.71,1.52,1.52,0,0,0-.45.49.82.82,0,0,0-.53-.51.92.92,0,0,0-1.12.31c-.38.53,0,1,.33,1.48a2.58,2.58,0,0,0,.86-.21,1.34,1.34,0,0,0-.16,1,6,6,0,0,0,.4,1.06c-.09.15-.2.3-.29.46a1.85,1.85,0,0,0,0,1.67c-.17.25-.14.6,0,1.15s.46.77.92.61a2.1,2.1,0,0,1,1.31,0,1.89,1.89,0,0,0,.78,0V289.4l-.33,0-.17,0a1.73,1.73,0,0,0-.48-.45l-.48-.31.42-.62A1.59,1.59,0,0,0,117.11,287.9Z"/><path class="cls-1" d="M116.84,275.52a.77.77,0,0,0,.68-.27v-1.18a1.29,1.29,0,0,0-.61-.36,1,1,0,0,0-.79.45A1,1,0,0,0,116.84,275.52Z"/><path class="cls-1" d="M117.52,271.4v-2.8a1,1,0,0,0-.44.15,1.48,1.48,0,0,0-.43,1.92A1.74,1.74,0,0,0,117.52,271.4Z"/><path class="cls-1" d="M90.88,295.45A1.2,1.2,0,0,0,89.4,295a1.54,1.54,0,0,0-.54,1.72c.24.38,1.21.41,1.79.06A1,1,0,0,0,90.88,295.45Z"/><path class="cls-1" d="M106,296.91a.67.67,0,0,0-.75,0,2.49,2.49,0,0,0-1.3-1.42,1.78,1.78,0,0,0-1.16-.2,1.86,1.86,0,0,0-1.26.93c-.34.52-1,.64-1.07,1.26a2.58,2.58,0,0,0,1.36,2.8,2.07,2.07,0,0,0,2,.07c.64-.34.45-1.26.93-1.84a2.79,2.79,0,0,0,.23-.32.78.78,0,0,0,.78.32c.41,0,.75-.28.69-.71A1.34,1.34,0,0,0,106,296.91Z"/><path class="cls-1" d="M94.45,292.81a.83.83,0,0,0-.09-1,1,1,0,0,0-1.2-.26c-.56.39-.42,1-.33,1.48C93.78,293.33,94.18,293.29,94.45,292.81Z"/><path class="cls-1" d="M95.16,286.21a1.61,1.61,0,0,0-1.84-.36,1.49,1.49,0,0,0-.31,1.64,1.1,1.1,0,0,0,1.27.43C95.08,287.46,95.47,286.72,95.16,286.21Z"/><path class="cls-1" d="M96.44,293a1.41,1.41,0,0,0,.4-1.63,1.24,1.24,0,0,0-1.53-.17.74.74,0,0,0-.12,1.09C95.61,292.92,96.06,293.18,96.44,293Z"/><path class="cls-1" d="M92.7,296.77c.5.77,1,1,1.56.61a1.39,1.39,0,0,0,.31-1.62,1.59,1.59,0,0,0-1.69-.18A.8.8,0,0,0,92.7,296.77Z"/><path class="cls-1" d="M98.7,274.16c.22-.22.7-.76.46-1.11s-.8-.17-1.06-.09a.56.56,0,0,0-.39.79C97.87,274.13,98.44,274.41,98.7,274.16Z"/><path class="cls-1" d="M95.34,285.62a.9.9,0,0,0,1.2.2.84.84,0,0,0,.13-1.2.72.72,0,0,0-1.07-.2A1,1,0,0,0,95.34,285.62Z"/><path class="cls-1" d="M94.27,304.5a1,1,0,0,0,.53-.62c0-.6-.46-.66-.91-.76-.41.35-.62.74-.28,1.19A.74.74,0,0,0,94.27,304.5Z"/><path class="cls-1" d="M96.07,302.53a1.61,1.61,0,0,0,1.85-1.21,1.59,1.59,0,0,0-.82-1.76c-.55-.28-1.35.34-1.78,1.11A1.56,1.56,0,0,0,96.07,302.53Z"/><path class="cls-1" d="M88.73,293.78c.22,0,.55-.37.55-.56a1.29,1.29,0,0,0-.41-.94c-.55-.39-.85.15-1.26.5C87.83,293.4,88.08,293.89,88.73,293.78Z"/><path class="cls-1" d="M93.7,299.17a14.41,14.41,0,0,0-1.5-1.07.77.77,0,0,0-1.09.31.81.81,0,0,0,.22,1.11,2.76,2.76,0,0,1,.53.55,1.24,1.24,0,0,0,1.53.59C94,300.47,94.19,300,93.7,299.17Z"/><path class="cls-1" d="M92.71,301.28a.88.88,0,0,0-.7.23c-.21.14-.44.23-.53.49s.25.52.62.46a1.35,1.35,0,0,0,.85-.59A.4.4,0,0,0,92.71,301.28Z"/><path class="cls-1" d="M88.92,289.75a1,1,0,0,0,.31-1.2,1,1,0,0,0-1.31-.26.79.79,0,0,0-.24,1.08A.86.86,0,0,0,88.92,289.75Z"/><path class="cls-1" d="M89.73,299.07c.33-.24.22-.51.07-.78a.57.57,0,0,0-.93-.19c-.19.21-.42.46-.34.72A1,1,0,0,0,89.73,299.07Z"/><path class="cls-1" d="M90.06,283.52a.88.88,0,0,0,.39-1.16.67.67,0,0,0-1-.35.83.83,0,0,0-.43,1.13A.85.85,0,0,0,90.06,283.52Z"/><path class="cls-1" d="M106.92,309.31a.61.61,0,0,0,.89.13.66.66,0,0,0,.27-.94.79.79,0,0,0-.78-.32,2.46,2.46,0,0,0,.42-1.32c0-.51.21-.62.51-.84a1,1,0,0,0,.09-1.42c-.35-.41-.69-.3-1,0a2.08,2.08,0,0,1-.82.52c-.69.14-1.41.18-2.16.26-.83-1.56-1.4-1.73-2.56-.66a1.17,1.17,0,0,0,.18,1.94,10.23,10.23,0,0,0,2,.65c.21.75.52,1.62,1.44,1.79a1.81,1.81,0,0,0,1.36-.35A.76.76,0,0,0,106.92,309.31Z"/><path class="cls-1" d="M104.17,314.51c-.46.15-.53.83-.22,1.27a.77.77,0,0,0,1.1.15,1,1,0,0,0,.11-1.4A2.5,2.5,0,0,0,104.17,314.51Z"/><path class="cls-1" d="M107.23,311.8a1.08,1.08,0,0,0,.37-1.51.7.7,0,0,0-1-.28.89.89,0,0,0-.62,1A1,1,0,0,0,107.23,311.8Z"/><path class="cls-1" d="M113.35,309.4a2.31,2.31,0,0,1,.12,1c0,.19.38.5.62.54a1,1,0,0,0,.78-.3.78.78,0,0,0,0-.71,7,7,0,0,0-.73-1.07.54.54,0,0,0,.57,0,.65.65,0,0,0,.38-.93,1.61,1.61,0,0,0-.69-.49.76.76,0,0,0,.24-1,.89.89,0,0,0-1.44-.1.91.91,0,0,1-.79.31,1.37,1.37,0,0,0-.32-.57,1.12,1.12,0,0,0-.23-.21c-.18-.78-.73-1.07-1.62-.86l-.32.1c-.73.3-.9.74-.53,1.43.24.44.5.86,1.07.92a.67.67,0,0,0,.08.17,1.32,1.32,0,0,0,.26.22,1.27,1.27,0,0,1-.26.35.79.79,0,0,0-.31.95.57.57,0,0,0-.34.09,1.22,1.22,0,0,0-.09,1.45.86.86,0,0,0,1.21,0,1.1,1.1,0,0,0,.34-.6h0C112.46,310.07,113,309.92,113.35,309.4Zm.39-1.45a.68.68,0,0,0,0-.13h0a2,2,0,0,0,.08.68.63.63,0,0,0,.1.2.41.41,0,0,0-.35-.07C113.67,308.43,113.71,308.21,113.74,308Z"/><path class="cls-1" d="M111,318.61a.2.2,0,0,0,0-.11.22.22,0,0,0-.11-.05.75.75,0,0,0-1-.18,1.48,1.48,0,0,0-.71,1.81.69.69,0,0,0,.24.2.6.6,0,0,0-.34,0c-.13.08-.34.48-.25.66s.58.08.7,0,.22-.43.12-.57a1.4,1.4,0,0,0,1.18-.11,1.19,1.19,0,0,0,.27-1.6Z"/><path class="cls-1" d="M108.79,315.42a1.06,1.06,0,0,0-.88-.39.76.76,0,0,0-.53-1c-.25,0-.59.46-.85.74-.07.08,0,.27,0,.52a2.9,2.9,0,0,1,.62.09,1.29,1.29,0,0,0,.38,1.36.84.84,0,0,0,1.14-.17A.83.83,0,0,0,108.79,315.42Z"/><path class="cls-1" d="M103.44,321.94a1.24,1.24,0,0,0-1,1.1,1,1,0,0,0,.69,1.16c.41.15,1.14.69,1.63.28s0-.79.06-1.09C104.83,322.59,104.08,321.79,103.44,321.94Z"/><path class="cls-1" d="M109,322.52a.87.87,0,0,0-.33,1.08.72.72,0,0,0,1,.37.88.88,0,0,0,.34-1.1A.75.75,0,0,0,109,322.52Z"/><path class="cls-1" d="M103.42,319.63a.94.94,0,0,0,.41-1.17.91.91,0,0,0-1.09-.31,1.06,1.06,0,0,0-.41,1.19A.84.84,0,0,0,103.42,319.63Z"/><path class="cls-1" d="M100.09,304.06a1.29,1.29,0,0,0,.45-1.59,1.07,1.07,0,0,0-1.25-.49c-.78.39-1.18,1.09-.92,1.6A1.45,1.45,0,0,0,100.09,304.06Z"/><path class="cls-1" d="M96.1,311.83a1.66,1.66,0,0,0-.56,2.1,1.61,1.61,0,0,0,2.93-1.29A2.1,2.1,0,0,0,96.1,311.83Z"/><path class="cls-1" d="M98.85,318.1c-.26.18-.13.93,0,1.24s.67.38,1,.14.47-.58.19-.87S99.11,317.92,98.85,318.1Z"/><path class="cls-1" d="M104,313.37a1.24,1.24,0,0,0,.21-1.62c-.43-.72-.91-.91-1.46-.6a1.47,1.47,0,0,0-.58,1.76A1.58,1.58,0,0,0,104,313.37Z"/><path class="cls-1" d="M101.37,308.11c-.53-.16-.84.15-1,.68.25.37.49.82,1,.6a1,1,0,0,0,.38-.72A.7.7,0,0,0,101.37,308.11Z"/><path class="cls-1" d="M100.22,313.77c-.14.09-.14.54,0,.77a.42.42,0,0,0,.73.16c.18-.2.63-.75.45-1S100.43,313.62,100.22,313.77Z"/><path class="cls-1" d="M115.46,326.77c-.12.07-.08.24,0,.32s.22.09.24.06a1.28,1.28,0,0,0,.11-.33C115.67,326.8,115.57,326.69,115.46,326.77Z"/><path class="cls-1" d="M113.34,314.92a1.21,1.21,0,0,0,.31-1.77.77.77,0,0,0-.12-.13.82.82,0,0,0-.1-.54c-.32-.43-1.12-.38-1.72.09a.63.63,0,0,0-.14.91.73.73,0,0,0,0,.82A2.21,2.21,0,0,0,113.34,314.92Z"/><path class="cls-1" d="M119.53,323.25h-1.1a.61.61,0,0,0,0,.6c.17.3.52.56.83.28a1,1,0,0,0,.29-.85Z"/><path class="cls-1" d="M118,330.57a.59.59,0,0,0,.57.05c.11-.08.06-.37.1-.67-.29,0-.55,0-.67.09A.55.55,0,0,0,118,330.57Z"/><path class="cls-1" d="M122.24,330.11c-.68.49-.91.88-.66,1.25.34.53.8.43,1.28.16A1.22,1.22,0,0,0,122.24,330.11Z"/><path class="cls-1" d="M124.9,326.18a1.39,1.39,0,0,0-1-.2c-.33.09-.37.8-.06,1.06a1.7,1.7,0,0,0,.69.2C125.06,326.86,125.2,326.37,124.9,326.18Z"/><path class="cls-1" d="M124.43,323.51a1.6,1.6,0,0,0-.08-.26H121.5l.08.1a1.87,1.87,0,0,0,0,.57c.09.89.66,1.63,1.58,1.44A1.51,1.51,0,0,0,124.43,323.51Z"/><path class="cls-1" d="M115.92,322.82a1.41,1.41,0,0,0-.4,1.81,1.5,1.5,0,0,0,1.86.26,1.44,1.44,0,0,0,0-1.76A1,1,0,0,0,115.92,322.82Z"/><path class="cls-1" d="M121.46,327.47c-.26-.36-.71-.1-.85,0s-.12.44-.17.68c.24,0,.53.18.69.09S121.73,327.83,121.46,327.47Z"/><path class="cls-1" d="M113.75,321.9a.47.47,0,0,0,.19-.73.47.47,0,0,0-.72-.11.53.53,0,0,0-.07.66A.46.46,0,0,0,113.75,321.9Z"/><path class="cls-1" d="M113.41,327.62c-.46.28-.19.95-.26,1.34l.22.16,1.23-.6c0-.12,0-.24,0-.36C114.28,328,113.87,327.34,113.41,327.62Z"/><path class="cls-1" d="M113.34,325.05a.68.68,0,0,0,.22-.52.49.49,0,0,0-.6-.31c-.32.13-.11.52,0,.69S113.29,325.1,113.34,325.05Z"/><path class="cls-1" d="M115.87,322.46c.14,0,.47-.44.34-.61a.57.57,0,0,0-.6-.08c-.15.11-.44.36-.31.52A.57.57,0,0,0,115.87,322.46Z"/><path class="cls-1" d="M96.29,319.91c-.28.09-.21.49-.15.56a.75.75,0,0,0,.51.21c.08,0,.24-.34.19-.41S96.56,319.81,96.29,319.91Z"/><path class="cls-1" d="M115.16,318.54a1.61,1.61,0,0,0-.3-.21A1.48,1.48,0,0,0,115,317a2,2,0,0,0,1.7-.27c.21.37.53.49.84.24v-1.34a1.35,1.35,0,0,0-.29,0A1.25,1.25,0,0,0,117,315a1.38,1.38,0,0,0-2.09-.25,1.48,1.48,0,0,0-.56,1.29,1.22,1.22,0,0,0-1.38,0,1.7,1.7,0,0,0-.5,2.3,1.1,1.1,0,0,0,.37.34,1.35,1.35,0,0,0,.18,1.28,1.24,1.24,0,0,0,1.87.23A1.18,1.18,0,0,0,115.16,318.54Z"/><path class="cls-1" d="M81.71,294.16c-.08,0-.08.26,0,.31a.23.23,0,1,0,.38-.26A.27.27,0,0,0,81.71,294.16Z"/><path class="cls-1" d="M88.11,279.75a.87.87,0,0,0,.37-1.24.93.93,0,0,0-1.28-.27.87.87,0,0,0-.28,1.26A.9.9,0,0,0,88.11,279.75Z"/><path class="cls-1" d="M96.56,310a.88.88,0,0,0,.92-.68c0-.17,0-.44-.08-.53a9.29,9.29,0,0,0-1.08-.75c-.1-1.05-.58-1.74-1.22-1.68A1.76,1.76,0,0,0,93.82,308c.05.73.42.91,1.89.85C95.79,309.4,95.8,310,96.56,310Z"/><path class="cls-1" d="M90.14,276.16a.76.76,0,0,0,.28-.62,1,1,0,0,0-.49-.62c-.56-.11-.89.51-.88.81A.77.77,0,0,0,90.14,276.16Z"/><path class="cls-1" d="M85.73,281.6a.57.57,0,0,0,.21-.52c0-.12-.39-.41-.59-.31s-.11.52,0,.69S85.59,281.7,85.73,281.6Z"/><path class="cls-1" d="M85.91,289.16c.32-.23.57-.51.36-.94A1,1,0,0,0,85,288c-.17.24-.06.6.06.89A.51.51,0,0,0,85.91,289.16Z"/><path class="cls-1" d="M91.09,272.55a.25.25,0,0,0,.09-.35.28.28,0,0,0-.35-.05c-.07,0-.07.26,0,.31A.25.25,0,0,0,91.09,272.55Z"/><path class="cls-1" d="M84.07,295.05c.3.47.71.65,1,.42a1.38,1.38,0,0,0,.37-1.44.86.86,0,0,0-1.2-.18A.82.82,0,0,0,84.07,295.05Z"/><path class="cls-1" d="M86,284.39a1,1,0,0,0,1.22.25.77.77,0,0,0,.3-1.06.94.94,0,0,0-1.26-.4A1,1,0,0,0,86,284.39Z"/><path class="cls-1" d="M95.39,273.56a1.13,1.13,0,0,0,.33-1.68c-.4-.62-1.07-.85-1.52-.53a1.68,1.68,0,0,0-.45,2.06A1.23,1.23,0,0,0,95.39,273.56Z"/><path class="cls-1" d="M95.37,269.44a.58.58,0,0,0,.21-.51c0-.13-.39-.42-.59-.32s-.11.53,0,.7A.35.35,0,0,0,95.37,269.44Z"/><path class="cls-1" d="M93.39,277.39c1.34-.14,1.1.79,2.09,1a1.26,1.26,0,0,0,.46,0,1.09,1.09,0,0,0,.54-1.9A6.91,6.91,0,0,0,95,275.38a1.71,1.71,0,0,0-1.93.54C92.88,276.24,92.65,277.08,93.39,277.39Z"/><path class="cls-1" d="M90.17,285.06a1.15,1.15,0,0,0-.46,1.65c.34.54,1.05.82,1.44.56a1.69,1.69,0,0,0,.44-2A1,1,0,0,0,90.17,285.06Z"/><path class="cls-1" d="M91.3,291.14c.41.62.92.8,1.32.57a.93.93,0,0,0,.31-1.35.8.8,0,0,0-1.19-.12C91.43,290.5,91.08,290.78,91.3,291.14Z"/><path class="cls-1" d="M93.53,280.28a.87.87,0,0,0,.09-.77c-.1-.19-.58-.57-.84-.46s-.24.74-.18,1A.61.61,0,0,0,93.53,280.28Z"/><path class="cls-1" d="M139.48,330.29a.64.64,0,0,0,.39-.28,1.35,1.35,0,0,0,1.24-.27.86.86,0,0,0,.28-1.26,1.82,1.82,0,0,0-1.72-.43,1,1,0,0,0-.43.89.77.77,0,0,0-.51.31C138.52,329.63,138.68,329.87,139.48,330.29Z"/><path class="cls-1" d="M88.29,312c-.07.05-.07.26,0,.32s.19.15.29.09a.25.25,0,0,0,.09-.35A.27.27,0,0,0,88.29,312Z"/><path class="cls-1" d="M87.38,297a.56.56,0,0,0-.6-.08c-.15.11-.43.36-.3.52a.56.56,0,0,0,.57.17C87.19,297.57,87.51,297.18,87.38,297Z"/><path class="cls-1" d="M90.08,301.35a.76.76,0,0,0-1-.31c-.34.13-.52,1-.24,1.24a1,1,0,0,0,.86.09A.69.69,0,0,0,90.08,301.35Z"/><path class="cls-1" d="M87.46,307.65c-.32.13-.11.53,0,.69s.38.19.43.14a.63.63,0,0,0,.21-.52A.48.48,0,0,0,87.46,307.65Z"/><path class="cls-1" d="M92.06,315.28a1.34,1.34,0,0,0,1.54,2.17,1.38,1.38,0,0,0,.32-1.91A1.43,1.43,0,0,0,92.06,315.28Z"/><path class="cls-1" d="M83.71,291.78a.55.55,0,0,0,.51.17c.14-.07.47-.4.31-.61a.63.63,0,0,0-.67-.1A.58.58,0,0,0,83.71,291.78Z"/><path class="cls-1" d="M91.94,307.45a1.57,1.57,0,0,0,.4-2.27,1.42,1.42,0,0,0-2-.57,1.78,1.78,0,0,0-.61,2.28A1.86,1.86,0,0,0,91.94,307.45Z"/><path class="cls-1" d="M92.6,314a.85.85,0,0,0,.51-1.11,1.43,1.43,0,0,0-1.68-.6,1,1,0,0,0-.42,1.27A1.22,1.22,0,0,0,92.6,314Z"/><path class="cls-1" d="M82.43,297.06c-.12.08-.11.53-.05.7s.38.19.43.13a.66.66,0,0,0,.22-.51C83,297.25,82.56,297,82.43,297.06Z"/><path class="cls-1" d="M85.18,303.51a.48.48,0,0,0-.18.75c.23.33.53.56,1,.34a.92.92,0,0,0,.35-1.08C86.14,303.25,85.59,303.25,85.18,303.51Z"/><path class="cls-1" d="M83.67,287.75c-.08-.24-.93-.78-1.31-.57s-.13,1.23.06,1.55a1,1,0,0,0,1.1.28C83.89,288.8,83.8,288.11,83.67,287.75Z"/><path class="cls-1" d="M96.75,281a1.19,1.19,0,1,0,2-1.24,1.37,1.37,0,0,0-1.65-.6A1.63,1.63,0,0,0,96.75,281Z"/><path class="cls-1" d="M83.7,306.68c-.18.07-.32.53-.26.73s.59.57.8.46.24-.72.15-.84S83.88,306.61,83.7,306.68Z"/><path class="cls-1" d="M85,300.4a.85.85,0,0,0-1.18-.3.67.67,0,0,0-.33,1,.83.83,0,0,0,1.16.35A.87.87,0,0,0,85,300.4Z"/><path class="cls-1" d="M343,347.26c.22-.07.26-.39.23-.55s-.31-.5-.58-.38-.23.53-.16.65S342.82,347.33,343,347.26Z"/><path class="cls-1" d="M240.41,345.54a1.57,1.57,0,0,0,.26-.93h-3.11a1.21,1.21,0,0,0,.45.92A1.86,1.86,0,0,0,240.41,345.54Z"/><path class="cls-1" d="M219.15,342.27a1.76,1.76,0,0,0-.09.2,1.49,1.49,0,0,0,.09.93Z"/><path class="cls-1" d="M206.76,331.79c.17-.71-.54-1.6-1.47-1.84a1.35,1.35,0,0,0-.53,0,.61.61,0,0,0,0-.14,1.09,1.09,0,0,0-1.46-.55.7.7,0,0,0-.39.93.89.89,0,0,0,.89.73h0s0,0,0,0c-.17,1.06,0,1.39.83,1.73a1.4,1.4,0,0,0-.29.09c-.76.35-1,.8-.77,1.38a1.46,1.46,0,0,0,1.68.78,1.56,1.56,0,0,0,.67-1.76.71.71,0,0,0-.23-.29A1.53,1.53,0,0,0,206.76,331.79Z"/><path class="cls-1" d="M207.21,341.73a.87.87,0,0,0-1.11.48.83.83,0,0,0,.63,1,.76.76,0,0,0,1-.53A.72.72,0,0,0,207.21,341.73Z"/><path class="cls-1" d="M253.33,350.27a1.84,1.84,0,0,1,.94.73c.12.14.6.12.81,0a1,1,0,0,0,.39-.73c0-.18-.27-.44-.48-.53a7.85,7.85,0,0,0-1.29-.32c-.37-.07-.56.13-.61.55C253.15,350.05,253.22,350.24,253.33,350.27Z"/><path class="cls-1" d="M259.85,346.41a1.78,1.78,0,0,0,1.49-.44c-.08.29-.1.61.13.76s.8-.14,1-.32a.55.55,0,0,0,.07-.87l-.07-.05a1.46,1.46,0,0,0,.73-.88h-4.58A1.74,1.74,0,0,0,259.85,346.41Z"/><path class="cls-1" d="M253.43,346.84h0a1.21,1.21,0,0,0,1.62,0,1.77,1.77,0,0,0-.46-2,1,1,0,0,0-1.3.15,1.49,1.49,0,0,0-.63.9A1,1,0,0,0,253.43,346.84Z"/><path class="cls-1" d="M206.83,336.38c-.21-.22-.65-.66-.92-.52s-.2.39-.16.67a1.36,1.36,0,0,0-.48.5l-.18-.06a1.64,1.64,0,0,0-1.73,1.19,1.67,1.67,0,0,0,.3,1.32,1.71,1.71,0,0,0-.21,1.37,1.65,1.65,0,0,0,2,.81,1.62,1.62,0,0,0,.92-2l-.07-.14a1.62,1.62,0,0,0,.52-3.19Z"/><path class="cls-1" d="M256.38,345.29a.85.85,0,0,0,.95-.24.65.65,0,0,0,.24,0,1.53,1.53,0,0,0,.87-.45h-3A1.21,1.21,0,0,0,256.38,345.29Z"/><path class="cls-1" d="M209.37,340.07a1.42,1.42,0,0,0,1.16,1.84,1.81,1.81,0,0,0,1.23,0,.52.52,0,0,0,.27,0,.71.71,0,0,0,.24-.4,1.48,1.48,0,0,0,.23-.49,1.69,1.69,0,0,0-1.06-2h0a.73.73,0,0,0,.07-.84c-.19-.32-.52-.53-.83-.29s-.8.77-.65,1.05a.46.46,0,0,0,.32.19A1.59,1.59,0,0,0,209.37,340.07Z"/><path class="cls-1" d="M261.74,348.38a.83.83,0,0,0,.72,1,.76.76,0,0,0,.91-.62.71.71,0,0,0-.56-.93A.88.88,0,0,0,261.74,348.38Z"/><path class="cls-1" d="M235.86,344.65a.05.05,0,0,0,0,0h-2.21a1.21,1.21,0,0,0,.26,1.05,1.55,1.55,0,0,0,2-.19,1.35,1.35,0,0,0,.32.15c.42.12.82-.1.8-.5a1.29,1.29,0,0,0-.14-.51h-.93Z"/><path class="cls-1" d="M212.39,344.47a1.53,1.53,0,0,0,1.75-.92c.11-.42-.38-1-1-1.2a1.09,1.09,0,0,0-1.41.55A1.4,1.4,0,0,0,212.39,344.47Z"/><path class="cls-1" d="M217.8,338.43c.41.13.82-.06,1.18-.56a1,1,0,0,0,.17-.36v-.38l0-.11,0,0v-1.46a2.76,2.76,0,0,0-.53-.19,1.55,1.55,0,0,0,.51-.51s0,0,0,0v-1.07a.76.76,0,0,0-.24-.31,1.28,1.28,0,0,0-.68-.18.49.49,0,0,0-.2-.36c-.41-.29-1,.07-1.13.66,0,0,0,0,0,.06h0c-.32-.28-.68,0-.94,0a1.54,1.54,0,0,0-1.36.53c.6-1.05.53-1.39-.43-2-.42-.24-.86-.23-1.08.2a2.14,2.14,0,0,1-1,.9,1.76,1.76,0,0,0-.34.25c-.24-.39-.62-.77-.9-.75l-.12,0a1.42,1.42,0,0,0-.85-1.07,2,2,0,0,0-1.62.47,1.11,1.11,0,0,0-1.09,0,2.47,2.47,0,0,0-.15,1,.7.7,0,0,0,.77.48.67.67,0,0,0,.07.18,1,1,0,0,0-.59.69.86.86,0,0,0,.61,1,1,1,0,0,0,1.07-.77.47.47,0,0,0,0-.17,1.7,1.7,0,0,0,1.45-.48.67.67,0,0,0,.14.19h0a.87.87,0,0,0-.1.69,1.1,1.1,0,0,0,1,.56.36.36,0,0,0,0,.09,3.58,3.58,0,0,1,.22.52c-.14.65.1.94.46,1.11s.72-.05,1-.36.6-.65.88-1a2.54,2.54,0,0,0,.43-.67,1.32,1.32,0,0,0,.82.64,1,1,0,0,0,1.23-.56c.09-.18.28-.42.42-.68a1.62,1.62,0,0,0,.55.67.92.92,0,0,0,.58.18,1.82,1.82,0,0,0-.33.65l-.09,0a1.39,1.39,0,0,0-.52-.33,1.82,1.82,0,0,0-2,1.13,1.34,1.34,0,0,0,.9,1.68A2,2,0,0,0,217.8,338.43Z"/><path class="cls-1" d="M215.3,340.73a.65.65,0,0,0,0-1,.76.76,0,0,0-1.09.09.67.67,0,0,0,.17,1A.61.61,0,0,0,215.3,340.73Z"/><path class="cls-1" d="M246.67,344.89a.77.77,0,0,0,.12-.28h-1.73a.79.79,0,0,0,.32.49A1,1,0,0,0,246.67,344.89Z"/><path class="cls-1" d="M326.48,351.22a.75.75,0,0,0,.42-1,.72.72,0,0,0-1-.47.86.86,0,0,0-.56,1.07A.82.82,0,0,0,326.48,351.22Z"/><path class="cls-1" d="M325.51,353.64c.44-.41.24-.86-.1-1.24a1,1,0,0,0-1.16,1C324.63,353.73,325,354.08,325.51,353.64Z"/><path class="cls-1" d="M329.8,344.61h-2.34a1.11,1.11,0,0,0,.09.19l.07.08-.14.05a1.73,1.73,0,0,0-.92,2.16,1.43,1.43,0,0,0,2.06.72c.94-.43,1.3-1.18.93-2a1.69,1.69,0,0,0-.41-.55,1.28,1.28,0,0,0,.27-.16A1.37,1.37,0,0,0,329.8,344.61Z"/><path class="cls-1" d="M333.59,345a2.08,2.08,0,0,0,.58-.38h-2A1.32,1.32,0,0,0,333.59,345Z"/><path class="cls-1" d="M345.43,346.16a1.4,1.4,0,0,0,.45-.58,1.13,1.13,0,0,0,1.2.22,2.16,2.16,0,0,0,1.05-1.19H343a1.21,1.21,0,0,0,.19.83A1.85,1.85,0,0,0,345.43,346.16Z"/><path class="cls-1" d="M125.1,334.58c-.17.16-.41.86-.21,1.05s.8,0,1-.13a.85.85,0,0,0,.12-.76A.53.53,0,0,0,125.1,334.58Z"/><path class="cls-1" d="M322,344.82a.38.38,0,0,0,.1-.21h-1.22C321.14,344.89,321.84,345,322,344.82Z"/><path class="cls-1" d="M272.06,348.91c-.08,0-.15-.17-.28-.12s-.14.21-.13.29.2.15.22.13A1.53,1.53,0,0,0,272.06,348.91Z"/><path class="cls-1" d="M311.18,345.36a2,2,0,0,0,2.06,1.27,1.54,1.54,0,0,0,1.15-1.68,1.58,1.58,0,0,0-.07-.34h-3.05A1.3,1.3,0,0,0,311.18,345.36Z"/><path class="cls-1" d="M270.64,350.93a1.27,1.27,0,0,0,1.11,1.1,1.07,1.07,0,0,0,1.33-1c.1-.71-.22-1.26-.75-1.31A1.73,1.73,0,0,0,270.64,350.93Z"/><path class="cls-1" d="M356.89,348.29a.47.47,0,0,0,.7-.28.48.48,0,0,0-.35-.65.52.52,0,0,0-.56.34A.45.45,0,0,0,356.89,348.29Z"/><path class="cls-1" d="M274.08,353.66a.71.71,0,0,0-.15-.58c0-.12.07-.26.13-.4-.29-.05-.53-.16-.67-.08a.33.33,0,0,0-.11.17.57.57,0,0,0-.62.61,2.21,2.21,0,0,0,.37.77C273.65,354.27,274,354,274.08,353.66Z"/><path class="cls-1" d="M312.6,353.08c.44.18.85.57,1.23.41a.85.85,0,0,0,.54-.53,1.31,1.31,0,0,0,.24-.78,1.79,1.79,0,0,0-.82-1.33,1.32,1.32,0,0,0-1.4.06,1.15,1.15,0,0,0-.46,1.07A1.36,1.36,0,0,0,312.6,353.08Z"/><path class="cls-1" d="M313.47,348.38c.22-.07.32-.19.26-.42s-.19-.35-.44-.28-.34.2-.27.44A.31.31,0,0,0,313.47,348.38Z"/><path class="cls-1" d="M274.58,345.76a1,1,0,0,0-1.35-.67,1.4,1.4,0,0,0-.17.09,1.35,1.35,0,0,0-.45-.19,1.8,1.8,0,0,0-1.81,1.4,1.42,1.42,0,0,0,1,1.65,2.16,2.16,0,0,0,1.81-.51,1.1,1.1,0,0,0,.48-.07C274.58,347.28,274.82,346.37,274.58,345.76Z"/><path class="cls-1" d="M266.34,348.64a.56.56,0,0,0,0,.56c.08.1.52.23.66.07s-.09-.53-.21-.67A.37.37,0,0,0,266.34,348.64Z"/><path class="cls-1" d="M356.37,344.89l.05,0a1.13,1.13,0,0,0,1.17-.32h-4.12a1.14,1.14,0,0,0,.06.25.87.87,0,0,0-1,.39.73.73,0,0,0,.32,1.05l.24,0a1.73,1.73,0,0,0-.43.79,1.63,1.63,0,0,0,1.19,1.61c.5.17,1,.22,1.15.88.12.48.62.46,1.06.29.27-.6.11-1-.41-1.21a8.54,8.54,0,0,0,.25-1.59,2,2,0,0,0-.95-1.31,1.76,1.76,0,0,0,1-.47A4.35,4.35,0,0,0,356.37,344.89Zm-2.36.78a.61.61,0,0,0,0-.19c.06,0,.1.1.16.14Z"/><path class="cls-1" d="M364.62,344.63v0a1.63,1.63,0,0,0,.09,1.35,1.23,1.23,0,0,0,.29.81,1.36,1.36,0,0,0,1.69.46,1.67,1.67,0,0,0,.23-1.87l-.09-.08a1.1,1.1,0,0,0-.14-.71h-2.17Z"/><path class="cls-1" d="M359,344.94a.8.8,0,0,0-1-.11.92.92,0,0,0-.15,1.21.86.86,0,0,0,1.18.25.69.69,0,0,0,.13-.11.63.63,0,0,0,.11.12,1.56,1.56,0,0,0,.69.66,1.2,1.2,0,0,0,.79.05,1.52,1.52,0,0,0,.28,1.46,2,2,0,0,0,.52.53.76.76,0,0,0-.42.44.87.87,0,0,0,.09.75,3,3,0,0,0-.41,1.18,1.63,1.63,0,0,1-.31.11c-.47,0-.61.37-.67.79a.83.83,0,0,0,.46.83c.77.51,1.19.41,1.65-.39.35-.61.72-1.21,1.07-1.8,1.15.57,1.29.51,1.56-.56a.83.83,0,0,0-1.08-.28,1.14,1.14,0,0,0-.3-1.22,1.78,1.78,0,0,0,.28-.38c.34.08.76.13.92-.23s-.4-.86-.64-1.08c0,0-.09,0-.13-.06a1,1,0,0,0-.12-.26,1.63,1.63,0,0,0-1.58-.74,1.25,1.25,0,0,0,.1-1c0-.07-.05-.12-.07-.18l0-.14c0-.06-.07-.1-.09-.15h-2.64A2.33,2.33,0,0,0,359,344.94Z"/><path class="cls-1" d="M354,349.41c-.06.08.07.42.14.43a.71.71,0,0,0,.55-.14.48.48,0,0,0-.1-.66C354.26,348.85,354.07,349.26,354,349.41Z"/><path class="cls-1" d="M349,345.84a.71.71,0,0,0,1.06.21,1.71,1.71,0,0,0,.79-1.1.72.72,0,0,0,.54-.15.34.34,0,0,0,.08-.19h-2.66A1.84,1.84,0,0,0,349,345.84Z"/><path class="cls-1" d="M350.47,346a.89.89,0,0,0-.16,1.21.93.93,0,0,0,1.48-1.11A1,1,0,0,0,350.47,346Z"/><path class="cls-1" d="M375.86,345.82a.94.94,0,0,0-.23.1.87.87,0,0,0-.26,1.27.94.94,0,0,0,1.3.16.81.81,0,0,0,.35-.77,1.93,1.93,0,0,0,1.65-.71,1.46,1.46,0,0,0,.15-1.26h-3A1.73,1.73,0,0,0,375.86,345.82Z"/><path class="cls-1" d="M400.06,350.49c.05,0,.08-.41,0-.47s-.49-.27-.67-.14,0,.56.1.6A.8.8,0,0,0,400.06,350.49Z"/><path class="cls-1" d="M391.67,344.79a.64.64,0,0,0,.26.95c.6.37,1.11.43,1.32.15a1.49,1.49,0,0,0-.13-1.28h-1.23A1,1,0,0,0,391.67,344.79Z"/><path class="cls-1" d="M398.41,344.88a1,1,0,0,0,1-.27H398A1.19,1.19,0,0,0,398.41,344.88Z"/><path class="cls-1" d="M389.29,345.65a.63.63,0,0,0,.76-.54,2.24,2.24,0,0,0,.9.1.66.66,0,0,0,.2-.6h-2.67A1.24,1.24,0,0,0,389.29,345.65Z"/><path class="cls-1" d="M329.87,352.17a1.08,1.08,0,0,0,.13-.33c-.09,0-.19-.13-.3-.06a.22.22,0,0,0-.07.25,1.87,1.87,0,0,0-1.89-.54,1.94,1.94,0,0,0-.95,2.21c.27.8,1.26,1.1,2.32.71a1.42,1.42,0,0,0,.85-1.83,1.4,1.4,0,0,0-.24-.43C329.78,352.17,329.86,352.19,329.87,352.17Z"/><path class="cls-1" d="M373.28,353.35a.25.25,0,0,0-.06.36.27.27,0,0,0,.35,0,.33.33,0,0,0,0-.32C373.52,353.35,373.37,353.28,373.28,353.35Z"/><path class="cls-1" d="M382.76,346.08c0,.21.29.37.48.37s.45-.21.42-.43a.44.44,0,0,0-.4-.39A.6.6,0,0,0,382.76,346.08Z"/><path class="cls-1" d="M360.35,355.58a.74.74,0,0,0,.62.84,1.11,1.11,0,0,0,.81-.21c.44-.51.18-1-.31-1.47C361,354.9,360.4,354.93,360.35,355.58Z"/><path class="cls-1" d="M281.89,344.61h-3.63a.91.91,0,0,0,.11.43,4.43,4.43,0,0,0-.8.19,1.54,1.54,0,0,0-.88,1.46c0,.05,0,.11,0,.16a1.48,1.48,0,0,0-.9-.59c-.54-.08-1,.39-1.13,1.15-.1.58.26,1.29.7,1.37a1.6,1.6,0,0,0,1.62-1,.69.69,0,0,0,0-.25,1.57,1.57,0,0,0,.62.39,2.52,2.52,0,0,0,.75.13,1.25,1.25,0,0,0,1.18,1.31,1.53,1.53,0,0,0,1.74-1.46c0-.05,0-.09,0-.13a1.33,1.33,0,0,0,.52-.86.63.63,0,0,0,.3.12.85.85,0,0,0,.75-.54,1.41,1.41,0,0,0,0,1,1.08,1.08,0,0,0,1.6.54c.64-.32.92-.88.66-1.35a1.7,1.7,0,0,0-2-.72.86.86,0,0,0-.34.49,1.37,1.37,0,0,0,.11-.36,1,1,0,0,0-.75-1.22.76.76,0,0,0-.47.11s.05-.09.07-.15A1.34,1.34,0,0,0,281.89,344.61Zm-.6,1.1h0a1.14,1.14,0,0,0-.26-.09,1.25,1.25,0,0,0,.33-.13A.81.81,0,0,0,281.29,345.71Z"/><path class="cls-1" d="M286.26,345.39a2.4,2.4,0,0,0,.5.71c-.5.11-1.09.47-1.17.78a1.17,1.17,0,0,0,1,1.38c.53.13,1-.32,1.2-1.07a1,1,0,0,0,0-.56,1.08,1.08,0,0,0,.44,0,.62.62,0,0,0,.51.29c.43.09.8-.17.75-.57a2.24,2.24,0,0,0-.3-.7,1.84,1.84,0,0,0,.13-1h-3.09A1.16,1.16,0,0,0,286.26,345.39Z"/><path class="cls-1" d="M282.28,349.05a2.25,2.25,0,0,0-.44.74,1.76,1.76,0,0,0,.12.2.9.9,0,0,0,.64.77,1,1,0,0,0,1.14-.68.85.85,0,0,0-.68-1A.56.56,0,0,0,282.28,349.05Z"/><path class="cls-1" d="M264.77,344.83a1.11,1.11,0,0,0,0,1.37,1.43,1.43,0,0,0,1.35,1.46c1,.16,1.74-.27,1.87-1.14a1.68,1.68,0,0,0-1.24-1.89H265A1.15,1.15,0,0,0,264.77,344.83Z"/><path class="cls-1" d="M294.12,349.07a.94.94,0,0,0,.45-1.22,1,1,0,0,0-1.27-.37.88.88,0,0,0-.41,1.14A1,1,0,0,0,294.12,349.07Z"/><path class="cls-1" d="M269.17,350.53l1.34-.26a3.42,3.42,0,0,1,.13-.34c-.26-.21-.46-.75-.81-.84,0,0,0-.09,0-.14.07-.43-.47-1-1.1-1.11a1.09,1.09,0,0,0-1.35.69,1.39,1.39,0,0,0,.79,1.49,1.24,1.24,0,0,0,.9-.16,1.73,1.73,0,0,1-.12.45Z"/><path class="cls-1" d="M279.83,350.22a.88.88,0,0,0,.31,1.43,1.19,1.19,0,0,0,1-.18.91.91,0,0,0-1.32-1.25Z"/><path class="cls-1" d="M316,349.84a.54.54,0,0,0,.17.39.52.52,0,0,0,.42.09.86.86,0,0,0,.34-.07.82.82,0,0,0,.57-1.07.84.84,0,0,0-1-.5.86.86,0,0,0-.53,1.09Z"/><path class="cls-1" d="M322.69,350.21a1.74,1.74,0,0,0,1.05-1.5,1.68,1.68,0,0,0,.75-1.94,1.85,1.85,0,0,0-1-1,.88.88,0,0,0,.28,0,.93.93,0,0,0,.79.24c.35-.14.3-1,.18-1.39H323.3a2.44,2.44,0,0,0,0,.67l0,0a.47.47,0,0,0-.06.35s0,.05.09.07a1.49,1.49,0,0,0-1.13.08,1.27,1.27,0,0,0-.79,1.47.75.75,0,0,0-.18.07,1.4,1.4,0,0,0-.67.94,1,1,0,0,0-1.15-.38.76.76,0,0,0-.43,1s0,0,0,0a.74.74,0,0,0-.62,0,2,2,0,0,0-.77,1.73,1.11,1.11,0,0,0,1.53.5c.7-.27.84-.66.52-1.45a1.48,1.48,0,0,0-.14-.25.86.86,0,0,0,.67,0,.88.88,0,0,0,.36-.4,2.13,2.13,0,0,0,.08.27A1.75,1.75,0,0,0,322.69,350.21Z"/><path class="cls-1" d="M317.2,345.55c-.26-.58-.94-.94-1.35-.73a1.65,1.65,0,0,0-.78,1.56,2.12,2.12,0,0,0-.25,1.14,4.63,4.63,0,0,0,.95.53,1.26,1.26,0,0,0,1.49-.47,1.5,1.5,0,0,0,0-1.41A1.05,1.05,0,0,0,317.2,345.55Z"/><path class="cls-1" d="M320.51,351.12a.58.58,0,0,0-.27.49c0,.12.34.46.55.38s.17-.51.13-.68A.35.35,0,0,0,320.51,351.12Z"/><path class="cls-1" d="M292.75,348.35a2.3,2.3,0,0,0-.32-.74.84.84,0,0,0-1,.75s0,.06,0,.09a1.66,1.66,0,0,0-1.38.23l-.12.1a1.49,1.49,0,0,0,0-1.08c-.23-.48-.87-.61-1.58-.29a1.24,1.24,0,0,0-.75,1.34,1.61,1.61,0,0,0,1.72.8.8.8,0,0,0,.21-.13,1.52,1.52,0,0,0,0,.73v0a1.72,1.72,0,0,0-1.45,1.41,1.83,1.83,0,0,0,1.3,1.87,1.79,1.79,0,0,0,1.81-.81,1.06,1.06,0,0,0,1.49.42.66.66,0,0,0,.07.32,1,1,0,0,0,1.23.22,1,1,0,0,0,.61-1.3.86.86,0,0,0-1.18-.34h0a1.61,1.61,0,0,0-.31-.79,1.61,1.61,0,0,1-.43-1.11,1.43,1.43,0,0,0-.56-1.15C292.51,348.92,292.8,348.69,292.75,348.35Z"/><path class="cls-1" d="M303.11,344.61c.21.32.5.92,1.09,1a1.21,1.21,0,0,0,1.16-.44,1.56,1.56,0,0,0-.18.34.79.79,0,0,0,.52,1.1,1.1,1.1,0,0,0,1.4-.55,1.08,1.08,0,0,0-.58-1.37.78.78,0,0,0-.21,0l.06,0Zm2.32.46.08-.13h.07A1,1,0,0,0,305.43,345.07Z"/><path class="cls-1" d="M310.77,349.16c.25.56.71.81,1.16.64a1.79,1.79,0,0,0,.83-1.7,1.11,1.11,0,0,0-1.62-.5l-.08.06a1,1,0,0,0,0-.58.94.94,0,0,0,.4-1.15.91.91,0,0,0-1.17-.35.85.85,0,0,0-.27,1.18,1.7,1.7,0,0,0,.1.14.53.53,0,0,0-.3.79c.13.31.33.61.76.48,0,0,0,0,0,0A1.41,1.41,0,0,0,310.77,349.16Z"/><path class="cls-1" d="M217.77,325.59c.09.34.51.18.68.14s.24-.35.19-.41a.66.66,0,0,0-.49-.28C218,325.06,217.68,325.26,217.77,325.59Z"/><path class="cls-1" d="M180.56,326.3a1,1,0,0,0,.79-1.06.86.86,0,0,0-1-.63.88.88,0,0,0-.75,1A.9.9,0,0,0,180.56,326.3Z"/><path class="cls-1" d="M178.92,341a1.1,1.1,0,0,0,.57-1.21c-.36-.85-1.05-1.32-1.59-1.07a1.61,1.61,0,0,0-.58,1.78A1.49,1.49,0,0,0,178.92,341Z"/><path class="cls-1" d="M181.9,324.63a.82.82,0,0,0,.47-1,.8.8,0,0,0-.44-.35h-.87a.82.82,0,0,0-.33,1.05A.84.84,0,0,0,181.9,324.63Z"/><path class="cls-1" d="M172,324.8l.28.12a1.29,1.29,0,0,0-.33,1.35c.13.57.74,1.09,1.18,1a1.58,1.58,0,0,0,1.11-1.52.75.75,0,0,0-.08-.24,1.58,1.58,0,0,0,.72.12,1.35,1.35,0,0,0,.28,0,1.67,1.67,0,0,0,.08.2c.6,1.06,1.08,1.24,2,.84a1.61,1.61,0,0,0,.68-2.32l.13-.1a1.66,1.66,0,0,0,1.12,0,1,1,0,0,0,.5-1H172.2a1.08,1.08,0,0,1-1,.72c-.49,0-.58.52-.5,1C171.26,325.34,171.71,325.27,172,324.8Z"/><path class="cls-1" d="M162.62,333.26a2,2,0,0,0-1.33,2c.12.83,1,1.31,2.15,1.12a1.42,1.42,0,0,0,1.17-1.64A1.87,1.87,0,0,0,162.62,333.26Z"/><path class="cls-1" d="M168,326.82a1.54,1.54,0,0,0,.34.66v0a1.78,1.78,0,0,0,2,.58.91.91,0,0,0,.55-1,1.22,1.22,0,0,0,.25-.94,1.91,1.91,0,0,0-2-1.3A1.8,1.8,0,0,0,168,326.82Z"/><path class="cls-1" d="M194.41,332.05c.11.33,1,.49,1.44,0a.94.94,0,0,0,.08-.82.82.82,0,0,0-1.07-.42C194.28,331,194.3,331.72,194.41,332.05Z"/><path class="cls-1" d="M196,325.49a1.81,1.81,0,0,0,1.07-.52,1.86,1.86,0,0,0,.47-1.49c0-.08,0-.16,0-.23h-4a1.09,1.09,0,0,1,0,.26C193.49,325.31,194.8,325.63,196,325.49Z"/><path class="cls-1" d="M196.25,330.92a.92.92,0,0,0,1.1-.62c-.17-.18-.35-.51-.63-.65s-.66.05-.77.42S195.83,330.75,196.25,330.92Z"/><path class="cls-1" d="M174.25,331.74a2.29,2.29,0,0,0,1.17-.42l.37.17a1.92,1.92,0,0,0,.46,0,1.09,1.09,0,0,0,.72-1.85,7.33,7.33,0,0,0-1.33-1.22.86.86,0,0,0-.29-.13.7.7,0,0,0,0-.45.91.91,0,0,0-1.15-.4.86.86,0,0,0-.49,1.11.64.64,0,0,0,.08.14,1.59,1.59,0,0,0-1,1.37s0,.08,0,.12a1.25,1.25,0,0,0-1-.29.93.93,0,0,0-1.08-.63,1.58,1.58,0,0,0-.75.6,1.21,1.21,0,0,0-1.26.68,1.45,1.45,0,0,0,.29,1.53,1.14,1.14,0,0,0,1.38,0,1.59,1.59,0,0,0,1.9.72,1.13,1.13,0,0,0,.26-.16,3.33,3.33,0,0,0,.55.46c.62-.14.87-.49.78-.87a.75.75,0,0,0-.6-.56,1.28,1.28,0,0,0,.05-.27A1.29,1.29,0,0,0,174.25,331.74Z"/><path class="cls-1" d="M195.21,327a.64.64,0,0,0,.21-.88c-.17-.35-.67-.58-.94-.38a.77.77,0,0,0-.33,1A.74.74,0,0,0,195.21,327Z"/><path class="cls-1" d="M167,331.18a1.53,1.53,0,0,0,1.11-1.63c-.1-.43-.81-.72-1.44-.6a1.11,1.11,0,0,0-1,1.16A1.41,1.41,0,0,0,167,331.18Z"/><path class="cls-1" d="M192.46,329c.58.23,1.07.4,1.47,0H194c.33-.36.65-.77.35-1.28a.76.76,0,0,0-1.08-.28l-.07.06a.62.62,0,0,0-.24,0C192.28,327.69,192.5,328.36,192.46,329Z"/><path class="cls-1" d="M176.94,339.3c.61-.08.73-.54.7-1.09h0a.93.93,0,0,0,.07-.91.86.86,0,0,0-1.18-.27.72.72,0,0,0-.32,1s0,0,0,0l-.11,0C176.24,339,176.49,339.35,176.94,339.3Z"/><path class="cls-1" d="M182.47,328.22a1.67,1.67,0,0,0-.92.53,2,2,0,0,0-1.2-1.76,2.7,2.7,0,0,0-.89-.13.61.61,0,0,0-.14-.24,1,1,0,0,0-1.52.25.85.85,0,0,0,.34,1.05,1,1,0,0,0-.07.57c.11.59.81,1.18.75,1.41s-1.09.49-1.21,1.28a1.24,1.24,0,0,0,.45,1.16,1.56,1.56,0,0,0-.34-.18.79.79,0,0,0-1.1.53,1.09,1.09,0,0,0,.56,1.39.94.94,0,0,0,.64,0c-.08.43.17,1.16.57,1.2a.87.87,0,0,0,.89-.68c0-.38-.5-.75-.92-.83a1,1,0,0,0,.19-.3,1,1,0,0,0-.38-1.08,2,2,0,0,0,.58.28,1.39,1.39,0,0,0,.8-.12,1.27,1.27,0,0,0,.18.37c.39.54,1.17.1,1.36-.17s-.2-.56-.55-.86a1.2,1.2,0,0,0,.31-.5c.17-.62-.51-1-.49-1.21s.48-.35.83-.72a1.53,1.53,0,0,0,0,.67,1.31,1.31,0,0,0,1.1,1.07,1.27,1.27,0,0,0,.1.71,1.62,1.62,0,0,0,2.22.73,1.56,1.56,0,0,0,.82-2.08,1.21,1.21,0,0,0-1.32-.79,1,1,0,0,0,0-.57,1.57,1.57,0,0,0-.25-.48.69.69,0,0,0,.71-.41,1.34,1.34,0,0,0,.44.12c1.19.14,1.87-.33,2-1.29a1.47,1.47,0,0,0,1,.74,2,2,0,0,0,1.79-.77.92.92,0,0,0,.17-.57,2.55,2.55,0,0,0,.53.18,3,3,0,0,0,2.65-1.77c.18-.82-.73-1.31-.71-1.55,0,0,.06-.1.14-.17H190.4a5,5,0,0,0-1.19,1.05,2.19,2.19,0,0,0-.94-1s0,0,0,0h-3.19a1.08,1.08,0,0,1-.23.73c-.3.27,0-.57-1.22,0s-1.43,2.62.17,2.77c.11,0,.11.32.19.68a.65.65,0,0,0-.31.08.74.74,0,0,0-.23.9A1.36,1.36,0,0,0,182.47,328.22Z"/><path class="cls-1" d="M165.49,328.37h0a.93.93,0,0,0,.54-1.2.87.87,0,0,0-1.17-.32.71.71,0,0,0-.22.15,1.39,1.39,0,0,0-1.1-.22,1.72,1.72,0,0,0-1.31,2,1.37,1.37,0,0,0,1,1.1c-.39.29-.83.54-1.24.8a.74.74,0,0,0-.65.58h-.26a.88.88,0,0,0-.75,1,.84.84,0,0,0,1,.61.76.76,0,0,0,.6-.6,1.23,1.23,0,0,0,.55,0,2.31,2.31,0,0,1,.94,0,1.27,1.27,0,0,0,1.43-.36,1.73,1.73,0,0,0-.36-1.76,2.42,2.42,0,0,0-.36-.27C165.06,329.55,165.51,329,165.49,328.37Z"/><path class="cls-1" d="M151.45,329.29c-.17.09-.13.45,0,.61a.46.46,0,0,0,.59.08.45.45,0,0,0,.09-.55A.63.63,0,0,0,151.45,329.29Z"/><path class="cls-1" d="M151.49,327.69a1.3,1.3,0,0,0,1.55-.19,1.39,1.39,0,0,0,.08-1.77,1.15,1.15,0,0,0-.84-.37,1.61,1.61,0,0,0-.75.21.35.35,0,0,0-.23.13l0,0a2,2,0,0,0-.61,1.26A5.12,5.12,0,0,0,151.49,327.69Z"/><path class="cls-1" d="M147.48,324.22a2,2,0,0,0,1.79,1.6,1.52,1.52,0,0,0,1.43-1.44,1.67,1.67,0,0,0-.29-1.13h-3.74A1.18,1.18,0,0,0,147.48,324.22Z"/><path class="cls-1" d="M155.06,324.4a1.11,1.11,0,0,0,.77-.51,1.76,1.76,0,0,0,.75-.64h-3.53a.2.2,0,0,0,0,.07C153.47,324.5,153.86,324.55,155.06,324.4Z"/><path class="cls-1" d="M142.87,330.26c0,.1,0,.18-.08.18s-.44.23-.43.83a.89.89,0,0,0,.85,1,1.32,1.32,0,0,0,1.38-1.23c.06-.72-.34-.87-.26-1.34s-.15-.66-.61-.87-1.17-.49-1.43.16a1.77,1.77,0,0,0-.06.17.71.71,0,0,0-.27.18c-.29.28-.15.54,0,.78A.56.56,0,0,0,142.87,330.26Z"/><path class="cls-1" d="M359,351.74a1.76,1.76,0,0,0,.17-2.08,1,1,0,0,0-1.47-.14,1.08,1.08,0,0,0-.25,1.73C357.89,351.82,358.63,352.05,359,351.74Z"/><path class="cls-1" d="M143.52,326.18a1.53,1.53,0,0,0,0-.92,1,1,0,0,0,1.2.09,1.75,1.75,0,0,0,.07-2.08l0,0h-1.5a1,1,0,0,0-.17,1.59.75.75,0,0,0-1,.3,1,1,0,0,0-.06.9C142.45,326.55,143,326.46,143.52,326.18Z"/><path class="cls-1" d="M162.12,323.82a3.09,3.09,0,0,1,.43.35c.19.64.54.78.93.76a.63.63,0,0,0,.58-.43l0,0a2.47,2.47,0,0,0,.68.43.86.86,0,0,0,.39-1.17c-.2-.35-.49-.27-.77-.15,0,0-.06,0-.09.06,0-.15.07-.3.1-.45h-2.88A2.1,2.1,0,0,0,162.12,323.82Z"/><path class="cls-1" d="M156.3,325.79a1.22,1.22,0,0,0-1.64.06,1.13,1.13,0,0,0-.11,1.71c.48.56,1.17.71,1.58.33A1.67,1.67,0,0,0,156.3,325.79Z"/><path class="cls-1" d="M158,323.91a1,1,0,0,0-.19.88.85.85,0,0,0,1,.63,1,1,0,0,0,.58-1.18.46.46,0,0,0-.07-.16,1.51,1.51,0,0,0,.52-.3.72.72,0,0,0,.7-.53h-3.11A1.23,1.23,0,0,0,158,323.91Z"/><path class="cls-1" d="M166,323.49a1.32,1.32,0,0,0,1.52.82,2,2,0,0,0,1.41-1.06h-3.73A.79.79,0,0,0,166,323.49Z"/><path class="cls-1" d="M160.23,324.7a2.62,2.62,0,0,0,.68.43.85.85,0,0,0,.4-1.17c-.21-.35-.49-.27-.77-.15A.57.57,0,0,0,160.23,324.7Z"/><path class="cls-1" d="M156.52,334.66c.64-.31,1-.71.84-1a1.44,1.44,0,0,0-1.37-.55,1.21,1.21,0,0,0-.4,1.29A.63.63,0,0,0,156.52,334.66Z"/><path class="cls-1" d="M155.67,330a.37.37,0,0,0-.45-.08.59.59,0,0,0-.15.35c0-.08,0-.14,0-.22-.15-.73-.59-1.13-1.12-1a1.93,1.93,0,0,0-1.07,1.55,1.09,1.09,0,0,0,1.4.77c.6-.1.84-.37.83-.9.06.12.44.35.62.22S155.75,330.17,155.67,330Z"/><path class="cls-1" d="M146.38,326.85a.9.9,0,0,0,.68-1.06,2.72,2.72,0,0,0-.86-.28c-.4,0-.56.36-.47.73S145.94,326.9,146.38,326.85Z"/><path class="cls-1" d="M196.19,337c.21-.11.47-.13.68-.45a1.81,1.81,0,0,0,.2-1.55,1.36,1.36,0,0,0-1.14-.84,1.19,1.19,0,0,0-1,.55,2,2,0,0,0-.24.62,1.08,1.08,0,0,0-.61,1.17c.3.82.94,1.3,1.48,1.09a1.07,1.07,0,0,0,.54-.53A.67.67,0,0,0,196.19,337Z"/><path class="cls-1" d="M202.47,345.4a1.21,1.21,0,0,0-.52-1.25.64.64,0,0,0-.9.37c-.3.64-.29,1.16,0,1.33A1.44,1.44,0,0,0,202.47,345.4Z"/><path class="cls-1" d="M205.33,325.26a1.44,1.44,0,0,0,1-.57,2.79,2.79,0,0,0,.15.47c.27.61.78.89,1.23.66a2.26,2.26,0,0,0,.84-1.64l.18.15a5.34,5.34,0,0,0,.7-.27,1.56,1.56,0,0,0,.11.58,1.7,1.7,0,0,0,1.69.92v0c-.16.17-1.47-.22-2.26.44a2.53,2.53,0,0,0-.39,2.63l-.08,0a1.28,1.28,0,0,0-.41,1.52,1.23,1.23,0,0,0,1.55-.1,1.09,1.09,0,0,0,.14-.23,1.32,1.32,0,0,0,.41.14,2.21,2.21,0,0,0,1.32-.19.87.87,0,0,0,.21.43c.48.54.79.56,1.55.17a13.74,13.74,0,0,0,1.57.47.56.56,0,0,0,.32,0,1.29,1.29,0,0,0,1,.08c.56-.22.9-.91,1.31-.92s-.37.43.92.81a1.56,1.56,0,0,0,.71,0v-5.21l-.1.09a1.57,1.57,0,0,0-1.5.69,3.11,3.11,0,0,1-1.17.7h0a.9.9,0,0,0-1,.44,1.88,1.88,0,0,0-1.13,1.27.84.84,0,0,0-.14-.06l-.74.4a2.64,2.64,0,0,0-1-.22l0-.08a1,1,0,0,0,.8,0,1.33,1.33,0,0,0,.39-1.62,1.08,1.08,0,0,0-.16-.2,1.76,1.76,0,0,0,1.44-.4,1.55,1.55,0,0,0,.42-1.59h0a.45.45,0,0,0,.25-.58.47.47,0,0,0-.7-.27,2.86,2.86,0,0,0-2.34-.6.62.62,0,0,0-.07-.23.77.77,0,0,0-.1-.18H208a.94.94,0,0,0,.11.32,1.4,1.4,0,0,0-1.2,0,.82.82,0,0,0-.43.45,1.3,1.3,0,0,0-.69-.63.91.91,0,0,0-1.11.69A1.06,1.06,0,0,0,205.33,325.26Z"/><path class="cls-1" d="M217.89,323.46a.64.64,0,0,0-.09-.21h-1.14a2.43,2.43,0,0,0,.08.86A.77.77,0,0,0,217.89,323.46Z"/><path class="cls-1" d="M199.59,339.31a1.17,1.17,0,1,0-2.29-.47,1,1,0,0,0,.67,1.05C198.83,340.08,199.48,339.85,199.59,339.31Z"/><path class="cls-1" d="M200.67,352.61c0,.1.14.29.22.43.17-.1.39-.17.48-.32s0-.49-.21-.56S200.73,352.46,200.67,352.61Z"/><path class="cls-1" d="M202.73,342.07a1.45,1.45,0,0,0-.95-1.13c-.34,0-.91.52-1,.95a.65.65,0,0,0,.69.7C202.21,342.62,202.69,342.42,202.73,342.07Z"/><path class="cls-1" d="M197.33,343c.06.09.11.3.22.33a1.8,1.8,0,0,1,.86.82.87.87,0,0,0,.81.07,1,1,0,0,0,.46-.7c0-.17-.23-.46-.43-.57a8.81,8.81,0,0,0-1.25-.44C197.63,342.38,197.42,342.56,197.33,343Z"/><path class="cls-1" d="M370.39,345.14a1.37,1.37,0,0,0,.92-.53h-2.46A2.4,2.4,0,0,0,370.39,345.14Z"/><path class="cls-1" d="M379.55,347.09c.21.14.37.09.5-.13a.3.3,0,0,0-.12-.47.31.31,0,0,0-.5.1C379.29,346.81,379.32,347,379.55,347.09Z"/><path class="cls-1" d="M368.09,350.59a1,1,0,0,0,.71.12l.3.16a1.61,1.61,0,0,0,1.5-.31c1.4.06,1.81-1.08,1.82-2.19a1.84,1.84,0,0,0-.38-1.11,1.64,1.64,0,0,0-.86-.56,1.57,1.57,0,0,0-.05-.67.62.62,0,0,0-.95-.18,1,1,0,0,0-.08.61,1.48,1.48,0,0,0-1.1-.2,2.61,2.61,0,0,0-1.8,2.37,1,1,0,0,0,.19,1.08A1.93,1.93,0,0,0,368.09,350.59Z"/><path class="cls-1" d="M141.69,323.66a1.39,1.39,0,0,0,.09-.41h-1.24c0,.05.05.11.07.17C140.76,323.89,141.25,323.85,141.69,323.66Z"/><path class="cls-1" d="M381.47,345.13a1.34,1.34,0,0,0,.56-.52h-2.18a2.43,2.43,0,0,0,.57.8A4.94,4.94,0,0,0,381.47,345.13Z"/><path class="cls-1" d="M395.18,345.14c.06,0,.09-.07.14-.1a1.44,1.44,0,0,0,.71-.43h-2.24a1.64,1.64,0,0,0,.28.23A.85.85,0,0,0,395.18,345.14Z"/><path class="cls-1" d="M202.5,326.66c-.31.2-.68.31-.75.8s.56,1.12,1.16,1.12a1.57,1.57,0,0,0,.82-.31.92.92,0,0,0,1.12.26,1,1,0,0,0,.87.07.85.85,0,0,0,.42-1.13.93.93,0,0,0-1.24-.38s0,0,0,0a1.09,1.09,0,0,0-.73-.09,1.22,1.22,0,0,0-.53-.61C203.17,326.21,202.84,326.43,202.5,326.66Z"/><path class="cls-1" d="M200.08,335.9a.63.63,0,0,0-.51-.44c-.2,0-.33.33-.3.53s.26.42.48.36A.44.44,0,0,0,200.08,335.9Z"/><path class="cls-1" d="M183.33,340.18a.94.94,0,0,0-.41,1.16c.32.6.9.52,1.43.5.45-.9.46-1.31,0-1.63A.83.83,0,0,0,183.33,340.18Z"/><path class="cls-1" d="M187.12,331a.73.73,0,0,0,.11-.78c-.16-.27-.73,0-.84.12a.66.66,0,0,0,.07.65A.7.7,0,0,0,187.12,331Z"/><path class="cls-1" d="M186.5,335.56a1.56,1.56,0,0,0,.66-2,1.33,1.33,0,0,0-.47-.64s0,0,0,0c.08-.23-.24-.47-.34-.48s-.44-.09-.54.18a.36.36,0,0,0,0,.14,2.24,2.24,0,0,0-.65.19c-.94.4-1.24,1.05-.88,1.9A1.54,1.54,0,0,0,186.5,335.56Z"/><path class="cls-1" d="M192.7,333.82a2.37,2.37,0,0,0,.43-1.41c.21-.34.11-.62-.18-1s-.79-1-1.33-.54l0,0a1.29,1.29,0,0,1-.3-.22,2.44,2.44,0,0,0-.29-.27.77.77,0,0,0,.42-.73c0-.41-.19-.78-.63-.78a1.36,1.36,0,0,0-1,.35.65.65,0,0,0,0,.74,1.9,1.9,0,0,0-.39.11.65.65,0,0,0,0-.44.79.79,0,0,0-1-.24c-.37.22-.34.52.16,1.27h0a3.62,3.62,0,0,0-.36.42,1.83,1.83,0,0,0-.34,1.13,1.9,1.9,0,0,0,.78,1.37c.47.4.52,1,1.12,1.21A2.58,2.58,0,0,0,192.7,333.82Z"/><path class="cls-1" d="M194.38,343.6c.63.18,1.08-.15,1.28-.92a1.07,1.07,0,0,0,0-.25h0a.7.7,0,0,0,.27-.63,1,1,0,0,0-.55-.6.55.55,0,0,0-.63.26h-.05a.86.86,0,0,0-1.11.46A1.82,1.82,0,0,0,194.38,343.6Z"/><path class="cls-1" d="M192.27,340.29a1.05,1.05,0,0,0,.31.12,1.85,1.85,0,0,0,.81.45c.66.15,1.12-.22,1.3-1.06a1.21,1.21,0,0,0-.54-1.13,1.43,1.43,0,0,0-.92-.89,1.58,1.58,0,0,0-1.84.61C191,338.9,191.56,339.77,192.27,340.29Z"/><path class="cls-1" d="M184.77,338.26a1.42,1.42,0,0,0-1.58-.6c-.4.16-.6,1-.35,1.5a.73.73,0,0,0,1.07.25C184.62,339.07,184.93,338.66,184.77,338.26Z"/><path class="cls-1" d="M201,334.85a.72.72,0,0,0-.6.32c-.23.51,0,.86.54,1.11.4-.21.88-.39.72-1C201.6,335.11,201.24,334.9,201,334.85Z"/><path class="cls-1" d="M201.81,334.63a1.41,1.41,0,0,0,.91-1.52,1.23,1.23,0,0,0-.57-.73,1.64,1.64,0,0,0-2.2.68,5.35,5.35,0,0,0,.4,1A1.28,1.28,0,0,0,201.81,334.63Z"/><path class="cls-1" d="M201.06,338.63c.71.23,1.07,0,1.31-.79s0-1.27-.51-1.41a1.94,1.94,0,0,0-1.68.86A1.1,1.1,0,0,0,201.06,338.63Z"/><path class="cls-1" d="M189.51,336.68c-.51-.3-1-.79-1.71-.68l-.18.21a.67.67,0,0,0-1,0,1,1,0,0,0-.32.58c-.33.13-.57.33-.61.58a.79.79,0,0,0,.45.88.89.89,0,0,0,1.1,0,1.65,1.65,0,0,1,.14.62,1.37,1.37,0,0,0,1.29.89,1.77,1.77,0,0,0,1-1.51,2.22,2.22,0,0,0-.13-.68A.55.55,0,0,0,189.51,336.68Z"/><path class="cls-1" d="M198.4,326.34c.21.76.63,1,1.36.7s1.18-.52,1.06-1.55a4,4,0,0,1,.72.61.81.81,0,0,0,1.06.39c.47-.17.89-.4,1-1,.13-1.3,0-1.87-.74-2.25H199a1.67,1.67,0,0,0,1.17.91l-.09.37c-1.31-.2-1.91.33-1.78,1.48A1.91,1.91,0,0,0,198.4,326.34Z"/><path class="cls-1" d="M197.59,328.88a2.1,2.1,0,0,1,.42.88c.06.7,0,1.42,0,2.18-1.64.63-1.87,1.18-1,2.46a1.19,1.19,0,0,0,2,.05,10.6,10.6,0,0,0,.88-1.95c.78-.11,1.67-.32,2-1.22a1.82,1.82,0,0,0-.32-1.61,1.23,1.23,0,0,0-.77-1.05,2.11,2.11,0,0,0-1.4-.18,3,3,0,0,1-.2-.32,1,1,0,0,0-1.41-.27C197.29,328.15,197.35,328.5,197.59,328.88Z"/><path class="cls-1" d="M249.21,345.52c.53,0,1-.08,1.35.49s.73.26,1.11,0c.07-.65-.21-1-.76-1,0-.12,0-.22,0-.33h-3.19A1.74,1.74,0,0,0,249.21,345.52Z"/><path class="cls-1" d="M304.42,350a1.26,1.26,0,0,0,.32-1c-.1-1.15-.79-1.78-1.51-1.77a1.88,1.88,0,0,0-1.3.88h-.2a.78.78,0,0,0-.87-.2.87.87,0,0,0-.44.92l-.13.12c-.24-.28-.44-.55-.68-.79a1.13,1.13,0,0,0-.58-.33,1.25,1.25,0,0,0,.6-1.86,1.43,1.43,0,0,0-.12-.21,1.71,1.71,0,0,0,.81-.07.88.88,0,0,0,.54-.63,1.17,1.17,0,0,0,.65.11,2.85,2.85,0,0,0,1-.54h-4.15a1,1,0,0,0,.05.34.54.54,0,0,0,.05.11,2.08,2.08,0,0,0-1.13.21.72.72,0,0,0-.19.11,2.11,2.11,0,0,0,.21-.77h-4a1.89,1.89,0,0,0-.05.23,1.29,1.29,0,0,0,.13.64,1.4,1.4,0,0,0-1-.19,1.62,1.62,0,0,0-.46,1.73.71.71,0,0,0,1,.42c.72-.31,1.11-.78,1.07-1.25a1.79,1.79,0,0,0,1.33.51.67.67,0,0,0,.58-.7.75.75,0,0,0,.6.05l.17-.1a1.72,1.72,0,0,0,0,1.47,1.54,1.54,0,0,0,.33.45A2.26,2.26,0,0,0,295.2,349a1.62,1.62,0,0,0,.82,1.82c.46.27.9.42.94,1.1,0,.49.51.58,1,.51.39-.54.32-1-.15-1.27.17-.44.35-.78.47-1.11a1.41,1.41,0,0,0,.69.22,6.54,6.54,0,0,0,1.13-.11,4.61,4.61,0,0,0,.37.4,1.7,1.7,0,0,0,1.88.33,1.74,1.74,0,0,0,.54-.54l.21.05h.11a1.48,1.48,0,0,0-.13,1.64,2.21,2.21,0,0,0,.4.62.77.77,0,0,0-.51.35,1.14,1.14,0,0,0,.58,1.5,1.43,1.43,0,0,0,1.53-.28,1.15,1.15,0,0,0,0-1.38,1.57,1.57,0,0,0,.73-1.89A1.64,1.64,0,0,0,304.42,350ZM298,348.5l-.24-.29a1.38,1.38,0,0,0,.49,0A1.46,1.46,0,0,0,298,348.5Z"/><path class="cls-1" d="M306.75,348.41s0,.09,0,.14a1.38,1.38,0,0,0,1.57.58.76.76,0,0,0,.39-1,1.17,1.17,0,0,0-1.12-.74.71.71,0,0,0-.48-.53.76.76,0,0,0-1,.45,1.07,1.07,0,0,0,.11.9A.82.82,0,0,0,306.75,348.41Z"/><path class="cls-1" d="M304,356.19c.16-.07.53-.27.45-.51s-.48-.22-.56-.16-.4.2-.31.47A.3.3,0,0,0,304,356.19Z"/><path class="cls-1" d="M304.77,358.27a1.74,1.74,0,0,0-1.77.35c-.31.37-.65.75-.24,1.29s.53.83.8,1.25a.72.72,0,0,0,1,.64,1,1,0,0,0,.62-1.16,2.31,2.31,0,0,1,0-.94A1.26,1.26,0,0,0,304.77,358.27Z"/><path class="cls-1" d="M309,356.88a4,4,0,0,0-1.44.28c-.2-.27-.57-.45-.8-.28s-.78.67-.59,1.05.77.26,1,.22h0v.12c-.64.47-1,1.15-.77,1.55a.78.78,0,0,0,.9.4c.71-.15.88-.41.91-1.26a11.85,11.85,0,0,0,1.19-1.13A.56.56,0,0,0,309,356.88Z"/><path class="cls-1" d="M311.53,358.25a1.21,1.21,0,0,0-1.6-.36,1.27,1.27,0,0,0,.87,2.35.5.5,0,0,0,.05.29.81.81,0,0,0,.54.19c.06,0,.21-.36.15-.44a.89.89,0,0,0-.37-.31A1.73,1.73,0,0,0,311.53,358.25Z"/><path class="cls-1" d="M309,362.19c-.23.44.69,1.21,1.21,1s.91-.86.67-1.23S309.27,361.74,309,362.19Z"/><path class="cls-1" d="M296.9,361.88c-.35.2-.28.49-.16.77a.57.57,0,0,0,.89.31,2.25,2.25,0,0,0,.43-.68A.84.84,0,0,0,296.9,361.88Z"/><path class="cls-1" d="M296.42,357.05a1.79,1.79,0,0,0-1.55-.86,1.16,1.16,0,0,0-.59,1.6c.19.51.83.68,1.55.4A.84.84,0,0,0,296.42,357.05Z"/><path class="cls-1" d="M300.84,361.45a2.06,2.06,0,0,0-.43,2.72c.46.54,1.23,0,1.38-.46s.16-.31.67-.43,1.15-.6.66-1.39A1.75,1.75,0,0,0,300.84,361.45Z"/><path class="cls-1" d="M297.48,359.11a2.22,2.22,0,0,0,.43-.67.84.84,0,0,0-1.16-.4c-.35.2-.28.48-.16.77S297.18,359.38,297.48,359.11Z"/><path class="cls-1" d="M292.36,360.91a1.84,1.84,0,0,0-.83,2.12,1.66,1.66,0,0,0,2,1,2.4,2.4,0,0,0,.94-2.38A1.64,1.64,0,0,0,292.36,360.91Z"/><path class="cls-1" d="M300.81,358.76a.77.77,0,0,0,.5-1.08.92.92,0,0,0-1.19-.55.87.87,0,0,0-.33,1.17A.82.82,0,0,0,300.81,358.76Z"/><path class="cls-1" d="M300.47,354.87a1.76,1.76,0,0,0,.59-2,1,1,0,0,0-1.41-.45,1.31,1.31,0,0,0-.63.53.67.67,0,0,0,.15,1.29C299.49,354.77,300.06,355.07,300.47,354.87Z"/><path class="cls-1" d="M312.39,354.34c-1.35,0-1-.92-1.95-1.26a1.63,1.63,0,0,0-.46,0,1.9,1.9,0,0,0-.44.15,1.26,1.26,0,0,0,.06-.55,1.65,1.65,0,0,0-.35-.86,1.7,1.7,0,0,0,.26-1.45,1.14,1.14,0,0,0-1.65-.65,1.12,1.12,0,0,0-.65,1,.58.58,0,0,0-.24.39c-.15.69.29.87.5.9s.49.37.25.42-.39.31-.27.9a.89.89,0,0,0,1,.84,1.07,1.07,0,0,0,.47-.14,1.23,1.23,0,0,0,.27.91,7.33,7.33,0,0,0,1.29,1.26,1.7,1.7,0,0,0,2-.3C312.75,355.54,313.09,354.74,312.39,354.34Z"/><path class="cls-1" d="M329.17,363.48a.58.58,0,0,0-.21.54c0,.14.36.45.56.41s.24-.55.17-.68S329.33,363.42,329.17,363.48Z"/><path class="cls-1" d="M322.44,364c-.09.23.29.68.5,1,.06.09.26.09.49.16.09-.41.6-.95.28-1.29A.78.78,0,0,0,322.44,364Z"/><path class="cls-1" d="M323.33,354.92a.64.64,0,0,0-.48.85c.17.69.5,1.09.84,1a1.44,1.44,0,0,0,.82-1.23A1.21,1.21,0,0,0,323.33,354.92Z"/><path class="cls-1" d="M322.55,357.7c-.49.2-.66,1-.35,1.69a.65.65,0,0,0,.92.35c.59-.22,1-.89.81-1.31A1.36,1.36,0,0,0,322.55,357.7Z"/><path class="cls-1" d="M314.07,359.43a.26.26,0,0,0-.14.34.28.28,0,0,0,.34.09c.08,0,.11-.25.07-.31S314.17,359.38,314.07,359.43Z"/><path class="cls-1" d="M327.72,361.66c-.2.08-.15.5-.1.67s.29.13.45.19c.06-.19.19-.38.16-.55S327.93,361.59,327.72,361.66Z"/><path class="cls-1" d="M328.86,357.62a1.76,1.76,0,0,0-.76,2.05,1.3,1.3,0,0,0,2.21-1.33A1.19,1.19,0,0,0,328.86,357.62Z"/><path class="cls-1" d="M291.77,359.5a1,1,0,0,0-.5-.65c-.45-.22-.77,0-1.27.83.29.4.48,1,1.16.76A.8.8,0,0,0,291.77,359.5Z"/><path class="cls-1" d="M327.48,355.58a1.13,1.13,0,0,0-1.58-.63,1.38,1.38,0,0,0-.8,1.95,1.47,1.47,0,0,0,1.76.86C327.53,357.54,327.83,356.45,327.48,355.58Z"/><path class="cls-1" d="M256.14,354.33a.65.65,0,0,0,.23-.37,1.36,1.36,0,0,0-.75-1.36c-.52-.11-1.09.46-1.22,1.21a.64.64,0,0,0,.58.8,1.14,1.14,0,0,0,.45,0s-.05,0-.06.07c-.21.34,0,.56.23.74s.8.21.93-.16a2.56,2.56,0,0,0,.05-.81A1,1,0,0,0,256.14,354.33Z"/><path class="cls-1" d="M317.08,359.23c.6-.26.75-.8.42-1.52s-.8-.72-1.51-.38c-.5.24-.73.66-.58,1.06A1.83,1.83,0,0,0,317.08,359.23Z"/><path class="cls-1" d="M315.52,357.22c.53.18.94-.4,1-.69a.76.76,0,0,0-1-.56.73.73,0,0,0-.35.56,3,3,0,0,0-.17-.46,1.17,1.17,0,0,0-1.35-.5c-.49.22-1,1.41-.84,1.8a1.46,1.46,0,0,0,1.83.34.91.91,0,0,0,.55-1A.87.87,0,0,0,315.52,357.22Z"/><path class="cls-1" d="M320.45,355.65a8.07,8.07,0,0,0-1.25.44c-.36.15-.4.42-.22.8.11,0,.27.16.38.12a1.88,1.88,0,0,1,1.19.1c.18.05.57-.23.67-.45a1,1,0,0,0-.08-.83C321.05,355.68,320.67,355.61,320.45,355.65Z"/><path class="cls-1" d="M319.07,353.05a.84.84,0,0,0-.61-.43,1.51,1.51,0,0,0-1.72-.48,1.48,1.48,0,0,0-.36,1.55,1,1,0,0,0,1.17.4h0a1,1,0,0,0,1.06.19A.87.87,0,0,0,319.07,353.05Z"/><path class="cls-1" d="M322.63,352.82a1.43,1.43,0,0,0-1.45-.29,1.22,1.22,0,0,0-.15,1.34.64.64,0,0,0,1,.12C322.57,353.57,322.82,353.11,322.63,352.82Z"/><path class="cls-1" d="M319.07,359.06c-.38.16-.75.92-.6,1.22a1.22,1.22,0,0,0,1.38.47.86.86,0,0,0,.34-1.16A1,1,0,0,0,319.07,359.06Z"/><path class="cls-1" d="M279.6,359.87a.87.87,0,0,0,.31-.7.54.54,0,0,0-.79-.38c-.21.12-.62.73-.48,1S279.42,360,279.6,359.87Z"/><path class="cls-1" d="M266.81,359.28c.1-.48-.52-1.19-1.17-1.33a1,1,0,0,0-1.3.75c-.13.71.33,1.55.9,1.62A1.51,1.51,0,0,0,266.81,359.28Z"/><path class="cls-1" d="M273.91,360c-.19.82-.1,1.26.33,1.38.6.16.88-.21,1.06-.73A1.2,1.2,0,0,0,273.91,360Z"/><path class="cls-1" d="M271.41,355.83a1.51,1.51,0,0,0-.24-2.25c-1-.8-1.6.33-2-.39s.43-.78-.22-1.74-1.86-1-2.19-.24.14,1.3,0,1.44-.86.65-.49,1.19c.79,1.13,1.62.17,2,.43s.58,1.1,1,1.53A1.36,1.36,0,0,0,271.41,355.83Z"/><path class="cls-1" d="M265.64,364c-.16.51.49.83.69,1.17l.27,0,.53-1.26-.21-.29C266.54,363.67,265.8,363.44,265.64,364Z"/><path class="cls-1" d="M273.29,355.26a1.34,1.34,0,0,0-.86.51c-.19.28.25.84.65.83s.51-.24.65-.31C273.86,355.67,273.64,355.21,273.29,355.26Z"/><path class="cls-1" d="M270.67,362.74c0,.13.23.4.35.39a.6.6,0,0,0,.46-.33c0-.14-.2-.32-.37-.57C270.91,362.45,270.69,362.58,270.67,362.74Z"/><path class="cls-1" d="M271.57,358.51c-.44-.09-.6.4-.62.58s.2.41.32.62c.2-.13.52-.22.58-.39S272,358.6,271.57,358.51Z"/><path class="cls-1" d="M266.78,362.23c.05,0,.23-.08.22-.11a1,1,0,0,0-.13-.32c-.08.05-.23,0-.26.16S266.71,362.19,266.78,362.23Z"/><path class="cls-1" d="M258,359.28c0-.09,0-.49-.26-.53s-.4.33-.45.5.17.26.27.4C257.74,359.53,258,359.44,258,359.28Z"/><path class="cls-1" d="M263.37,350.25a1.59,1.59,0,0,0-1.19.29,1,1,0,0,0-.23-1,2.31,2.31,0,0,1-.49-.8,1.28,1.28,0,0,0-1-1.08c-.43-.08-1.28.67-1.37,1.17s-.19.95.38,1.23c.12.44.3.83.85.74a.68.68,0,0,0,.31-.13l.19.11a.75.75,0,0,0,.78.29,1.35,1.35,0,0,0-.24.48c-.21.81.45,1.61,1.55,1.86a1.42,1.42,0,0,0,1.72-1.05A1.88,1.88,0,0,0,263.37,350.25Z"/><path class="cls-1" d="M257.4,349.16c.58-.07,1-.29,1-.6s-.65-1-1.05-1-.86.6-.87,1a.29.29,0,0,0,0,.09.8.8,0,0,0-.33,1.51.82.82,0,0,0,1.11-.1A.8.8,0,0,0,257.4,349.16Z"/><path class="cls-1" d="M258.43,351.89c.14-.31-.23-1-.63-1.2a.65.65,0,0,0-.87.46c-.23.67-.18,1.18.14,1.32A1.44,1.44,0,0,0,258.43,351.89Z"/><path class="cls-1" d="M260.94,356a1.76,1.76,0,0,0-1.76,1.3c-.08.46.46,1.08,1,1.17a1.23,1.23,0,0,0,1.55-1.07C261.84,356.71,261.46,356,260.94,356Z"/><path class="cls-1" d="M259.68,355a.74.74,0,0,0,.79-.55,2,2,0,0,0,.43-.91,1,1,0,0,0,0-.35.88.88,0,0,0-.12-1.53,1.75,1.75,0,0,0-2.2.74.76.76,0,0,0-.11.26,1.92,1.92,0,0,0-.29.68,1.48,1.48,0,0,0,1,1.69A.91.91,0,0,0,259.68,355Z"/><path class="cls-1" d="M258,361.06a.6.6,0,0,0-.47.33.73.73,0,0,0,.24.66c.19.07.5-.33.52-.48S258.15,361.09,258,361.06Z"/><path class="cls-1" d="M291.18,356.43a.85.85,0,0,0,.41-1.13.86.86,0,0,0-1.09-.55.9.9,0,0,0-.52,1.11A1,1,0,0,0,291.18,356.43Z"/><path class="cls-1" d="M284.74,354.31a1.46,1.46,0,0,0-1.12-1.05,1.57,1.57,0,0,0-1.9,1.31.27.27,0,0,0,0,.09c-.43,0-1,.42-1,.79a.87.87,0,0,0,.84.74.7.7,0,0,0,.48-.43,1.09,1.09,0,0,0,.61.36,2.06,2.06,0,0,0,2.08-1.11c.16-.1.34-.31.25-.52A.31.31,0,0,0,284.74,354.31Z"/><path class="cls-1" d="M283.24,359.28c-.09,0-.37.06-.39.24a.59.59,0,0,0,.25.5c.12.05.57,0,.63-.25S283.4,359.35,283.24,359.28Z"/><path class="cls-1" d="M283.3,356.31c-.44.49.13,1.17.43,1.3s1.12-1.12,1-1.48S283.75,355.83,283.3,356.31Z"/><path class="cls-1" d="M286.07,352.87c.41,0,.83,0,1-.54a.86.86,0,0,0-.16-.83l0-.06a1.71,1.71,0,0,0-.73-1.87.68.68,0,0,0-.93.06,4.85,4.85,0,0,0-1.3,2.54,1.35,1.35,0,0,0,.07.46A1.08,1.08,0,0,0,286,353Z"/><path class="cls-1" d="M288.89,353.26a.87.87,0,0,0-1,1.05,1.18,1.18,0,0,0,.71.74,1,1,0,0,0,.84-.35A1,1,0,0,0,288.89,353.26Z"/><path class="cls-1" d="M287.21,357.11a.5.5,0,0,0,0-.12c-.05-.31-.67-.29-.82-.21a.61.61,0,0,0-.2.54,1.23,1.23,0,0,0-.65,1.57A2,2,0,0,0,287.8,360a1.47,1.47,0,0,0,.67-1.85A1.64,1.64,0,0,0,287.21,357.11Z"/><path class="cls-1" d="M287.09,362.37a.64.64,0,0,0-.62.19.68.68,0,0,0,.12.65.72.72,0,0,0,.78,0C287.6,363,287.24,362.45,287.09,362.37Z"/><path class="cls-1" d="M277.73,355.27a1.2,1.2,0,0,0-.2-1.48,1.07,1.07,0,0,0,.46-1.32,5.91,5.91,0,0,0-.56-1.26.41.41,0,0,0-.26-.45,1.74,1.74,0,0,0-1.89-.36c-.36.17-.57.44-.47.81a4.77,4.77,0,0,0,1.39,2.49,1.65,1.65,0,0,0,.41.2,1.59,1.59,0,0,0,.53,0c-.51.25-.73.53-.61.88C276.73,355.38,277.2,355.41,277.73,355.27Z"/><path class="cls-1" d="M279,354.78c.05-.12,0-.58-.27-.63s-.48.31-.49.44a.5.5,0,0,0,.27.53C278.69,355.18,278.9,354.93,279,354.78Z"/><path class="cls-1" d="M282.84,360.93a.62.62,0,0,0-.28.49c0,.13.34.46.55.38s.18-.5.14-.68S283,360.85,282.84,360.93Z"/><path class="cls-1" d="M334,352.18a3.76,3.76,0,0,1,1,.44,1,1,0,0,0-.22.12c-.15.12-.14.44-.2.67.23,0,.51.21.68.13s.52-.34.42-.66h0c.87.15,1.74-.21,1.8-1.15a1.78,1.78,0,0,0-.2-1h.09a1.52,1.52,0,0,0,1.4-1.78c-.14-1.24-1.38-.88-1.17-1.68.14-.57.51-.46.79-.78a4.12,4.12,0,0,0,1.61.76,1.39,1.39,0,0,0,.26,1,1.09,1.09,0,0,0,1.68.19c.56-.44.71-1.05.36-1.46a1.52,1.52,0,0,0-.77-.45,1.07,1.07,0,0,0-.4-1.2,5.89,5.89,0,0,0-.57-.41,1.11,1.11,0,0,0,.5-.19s.05-.07.08-.11h-4.47c-.23.3-.29.6-.42.61s-1.06-.14-1.17.51a1.76,1.76,0,0,0,0,.32,1.17,1.17,0,0,0-.2.05,1.71,1.71,0,0,0-.73,2,1.26,1.26,0,0,0,1.53.31,1.49,1.49,0,0,0,.39-.27,3.68,3.68,0,0,0-.2,1.13,2,2,0,0,0,.18.75h0c-1.25-.13-1.16,1.16-1.89.78s-.08-.88-1.15-1.33a1.66,1.66,0,0,0-1-.12,1.78,1.78,0,0,0-.11-.82,1.58,1.58,0,0,0,.53-1.66c-.18-.4-.93-.56-1.53-.33a1.09,1.09,0,0,0-.75,1.32,1.48,1.48,0,0,0,.08.13,1.37,1.37,0,0,0-.39,1.7,1.51,1.51,0,0,0,1.22.51.61.61,0,0,0,0,.27c.14.81.83,1,.81,1.2s-.36,1,.24,1.25C333.42,353.4,333.59,352.14,334,352.18Z"/><path class="cls-1" d="M277.29,356.7c-.42.09-.61,1.28-.17,1.52a.86.86,0,0,0,1.08-.29C278.43,357.47,277.7,356.61,277.29,356.7Z"/><path class="cls-1" d="M279.9,355.28c-.36-.09-.79.64-.63,1.28s1,.55,1.32.37S280.27,355.38,279.9,355.28Z"/><path class="cls-1" d="M279.76,361a.53.53,0,0,0-.75.44c0,.24.26.92.53.93s.61-.52.63-.73A.84.84,0,0,0,279.76,361Z"/><path class="cls-1" d="M317.31,361.83a.77.77,0,0,0-.47,1,.68.68,0,0,0,1,.33.61.61,0,0,0,.36-.82A.65.65,0,0,0,317.31,361.83Z"/><path class="cls-1" d="M387.34,352.89c.24-.64-.08-1.15-.88-1.43a1.19,1.19,0,0,0-1.32.58,2,2,0,0,0,.65,1.88C386.32,354.1,387.08,353.59,387.34,352.89Z"/><path class="cls-1" d="M393.24,351.41a.87.87,0,0,0-.56-1.08,1,1,0,0,0-1.18.4c-.15.38.1,1.18.42,1.29A1.22,1.22,0,0,0,393.24,351.41Z"/><path class="cls-1" d="M386.09,345a1.33,1.33,0,0,0,.12-.39H384a1.73,1.73,0,0,0,.63,1.1A1.1,1.1,0,0,0,386.09,345Z"/><path class="cls-1" d="M385.83,348.76a1,1,0,0,0,1.13-.54c.29-.83.14-1.5-.38-1.68a1.17,1.17,0,1,0-.75,2.22Z"/><path class="cls-1" d="M338.08,352.44a1.6,1.6,0,0,0,.68.24c.53-.36.69-.84.4-1a.67.67,0,0,0-.14-.09.57.57,0,0,0,.32-.09c.21-.15.3-.48.38-.62-.24-.59-.67-.85-.94-.61a1.38,1.38,0,0,0-.44.89.36.36,0,0,0,.16.27.81.81,0,0,0-.31,0C337.86,351.47,337.78,352.17,338.08,352.44Z"/><path class="cls-1" d="M387.7,358.52c-.43-.1-1.36,1-1.22,1.44s1.34.39,1.6-.1S388.12,358.62,387.7,358.52Z"/><path class="cls-1" d="M389.44,350.86c-.61-.24-1.08,0-1.35.77a.87.87,0,0,0,.32,1.17,1.82,1.82,0,0,0,1.78-.56C390.44,351.64,390.17,351.15,389.44,350.86Z"/><path class="cls-1" d="M387.15,357.27s-.1-.4-.2-.42-.55,0-.66.16.25.5.34.5A.81.81,0,0,0,387.15,357.27Z"/><path class="cls-1" d="M375.75,355.5a.8.8,0,0,0-.37.95c.18.39.47.4,1.28,0A.75.75,0,0,0,375.75,355.5Z"/><path class="cls-1" d="M383.7,356.58a.56.56,0,0,0-1-.36c-.37.46-.91.87-.89,1.61l.58.62c-.14.78.08,1.51.52,1.64a.77.77,0,0,0,.92-.34c.41-.6.35-.9-.22-1.54A11.6,11.6,0,0,0,383.7,356.58Z"/><path class="cls-1" d="M377.84,348.82a.91.91,0,0,0-.48-1.17,2.51,2.51,0,0,0-.72.54c-.23.33,0,.66.32.81S377.62,349.21,377.84,348.82Z"/><path class="cls-1" d="M375.63,350.77a1.58,1.58,0,0,0-.62-.51.63.63,0,0,0-1.09-.58.7.7,0,0,0-.23.64,1.12,1.12,0,0,0,.27.41.76.76,0,0,0,0,.57,1,1,0,0,0,.7.56C375.32,351.86,375.55,351.37,375.63,350.77Z"/><path class="cls-1" d="M382.69,351c.45-.18,1-.19,1.17-.57a.86.86,0,0,0,0-.75c-.09-.22-.08-.49-.37-.73a1.77,1.77,0,0,0-1.51-.39,1.33,1.33,0,0,0-1,1,1.16,1.16,0,0,0,.41,1.08A1.39,1.39,0,0,0,382.69,351Z"/><path class="cls-1" d="M378.11,358.78c0,.17-.14.43.11.56a.32.32,0,0,0,.45-.15c.07-.16.19-.57,0-.68S378.14,358.68,378.11,358.78Z"/><path class="cls-1" d="M379,352.15c-.33-.34-.63-.26-1.07,0s-1.07.67-.7,1.26.82.42,1,.29.6-.07.47.13-.06.49.43.83a.89.89,0,0,0,1.32-.11,1.3,1.3,0,0,0-.2-1.83C379.68,352.25,379.33,352.49,379,352.15Z"/><path class="cls-1" d="M412.72,349.5a.78.78,0,0,0-1.16.52c0,.25.49.56.79.8.08.07.27,0,.52,0C412.82,350.39,413.13,349.72,412.72,349.5Z"/><path class="cls-1" d="M406.81,346.46a1.27,1.27,0,0,0-.19,1.35,1.23,1.23,0,0,0,1.46,0,.86.86,0,0,0,0-1.21A1,1,0,0,0,406.81,346.46Z"/><path class="cls-1" d="M409.45,344.61a1.6,1.6,0,0,0,.42,1.17.65.65,0,0,0,1,0,1.33,1.33,0,0,0,.48-1.21Z"/><path class="cls-1" d="M406,349.65a.76.76,0,0,0-.13,1.09.68.68,0,0,0,1,0,.61.61,0,0,0,.09-.89A.66.66,0,0,0,406,349.65Z"/><path class="cls-1" d="M415.84,346.18c-.17.13,0,.52.11.66s.32,0,.49,0a1.58,1.58,0,0,0,0-.58C416.38,346.21,416,346,415.84,346.18Z"/><path class="cls-1" d="M393.12,353.72a.66.66,0,0,0-1,.22.77.77,0,0,0,.36,1,.67.67,0,0,0,.91-.42A.61.61,0,0,0,393.12,353.72Z"/><path class="cls-1" d="M417.79,347.44a.57.57,0,0,0,0,.58c.08.12.49.31.66.21s.05-.59-.05-.7S417.92,347.33,417.79,347.44Z"/><path class="cls-1" d="M403.34,345.8a.87.87,0,0,0-.22,1.19,1.81,1.81,0,0,0,1.85.27c.49-.43.46-1-.08-1.57S403.9,345.25,403.34,345.8Z"/><path class="cls-1" d="M373.22,359.92a.79.79,0,0,0-.37.95.73.73,0,0,0,1.28,0A.75.75,0,0,0,373.22,359.92Z"/><path class="cls-1" d="M398.85,352c-.23-.36-.23-1.1-.7-1.12s-1,.45-.83,1c.1.23.69.29,1.07.38C398.49,352.29,398.63,352.15,398.85,352Z"/><path class="cls-1" d="M396.52,347.62c-.53.27-1.2.4-1.5,1.08.08.25.17.53.25.8-.46.65-.58,1.4-.24,1.71a.77.77,0,0,0,1,.09c.63-.36.71-.66.47-1.48a13.73,13.73,0,0,0,.77-1.45A.56.56,0,0,0,396.52,347.62Z"/><path class="cls-1" d="M394.55,346.9a1.35,1.35,0,0,0-1.49.43c-.22.49.21,1.17.91,1.46a.65.65,0,0,0,.91-.39C395.15,347.83,395,347.07,394.55,346.9Z"/><path class="cls-1" d="M402.12,346.62c.49-.47.43-1.07-.18-1.67a1.17,1.17,0,0,0-1.44-.05,2.2,2.2,0,0,0-.39,1.55h0c-.07-.06-.48-.06-.58.14s.24.46.39.54.3-.11.46-.17v0A1.49,1.49,0,0,0,402.12,346.62Z"/><path class="cls-1" d="M402.39,346.7c-.14-.05-.49,0-.56.17a.59.59,0,0,0,.22.54c.13.07.58.07.69-.1S402.53,346.75,402.39,346.7Z"/><path class="cls-1" d="M398.3,352.62c-.08.5,1,.94,1.47.6s.59-1.1.24-1.37S398.37,352.13,398.3,352.62Z"/><path class="cls-1" d="M391.84,347.93c-.1-.14-.31-.11-.45-.05a.75.75,0,0,0,0-.37,1,1,0,0,0-.63-.54c-.17,0-.49.17-.62.36a7.75,7.75,0,0,0-.59,1.19c-.15.35,0,.57.4.71.1,0,.31-.07.36-.17a1.57,1.57,0,0,1,.78-.68.19.19,0,0,0,0,.12.31.31,0,0,0,.47.06C391.71,348.44,392,348.13,391.84,347.93Z"/><path class="cls-1" d="M340.78,357.25c0,.29-.15.52-.08.67a.52.52,0,0,0,.51.13.58.58,0,0,0,.2-.53C341.35,357.39,341.06,357.36,340.78,357.25Z"/><path class="cls-1" d="M345.69,357a1.26,1.26,0,0,0-.4,1.77,2,2,0,0,0,2.41.57,1.46,1.46,0,0,0,.26-2A1.57,1.57,0,0,0,345.69,357Z"/><path class="cls-1" d="M341,355.45c-.36-.23-1.33.49-1.18,1a.86.86,0,0,0,1,.54C341.31,356.8,341.39,355.68,341,355.45Z"/><path class="cls-1" d="M344.35,349.74c-.1-.5-1.14-.81-1.44-.51-.15.15-.1.5,0,.8a4.49,4.49,0,0,0-.62,2.51,1.29,1.29,0,0,0,.16.43,1.33,1.33,0,0,0,.71.56,1.21,1.21,0,0,0-1.33.29c.29.79.61,1.11,1,1,0,0,.07,0,.11-.05a.39.39,0,0,0,0,.4c.11.19.44.17.59.1s.42-.4.24-.64a.43.43,0,0,0-.48-.11,1.07,1.07,0,0,0,.07-.89.69.69,0,0,0-.13-.05,1.09,1.09,0,0,0,1.21-.64,7.32,7.32,0,0,0,.6-1.7A1.63,1.63,0,0,0,344.35,349.74Z"/><path class="cls-1" d="M347.51,361.86a.64.64,0,0,0-.57.32.68.68,0,0,0,.25.61.71.71,0,0,0,.76-.21C348.13,362.33,347.67,361.91,347.51,361.86Z"/><path class="cls-1" d="M339,360c-.18.16-.45.84-.27,1.05s.81,0,1-.09a.84.84,0,0,0,.16-.75A.54.54,0,0,0,339,360Z"/><path class="cls-1" d="M342.54,356.73c-.34.57.36,1.12.69,1.18s.86-1.33.66-1.65S342.88,356.16,342.54,356.73Z"/><path class="cls-1" d="M343.05,361.35a.61.61,0,0,0-.17.53c.05.12.43.38.62.26s.07-.53,0-.69A.35.35,0,0,0,343.05,361.35Z"/><path class="cls-1" d="M340.85,351a.8.8,0,0,0,.14-1.11.6.6,0,0,0-1-.08,2.22,2.22,0,0,0-.27.8C340.12,351.17,340.54,351.26,340.85,351Z"/><path class="cls-1" d="M332.07,355.17a.53.53,0,0,0,0,.53.6.6,0,0,0,.56.08c.11-.08.08-.37.13-.67C332.45,355.13,332.19,355.07,332.07,355.17Z"/><path class="cls-1" d="M373.83,356.56a2,2,0,0,0-.54-1.87,1,1,0,0,0-.7-.28A1.57,1.57,0,0,0,371,356c0,.19,0,.37,0,.57a9.75,9.75,0,0,0-1-.09c-.64,0-.89.23-1,.85a1.27,1.27,0,0,0,.64,1.35,1.15,1.15,0,0,0,1.37-.18,6.33,6.33,0,0,0,.73-.87,4.93,4.93,0,0,0,.55,0A1.74,1.74,0,0,0,373.83,356.56Z"/><path class="cls-1" d="M333.87,356.67a1.05,1.05,0,0,0-.68,1.35,1.41,1.41,0,0,0,1.64.85,1.51,1.51,0,0,0,.74-1.73A1.48,1.48,0,0,0,333.87,356.67Z"/><path class="cls-1" d="M338,360.65c-.25.31-1,.52-.85,1s.86.43,1.22.61l.21-.18-.24-1.34Z"/><path class="cls-1" d="M337.3,359.41a2.23,2.23,0,0,0-.3-.2c0,.09-.17.16-.13.29s.22.14.3.13S337.31,359.43,337.3,359.41Z"/><path class="cls-1" d="M336.32,355.44c-.7.45-.95.83-.72,1.22s.78.46,1.27.22A1.21,1.21,0,0,0,336.32,355.44Z"/><path class="cls-1" d="M339.53,355.05c.11-.22.32-.46.28-.64s-.27-.69-.68-.53-.28.66-.21.83S339.32,354.94,339.53,355.05Z"/><path class="cls-1" d="M360.44,354.31a.92.92,0,0,0-1.28-.29.86.86,0,0,0-.08,1.21.81.81,0,0,0,1.09.23A.77.77,0,0,0,360.44,354.31Z"/><path class="cls-1" d="M357,359.34c-.3.27-.17.53,0,.78a.57.57,0,0,0,.94.12,2.68,2.68,0,0,0,.28-.75A.84.84,0,0,0,357,359.34Z"/><path class="cls-1" d="M359.11,352.94c-.58-.25-.85,0-1,.29s-.14.75.26.84a1,1,0,0,0,.86-.28C359.35,353.55,359.16,353.16,359.11,352.94Z"/><path class="cls-1" d="M360.77,358.09a2.05,2.05,0,0,0,.14,2.75c.57.43,1.21-.23,1.25-.74s.1-.34.57-.56a.88.88,0,0,0,.35-1.5A1.74,1.74,0,0,0,360.77,358.09Z"/><path class="cls-1" d="M370.28,354.81a1.68,1.68,0,0,0,.27-2.09,1.23,1.23,0,0,0-1.65,0,1.49,1.49,0,0,0-.36.45,1.42,1.42,0,0,0-.44-.36,1.82,1.82,0,0,0-1.5,0,.38.38,0,0,0,0-.1c-.19-.37-.78-.6-1-.32s-.63.81-.36,1.14.66.16.94,0a1.52,1.52,0,0,0,.71,1.42,1.51,1.51,0,0,0,1.81-.72s0,.08.07.12A1.11,1.11,0,0,0,370.28,354.81Z"/><path class="cls-1" d="M365.43,357.45a.64.64,0,0,0-.56.16c-.09.13.09.46.22.54s.61.08.69-.1S365.57,357.5,365.43,357.45Z"/><path class="cls-1" d="M364.81,356.4a2.15,2.15,0,0,1-.23-.91,1.26,1.26,0,0,0-.64-1.33,1.75,1.75,0,0,0-1.66.71c-.22.43-.48.87,0,1.32s.7.7,1,1.05a.72.72,0,0,0,1.08.42A1,1,0,0,0,364.81,356.4Z"/><path class="cls-1" d="M349.28,351.13a1.1,1.1,0,0,0,1.79.46.63.63,0,0,0,.13.3,1,1,0,0,0,1.26-.05,1,1,0,0,0,.32-1.4.86.86,0,0,0-1.22-.08h0a1.61,1.61,0,0,0-.48-.7,1.65,1.65,0,0,1-.65-1c-.1-.68-.68-1-1.21-1.25a1.53,1.53,0,0,0-1.64.43l-.11.13a1.48,1.48,0,0,0-.24-1.06c-.33-.42-1-.41-1.6,0l-.16.16c-.36-.3-.93-.58-1.15-.51s-.31,1,.17,1.42a.61.61,0,0,0,.6.15.68.68,0,0,0,.09.25,1.58,1.58,0,0,0,1.84.43.58.58,0,0,0,.18-.17,1.53,1.53,0,0,0,.17.71,2.73,2.73,0,0,0,1.39,1.25A1.34,1.34,0,0,1,349.28,351.13Z"/><path class="cls-1" d="M357.27,355.76a.85.85,0,0,0-1.22-.15c-.3.27-.17.53,0,.79a.57.57,0,0,0,.94.11A2.68,2.68,0,0,0,357.27,355.76Z"/><path class="cls-1" d="M350.27,355.2a.86.86,0,0,0,.16-1.19.87.87,0,0,0-1.18-.31.91.91,0,0,0-.28,1.19A1,1,0,0,0,350.27,355.2Z"/><path class="cls-1" d="M347.77,352.73c.05,0,.1,0,.13,0,.24-.14.22-.77.12-1a.83.83,0,0,0-.69-.32.53.53,0,0,0-.39.78,1.14,1.14,0,0,0,.39.35.89.89,0,0,0-.74,1.24,1.18,1.18,0,0,0,.85.57,1,1,0,0,0,.76-.51A1,1,0,0,0,347.77,352.73Z"/><path class="cls-1" d="M350.87,357.55c-.5-.12-.76.18-1.07,1.07.36.34.66.85,1.29.51a.82.82,0,0,0,.4-1.06A1.07,1.07,0,0,0,350.87,357.55Z"/><path class="cls-1" d="M352.36,359.33a1.84,1.84,0,0,0-.37,2.25,1.67,1.67,0,0,0,2.2.51,2.42,2.42,0,0,0,.41-2.53A1.64,1.64,0,0,0,352.36,359.33Z"/><path class="cls-1" d="M353.83,354.2a1.16,1.16,0,0,0-.25,1.69c.29.46,1,.48,1.6.06a.84.84,0,0,0,.34-1.24A1.78,1.78,0,0,0,353.83,354.2Z"/><path class="cls-1" d="M174.66,342.19a.59.59,0,0,0,.29-.49c0-.13-.31-.22-.56-.38-.1.27-.25.49-.21.64A.54.54,0,0,0,174.66,342.19Z"/><path class="cls-1" d="M174.11,344.46a.83.83,0,0,0,.5-1,.86.86,0,0,0-1.09-.52.67.67,0,0,0-.48,1A.82.82,0,0,0,174.11,344.46Z"/><path class="cls-1" d="M190.77,350.52a.84.84,0,0,0-.44,1.13.67.67,0,0,0,1,.44.82.82,0,0,0,.48-1.1A.87.87,0,0,0,190.77,350.52Z"/><path class="cls-1" d="M171.7,347.25c-.12,0-.46.34-.38.55s.51.17.68.13a.35.35,0,0,0,.19-.41A.58.58,0,0,0,171.7,347.25Z"/><path class="cls-1" d="M174.7,333.77a1,1,0,0,0-.46.45c-.16-.2-.35-.28-.53-.17a1.54,1.54,0,0,0-.44.44,1.05,1.05,0,0,0-1.08-.22,1.54,1.54,0,0,0-1.08-1c-1.2-.35-1.35.93-2,.42s.09-.88-.88-1.52-2.11-.19-2.12.63.64,1.14.58,1.32-.54.93,0,1.28c1.16.74,1.56-.47,2-.35s1,.79,1.55,1a1.88,1.88,0,0,0,1.14.07,1.75,1.75,0,0,0,1.57.35,1.21,1.21,0,0,0,.78-1.12.57.57,0,0,0,.32,0l.08-.05a0,0,0,0,0,0,0,.75.75,0,0,0,1,.38,1.16,1.16,0,0,0,.72-1.36A.94.94,0,0,0,174.7,333.77Z"/><path class="cls-1" d="M171.34,344.34l-.3-.19a5.47,5.47,0,0,1-.73.38.79.79,0,0,0-.86-.1.93.93,0,0,0-.42,1.24.87.87,0,0,0,1.22.42.79.79,0,0,0,.4-.46,2.38,2.38,0,0,1,.45.21l.24-.13Z"/><path class="cls-1" d="M174.1,337.77a.83.83,0,0,0-.27.17.39.39,0,0,0-.45-.23c-.44.08-.4.6-.35.77s.25.26.43.37a.19.19,0,0,0,0,.08,1.82,1.82,0,0,0,1.7.83,1.12,1.12,0,0,0,.49-1.63C175.41,337.57,174.82,337.43,174.1,337.77Z"/><path class="cls-1" d="M174.36,346a.94.94,0,0,0-.54,1.2,1,1,0,0,0,1.17.4,1,1,0,0,0,.4-1.18A.78.78,0,0,0,174.36,346Z"/><path class="cls-1" d="M171.46,340.52a.62.62,0,0,0,.36-.9.89.89,0,0,0-.75-.18c-.21.08-.64.51-.56.78S171.21,340.54,171.46,340.52Z"/><path class="cls-1" d="M163.74,336.44a1.12,1.12,0,0,0-.71,1.45,1.69,1.69,0,0,0,2,.69,1.23,1.23,0,0,0,.35-1.61A1.13,1.13,0,0,0,163.74,336.44Z"/><path class="cls-1" d="M178.47,342.82a1.69,1.69,0,0,0-2-.68,1.06,1.06,0,0,0-.33,1.39,1.16,1.16,0,0,0,1.59.66C178.32,343.91,178.68,343.24,178.47,342.82Z"/><path class="cls-1" d="M166.36,333.75c-.19-.24-.67-.78-1.05-.59s-.26.78-.21,1a.55.55,0,0,0,.73.49C166.23,334.57,166.58,334.05,166.36,333.75Z"/><path class="cls-1" d="M162.6,339.5a1.74,1.74,0,0,0-1.12,1.87,1.3,1.3,0,0,0,2.41-.91C163.71,339.8,163.1,339.34,162.6,339.5Z"/><path class="cls-1" d="M170.31,342.56c-.05.07-.2.12-.18.25s.19.18.27.18.18-.16.16-.19A1.43,1.43,0,0,0,170.31,342.56Z"/><path class="cls-1" d="M166.74,342.14c-.25,0-.61.22-.67.42-.18.54.4.94.69,1a.76.76,0,0,0,.55-1A.71.71,0,0,0,166.74,342.14Z"/><path class="cls-1" d="M169.28,340.26a.94.94,0,0,0-.55-.6,1,1,0,0,0,.2-.24c0-1.36.92-1,1.25-2a1.28,1.28,0,0,0,0-.46,1.08,1.08,0,0,0-1.82-.76,6.75,6.75,0,0,0-1.26,1.3,1.7,1.7,0,0,0,.31,2s0,0,.06.05a1,1,0,0,0-.72,1.12c.16.7.91,1.3,1.46,1.14A1.5,1.5,0,0,0,169.28,340.26Z"/><path class="cls-1" d="M181.72,349.88a.61.61,0,0,0-.18.65.55.55,0,0,0,.51.22.53.53,0,0,0,.23-.48C182.23,350.12,182,349.75,181.72,349.88Z"/><path class="cls-1" d="M187.69,347.73a.54.54,0,0,0-.15.58c.09.17.3.48.48.37a.57.57,0,0,0,.24-.54C188.22,348,187.87,347.62,187.69,347.73Z"/><path class="cls-1" d="M184.5,349.29a.88.88,0,0,0-.33,1.18.82.82,0,0,0,1.17.31c.51-.23.73-.62.55-.95A1.41,1.41,0,0,0,184.5,349.29Z"/><path class="cls-1" d="M187.57,346.23c.4-.19.55-1.16.27-1.77a1,1,0,0,0-1.28-.39,1.19,1.19,0,0,0-.63,1.42A1.55,1.55,0,0,0,187.57,346.23Z"/><path class="cls-1" d="M187.53,352.1c-.13,0-.44.42-.38.55s.51.17.68.14.24-.36.19-.42A.68.68,0,0,0,187.53,352.1Z"/><path class="cls-1" d="M188.93,341.12l.08.09c.05,0,.39-.15.4-.25s0-.56-.25-.64-.46.31-.45.4v0a1.44,1.44,0,0,0-1.41-.29,1,1,0,0,0-.37.54.93.93,0,0,0-.68-.11c-.46.2-.22,1.38.3,1.57a1.15,1.15,0,0,0,.71,0,.89.89,0,0,0,.82,0C188.83,342.06,189.09,341.63,188.93,341.12Z"/><path class="cls-1" d="M191.27,343.65a1.24,1.24,0,0,0,.76-1.45c-.11-.64-.57-.87-1.44-.48a14,14,0,0,0-1.24,1.36.77.77,0,0,0,.18,1.12.81.81,0,0,0,1.12-.09A2.56,2.56,0,0,1,191.27,343.65Z"/><path class="cls-1" d="M189.25,345.49c-.4.17-.57.59-.3.89s.4.47.67.43.61-.8.4-1.17S189.53,345.37,189.25,345.49Z"/><path class="cls-1" d="M178.83,347.78c-.36.13-.55,1-.33,1.21a1,1,0,0,0,.88.05.51.51,0,0,0,.34-.79C179.53,347.91,179.28,347.62,178.83,347.78Z"/><path class="cls-1" d="M179.51,344.89a1,1,0,0,0-.41,1.26.79.79,0,0,0,1,.37.85.85,0,0,0,.52-1.19A.94.94,0,0,0,179.51,344.89Z"/><path class="cls-1" d="M178.05,350.3c-.25.06-.89.84-.72,1.24s1.21.27,1.54.12a1,1,0,0,0,.42-1.05C179.12,350.22,178.42,350.22,178.05,350.3Z"/><path class="cls-1" d="M182.22,338.18c.26-.1.36-.73.29-.92a.74.74,0,0,0-.34-.34,1.33,1.33,0,0,0,.11-1.17,2.34,2.34,0,0,0-2.36-.92,1.63,1.63,0,0,0-.7,2,1.77,1.77,0,0,0,2.07.91,1.4,1.4,0,0,0,.17-.09C181.64,337.93,182,338.25,182.22,338.18Z"/><path class="cls-1" d="M184.27,352.69c-.14.07-.12.26-.09.33s.25.11.31.07.17-.17.12-.27A.25.25,0,0,0,184.27,352.69Z"/><path class="cls-1" d="M161.83,345.31a.59.59,0,0,0-.31.49c0,.15.28.51.48.51s.33-.49.29-.64S162,345.28,161.83,345.31Z"/><path class="cls-1" d="M184.64,346a.82.82,0,0,0-.49-.62,1.33,1.33,0,0,0-1,.3c-.45.49.05.86.35,1.31C184.16,346.86,184.67,346.66,184.64,346Z"/><path class="cls-1" d="M183.05,341.9a.93.93,0,0,0-1.3-.47.79.79,0,0,0-.26,1.16c.22.34.46.72.84.55C183,342.81,183.24,342.32,183.05,341.9Z"/><path class="cls-1" d="M126.94,329.9c-.37-.21-1.3.56-1.13,1a.87.87,0,0,0,1,.5C127.29,331.23,127.31,330.11,126.94,329.9Z"/><path class="cls-1" d="M140.7,333.37a1.59,1.59,0,0,0-1.82-.37.52.52,0,0,0-.47-.17c-.16.07-.43.13-.39.41a.29.29,0,0,0,.2.27,1.84,1.84,0,0,0,0,2,1.65,1.65,0,0,0,2.22.4A2.42,2.42,0,0,0,140.7,333.37Z"/><path class="cls-1" d="M139,326.53a1,1,0,0,0-.18-.73,1.56,1.56,0,0,0-.34-.34.89.89,0,0,0,0-1.11.85.85,0,0,0-1.22,0h0a1.71,1.71,0,0,0-.51-.68,4,4,0,0,1-.42-.39h-3.43l.13.31a2.44,2.44,0,0,0,1.18,1.05,1.31,1.31,0,0,0-.58,1.2,1.13,1.13,0,0,0,.95,1,5.11,5.11,0,0,0,1.13.1,4.57,4.57,0,0,0,.29.47,1.72,1.72,0,0,0,1.79.67A2,2,0,0,0,139,326.53Z"/><path class="cls-1" d="M136.27,328a.86.86,0,0,0-1.19-.25.9.9,0,0,0-.23,1.2,1,1,0,0,0,1.31.25A.85.85,0,0,0,136.27,328Z"/><path class="cls-1" d="M136.87,331.54c-.5-.1-.75.21-1,1.12.38.31.71.82,1.31.44a.8.8,0,0,0,.35-1.07A1,1,0,0,0,136.87,331.54Z"/><path class="cls-1" d="M143.08,333c-.29.28-.15.54,0,.78a.57.57,0,0,0,.94.07,2.64,2.64,0,0,0,.25-.77A.85.85,0,0,0,143.08,333Z"/><path class="cls-1" d="M142.28,340.34c-.31.4.45,1.32,1,1.25s1.05-.68.88-1.09S142.59,340,142.28,340.34Z"/><path class="cls-1" d="M143.16,335.11a2.51,2.51,0,0,0-1.83.21c-.05.26-.11.54-.17.82-.71.35-1.19.94-1,1.38a.78.78,0,0,0,.81.56c.72,0,.94-.24,1.13-1.07a14.35,14.35,0,0,0,1.38-.89A.56.56,0,0,0,143.16,335.11Z"/><path class="cls-1" d="M128.52,331.11c-.31.59.41,1.1.74,1.15s.79-1.37.58-1.69S128.83,330.53,128.52,331.11Z"/><path class="cls-1" d="M144.57,338.49c-.22,0-.26.48-.2.56a.81.81,0,0,0,.49.28c.06,0,.27-.31.23-.4S144.8,338.46,144.57,338.49Z"/><path class="cls-1" d="M129.47,329.57c.12-.06.4-.42.21-.65s-.56-.09-.66,0a.5.5,0,0,0-.14.57C129,329.69,129.32,329.65,129.47,329.57Z"/><path class="cls-1" d="M129.24,335.7a.58.58,0,0,0-.14.54c.05.12.45.36.63.23s0-.54,0-.69S129.37,335.58,129.24,335.7Z"/><path class="cls-1" d="M133.72,336a.64.64,0,0,0-.55.35.66.66,0,0,0,.28.59.7.7,0,0,0,.74-.24C134.36,336.44,133.89,336,133.72,336Z"/><path class="cls-1" d="M131.67,331.24a1.26,1.26,0,0,0-.32,1.78,2,2,0,0,0,2.44.46,1.45,1.45,0,0,0,.17-2A1.57,1.57,0,0,0,131.67,331.24Z"/><path class="cls-1" d="M134.66,329.49a.8.8,0,0,0-1,.25.73.73,0,0,0,.74,1A.76.76,0,0,0,134.66,329.49Z"/><path class="cls-1" d="M129.61,323.85c-.38-.1-.72-.05-.88.3a4.75,4.75,0,0,0-.62,2.79,1.93,1.93,0,0,0,.18.42,1.09,1.09,0,0,0,2-.16,7.35,7.35,0,0,0,.52-1.73A1.71,1.71,0,0,0,129.61,323.85Z"/><path class="cls-1" d="M155.34,336.31c-.06-.16-.42-.3-.65-.29a7.56,7.56,0,0,0-1.31.2c-.37.08-.47.34-.35.74.09.06.23.21.34.19a1.81,1.81,0,0,1,1.15.32c.17.08.61-.13.75-.32A1,1,0,0,0,155.34,336.31Z"/><path class="cls-1" d="M157.66,335.82a.65.65,0,0,0-.63.75c.05.71.29,1.16.64,1.17s1-.66,1-1.06S158.1,335.83,157.66,335.82Z"/><path class="cls-1" d="M156.38,338.42c-.52.1-.82.84-.65,1.59.1.46.42.58.84.51.62-.1,1.14-.69,1-1.14S156.81,338.33,156.38,338.42Z"/><path class="cls-1" d="M155.13,344.53c-.14.21.16.73.31,1.09,0,.09.23.13.45.24.17-.39.76-.82.51-1.22A.78.78,0,0,0,155.13,344.53Z"/><path class="cls-1" d="M161.62,337.24a1.21,1.21,0,0,0-.33-.6.22.22,0,0,0,0-.14.59.59,0,0,0-.49-.28.33.33,0,0,0-.14.09,1.49,1.49,0,0,0-.47,0A1.39,1.39,0,0,0,159,338.1a1.47,1.47,0,0,0,1.57,1.17C161.31,339.17,161.81,338.15,161.62,337.24Z"/><path class="cls-1" d="M159.9,329.31c0,.06,0,.13,0,.23.12.51.61,1.14,1.4.65a1.75,1.75,0,0,0,.42-2.28,2,2,0,0,0-1.9-.74,1.65,1.65,0,0,0-.66-.46.24.24,0,0,0,.16-.06c.07,0,0-.26,0-.31a.24.24,0,0,0-.29,0,.25.25,0,0,0-.05.36l0,0a1.48,1.48,0,0,0-.78,0,1.28,1.28,0,0,0-1.05,1.3l-.19,0a1.66,1.66,0,0,0-1,1.87,1.74,1.74,0,0,0,1.83,1.19,1.72,1.72,0,0,0,1.3-1.27A1.82,1.82,0,0,0,159.9,329.31Z"/><path class="cls-1" d="M160.74,343.26c-.21,0-.24.46-.22.63s.26.18.4.27c.1-.17.26-.33.27-.51S161,343.22,160.74,343.26Z"/><path class="cls-1" d="M146.28,327.85a.92.92,0,0,0-1.29-.23.86.86,0,0,0,0,1.22.82.82,0,0,0,1.1.18A.78.78,0,0,0,146.28,327.85Z"/><path class="cls-1" d="M160,335c.51-.33.39-.81.12-1.24a1,1,0,0,0-1.31.73C159.16,334.89,159.49,335.31,160,335Z"/><path class="cls-1" d="M149.2,335.42a1.19,1.19,0,0,0-1.23-.75c-.53.13-1.29,1.19-1.16,1.62a1.46,1.46,0,0,0,1.74.67C149.21,336.79,149.44,336.24,149.2,335.42Z"/><path class="cls-1" d="M148.28,333.55c0-.51.07-.34.54-.58a1,1,0,0,0,.59-1,.84.84,0,0,0,.18-.46,1.89,1.89,0,0,0-.07-.63.69.69,0,0,0,.92.11,1,1,0,0,0,.3-1.28,2.34,2.34,0,0,1-.27-.89,1.27,1.27,0,0,0-.7-1.3.75.75,0,0,0-.51,0,.29.29,0,0,0,.24-.33c0-.25-.12-.38-.38-.36s-.37.14-.34.39.13.34.35.33a1.83,1.83,0,0,0-1,.74c-.2.44-.44.9.09,1.32l.18.15a1.3,1.3,0,0,0-.78.08,1.16,1.16,0,0,0-.65,1,2.15,2.15,0,0,0,.06.58l-.27.19a2.06,2.06,0,0,0,.28,2.74C147.64,334.75,148.26,334.06,148.28,333.55Z"/><path class="cls-1" d="M150.47,341.51a.77.77,0,0,0-.64.89.68.68,0,0,0,.87.5.62.62,0,0,0,.51-.74A.66.66,0,0,0,150.47,341.51Z"/><path class="cls-1" d="M152.72,339.11c-.41.09-.91.77-.82,1.09a1.22,1.22,0,0,0,1.26.72.87.87,0,0,0,.56-1.08A1,1,0,0,0,152.72,339.11Z"/><path class="cls-1" d="M150,336.84c-.54.15-.85.52-.77.94a1.8,1.8,0,0,0,1.49,1.13c.63-.14.87-.64.68-1.41S150.77,336.64,150,336.84Z"/><path class="cls-1" d="M153.29,332.67a1.17,1.17,0,1,0-2.24.67,1,1,0,0,0,1.08.61C153,333.71,153.44,333.2,153.29,332.67Z"/><path class="cls-1" d="M232.23,355c-.11.15,0,.46,0,.7.23,0,.55,0,.69-.09s.46-.56.12-.84S232.33,354.83,232.23,355Z"/><path class="cls-1" d="M254.57,351.2a.85.85,0,0,0-1.22.22c-.2.34,0,.56.24.75a.58.58,0,0,0,.93-.17A2.84,2.84,0,0,0,254.57,351.2Z"/><path class="cls-1" d="M234.92,350.17a1.07,1.07,0,0,0-.36-.47,1.24,1.24,0,0,0,.64-.79,2.4,2.4,0,0,0-1.25-2.23,1,1,0,0,0-.25,0c-.37-.72-1.15-1-1.65-.59s-.46,1.23-.64,1.3a4,4,0,0,0-.66.25l-.16-.13a1,1,0,0,0-.81,0c-.46.22-.48.62-.17,1.51.38,0,.8.15,1.1-.1.42.51,1.14.3,1.28.6s0,1.24.24,1.84c.3.83,1,1.41,1.89,1A1.52,1.52,0,0,0,234.92,350.17Z"/><path class="cls-1" d="M236.05,352.63a1.37,1.37,0,0,0-1,.06c-.29.17-.16.87.2,1a1.82,1.82,0,0,0,.73,0C236.38,353.25,236.38,352.74,236.05,352.63Z"/><path class="cls-1" d="M234.47,357.11c-.55.64-.66,1.08-.34,1.38.47.42.89.21,1.29-.17A1.21,1.21,0,0,0,234.47,357.11Z"/><path class="cls-1" d="M238.36,360.71c-.13.2-.19.94,0,1.08s.78-.2.89-.38a.83.83,0,0,0-.07-.76A.53.53,0,0,0,238.36,360.71Z"/><path class="cls-1" d="M237.71,347.23a1.71,1.71,0,0,0-2.06.33,1.26,1.26,0,0,0,.49,1.49,1.07,1.07,0,0,0,1.65-.32C238.2,348.15,238.16,347.52,237.71,347.23Z"/><path class="cls-1" d="M239,355.72c-.41-.11-1.12.87-.84,1.29a.88.88,0,0,0,1.1.23A1.1,1.1,0,0,0,239,355.72Z"/><path class="cls-1" d="M236.34,350.67a2.24,2.24,0,0,0,0,.85c.5.39.93.35,1.16,0a.8.8,0,0,0-.19-1.1A.6.6,0,0,0,236.34,350.67Z"/><path class="cls-1" d="M226.46,355.11c-.08-.05-.37,0-.4.19a.6.6,0,0,0,.2.53c.11.06.57,0,.65-.19S226.62,355.19,226.46,355.11Z"/><path class="cls-1" d="M225.29,356.92c-.38.39.06,1,.08,1.36l.26.09,1-.88c0-.12,0-.24,0-.36C226.23,357.07,225.66,356.53,225.29,356.92Z"/><path class="cls-1" d="M227.05,355.58c-.08.1,0,.25,0,.32a.31.31,0,0,0,.25,0,1.35,1.35,0,0,0,0-.35C227.27,355.56,227.14,355.48,227.05,355.58Z"/><path class="cls-1" d="M230.32,358.11a.53.53,0,0,0,.14.51.58.58,0,0,0,.56-.09c.08-.11,0-.38-.08-.67C230.67,358,230.41,358,230.32,358.11Z"/><path class="cls-1" d="M230.65,353.2c0-.31-.64-.35-.79-.29a.66.66,0,0,0-.25.61.7.7,0,0,0,.58.32A.74.74,0,0,0,230.65,353.2Z"/><path class="cls-1" d="M227.93,351.52a1.24,1.24,0,0,0,.5-.68,1.47,1.47,0,0,0-1-1.69,1.57,1.57,0,0,0-2,1.12,1.25,1.25,0,0,0,.79,1.63l.16,0a1.36,1.36,0,0,0,.23,1.58,1.52,1.52,0,0,0,1.87-.23c.31-.37.07-1.29-.44-1.7C228,351.54,228,351.54,227.93,351.52Z"/><path class="cls-1" d="M230,344.61H226.8a1.14,1.14,0,0,0,0,.32.78.78,0,0,0-.69.53.9.9,0,0,0,.52,1.1,1,1,0,0,0,1-.24,1.42,1.42,0,0,0,2-.18A1.83,1.83,0,0,0,230,344.61Z"/><path class="cls-1" d="M244.77,352.8a.93.93,0,0,0,.57-.71,1,1,0,0,0-1.18-1,.88.88,0,0,0-.37,1.41A1.15,1.15,0,0,0,244.77,352.8Z"/><path class="cls-1" d="M248.8,348.88a1.31,1.31,0,0,0,.23-.65c.62,0,1-.36,1.12-1.17a1.18,1.18,0,0,0-.84-1.17c-.54-.08-1.66.6-1.7,1.05a.81.81,0,0,0,.15.53,1.09,1.09,0,0,0-.25.27h0a1.6,1.6,0,0,0-.67-.53,1.66,1.66,0,0,1-.91-.76,1.83,1.83,0,0,0-1.52-.83,1.54,1.54,0,0,0-1.45.9l-.06.15a1.88,1.88,0,0,0-.22-.57l.27-.33a14.26,14.26,0,0,0,1.62-.29.57.57,0,0,0,.31-.87h-2.42c-.79,0-1.46.41-1.5.87a.81.81,0,0,0,.13.51,1.48,1.48,0,0,0-.25.25,1.22,1.22,0,0,0,0,1.54,1.6,1.6,0,0,0,1.89-.14.66.66,0,0,0,.12-.22,1.54,1.54,0,0,0,.37.63,2.36,2.36,0,0,0,1.17.67.89.89,0,0,0,.25.26s.17-.06.26-.15h0a1.16,1.16,0,0,1,.64.3,1.1,1.1,0,0,0,1.85-.1.53.53,0,0,0,.21.25A1,1,0,0,0,248.8,348.88Z"/><path class="cls-1" d="M249.4,354.05a.67.67,0,0,0-.42-.89.78.78,0,0,0-.94.58.69.69,0,0,0,.6.8A.62.62,0,0,0,249.4,354.05Z"/><path class="cls-1" d="M247.06,359.92c-.17,0-.45.3-.46.47a.69.69,0,0,0,.43.51.71.71,0,0,0,.66-.42C247.79,360.18,247.22,359.92,247.06,359.92Z"/><path class="cls-1" d="M241.5,352.27a7.23,7.23,0,0,0,.07-1.8A1.69,1.69,0,0,0,240,349.2c-.39,0-.71.13-.78.5a4.81,4.81,0,0,0,.11,2.86,1.73,1.73,0,0,0,.28.36A1.09,1.09,0,0,0,241.5,352.27Z"/><path class="cls-1" d="M249,354.81c-.51,0-.67.39-.7,1.34.44.21.88.62,1.38.1a.8.8,0,0,0,.07-1.12A1.05,1.05,0,0,0,249,354.81Z"/><path class="cls-1" d="M250.94,356.07a1.82,1.82,0,0,0,.31,2.25,1.88,1.88,0,0,0,.71.31,1.92,1.92,0,0,1,0,.24c0,.11.17.21.33.4.29-.28.94-.45.94-.86a1,1,0,0,0,.27-.26,2.42,2.42,0,0,0-.35-2.53A1.64,1.64,0,0,0,250.94,356.07Z"/><path class="cls-1" d="M250.94,352.25a.48.48,0,0,0-.14.26,1.21,1.21,0,0,0,.88,1.15.87.87,0,0,0,.93-.78,1,1,0,0,0-.17-.7c.06-.06.13-.11.19-.18a.84.84,0,0,0,0-1.28,2,2,0,0,0-1.51-.14,1.49,1.49,0,0,0,.32-.75c.1-.64-.26-1-1-1.15a.88.88,0,0,0-1.07.57,1.84,1.84,0,0,0,.94,1.62.93.93,0,0,0,.56-.07A1.12,1.12,0,0,0,250.94,352.25Z"/><path class="cls-1" d="M246.3,351.61a.89.89,0,0,0,.08,1.22,1,1,0,0,0,1.33-.08.91.91,0,0,0-1.41-1.14Z"/><path class="cls-1" d="M240.79,356.5c-.16.64.67,1,1,.92s.42-1.52.13-1.78S240.94,355.85,240.79,356.5Z"/><path class="cls-1" d="M242.64,360.75a.61.61,0,0,0,0,.56c.08.1.52.24.67.07s-.1-.53-.21-.66A.37.37,0,0,0,242.64,360.75Z"/><path class="cls-1" d="M241.32,354.77c.1-.09.29-.51,0-.69s-.56.06-.64.18a.53.53,0,0,0,0,.59C240.9,355,241.2,354.88,241.32,354.77Z"/><path class="cls-1" d="M246.16,355.53a1.56,1.56,0,0,0-2.28.3,1.25,1.25,0,0,0,.14,1.81,2,2,0,0,0,2.47-.17A1.46,1.46,0,0,0,246.16,355.53Z"/><path class="cls-1" d="M241.87,348.93c-.44.24-.1,1.39.44,1.53s1.23-.22,1.23-.66S242.31,348.68,241.87,348.93Z"/><path class="cls-1" d="M225.4,346.26a1,1,0,0,0-.17-.3,2,2,0,0,0,.56-.48,1.18,1.18,0,0,0,.26-.87h-2.84a1.44,1.44,0,0,0,.38,1.42l.1.06a.9.9,0,0,0,.42,1.13,1.19,1.19,0,0,0,1-.09A1,1,0,0,0,225.4,346.26Z"/><path class="cls-1" d="M201.15,354.49a.57.57,0,0,0-.5.28c-.06.14,0,.58.18.67s.53-.27.56-.42S201.32,354.53,201.15,354.49Z"/><path class="cls-1" d="M202.71,348.63c0,.08.25.1.31.07a.24.24,0,0,0,.08-.09,1.77,1.77,0,0,0,1.68-1.34,1.11,1.11,0,0,0-.28-1.15h.07a1.22,1.22,0,0,0,.62-1.52.83.83,0,0,1,0-1.1,1,1,0,0,0-1.5,0,2.07,2.07,0,0,0,.16.65,1.43,1.43,0,0,0-.45,1.38.59.59,0,0,0,.1.17,1.38,1.38,0,0,0-1.36,1.1,1.49,1.49,0,0,0,.6,1.65A.44.44,0,0,0,202.71,348.63Z"/><path class="cls-1" d="M193.29,346a.68.68,0,0,0-1-.47.75.75,0,0,0-.43.93.24.24,0,0,0,.06.11.7.7,0,0,0,.52.49.62.62,0,0,0,.8-.41.81.81,0,0,0,0-.57A.22.22,0,0,1,193.29,346Z"/><path class="cls-1" d="M204.58,349.72a1.77,1.77,0,0,0-1.88,1.12,1.3,1.3,0,0,0,2.56.34A1.18,1.18,0,0,0,204.58,349.72Z"/><path class="cls-1" d="M209.65,356.2c0,.12.08.24.15.29a.4.4,0,0,0,.24-.09,1.35,1.35,0,0,0-.11-.34C209.85,356.1,209.7,356.07,209.65,356.2Z"/><path class="cls-1" d="M201.66,340.17a.89.89,0,0,0-.57-1,.67.67,0,0,0-.54,0,12.32,12.32,0,0,0-.87,1c-1.06,0-1.79.38-1.82,1a1.76,1.76,0,0,0,1.49,1.47c.73,0,1-.31,1.08-1.77C201,340.87,201.59,340.94,201.66,340.17Z"/><path class="cls-1" d="M208.5,358.09c-.2.5.41.88.58,1.24h.27l.65-1.2-.18-.31C209.43,357.89,208.71,357.59,208.5,358.09Z"/><path class="cls-1" d="M209.08,352.12a1,1,0,0,0-1.37.62,1.39,1.39,0,0,0,.74,1.69,1.5,1.5,0,0,0,1.66-.89C210.26,353.08,209.7,352.32,209.08,352.12Z"/><path class="cls-1" d="M208.59,346.48a1.66,1.66,0,0,0,0-1.1,1.12,1.12,0,0,0,.14-1.37,1.37,1.37,0,0,0-1.85-.55,1.28,1.28,0,0,0-.61,1,1.84,1.84,0,0,0-.84.91c-.29.8.3,1.65,1.37,2A1.42,1.42,0,0,0,208.59,346.48Z"/><path class="cls-1" d="M194,349.59c-.28.12-.35.67-.14,1.11a.48.48,0,0,0,.73.26c.34-.18.61-.45.44-.9A.91.91,0,0,0,194,349.59Z"/><path class="cls-1" d="M195.61,350.64c-.22.12-.2.71-.24,1.1,0,.1.15.22.29.43.33-.27,1.06-.37,1-.84S196.11,350.36,195.61,350.64Z"/><path class="cls-1" d="M193.18,342.79a.41.41,0,0,0-.62.16.91.91,0,0,0,.15.72c.11.23.17.47.42.59s.55-.18.53-.56A1.28,1.28,0,0,0,193.18,342.79Z"/><path class="cls-1" d="M197.28,351.9c-.2.12-.48.46-.43.65s.49.38.69.34.64-.52.56-.74S197.41,351.82,197.28,351.9Z"/><path class="cls-1" d="M199.61,345.84c-.51-.16-1.13.35-1.33,1.09a.64.64,0,0,0,.5.85,1.17,1.17,0,0,0,1.45-.52A1.34,1.34,0,0,0,199.61,345.84Z"/><path class="cls-1" d="M198.64,348.38c-.12,0-.47.21-.38.55s.51.17.68.13.24-.35.19-.41S198.79,348.35,198.64,348.38Z"/><path class="cls-1" d="M198.6,344.46a1.56,1.56,0,0,0-2.2-.67,1.43,1.43,0,0,0-.88,1c-.34.1-.66.32-.71.53a1.22,1.22,0,0,0,.78,1.23.75.75,0,0,0,.6-.12,1.73,1.73,0,0,0,1.59.2A1.88,1.88,0,0,0,198.6,344.46Z"/><path class="cls-1" d="M220.79,352c-.43,0-.73,1.22-.31,1.5a.85.85,0,0,0,1.1-.18C221.85,352.84,221.21,351.92,220.79,352Z"/><path class="cls-1" d="M222.55,348.05a1.3,1.3,0,0,0,2.25,1.25,1.18,1.18,0,0,0-.1-1.61A1.75,1.75,0,0,0,222.55,348.05Z"/><path class="cls-1" d="M218.6,339.91a1.38,1.38,0,0,0-1.28,0l-.08,0a1.8,1.8,0,0,0-1.93,1.22,1.41,1.41,0,0,0,.86,1.74,1.86,1.86,0,0,0,2.24-.86,1.36,1.36,0,0,0,0-.57.92.92,0,0,0,.26-.26A1,1,0,0,0,218.6,339.91Z"/><path class="cls-1" d="M221.89,347.83a7,7,0,0,0-.6-1.7,1.71,1.71,0,0,0-1.91-.62c-.37.14-.61.38-.54.76a4.77,4.77,0,0,0,1.15,2.61.1.1,0,0,0,0,0l0,0c-.07.08,0,.32.06.48a1.25,1.25,0,0,0,.56-.13.25.25,0,0,0,.07-.12A1.06,1.06,0,0,0,221.89,347.83Z"/><path class="cls-1" d="M219.2,351c-.11.11-.21.54-.08.69s.59-.06.68-.18.1-.49,0-.59A.56.56,0,0,0,219.2,351Z"/><path class="cls-1" d="M213.62,357.36a.53.53,0,0,0,.32.42.57.57,0,0,0,.49-.28c0-.14-.17-.34-.32-.61C213.89,357.09,213.66,357.2,213.62,357.36Z"/><path class="cls-1" d="M222.64,350.22c.06-.12.07-.58-.22-.66s-.51.27-.53.4,0,.47.22.55S222.56,350.37,222.64,350.22Z"/><path class="cls-1" d="M222.84,356.46a.54.54,0,0,0-.79.37c-.05.24.17.94.45,1s.65-.46.69-.66A.84.84,0,0,0,222.84,356.46Z"/><path class="cls-1" d="M223.52,350.81c-.35-.13-.84.56-.75,1.21s1,.65,1.28.49S223.88,350.94,223.52,350.81Z"/><path class="cls-1" d="M217.14,345.9c.16-.7-.1-1.27-.63-1.37a1.69,1.69,0,0,0-1.79,1.06,1.26,1.26,0,0,0,1,1.21A1.08,1.08,0,0,0,217.14,345.9Z"/><path class="cls-1" d="M213,347.71c-.34-.75.5-.73-.05-1.76s-1.77-1.16-2.17-.44,0,1.3-.11,1.44-.91.56-.6,1.13c.68,1.2,1.6.32,1.91.62s.47,1.15.89,1.62a1.37,1.37,0,0,0,2.12.23,1.5,1.5,0,0,0,0-2.26C214.11,347.4,213.37,348.47,213,347.71Z"/><path class="cls-1" d="M214.93,353.23c-.43-.13-.64.34-.68.52s.16.43.26.64c.22-.1.54-.16.61-.33S215.35,353.36,214.93,353.23Z"/><path class="cls-1" d="M217.11,354.91c-.27.8-.22,1.24.2,1.4.58.22.9-.12,1.13-.63A1.21,1.21,0,0,0,217.11,354.91Z"/><path class="cls-1" d="M217,350.16a1.36,1.36,0,0,0-.91.42c-.22.27.17.87.57.89a1.56,1.56,0,0,0,.68-.24C217.48,350.62,217.3,350.14,217,350.16Z"/><path class="cls-1" d="M216.49,348.23a2.19,2.19,0,0,0,.3.8c.61.18,1,0,1.1-.39a.8.8,0,0,0-.59-.95A.6.6,0,0,0,216.49,348.23Z"/><path class="cls-2" d="M514.48,231.41V313.5a50.42,50.42,0,0,1-11.21,31.71Q462,396.35,402.52,409.9V231.41Z"/><rect class="cls-3" x="117.52" y="77.96" width="307.3" height="245.29"/><path class="cls-1" d="M117.52,157.2v.39h0v.57a.8.8,0,0,1-.17-.15c-.19.31-.48.54-.64.53s-1.08-.53-1-1.22a.84.84,0,0,1,.86-.75A.85.85,0,0,1,117.52,157.2Zm-.6,20.44c.1.14.35.13.6.08v-1.24a.32.32,0,0,0-.17.12C117.17,176.81,116.73,177.37,116.92,177.64Zm-.54-50.54a1.92,1.92,0,0,0,1.14,1.59v-3.22A1.91,1.91,0,0,0,116.38,127.1Zm-1.06,9.21c-.11-.06-.58-.07-.65.21s.26.51.4.54.46,0,.54-.23S115.47,136.39,115.32,136.31Zm.88,13.85a.5.5,0,0,0,.48-.44.45.45,0,0,0-.32-.54.5.5,0,1,0-.16,1Zm-.29-14.74c-.13.36.56.85,1.22.75a.54.54,0,0,0,.39-.23v-1.11A2.06,2.06,0,0,0,115.91,135.42Zm1.61,15.64v-1.7a1.46,1.46,0,0,0-.29.51A1.1,1.1,0,0,0,117.52,151.06ZM115.27,142a1.36,1.36,0,0,0,.42.91c.26.21.87-.17.89-.57a1.7,1.7,0,0,0-.25-.68C115.73,141.47,115.25,141.65,115.27,142Zm-10,22.38a.78.78,0,0,0-.3-.34c-.79-.42-1.27.15-1.71.78a3,3,0,0,0,.54,1,1.74,1.74,0,0,0,.74,1,.42.42,0,0,0,0,.28c0,.12.28.44.6.3s.12-.49.05-.67a1.71,1.71,0,0,0,.85-1.11A1,1,0,0,0,105.25,164.38ZM117,132.76a2,2,0,0,0-1.06-2.24h0a3.57,3.57,0,0,0-.31-.62.85.85,0,0,0-1,.78.6.6,0,0,0,0,.2,1.42,1.42,0,0,0-.44.65,1.58,1.58,0,0,0,1.12,2A1.26,1.26,0,0,0,117,132.76Zm.08,5.4c0,.16.2.31.44.4v-1C117.26,137.7,117.05,138,117.08,138.16ZM103,162.59c.31,0,.86-.48.92-.86,0,0,0-.06,0-.09h0A1,1,0,0,0,105,161c.18-.86-.05-1.51-.59-1.63a1.49,1.49,0,0,0-1.44,1,.51.51,0,0,0,0,.29,1.08,1.08,0,0,0-1,.77A1.45,1.45,0,0,0,103,162.59Zm-3.17,1.46a1.38,1.38,0,0,0,1.28.17c.42-.23,1-.31,1.09-.71a.84.84,0,0,0-.08-.75c-.11-.2-.14-.47-.45-.68a1.82,1.82,0,0,0-1.56-.19,1.34,1.34,0,0,0-.83,1.14A1.15,1.15,0,0,0,99.84,164.05Zm14.5-43.37a1,1,0,0,0,.81-.21c.44-.5.18-1-.31-1.46-.52.16-1.07.19-1.12.84A.73.73,0,0,0,114.34,120.68Zm1.41,1.41a1.75,1.75,0,0,0-.64,1.68c.16.46.3,1,1,.89.48,0,1,0,1.44,0v-1.82a1.26,1.26,0,0,1-.37-.27A1.26,1.26,0,0,0,115.75,122.09Zm-2,19a.8.8,0,0,0-.95.59.61.61,0,0,0,.55.8,2.34,2.34,0,0,0,.8-.29C114.31,141.55,114.12,141.16,113.74,141.06Zm2.8-21.87c-.39-.12-1,.15-.94.51s.15,1,.57,1.06a.5.5,0,0,0,.45-.23c-.1.16,0,.49.14.61s.32,0,.48,0a1.41,1.41,0,0,0,0-.58.56.56,0,0,0-.56-.13,2.38,2.38,0,0,0,.24-.48A.55.55,0,0,0,116.54,119.19Zm-5.84,25a1.26,1.26,0,0,0,1.21-1,1.08,1.08,0,0,0-.91-1.42c-.69-.16-1.27.1-1.37.63A1.71,1.71,0,0,0,110.7,144.23Zm5-.3a1.5,1.5,0,0,0-2.17-.06c-.24.08-.49.24-.52.39a.57.57,0,0,0,.07.37c-.08.58.33,1-.22,1.29l-.09,0a.21.21,0,0,0,0-.08.8.8,0,0,0-.61-.72c-.86-.35-1.25-.17-1.54.71-.22.67-.46,1.32-.69,2-1.25-.33-1.37-.24-1.42.86.52.42,1,.3,1.4-.21.94.48,1.57.39,1.88-.21.15,0,.26-.06.31,0s.56.91,1.13.59c1.2-.67.32-1.59.62-1.9s1.15-.47,1.62-.89A1.37,1.37,0,0,0,115.66,143.93Zm-5.17,17a1.16,1.16,0,0,0-.26-1.35c-1.35-1.16-1.87-1.17-3.2,0a.88.88,0,0,0-.12.07h0a2.25,2.25,0,0,0,.41-.56.55.55,0,0,0-.37-.81.67.67,0,0,0-.91.43,1.67,1.67,0,0,0,.19.83.77.77,0,0,0-.87.6.89.89,0,0,0,1,1c.59,0,.78.31,1.12.66-.61.64-.77,1.2-.51,1.68a1.37,1.37,0,0,0-.4.75.88.88,0,0,0,.46,1.12,1.85,1.85,0,0,0,1.7-.78.84.84,0,0,0,0-.27,1,1,0,0,0,.57-.76,1.31,1.31,0,0,0-.66-1.76,4.05,4.05,0,0,1,.91-.23A.81.81,0,0,0,110.49,160.91Zm4.32,10.79a1.15,1.15,0,0,0-.25-.12,1.29,1.29,0,0,0-1.4.88,1.09,1.09,0,0,0,.6,1.2c.82.23,1.56,0,1.73-.52a1.07,1.07,0,0,0,.32-1.15A.82.82,0,0,0,114.81,171.7Zm-1.15-20.61a1.21,1.21,0,0,0-1.13.36,1.44,1.44,0,0,0-.94-1.09,1.63,1.63,0,0,0-1.09,0,.65.65,0,0,0-.29-.06c-.32,0-1-.11-1.15.41a.61.61,0,0,0,.32.62.43.43,0,0,0,0,.07,2,2,0,0,0,1.14,2.12,1.37,1.37,0,0,0,1.5-.48,1.21,1.21,0,0,0,1,1.08,1.69,1.69,0,0,0,1.91-1.37A1.71,1.71,0,0,0,113.66,151.09Zm2.55,27.84a.91.91,0,0,0-.12-.52,1.58,1.58,0,0,0-1.84-.41,1.24,1.24,0,0,0-.17,1.62c.45.71.93.9,1.48.57a1.28,1.28,0,0,0,.49-.58,14.54,14.54,0,0,0,.38,1.68.76.76,0,0,0,1,.5l.08,0v-3a1.67,1.67,0,0,0-.26-.17A.72.72,0,0,0,116.21,178.93Zm1-12.17a1,1,0,0,0-.77.28.71.71,0,0,0-.08.68c.28.47.72.45,1.2.19v-.86A.58.58,0,0,0,117.17,166.76Zm-4.23-29.7a7,7,0,0,0-1.71.6,1.66,1.66,0,0,0-.68,1.6,1,1,0,0,0-.66,0,.65.65,0,0,0-.17.63.67.67,0,0,0,.62.24.73.73,0,0,0,.35-.42.61.61,0,0,0,.68.4A4.83,4.83,0,0,0,114,139a1.42,1.42,0,0,0,.23-.39C114.51,137.59,113.89,136.88,112.94,137.06Zm1.74-2.45a2.4,2.4,0,0,0-1.52-2.05,1.57,1.57,0,0,0-1.58,1,.75.75,0,0,0-.22,0,1,1,0,0,0-.49,1.47.85.85,0,0,0,1,.23,1.55,1.55,0,0,0,.92.59A1.65,1.65,0,0,0,114.68,134.61Zm-4.27.18a.81.81,0,0,0-.48-1,1,1,0,0,0-.81.08c-.43.27-.4.67,0,1.52C109.63,135.34,110.22,135.48,110.41,134.79ZM107,158.14c.38.05.67-.25.69-.69,0-.71-.17-1.18-.51-1.23a1.44,1.44,0,0,0-1.13.95C106,157.52,106.57,158.08,107,158.14Zm.81-6.88a.72.72,0,0,0-1,.48.87.87,0,0,0,.48,1.11.83.83,0,0,0,1-.62A.76.76,0,0,0,107.82,151.26Zm1.76-4.7a1.54,1.54,0,0,0-.92-1.75c-.42-.11-1,.38-1.21,1a1.11,1.11,0,0,0,.56,1.42A1.42,1.42,0,0,0,109.58,146.56ZM117,181.92a1,1,0,0,0-.37.73.71.71,0,0,0,.4.55.7.7,0,0,0,.5,0v-1.24A.54.54,0,0,0,117,181.92Zm-1.52-34.06a.57.57,0,0,0-.3-.51c-.15-.06-.65,0-.67.23s.28.45.4.46S115.46,148.06,115.47,147.86ZM109.26,157a.64.64,0,0,0,.37.9c.65.3,1.16.29,1.33,0a1.44,1.44,0,0,0-.45-1.41C110.21,156.31,109.48,156.61,109.26,157Zm-.63-4.35c-.44-.09-1.36.78-1.43,1.36a1.17,1.17,0,0,0,.81,1.09,1.57,1.57,0,0,0,.48,0,2,2,0,0,0,.13.18c.53-.07,1.06-.16,1-.8a.81.81,0,0,0-.11-.37A1.42,1.42,0,0,0,108.63,152.65Zm8.25,9.9a.46.46,0,0,0-.43-.29c-.47,0-1,.58-.7,1.07.1.18.49.2.84.22a.88.88,0,0,0,.73,1,.65.65,0,0,0,.2,0v-2.47A1.31,1.31,0,0,0,116.88,162.55Zm-4.5-8.38a1.13,1.13,0,0,0-1.48.84.08.08,0,0,0,0,0,1.6,1.6,0,0,0-.31.7c-.11.6.28,1,1.08,1.18a1.49,1.49,0,0,0,.67,0,1.45,1.45,0,0,0,1.36-.89C113.93,155.36,113.27,154.43,112.38,154.17Zm3.83-.77a1.37,1.37,0,0,0,0,.28,1.16,1.16,0,0,0-1.36.69,1.75,1.75,0,0,0,1.13,1.87c.45.13,1.12-.36,1.26-.9a1.53,1.53,0,0,0,0-.8,1.64,1.64,0,0,0,.32,0V152.4h0A1.19,1.19,0,0,0,116.21,153.4Zm-3.36,6.86a.8.8,0,0,0,.2.07,1,1,0,0,0,1-.76.86.86,0,0,0-.68-1,1,1,0,0,0-.75.27.75.75,0,0,0-.21-.12,1.36,1.36,0,0,0-1.43.62c-.15.51.36,1.13,1.09,1.33A.61.61,0,0,0,112.85,160.26Zm1.59.79a1.1,1.1,0,0,0-1.29.88.72.72,0,0,0,.54.86.91.91,0,0,0,1.11-.31A1,1,0,0,0,114.44,161.05Zm-4,3.09a1.23,1.23,0,0,0,1.23-.78.88.88,0,0,0-.69-1,1,1,0,0,0-1.12.54C109.72,163.3,110.08,164.07,110.41,164.14Zm-24-20c-.62.34-1.1.64-.9,1.34a.7.7,0,0,0,.83.58,1.34,1.34,0,0,0,.86-.56C87.54,144.81,86.89,144.57,86.45,144.15Zm-5,1.3c.19.07.49-.34.5-.49s-.14-.47-.3-.5a.57.57,0,0,0-.46.35C81.11,145,81.23,145.38,81.42,145.45Zm12.51,9.64c-.07.22,0,.36.2.44a.32.32,0,0,0,.48-.2c.09-.24,0-.4-.22-.47S94,154.85,93.93,155.09Zm-6-13.19v0a.68.68,0,0,0-.55-.52,2.43,2.43,0,0,0,.13-1.92,1.78,1.78,0,0,0-.65-1,1.89,1.89,0,0,0-1.55-.27c-.61.11-1.13-.26-1.64.1a2.59,2.59,0,0,0-1.1,2.91,2.12,2.12,0,0,0,1.33,1.5c.69.22,1.23-.54,2-.6l.38-.05a.76.76,0,0,0,.3.78c.32.27.73.35,1,0a1.74,1.74,0,0,0,.35-.69,1.86,1.86,0,0,0,.19.66.81.81,0,0,0-.42.45c-.28.67-.17.95.52,1.46a14.18,14.18,0,0,0,.25,1.62.59.59,0,0,0,.41.4,1.42,1.42,0,0,0,.21.48,1.08,1.08,0,0,0,.4.29c.17.27.5.47.64.7l.28,0,.21-.56.12,0c.17.16-.22,1.47.44,2.26a2.51,2.51,0,0,0,2.89.24l.34-.28a1.17,1.17,0,0,0,.6-.33c.37-.34.92-.87.44-1.38a1,1,0,0,0-.29-.21,1.76,1.76,0,0,0-.87-1.34c-.7-.34-1.86-.08-2-.32s.34-1.52-.4-2.26a1.78,1.78,0,0,0-2.44,0l-.05.05a2.34,2.34,0,0,0-.15-.68,1.5,1.5,0,0,0,1.21-1.08c.09-.48-.55-1.17-1.2-1.29A1,1,0,0,0,87.9,141.9Zm5.15,44.88a2.57,2.57,0,0,0,0-.91c-.13-.37-.52-.41-.84-.2s-.55.42-.36.82A.91.91,0,0,0,93.05,186.78Zm5.82-25.39a.86.86,0,0,0,1.12,0,1,1,0,0,0,.22-1,1.21,1.21,0,0,0,.57-.56,2,2,0,0,0,0-.2.63.63,0,0,0,.29.05c.17,0,.42-.27.36-.48a.44.44,0,0,0-.45-.34.54.54,0,0,0-.31.23,2.8,2.8,0,0,0-.25-.35c-.22-.29-.36-.62-.81-.68a1.06,1.06,0,0,0,.1-.92,1.44,1.44,0,0,0-1.23-.92,1.41,1.41,0,0,0-.79-1.33l-.22-.05a3.54,3.54,0,0,0,.47-.94,1.39,1.39,0,0,0-1.07-1.71c-.71-.18-1.6.54-1.83,1.46a1.21,1.21,0,0,0,1,1.5h.08a1.41,1.41,0,0,0-.65.72,1.53,1.53,0,0,0,.74,1.89,1.64,1.64,0,0,0,1.13.2,2.09,2.09,0,0,0,.81,1l.44-.16a1.17,1.17,0,0,0-.06.45,1.55,1.55,0,0,0,.37.79A.89.89,0,0,0,98.87,161.39Zm3.13,15c.9-1,.8-1.94-.2-2.65a3.08,3.08,0,0,1-.79-1.11,0,0,0,0,0,0,0,.88.88,0,0,0-.51-.92,2.35,2.35,0,0,0-.84-.87.09.09,0,0,0,0-.05c.23-.42,0-.71-.26-1a.8.8,0,0,0-.94-.11c-.79.31-1,.67-.71,1.38a1.43,1.43,0,0,0-.57,1.71,3.15,3.15,0,0,0,.78.84.43.43,0,0,0-.14.6c-.12.08-.26.29-.36.78-.28,1.31,1.32,2.67,2.37,1.45C100,176.22,101.09,177.39,102,176.38ZM85.2,146.77c.17,0,.55-.08.61-.29s-.34-.44-.43-.42a.8.8,0,0,0-.46.33C84.89,146.44,85.1,146.77,85.2,146.77Zm-3.59-4.09c0-.09-.07-.48-.28-.53s-.39.35-.43.52.18.26.28.39C81.33,142.94,81.54,142.84,81.61,142.68Zm26.69,24.85a.89.89,0,0,0-.32,1.1.75.75,0,0,0,1,.33.86.86,0,0,0,.31-1.09A.72.72,0,0,0,108.3,167.53Zm-22.12-20a.65.65,0,0,0,.55.72c.38.1.87-.14.89-.48a.78.78,0,0,0-.54-.88A.76.76,0,0,0,86.18,147.49Zm-3.66-2.08a.81.81,0,0,0,1-.56.25.25,0,0,0,0-.12c.12.31.34.55.59.55.44,0,1.14-1.21.91-1.65s-1.39-.12-1.54.41a1.18,1.18,0,0,0,0,.2,1.31,1.31,0,0,0-.64-.55c-.33-.12-1,.49-.88,1.14A1,1,0,0,0,82.52,145.41Zm16.24,52.41a1.61,1.61,0,0,0,2,.45,1.78,1.78,0,0,0,.78-1.48.78.78,0,0,0,.15-.92c-1.1-.79-.29-1.32-.88-2.14a1.33,1.33,0,0,0-.36-.29,1.31,1.31,0,0,0-1-.11,2.22,2.22,0,0,0-.33-1.46,1.21,1.21,0,0,0-1.78-.26c-1,.78-.9,1.16-.36,2.24a1.36,1.36,0,0,0,1.76.49.38.38,0,0,0,0,.15,5.83,5.83,0,0,0,.2,1.24l0,0a1.2,1.2,0,0,0-.46.74,1,1,0,0,0-.9.12.88.88,0,0,0-.37.78,1.11,1.11,0,0,0-.95,1c-.12.72.22,1.35.77,1.41a1.68,1.68,0,0,0,1.71-1.23.78.78,0,0,0-.16-.62s0,0,.07,0A.43.43,0,0,0,98.76,197.82Zm5,10.33a.81.81,0,0,0,.48.33,1.72,1.72,0,0,0,.16,1,.71.71,0,0,0,1,.27c.78-.48,1.09-1.12.78-1.63a1.38,1.38,0,0,0-.91-.47,11.25,11.25,0,0,0,.37-1.58.69.69,0,0,0,0-.2c.2-.47-.17-.86-.44-1.32a2,2,0,0,0-1,.36,1.38,1.38,0,0,0-.18-.68l0,0c.28.11.48-.06.65-.28a.57.57,0,0,0-.17-.92c-.27-.1-.59-.22-.8,0s-.16.6,0,.93a1.86,1.86,0,0,0-1.86-.14,1.35,1.35,0,0,0-.44.45c-.34,0-.72.16-.77.37a1,1,0,0,0,.24.83.6.6,0,0,0,.54.24,1.6,1.6,0,0,0,2.16.74,1.42,1.42,0,0,0,.44-.5s0,.05,0,.08a3.15,3.15,0,0,1-.26.56A1.22,1.22,0,0,0,103.72,208.15Zm-2-1.26c-.32,0-.39.42-.2.74a1.36,1.36,0,0,0,.87.57.4.4,0,0,0,.46-.44c0-.26-.25-.41-.48-.56S102,206.87,101.76,206.89ZM115.84,100a1.13,1.13,0,0,0-.26-.21.9.9,0,0,0-1.15.08,1,1,0,0,0,.07,1.47l.08,0a1.8,1.8,0,0,0,.32,1.17,1,1,0,0,0-.28.35.86.86,0,0,0,.25,1,.81.81,0,0,0-.14.33.75.75,0,0,0,.36.8,1.09,1.09,0,0,0-.23.14,1.11,1.11,0,0,0-.33,1.42.84.84,0,0,0-.75.58.88.88,0,0,0,.66,1,.65.65,0,0,0,.87-.44,1,1,0,0,0,.31.4,1.11,1.11,0,0,0,.56.08.84.84,0,0,0,.08.6c.39.72,1.11.69,1.15.88a3.64,3.64,0,0,0,.11.68v-3.13l-.28,0c.17-.47,0-.88-.58-1.19a1.38,1.38,0,0,0-.25-1.13.55.55,0,0,0-.21-.12.79.79,0,0,0,.26-.47.87.87,0,0,0-.32-.73,1.43,1.43,0,0,0,.12-.21.85.85,0,0,0,0-.32,1.14,1.14,0,0,0,.62-.25,2.16,2.16,0,0,0,.62-1v-1.15a.79.79,0,0,0-.14-.23A1.93,1.93,0,0,0,115.84,100ZM95.11,200.84a.35.35,0,0,0-.22-.39.61.61,0,0,0-.51.24c0,.12,0,.58.23.63S95.05,201,95.11,200.84Zm.92-5.15c.14-.39-.09-1-.46-1s-1,.09-1.09.52.48.66.73.77A.56.56,0,0,0,96,195.69Zm4.06-3.64a1.67,1.67,0,0,0,1.52-1.11,1.13,1.13,0,0,0-.85-1.43,1.06,1.06,0,0,0-.48-.58,1.15,1.15,0,0,0,0-.8c-.19-.46-.58-.52-1-.57s-.72-.23-1.11.09a.77.77,0,0,0-.24.43,1.52,1.52,0,0,0-.32-.35,1.23,1.23,0,0,0,.81-.63,1.65,1.65,0,0,0-.23-2.31,1.94,1.94,0,0,0-1.71,0,.78.78,0,0,0-.62-.82.91.91,0,0,0-1,.71.87.87,0,0,0,.62,1l.17,0a1.4,1.4,0,0,0,.11,1,1.31,1.31,0,0,0-1.13-.14,2,2,0,0,0-.94,2.24,1.53,1.53,0,0,0,.67.74,1.15,1.15,0,0,0-.27,1,2.23,2.23,0,0,0-1,0,5.51,5.51,0,0,0-.37,1,1.28,1.28,0,0,0,.69,1.4,1.4,1.4,0,0,0,1.7-.51,1.21,1.21,0,0,0,.08-.84,1,1,0,0,0,.49,0,1.14,1.14,0,0,0,.81-1.11,1.59,1.59,0,0,0,1.68-1.14,1.42,1.42,0,0,0,0-.29c0,.05.07.11.11.15a1.48,1.48,0,0,0,.82.33,1,1,0,0,0,.21.66,1.12,1.12,0,0,0-.08.26A1.36,1.36,0,0,0,100.09,192.05Zm-9.2-4c-.13.69.2,1.39.7,1.46a1.17,1.17,0,0,0,.51-.07.3.3,0,0,0,.42.12c.22-.1.31-.24.2-.48l0,0a1.66,1.66,0,0,0,.52-.83,1,1,0,0,0-.9-1.18A1.08,1.08,0,0,0,90.89,188ZM98,201.61a.47.47,0,0,0-.76.12,1.12,1.12,0,0,0-.17.41,1.63,1.63,0,0,0-1.7,0,1.42,1.42,0,0,0-.4,2.14,1.45,1.45,0,0,0,2.11.62,1.75,1.75,0,0,0,.67-2,.82.82,0,0,0,.67-.23C98.59,202.4,98.39,201.9,98,201.61Zm16.91-34.46a8.17,8.17,0,0,0-.93-.37l-.12-.19a2.06,2.06,0,0,0,.12-2.29,2.15,2.15,0,0,0-3.2.09.86.86,0,0,1-.94.28,1,1,0,0,0-1,1c0,.54.31.68.76.71a2.16,2.16,0,0,1,1,.16c.61.36,1.16.82,1.77,1.26-.42,1.71-.11,2.22,1.46,2.2a1.22,1.22,0,0,0,1.13-.68,1.27,1.27,0,0,0,.74-1A1,1,0,0,0,114.9,167.15Zm-4.36,24.58c.32.5.9.23,1.45.2.17-.69.27-1.25-.38-1.57a.7.7,0,0,0-1,.22.36.36,0,0,1,0,.09A.89.89,0,0,0,110,190h-.09a.84.84,0,0,0-.17-.56.64.64,0,0,0-.9-.09c-.32.22-.48.74-.25,1l.17.13a1.52,1.52,0,0,0-.46.76.78.78,0,0,0,.23.67,1.51,1.51,0,0,0-.55-.19c-.84-.07-1.2.9-1.43.92s-.74-.81-1.52-1.09a1.14,1.14,0,0,0,.56-.61c.15-.66-.26-1.18-1-1.34-.6-.12-1,.29-1.2,1.07a1,1,0,0,0,.33,1.06,2.64,2.64,0,0,0-1.21,1.69,2.45,2.45,0,0,0,.33,1.79,2,2,0,0,0,2.13.76c.72-.29,1.31-1.32,1.62-1.3s.84,1.16,1.79,1.22a.59.59,0,0,0,.06.46c.12.11.55.29.68.07a.6.6,0,0,0-.12-.62,1.89,1.89,0,0,0,1.16-1.71,2.72,2.72,0,0,0-1.14-1.88,1.33,1.33,0,0,0,.28.1A1.19,1.19,0,0,0,110.54,191.73Zm1.71-1.36a1,1,0,0,0,.79,1.07.78.78,0,0,0,.9-.64.86.86,0,0,0-.67-1.11A1,1,0,0,0,112.25,190.37Zm2.53-.82c.31-.15.33-1.08-.25-1.42a1,1,0,0,0-.82,0,.82.82,0,0,0-.26,1.12C113.75,189.84,114.46,189.71,114.78,189.55Zm.86-5.41a1.77,1.77,0,0,0,0,.23c-.36-.09-.76-.17-1.2-.29-.22-.75-.55-1.61-1.48-1.76a2.08,2.08,0,0,0-2.19,1.68.86.86,0,0,0-.19.54,1.07,1.07,0,0,0,.07.39c-.08.24-.24.34-.45.51a1,1,0,0,0-.06,1.42.56.56,0,0,0,.69.2.84.84,0,0,0,.66.38c.41,0,.86,0,.94-.38a1.56,1.56,0,0,0-.07-.8c.58-.1,1.17-.16,1.79-.24a2.92,2.92,0,0,0,1,1.18,1.06,1.06,0,0,0-.13.65c.15.65.74.46,1.28.47.22-.53.35-1,0-1.34a3.36,3.36,0,0,0,.42-.36,1.23,1.23,0,0,0,.37-1.24,1.82,1.82,0,0,0,.43-.24v-1.39a1.79,1.79,0,0,0-.83-.43A1,1,0,0,0,115.64,184.14Zm-5.34-.51c.13-.78,0-1.27-.45-1.37a1.41,1.41,0,0,0-1.39,1c-.1.42.47,1.07,1,1.15S110.21,184.14,110.3,183.63Zm-8,13.68a.64.64,0,0,0,.56,0c.11-.07.19-.57.07-.66s-.53.09-.66.21S102.24,197.28,102.31,197.31Zm14.13-83.77a1.38,1.38,0,0,1-.65.59.94.94,0,0,0-1.18.23,1.46,1.46,0,0,0-.27.17.73.73,0,0,0-.08.09,1.1,1.1,0,0,0-1.48.08l-.17.16a1.8,1.8,0,0,0-1-1,.61.61,0,0,0,.34-.32c.29-.53,0-.89-.49-1.14a1,1,0,0,0-.79,1.27,2.28,2.28,0,0,0,.4.17,1.08,1.08,0,0,0-1,1,1.37,1.37,0,0,0,.13.66.66.66,0,0,0-.07.87c.38.59.82.87,1.13.7a1.38,1.38,0,0,0,.44-1,1.43,1.43,0,0,0,.52-.23,1.69,1.69,0,0,0,.41.84,1.4,1.4,0,0,0,.84.47l.12.09c.77.51,1.19.42,1.65-.39l.31-.51a6.52,6.52,0,0,0,1-.25s-.09,0-.12.08a1.75,1.75,0,0,0-.07,2.18,1.12,1.12,0,0,0,1.15.15v-2.45a1.33,1.33,0,0,0-.55-.09,1.12,1.12,0,0,0,.55-.51v-1.76A.81.81,0,0,0,116.44,113.54Zm-10.92,76.52c.6.26,1.24.57,1.78,0a1.14,1.14,0,0,0,.25-.44,1.55,1.55,0,0,0,1.17-1,1.08,1.08,0,0,0-.65-1.16c-.91-.2-1.69.1-1.8.68a.54.54,0,0,0,0,.18h0a1,1,0,0,0-.6.41.66.66,0,0,0,.12-.27.91.91,0,0,0-.76-1,.85.85,0,0,0-.9.81.72.72,0,0,0,.66.86,1,1,0,0,0,.85-.39A2.09,2.09,0,0,0,105.52,190.06Zm2.59-7.82a1.17,1.17,0,0,0-1.12-.8c-1.77.08-2.16.43-2.33,2.18,0,0,0,0-.06,0a2.72,2.72,0,0,0-.09-.59.54.54,0,0,0-.82-.34.67.67,0,0,0-.37.94,1.76,1.76,0,0,0,.71.48.75.75,0,0,0-.22,1,.84.84,0,0,0,.93.37,1.72,1.72,0,0,0,.79.44,1.74,1.74,0,0,0,1.1-.2c.21.7.77.94,1.61.72a1.73,1.73,0,0,0,.32-.11c.72-.31.88-.76.5-1.44s-.67-1.06-1.62-.85a.31.31,0,0,0,0-.08,3.4,3.4,0,0,1,.45-.7A.8.8,0,0,0,108.11,182.24Zm4.11-72.36a.73.73,0,0,0-1.09-.13,1.46,1.46,0,0,0-.16.19,1.18,1.18,0,0,0-.91,1.1.85.85,0,0,0,.19.68.53.53,0,0,0-.2.25.45.45,0,0,0,.21.59.47.47,0,0,0,.7-.28.41.41,0,0,0,0-.15l.21.05c.6.08,1.07-.18,1.15-.65a1.16,1.16,0,0,0-.12-.65A.75.75,0,0,0,112.22,109.88ZM91.71,154a1.34,1.34,0,0,0,.74-1.2,1.13,1.13,0,0,0-.62-1,1.36,1.36,0,0,0-1.29-.07c-.38.25-.88.38-1,.73h0c-.31-.05-.9.42-1,.79a.91.91,0,0,0,.7,1.11,1.11,1.11,0,0,0,1-.42A1.76,1.76,0,0,0,91.71,154Zm-5.06-20.48a1.94,1.94,0,0,0-2,1.39,1.35,1.35,0,0,0,.55,1.35,1.67,1.67,0,0,0,1,.89c.84.27,1.49-.14,1.77-1.11a1.59,1.59,0,0,0-.1-1.31A1.82,1.82,0,0,0,86.65,133.48Zm-.39,25.7c.08.61,1,.91,1.93.81a1.36,1.36,0,0,0,.83-.62,1.71,1.71,0,0,0,.27.09c.73.16,1.27-.08,1.37-.61a2,2,0,0,0-1-1.62,1,1,0,0,0-1,.4,1.51,1.51,0,0,0-1.47-.14A1.59,1.59,0,0,0,86.26,159.18Zm.49-7.23a1.2,1.2,0,0,0,1.18-.83.85.85,0,0,0,0-.16c.62.23,1.08-.24,1.51-.77-.22-.62-.42-1.31-1.19-1.33a.94.94,0,0,0-1,.75.67.67,0,0,0-.35-.2c-.56-.07-1.2.58-1.32,1.32S85.9,151.84,86.75,152Zm6.88-22.4a1,1,0,1,0-1.84,1,1,1,0,0,0,1.08.39,1.81,1.81,0,0,0-.37.18,1.37,1.37,0,0,0-.52-.2,1.09,1.09,0,0,0-1.33.73,1.4,1.4,0,0,0,.84,1.47,1.14,1.14,0,0,0,.27,0,1.18,1.18,0,0,0,.17.51c.38.52,1.13.26,1.26.39s-.22,1.12.26,1.76a2,2,0,0,0,2.22.28,1.93,1.93,0,0,0,.89-1.09,1.66,1.66,0,0,0-.18-1.16c0-.66-.28-1.14-.79-1.18a1.73,1.73,0,0,0-1.12.44l-.08,0c-.13-.19.32-1.15-.22-1.75a1.22,1.22,0,0,0-1.18-.38,1.84,1.84,0,0,0,.36-.15A.79.79,0,0,0,93.63,129.55ZM98.22,140a.74.74,0,0,0-1.26.26.76.76,0,0,0,.94.8.85.85,0,0,0,.74,1c.3.05.61-.47.55-.84s-.57-.58-.94-.48A.8.8,0,0,0,98.22,140Zm2.32,2a6.68,6.68,0,0,0-.55,1c-.17,0-.36,0-.54.08a1.87,1.87,0,0,0-.61.28,1.22,1.22,0,0,0-1.34-.51c-.14.73-.06,1.14.25,1.3a2.5,2.5,0,0,0-.48.63c-.24.41-.24.86.2,1.08a2.29,2.29,0,0,1,.9.95,1.65,1.65,0,0,0,2.41.59,2.48,2.48,0,0,1,.52-.21c.65.13.94-.11,1.1-.47s0-.72-.35-1-.66-.59-1-.87l-.06-.05c0-.12,0-.23,0-.36s0-.37-.08-.56c.37,0,.71-.05,1-.12l.11,0,0,0a1.37,1.37,0,0,0,.75,0,.57.57,0,0,0-.2.38c0,.24.28.91.56.91s.59-.54.6-.75a.82.82,0,0,0-.43-.63.44.44,0,0,0-.22,0,1.3,1.3,0,0,0,.62-.79,1.63,1.63,0,0,0-.9-2.15,1.39,1.39,0,0,0-.67,0,.8.8,0,0,0,0-.74.89.89,0,0,0-1-.59.72.72,0,0,0-.27.09.37.37,0,0,0-.18,0c-.27.07-.43.63-.37,1.06a.45.45,0,0,1,0,.11l.07,0a.46.46,0,0,0,.22.3.65.65,0,0,0,.34.07,1,1,0,0,0,.35.11,1.48,1.48,0,0,0-.3.42A1.52,1.52,0,0,0,100.54,142Zm5.57-10.3a.82.82,0,0,0-.88.63.9.9,0,0,0,.66,1,.93.93,0,0,0,.56-.09,1.65,1.65,0,0,0-.19.67,1.6,1.6,0,0,1-.36,1.13,1.38,1.38,0,0,0-.31,1.19,1.59,1.59,0,0,0-.46.93,1.26,1.26,0,0,0,1,1.52,1.42,1.42,0,0,0,.41,0c-.08.51.32,1,1,1.18a1.23,1.23,0,0,0,1.43-.57,1.59,1.59,0,0,0-.82-1.7h0a.65.65,0,0,0,.06-.23s0,0,0-.07a1.82,1.82,0,0,0,.19-.31,2.71,2.71,0,0,0,.1-1.86,1.31,1.31,0,0,1,.05-.71,1.1,1.1,0,0,0-.77-1.68.54.54,0,0,0,.15-.29c.07-.38-.31-.83-.82-1A1.15,1.15,0,0,0,106.11,131.71Zm-20.39.89a.76.76,0,0,0,.89-.65A.72.72,0,0,0,86,131a.89.89,0,0,0-.43,0,1.37,1.37,0,0,0-.89-.82c-.42-.09-.75.16-.88.67-.19.76-.06,1.26.35,1.39a1.14,1.14,0,0,0,.88-.19A.91.91,0,0,0,85.72,132.6Zm1.89,24.2a1.17,1.17,0,1,0,.29-2.32,1,1,0,0,0-1,.74C86.79,156.1,87.07,156.73,87.61,156.8Zm-9-38.68c-.29-.09-.65.32-.88.7a1.6,1.6,0,0,0-2,.79,2,2,0,0,0,1.09,2.16,1.53,1.53,0,0,0,1.86-.83,1.71,1.71,0,0,0,.15-1.06,2.06,2.06,0,0,0,.3-.42C79.24,119.24,79.05,118.24,78.63,118.12Zm-8.35,10a.68.68,0,0,0-1,.48.84.84,0,0,0,.54,1.08.89.89,0,0,0,1-.49A.85.85,0,0,0,70.28,128.08Zm6.34,18.24c-.25-.49-.69-.51-1.21-.28-.09.44-.26.93.28,1.17a1,1,0,0,0,.79-.22A.73.73,0,0,0,76.62,146.32Zm4-30.83c-.13.07-.12.45,0,.57s.52.34.66.21,0-.59,0-.69A.61.61,0,0,0,80.62,115.49Zm1.6-2.44a.91.91,0,0,0-1,.83,1.08,1.08,0,0,0,.84,1.06c.36,0,1.06-.61,1.08-1S82.61,113.1,82.22,113.05Zm-2.8,3.64c-.28.24-.63.39-.64.89a1.13,1.13,0,0,0,1.29,1,1.52,1.52,0,0,0,.78-.41.89.89,0,0,0,1.29,0,.88.88,0,0,0,0-1.13,1,1,0,0,0-1-.16,1.28,1.28,0,0,0-.59-.54C80,116.15,79.73,116.41,79.42,116.69ZM74.3,161.52a1.2,1.2,0,0,0,1.35-.91c.16-.6,0-1-.54-1.16l-.24,0s0,0,0-.07c0-.21-.33-.41-.49-.46s-.28.16-.42.26l.22.3a1.19,1.19,0,0,0-.93.75A1.34,1.34,0,0,0,74.3,161.52ZM70.58,139a1.4,1.4,0,0,0,1.7-.8.62.62,0,0,0,.54-.51.69.69,0,0,0-.29-.8,1.43,1.43,0,0,0-1-1,1.77,1.77,0,0,0-2.07,1.13A1.85,1.85,0,0,0,70.58,139Zm5.87,17.69c.12-.68-.64-1.24-.92-1.29a1.26,1.26,0,0,0-.91,1.27.85.85,0,0,0,.91.7A.84.84,0,0,0,76.45,156.73Zm-3-2.35a1,1,0,0,0,1.08-.89c-.16-.18-.35-.57-.66-.73s-1,.2-1.08.72A.78.78,0,0,0,73.5,154.38Zm9.11-34.78a1.2,1.2,0,0,0-1.35,1.18c0,1.25.31,1.44,1.48,1.73a1.39,1.39,0,0,0,1.56-1.28C84.38,120.51,83.56,119.72,82.61,119.6Zm12.44,49.51c.16.65.7.71,1.37.59.17-.51.47-1,0-1.39a.73.73,0,0,0-1,0A1.06,1.06,0,0,0,95.05,169.11Zm-.49-4.66a1.23,1.23,0,0,0-.8.2l-.11-.07a1,1,0,0,0-.67-.44.87.87,0,0,0-1,.69,1,1,0,0,0,.65.95,1.26,1.26,0,0,0,.37.27,1.57,1.57,0,0,0,1.13,1.47,1.59,1.59,0,0,0,1.82-1A2.12,2.12,0,0,0,94.56,164.45Zm2.81-2.67a1.2,1.2,0,0,0-1.11-1.41,4.19,4.19,0,0,0-.48,0,1.45,1.45,0,0,0,.71-.67,1.53,1.53,0,0,0-.6-1.94,1.67,1.67,0,0,0-1.23-.27,2.28,2.28,0,0,0-.79-.79l-.58.26a1.25,1.25,0,0,0,.4-.89,1.39,1.39,0,0,0-.31-.82.89.89,0,0,0,.16-1.29.87.87,0,0,0-1.12-.11,1,1,0,0,0-.29,1,1.22,1.22,0,0,0-.61.53c-.2.44,0,.77.25,1.11s.31.68.81.75a.76.76,0,0,0,.3,0,1.26,1.26,0,0,0-.43,1.47,1.53,1.53,0,0,0,1.08.82,1.32,1.32,0,0,0,.68,1,1.36,1.36,0,0,0,.82.1,2.27,2.27,0,0,0-.57,1.16,1.39,1.39,0,0,0,1.19,1.63C96.37,163.5,97.21,162.72,97.37,161.78Zm-5.92-5.29c0-.21-.36-.31-.55-.26s-.4.29-.32.5a.43.43,0,0,0,.47.3A.62.62,0,0,0,91.45,156.49ZM90,191.16a.86.86,0,0,0-.94.77.8.8,0,0,0,.57.95.76.76,0,0,0,.94-.37.37.37,0,0,0,.16.35.45.45,0,0,0,.55-.1.61.61,0,0,0-.08-.67c-.14-.13-.41,0-.54.14A.91.91,0,0,0,90,191.16Zm21.61,29.49a2.38,2.38,0,0,0,.33-.74.85.85,0,0,0-1.21-.22c-.32.25-.2.52,0,.78A.56.56,0,0,0,111.63,220.65ZM116.74,239a1.68,1.68,0,0,0,.78.85v-2.53A1.65,1.65,0,0,0,116.74,239ZM94.5,201.43c-.13-.15-.61-.1-.77,0s-.31.77-.13.92.76,0,.83-.18S94.64,201.57,94.5,201.43ZM117,260.18a.81.81,0,0,0,.55,1.52v-2c0,.12-.06.23-.08.35A.85.85,0,0,0,117,260.18ZM95,206a.49.49,0,0,0,.06-.67c-.24-.25-.53.09-.66.21s0,.42,0,.45A.68.68,0,0,0,95,206Zm-11.5-24.4c.22-.12.14-.51.07-.58s-.26-.36-.51-.23a.31.31,0,0,0-.14.45C83,181.33,83.22,181.67,83.45,181.55Zm7,24.76a1.88,1.88,0,0,0,.74-2.37,2,2,0,0,0-2.33-.6c-.75.4-.9,1.42-.34,2.41A1.42,1.42,0,0,0,90.46,206.31ZM88.27,188.4a1.36,1.36,0,0,0-1,.83c-.07.29-.2.57-.25.83a1.14,1.14,0,0,0-.3-.09c-.4,0-.51.24-.57.54s.16.81.55.76a2.61,2.61,0,0,0,.75-.3s0-.06,0-.09l.22.08a1.42,1.42,0,0,0,.81.12,1.79,1.79,0,0,0,1.19-1,1.33,1.33,0,0,0-.28-1.38A1.15,1.15,0,0,0,88.27,188.4Zm-3,12.37a1.43,1.43,0,0,0,1.34.61,1.23,1.23,0,0,0,.47-1.27.64.64,0,0,0-.92-.33C85.55,200.05,85.21,200.44,85.32,200.77Zm1.94-7.71a1,1,0,0,0-.21,1.22c.51.72,1.14,1,1.59.67a1.5,1.5,0,0,0,.21-1.77A1.47,1.47,0,0,0,87.26,193.06Zm7,21.73a.35.35,0,0,0-.08-.13,1.35,1.35,0,0,0-1-.3.41.41,0,0,0-.3.33,1.41,1.41,0,0,0-.68.44,1.6,1.6,0,0,0,.14,2.14,1.64,1.64,0,0,0,2.16.09,2.11,2.11,0,0,0-.14-2.5S94.27,214.82,94.23,214.79Zm-5.42-14c-.31.44-.59.89-.09,1.29s.89.1,1.21-.29A1,1,0,0,0,88.81,200.78Zm17-31.45a1.38,1.38,0,0,0,0,.25.41.41,0,0,0-.29.21c-.08.21.31.46.4.45a.5.5,0,0,0,.2-.08c.19.16.43.29.64.46.59-.38,1-.72.79-1.41a.69.69,0,0,0-.87-.51A1.37,1.37,0,0,0,105.78,169.33Zm-7.93,55.39a.35.35,0,0,0-.43-.12.57.57,0,0,0-.2.52c0,.12.4.4.6.3S97.91,224.89,97.85,224.72Zm-3.72-5.32c-.14-.09-.56.08-.74.25a.42.42,0,0,0,.12.73c.26.09.94.3,1.13,0S94.34,219.54,94.13,219.4Zm.4.09a.86.86,0,0,0,.94.6c.5-.15.64-1.26.3-1.51S94.42,219,94.53,219.49ZM79.15,139.14a1.61,1.61,0,0,0,.7-1.81.67.67,0,0,0-.06-.12c-.05-.49-.43-1.07-.8-1.13a1,1,0,0,0-1,.7.9.9,0,0,0-.16,0,1.54,1.54,0,0,0-.82,1.82A1.6,1.6,0,0,0,79.15,139.14Zm-3.51,2.21c-.21.14-.11.73-.1,1.12,0,.1.17.2.34.39.29-.31,1-.5.9-1S76.09,141,75.64,141.35ZM78,153.11a1.1,1.1,0,0,0,1.35-.78.7.7,0,0,0-.47-.9.92.92,0,0,0-1.13.22A1,1,0,0,0,78,153.11Zm-.2-18.51a1,1,0,0,0,.61-.11,1,1,0,0,0,.36-.75c0-.17-.29-.43-.5-.51a5.2,5.2,0,0,0-.68-.17,2.8,2.8,0,0,0-.06-.28.77.77,0,0,0-1-.58.81.81,0,0,0-.65.93,2.43,2.43,0,0,1,0,.76,1.23,1.23,0,0,0,.64,1.51C77.06,135.72,77.54,135.52,77.79,134.6Zm1.12,21.06a.94.94,0,0,0,1.08-.72.92.92,0,0,0-.66-1,1,1,0,0,0-1,.69A.86.86,0,0,0,78.91,155.66Zm5.32,8.55a.76.76,0,0,0,.6.92.7.7,0,0,0,.87-.38,1.9,1.9,0,0,0,.88.93c.66.32,1.29-.37,2-.32A2,2,0,0,0,90,165a1.53,1.53,0,0,0,1.1-1.25,1.27,1.27,0,0,0-.65-1.41c0-.06-.07-.1-.1-.15l0-.12a1.65,1.65,0,0,0-1.31-1.63,1.8,1.8,0,0,0-1.62.72.84.84,0,0,0-.48.09,2.64,2.64,0,0,0-1.51,2.35.63.63,0,0,0-.23-.12A.83.83,0,0,0,84.23,164.21Zm-1.6,18.85a1,1,0,0,0,.38-1.5.88.88,0,0,0-1.43.28,1.21,1.21,0,0,0,.16,1A1,1,0,0,0,82.63,183.06Zm-.14-10.7c-.47-.05-1,.5-1.13,1.08a1.09,1.09,0,0,0,1,1.36c.7.1,1.26-.2,1.32-.73A1.71,1.71,0,0,0,82.49,172.36Zm-1.69,7.31a6.89,6.89,0,0,0,1.65-.72,1.72,1.72,0,0,0,.47-1.95c-.16-.35-.43-.58-.79-.48a4.84,4.84,0,0,0-2.53,1.34,1.65,1.65,0,0,0-.2.41C79.19,179.27,79.86,179.93,80.8,179.67Zm-1.11-3.92a.79.79,0,0,0,.9-.66.6.6,0,0,0-.6-.76,2.11,2.11,0,0,0-.77.35C79.09,175.31,79.31,175.68,79.69,175.75Zm16,45.16a1.58,1.58,0,0,0,.26,1.87,1.26,1.26,0,0,0,1.58-.41,1.23,1.23,0,0,0,.31-1.19h0c.32.09.93-1.27.75-1.61s-1-.16-1.37.39a.61.61,0,0,0,0,.65A1.43,1.43,0,0,0,95.66,220.91Zm7.93-75.14a1,1,0,0,0,.8,1.18,1.17,1.17,0,0,0-.32.56,1.82,1.82,0,0,0,.39,1.61c-.49.08-1,.5-1.55.51-1.8,0-2,1.36-1.79,2.56a1.8,1.8,0,0,0,.4.79,1.31,1.31,0,0,0,.63.71.67.67,0,0,0-.07.18,1.63,1.63,0,0,0,1,1.64,1.58,1.58,0,0,0-.28,1c-.63-.12-1.1.07-1.23.54a1.91,1.91,0,0,0,.87,1.68,1.09,1.09,0,0,0,1.34-.87,1.35,1.35,0,0,0,.07-.41,1.37,1.37,0,0,0,1.1-.12,1.58,1.58,0,0,0,.82-1.75A1,1,0,0,0,105,155a1.15,1.15,0,0,0,.24-.43,1.78,1.78,0,0,0-.08-1.12,2.57,2.57,0,0,0,.5-3.79,1.67,1.67,0,0,0,.53-3.16.38.38,0,0,0,.08-.17,1.51,1.51,0,0,0-.94-1.73A1.54,1.54,0,0,0,103.59,145.77Zm2.61-2.13a1.41,1.41,0,0,0,1.74-.86,1.84,1.84,0,0,0-.86-2.23,1.9,1.9,0,0,0-2.1,1.17A1.79,1.79,0,0,0,106.2,143.64Zm1.22-16.32a1.79,1.79,0,0,0,.66,1.64,1.15,1.15,0,0,0,1.47-.86c.18-.52-.22-1-1-1.29A.85.85,0,0,0,107.42,127.32ZM104.17,135a1,1,0,0,0-1.12.66,1,1,0,0,0,.75,1.09.87.87,0,0,0,1-.63A1,1,0,0,0,104.17,135Zm6-13a2.58,2.58,0,0,0-.77.25,1.61,1.61,0,0,0,0,.22,1,1,0,0,0-.23-.06c-.58-.09-1,.29-1.13,1s.24,1.26,1.08,1.37,1.38-.28,1.43-.77a1.24,1.24,0,0,0-.21-.71.64.64,0,0,0,.32-.46C110.84,122.36,110.62,122,110.22,122Zm.09,6.55a1.8,1.8,0,0,0-1.55.86,1.16,1.16,0,0,0,1,1.35c.54.11,1-.35,1.16-1.1C111.07,129.05,110.8,128.59,110.31,128.53ZM96.45,145.87a.81.81,0,0,0,.17-1c-.26-.35-.55-.29-1.26.26A.77.77,0,0,0,96.45,145.87Zm1-7.81a.75.75,0,0,0-.64.13.25.25,0,0,0-.12,0,1.36,1.36,0,0,0-.85.53c-.18.29.27.84.67.81l.08,0a.64.64,0,0,0,.35.28,1.09,1.09,0,0,0,1.12-.76A.82.82,0,0,0,97.5,138.06Zm4.89-.63c0-.17,0-.52-.3-.55s-.47.33-.48.46.08.46.29.51.35-.11.43-.25a1.68,1.68,0,0,0,.41,1.08,1.35,1.35,0,0,0,0,.6c.18.64,1,.51,1.33.32s0-.49-.13-.87a1.76,1.76,0,0,0,.63-.79.7.7,0,0,0-.5-.95C103.24,136.75,102.61,136.93,102.39,137.43Zm-3.67,10.75a1.59,1.59,0,0,0-1.89.85,2.11,2.11,0,0,0,1.24,2.18,1.2,1.2,0,0,0,.86-.16,1,1,0,0,0,.69.58.85.85,0,0,0,1-.6,1,1,0,0,0-.77-1.08h-.17A1.59,1.59,0,0,0,98.72,148.18Zm11.34-16.45a.87.87,0,0,0,.5,1.11.89.89,0,0,0,1.1-.53,1,1,0,0,0-.56-1.2A.86.86,0,0,0,110.06,131.73Zm-.71,40.09a2.1,2.1,0,0,1,1.44,1.4,2.39,2.39,0,0,1,.06,1.64,1.27,1.27,0,0,1,.16,1.39,1.41,1.41,0,0,1-1.25.05c-.44.23-.94,0-1.48.12a1.85,1.85,0,0,1-1.56-.15,1.82,1.82,0,0,1-.73-.93,3.45,3.45,0,0,1-.12-.46,1.51,1.51,0,0,1-.58.71,1.26,1.26,0,0,1-1.83-.47,1.51,1.51,0,0,1,.22-2.2,1.77,1.77,0,0,1,1.74.07.05.05,0,0,0,0,0,1.36,1.36,0,0,1,.28-1,.56.56,0,0,1,.59-.24c.23-.35.54-.63.76-.61a.5.5,0,0,1,.3.16l0,0a1.32,1.32,0,0,1,1.65.16.29.29,0,0,0,.34.42Zm-3.37,1.6-.18,0a2.56,2.56,0,0,1,.11.24C105.94,173.55,106,173.48,106,173.42Zm9.85,3.87a1.55,1.55,0,0,0,.69-1.88,1.61,1.61,0,0,0-2.19-.34,2.61,2.61,0,0,0-.28.31.83.83,0,0,0-.88.08,1,1,0,0,0-.08,1.4,6,6,0,0,0,.68,0h0C114,177.5,115,177.58,115.83,177.29Zm-4.71-7.69a.94.94,0,0,0-.62-.53.81.81,0,0,0-1,.63c-.15.61.45,1,.79,1.1S111.32,170.24,111.12,169.6Zm-5-3c-.39-.07-.85.21-.85.54a.77.77,0,0,0,.61.84.73.73,0,0,0,.84-.7A.64.64,0,0,0,106.09,166.59Zm-9.31-30.92a.6.6,0,0,0-.74.64,2.27,2.27,0,0,0,.4.76c.62.09,1-.15,1-.53A.81.81,0,0,0,96.78,135.67Zm15.6-11.4a1.66,1.66,0,0,0-.6.73,1.64,1.64,0,0,0,1.22,1.89,1.85,1.85,0,0,0,2-1.11,1.66,1.66,0,0,0-1-2,1.2,1.2,0,0,0-.56,0A.78.78,0,0,0,112.38,124.27Zm1.86,58.44a.81.81,0,0,0,.93-.76c.14-.92-.1-1.39-.75-1.51a1.4,1.4,0,0,0-1.31,1C113.06,181.89,113.72,182.62,114.24,182.71Zm-.6-54.7a.81.81,0,0,0-1.07.35s0,.07,0,.11a4.71,4.71,0,0,0-.26-.47.84.84,0,0,0-1,.77c0,.41.26.5.57.55a.65.65,0,0,0,.63-.24l0,.09c.22.46.62.48,1.51.17C114.09,128.85,114.3,128.28,113.64,128Zm-2.15-10.51c-.14.31-.14.74.26.83a1,1,0,0,0,.86-.27c.11-.24-.08-.63-.13-.85C111.9,117,111.63,117.19,111.49,117.5Zm-9.26,70.58a1.05,1.05,0,0,0-.69-.79.94.94,0,0,0-1.16.62,1.37,1.37,0,0,0,1,1.38.78.78,0,0,0,.92-.63,1.25,1.25,0,0,0,0-.43.7.7,0,0,0,.08.2,1.41,1.41,0,0,0,1.46.17,1.2,1.2,0,0,0,.08-1.26.89.89,0,0,0-1.28-.23A1.1,1.1,0,0,0,102.23,188.08ZM88.72,126.43a.9.9,0,0,0,.69,1,.85.85,0,0,0,1-.74.73.73,0,0,0-.6-.91A1,1,0,0,0,88.72,126.43ZM88,128.9a1.66,1.66,0,0,0-1.26,1,1.73,1.73,0,0,0,.93,2.06,2.39,2.39,0,0,0,2.19-1.19,1.3,1.3,0,0,0,1.29-1.19,1.69,1.69,0,0,0-1.29-1.85A1.76,1.76,0,0,0,88,128.9Zm29,69.67a2,2,0,0,0,.56.62v-2.74a1.39,1.39,0,0,0-.19.06A1.34,1.34,0,0,0,117,198.57ZM88.17,126.71a1.6,1.6,0,0,0-1-1.58,1.49,1.49,0,0,0-1.4.91.21.21,0,0,0,0,.08,1.58,1.58,0,0,0-.83-.34,1.29,1.29,0,0,0-1.45.85.58.58,0,0,0-.18,0,1.42,1.42,0,0,0-1,.43.41.41,0,0,0-.32.3.49.49,0,0,0,0,.12,1.54,1.54,0,0,0-.2.54,1.67,1.67,0,0,0,.38,1.18,4.08,4.08,0,0,0-.46.54c.41.92.72,1.19,1.26,1.06a.84.84,0,0,0,.68-.79.87.87,0,0,0,0-.23,1.66,1.66,0,0,0,1.11-.71,1.68,1.68,0,0,0,1.65-1.27,2.09,2.09,0,0,0,0-.5C87.22,127.51,88,127.28,88.17,126.71Zm28-14.91s0,0,0,0a1.51,1.51,0,0,0-.27-.69,1.69,1.69,0,0,0-.91-.58,2.28,2.28,0,0,0,.24-.44,1.26,1.26,0,0,0-.68-1.76,1.7,1.7,0,0,0-2.15,1,1.74,1.74,0,0,0,.77,1.82,2,2,0,0,0,.07,2.07c.52.67,1.55.64,2.43-.07a1.4,1.4,0,0,0,.47-.76.5.5,0,0,0,.39.28c.25,0,.72.2,1,0v-.89c-.15-.16-.34-.3-.45-.4C116.79,111.18,116.36,111.39,116.17,111.8ZM79.61,140.58c-.82-.29-1.6-.1-1.78.44a1.44,1.44,0,0,0,.83,1.58,1.28,1.28,0,0,0,1.46-.77A1.08,1.08,0,0,0,79.61,140.58Zm36.75,60.86a1.31,1.31,0,0,0,.37-.33,1.45,1.45,0,0,0,.62-.42,1,1,0,0,0-.38-1.37,1.19,1.19,0,0,0-.16-.08l0-.1a1.56,1.56,0,0,0-2.18-.51,1.33,1.33,0,0,0-.36,2C114.78,201.58,115.6,201.9,116.36,201.44ZM81.67,122.91a.79.79,0,0,0-1,.57.86.86,0,0,0,.58,1.16,1,1,0,0,0,1.08-.61A1,1,0,0,0,81.67,122.91Zm-1.24,13a.64.64,0,0,0,.39,0,1,1,0,0,0,.22.23,2.27,2.27,0,0,0,.61.34,1.82,1.82,0,0,0-.07.25,1.49,1.49,0,0,0,1,1.66c.69.15,1.52-.62,1.67-1.54a1.09,1.09,0,0,0-.35-1,.67.67,0,0,0,.62-.77c0-.51-.5-1.05-.93-.88.58-.12.64-.61.55-1.1a1,1,0,0,0-1.49.21c.13.51.3,1,.92.9h0A1.48,1.48,0,0,1,82,134a1.48,1.48,0,0,0-1.16.12.65.65,0,0,0-.63.52C80,135.26,80.11,135.78,80.43,135.9Zm-1-2.12a1.39,1.39,0,0,0,1.38-.91.58.58,0,0,0,0-.31c.49-.11.8-.33.79-.61a1.43,1.43,0,0,0-1.08-1c-.23,0-.52.27-.69.58h0a.8.8,0,0,0-1,.69C78.62,133.12,78.82,133.61,79.47,133.78Zm23.9,39c.31-.62.23-.92-.36-1.45a2.24,2.24,0,0,0,.76-.47,1.31,1.31,0,0,0,.34-.58l0,.11a.48.48,0,0,0,.73.09.53.53,0,0,0,0-.66.45.45,0,0,0-.6-.17.39.39,0,0,0-.1.08,2.88,2.88,0,0,0-.39-2c-.57-.62-1.49-.16-1.68-.31s.11-1.48-.61-2.22a2.51,2.51,0,0,0-2.9,0,3.78,3.78,0,0,0-.74.85.64.64,0,0,1-.32-.14c-.37-.29-.66-.18-1.06.13s-1,.8-.53,1.34.86.31,1,.16.59-.14.49.07,0,.5.53.78a1.19,1.19,0,0,0,.28.1,1.4,1.4,0,0,0,.39.26,1.78,1.78,0,0,0,.52.1h0c.65.05,1.35-.11,1.51.06s-.13,1.27.36,2a1.06,1.06,0,0,0,0,.31l.65.54c0,.79.27,1.49.72,1.57A.8.8,0,0,0,103.37,172.81Zm-5.85-12a.31.31,0,0,0,.48-.19.31.31,0,0,0-.17-.46.32.32,0,0,0-.5.16C97.23,160.54,97.28,160.69,97.52,160.79ZM92.26,134.5c-.67-.95-1.89-.93-2.2-.17,0,0,0,.08,0,.13a1.71,1.71,0,0,0-1.46,1.3,1.57,1.57,0,0,0,1.09,2,1.2,1.2,0,0,0,1.22-.25c.34-.08.61-.25.78-.13a5.9,5.9,0,0,1,.74,1.07,1.12,1.12,0,0,0-.84.35c-1,.94-1,1.87,0,2.65a3.24,3.24,0,0,1,.7,1.17,0,0,0,0,0,0,0,.87.87,0,0,0,.44.95,1.7,1.7,0,0,0,1.92,1.13c1.41-.25,1.68-1.38,1.46-1.94a2.71,2.71,0,0,0-.6-.78.44.44,0,0,0-.32-.49.43.43,0,0,1,0,0c0-.41.44.38.82-.91a1.68,1.68,0,0,0-.94-2,1.49,1.49,0,0,0-.45-2c-1-.76-1.59.39-2-.32S92.94,135.44,92.26,134.5Zm18.48,46.66a.71.71,0,0,0,1,.26.9.9,0,0,0,.6-.93,1.18,1.18,0,0,0,1-.57,1.78,1.78,0,0,0-.64-1.71c-.35-.19-.8-.51-1.14-.12a2,2,0,0,1-1.6.63,1,1,0,0,0-.25.06.83.83,0,0,0-1.1-.19l0,0a1.68,1.68,0,0,0-1.14-1,1.45,1.45,0,0,0-.58,0,.67.67,0,0,0-.12-.36,2.26,2.26,0,0,0-1.82-.58,1,1,0,0,0-.51.78,1.92,1.92,0,0,0-.42-.16,1.22,1.22,0,0,0-1.37.56,1.32,1.32,0,0,0-1.5-.32c-.39.24-.47,1.49-.12,2a1.18,1.18,0,0,0,1.34.24l0,0a1.24,1.24,0,0,0,1,.86,1.62,1.62,0,0,0,1.87-1.4,1.65,1.65,0,0,0,0-.32,1,1,0,0,0,.52,0l0,.09c-.2,1,.16,1.62,1.06,1.81a1.41,1.41,0,0,0,1.62-.76.92.92,0,0,0,1.06.2.64.64,0,0,0,.78.26,2.13,2.13,0,0,1,.37-.14A1.15,1.15,0,0,0,110.74,181.16ZM94.35,145.73c0,.12.24.39.37.38a.6.6,0,0,0,.45-.35c0-.14-.21-.31-.39-.55C94.59,145.43,94.37,145.57,94.35,145.73Zm-9.26,14.4a1.42,1.42,0,0,0,1.06-1c0-.34-.58-.86-1-.89a.65.65,0,0,0-.65.74C84.51,159.66,84.74,160.12,85.09,160.13Zm22.51,43.74a1.24,1.24,0,0,0,.19-.58,1,1,0,0,0,.14.71.81.81,0,1,0,1.27-1,.81.81,0,0,0-1.08-.32.86.86,0,0,0-.33.61,1,1,0,0,0-.32-.95,1.62,1.62,0,0,0-1.32-.14.91.91,0,0,0-.83.15c-.24.18-.07.76.24,1a.36.36,0,0,0,.17.07,1.86,1.86,0,0,0,.57.78A1,1,0,0,0,107.6,203.87Zm3.39-3.05c0-.19,1-.17,1.37-.81a.93.93,0,0,0,1-.26,1,1,0,0,0-.25-1.3.74.74,0,0,0-.77-.06,1.49,1.49,0,0,0-1.78-.85,3.13,3.13,0,0,1-1.34-.28v0a.9.9,0,0,0-1-.32,1.89,1.89,0,0,0-1.69.17.81.81,0,0,0-1.1.32c-.34.45-.34.9,0,1.1a.9.9,0,0,0,.35.11,1.39,1.39,0,0,0,.79,1.35c.57.21,1.28-.07,1.59.2s-.57.07.13,1.22S111.07,202.43,111,200.82Zm3.78-9.85c-.64.35-.43,1.27-.9,1.86a2.7,2.7,0,0,0-.22.33.88.88,0,0,0-1.4.07.58.58,0,0,0-.17-.35c-.35-.27-1.2.34-1.41.63a1,1,0,0,0,.14,1.12h0a.77.77,0,0,0-.62.6.93.93,0,0,0,.67,1.13.76.76,0,0,0,.46-.08.49.49,0,0,0,.23.62c.33.21.69.34,1,0a1,1,0,0,0-.29-1.22.6.6,0,0,0-.46.11.61.61,0,0,0,0-.12,1,1,0,0,0-.6-.95,1.86,1.86,0,0,0,.76-.41,1,1,0,0,0,.19-.5,1.15,1.15,0,0,0,.43.69.65.65,0,0,0,.75-.05,2.44,2.44,0,0,0,1.33,1.39,1.83,1.83,0,0,0,1.16.18l.08,0a.74.74,0,0,0,.26.4.77.77,0,0,0,1.1-.12.94.94,0,0,0,.18-.47v-.27a.77.77,0,0,0-.2-.46.94.94,0,0,0,.09-.27s0,0,0-.06a.52.52,0,0,0,.11-.1v-3.1a2.37,2.37,0,0,0-.75-.54A2.08,2.08,0,0,0,114.77,191ZM99.33,202c.18.41.57.45,1,.4s.88-.08,1.32-.15,1-.11,1.2-.68a.65.65,0,0,1,.39-.31,3,3,0,0,0,.83-.36.61.61,0,0,0,.11.27c.11.11.59.26.7.08a.56.56,0,0,0-.15-.59,1.5,1.5,0,0,0-.36-.15,1.77,1.77,0,0,0-.11-1c-.14-.46-.47-.75-.93-.58a2.17,2.17,0,0,1-1.31,0,1.65,1.65,0,0,0-1.29.2s0,0-.06-.07a.67.67,0,0,0-1.07.09.84.84,0,0,0,.11,1.2.81.81,0,0,0,.21.1c-.06.18-.13.34-.15.39C99.2,201.23,99.18,201.61,99.33,202Zm329.54-82.54c.09,0,.09-.3.13-.47a1.69,1.69,0,0,0-.57-.09c-.1,0-.34.36-.23.55S428.71,119.5,428.87,119.43ZM65,133.75a1,1,0,0,0,.57.62c.54.13,1.22-.26,1.21-.7s-.67-.73-1.19-.84c0-.13-.1-.25-.18-.28s-.6.14-.7.32,0,.82.21.89A.11.11,0,0,0,65,133.75Zm4.08-10c-.23-.07-.49.06-.7.62a.9.9,0,0,0,.44,1.26,1.31,1.31,0,0,0,1.72-.65c.32-.66,0-1,.24-1.35s.1-.68-.26-1-.92-.88-1.4-.36-.2.89,0,1S69.35,123.86,69.12,123.78ZM67.29,153c.38.06.75-.06.76-.46s-.09-1.11-.4-1.17-.77.55-.93.82S66.9,153,67.29,153Zm-1-9a.84.84,0,0,0,1.15-.4,1.4,1.4,0,0,0-.72-1.62,1,1,0,0,0-1.21.57A1.23,1.23,0,0,0,66.29,144.05Zm8-40.22a.67.67,0,0,0,.55.11.48.48,0,0,0,.2-.64c-.19-.29-.54,0-.69.08A.49.49,0,0,0,74.27,103.83Zm-6,28.74a.7.7,0,0,0,.28.17.91.91,0,0,0,1-.49c.08-.3-.29-.7-.77-.82a.47.47,0,0,0-.66.39,1.92,1.92,0,0,0,0,.22.26.26,0,0,0-.14-.1c-.22-.06-.42.36-.4.45a.78.78,0,0,0,.36.44S68.19,132.68,68.23,132.57ZM78,95.75a.92.92,0,0,0,.93-.65A1,1,0,0,0,78.24,94a.83.83,0,0,0-.91.66A.93.93,0,0,0,78,95.75Zm-2.19,4.47a.76.76,0,0,0,.15-1.1A.86.86,0,0,0,74.81,99a.72.72,0,0,0-.16,1.08A.89.89,0,0,0,75.79,100.22Zm3.14-7A.92.92,0,0,0,79,92.11a1.07,1.07,0,0,0-1.25-.18.84.84,0,0,0-.08,1.13A.93.93,0,0,0,78.93,93.24Zm-6,15.58c-.07.46.84,1.33,1.42,1.37a1.18,1.18,0,0,0,.17-2.33A1.45,1.45,0,0,0,72.92,108.82Zm-8,31c0-.16-.13-.26-.21-.28s-.23.12-.24.19,0,.24.13.27A.26.26,0,0,0,65,139.85Zm6.31,28.43c0,.05.07.23.1.23a1.89,1.89,0,0,0,.33-.13c0-.08,0-.23-.16-.27S71.3,168.21,71.26,168.28Zm8.84-67.92a.82.82,0,0,0,.2-1.21,1.77,1.77,0,0,0,.53-.64c.17-.45-.31-.94-.85-1a.77.77,0,0,0-.8.77.67.67,0,0,0,0,.24,1,1,0,0,0-.87.2,1.32,1.32,0,0,0,.12,1.66A1.2,1.2,0,0,0,80.1,100.36Zm-.45,88.3a.83.83,0,0,0-.11.56c0,.06.39.15.46.08s.35-.43.25-.63S79.7,188.58,79.65,188.66Zm-15-58.4c.68.24,1,.11,1.43-.6a13.36,13.36,0,0,0,1.61-.34.56.56,0,0,0,.1-1c-.54-.24-1.08-.66-1.78-.46l-.46.71c-.79.07-1.45.46-1.46.91A.79.79,0,0,0,64.67,130.26Zm99.85-56.53a.77.77,0,0,0-1.11,0,1,1,0,0,0,0,1.4,2.59,2.59,0,0,0,1-.06C164.85,74.82,164.86,74.14,164.52,73.73ZM72,162.82a.76.76,0,0,0-.46-1,.87.87,0,0,0-1,.51.73.73,0,0,0,.45,1A.9.9,0,0,0,72,162.82Zm-5.24-51.26a1.53,1.53,0,0,0-1.69,1,1.55,1.55,0,0,0,1.28,1.62,1.06,1.06,0,0,0,1.18-.94C67.63,112.6,67.2,111.67,66.71,111.56Zm.1,24.82c0,.09.12.41.2.41a.66.66,0,0,0,.52-.21.48.48,0,0,0-.19-.64C67,135.8,66.89,136.22,66.81,136.38Zm-2.24-11.49c.06-.24-.29-.44-.39-.43s-.45,0-.51.24a.31.31,0,0,0,.26.4C64.09,125.12,64.52,125.14,64.57,124.89Zm2.2-3.54a.79.79,0,0,0-1-.12c-.34.27-.27.56.32,1.24A.76.76,0,0,0,66.77,121.35Zm62.82-45.67a.93.93,0,0,0-1.12.5.91.91,0,0,0,.55,1.09.86.86,0,0,0,1-.62A.71.71,0,0,0,129.59,75.68Zm-2.5-1a1.35,1.35,0,0,0-1.18.35,1.09,1.09,0,0,0-.4.14.36.36,0,0,0-.06.45l.08.05a1.08,1.08,0,0,0,.46,1c.85.37,1.67.23,1.9-.32A1.62,1.62,0,0,0,127.09,74.69Zm-12.55.23a.6.6,0,0,0-.07,1,.87.87,0,0,0,.77-.06c.17-.14.45-.68.29-.91S114.76,74.82,114.54,74.92Zm-2.62,13.47c-.29-.52-1.13-.88-1.14-1.11s.89-.8.75-1.6a1.19,1.19,0,0,0-.44-.75c0-.05,0-.1,0-.14h0A.78.78,0,0,0,112,84a1.08,1.08,0,0,0-1-1.15,1.07,1.07,0,0,0-1,.59,1.78,1.78,0,0,0-2,.92,1.82,1.82,0,0,0,.43,1.77.93.93,0,0,0-.08.38c0,.64.81.83.84,1s-.79.82-.72,1.62c0,.64.78,1.2,1.35,1.37-.35.34-.63.67-.23,1.18a.88.88,0,0,0,1.1.34c.15-.07.37-.24.38-.38a8.47,8.47,0,0,0,0-1.22,1.23,1.23,0,0,0,.49-.29A1.55,1.55,0,0,0,111.92,88.39Zm4.69-6.18a8.78,8.78,0,0,0,0-1.13.83.83,0,0,0-.31-.55,1.2,1.2,0,0,0,0-1.32,1.5,1.5,0,0,0-1.19-.3.52.52,0,0,0-.45-.51c-.29,0-.63-.06-.79.15s0,.7.28,1a1.07,1.07,0,0,0,.17,1.42,1.21,1.21,0,0,0,.65.34,2.34,2.34,0,0,1-.13.7,1.24,1.24,0,0,0,.44,1.58,1.06,1.06,0,0,0,.32.16,1.33,1.33,0,0,0,0,.4,1.27,1.27,0,0,0-1,0,2,2,0,0,0-1.23,1.27c-.43-.06-.78,0-.91.5a.73.73,0,0,0,.24.65,1,1,0,0,0,.81.06l.14-.12a2.18,2.18,0,0,0,1.13.63.79.79,0,0,0,0,1,.89.89,0,0,0,1.21,0,.84.84,0,0,0,.3-.54,1.34,1.34,0,0,0,1.14,0l.13-.1V85.2l-.16,0a.77.77,0,0,0,.16-.07V82.23A1.66,1.66,0,0,0,116.61,82.21ZM80.77,188.75a.8.8,0,0,0,1-.43,1,1,0,0,0,0-.81c-.25-.44-.65-.43-1.51,0C80.26,188,80.09,188.53,80.77,188.75ZM159,77.09a.94.94,0,0,0-.3.87h1.65a1,1,0,0,0-.16-.69A.85.85,0,0,0,159,77.09ZM133,76.24a.76.76,0,0,0-1,.43,1.18,1.18,0,0,0,.18,1.29h1.35a.79.79,0,0,0,.14-.18A1.36,1.36,0,0,0,133,76.24Zm22.27-.86a1.22,1.22,0,0,0-.15,1.8c.36.48.93.49,1.6,0s.71-1,.4-1.34A2.24,2.24,0,0,0,155.23,75.38Zm-44.8,1.27a.85.85,0,0,0-.46-1.13.66.66,0,0,0-1,.35.83.83,0,0,0,.4,1.14A.89.89,0,0,0,110.43,76.65Zm24.78-1.16s0,0,0,0a1.37,1.37,0,0,0-.5-1.69,1.66,1.66,0,0,0-1.71.79,1.14,1.14,0,0,0,.68,1.64,1.4,1.4,0,0,0,.7,0,.82.82,0,0,0,.09.32.76.76,0,0,0,1.29-.28A.8.8,0,0,0,135.21,75.49ZM91.51,104a1.58,1.58,0,0,0-1.71.9.72.72,0,0,0,0,.56l-.09,0a.92.92,0,0,0-.49.64.81.81,0,0,0,.67.93.89.89,0,0,0,.93-.52l.16.09a1.51,1.51,0,0,0,1.43-.31,1.76,1.76,0,0,0-.38.82c-.14.71.69,1.15.84,1.89a3.49,3.49,0,0,0,.1.38.77.77,0,0,0-.74.4.66.66,0,0,0,.12,1,1.35,1.35,0,0,0,1,.23.66.66,0,0,0,.44-.61,2.44,2.44,0,0,0,1.92-.11l.05,0s0,0,0,0a2,2,0,0,0,2.36.55,1.56,1.56,0,0,0,.56-.63,2.09,2.09,0,0,0,.55.16,2.12,2.12,0,0,0,.5,0,2.75,2.75,0,0,0,.11.59l-.3-.08a1.56,1.56,0,0,0-1.8,1.33c-.13.81.33,1.38,1.27,1.55,1.1.21,1.88-.21,2-1.08a1.43,1.43,0,0,0-.52-1.37,1.77,1.77,0,0,0,.46.07,1.29,1.29,0,0,0,1.26-.92,1.41,1.41,0,0,0-.79-1.59,1.24,1.24,0,0,0-.44,0,1.57,1.57,0,0,0-1.49-1.39,1.49,1.49,0,0,0-1.39.75,1.25,1.25,0,0,0-1.42-.12.53.53,0,0,1,0-.12,5.62,5.62,0,0,1-.09-1.12,1.25,1.25,0,0,0,1.15-.56,1.42,1.42,0,0,0,.18-.86,1,1,0,0,0,.64-.33,2.56,2.56,0,0,1,.32,1.1.68.68,0,0,0,.88.65,1,1,0,0,0,.38-.14l.08.12c.93.83,1.3.68,2.28,0l.07-.06s0,0,0,0a1.4,1.4,0,0,0,.85.68c.43.08,1-.52,1.1-1.07a.66.66,0,0,0-.34-.64,1.65,1.65,0,0,0,.16-.52,1,1,0,0,0,.3,0,1.08,1.08,0,0,0,.19,0,1,1,0,0,0,.27.57.84.84,0,0,0,1.2,0,.93.93,0,0,0,.18-.85.48.48,0,0,0,.17.05.81.81,0,0,0,.84-.85c0-.4,0-.85-.43-.91a1.92,1.92,0,0,0-.55,0,1.86,1.86,0,0,0,0-.33.8.8,0,0,0,.63-.41.44.44,0,0,0,0-.2,1.86,1.86,0,0,0,1.23.49,2.47,2.47,0,0,1,.55.1c.47.45.84.42,1.16.22a.74.74,0,0,0,.31.12,1,1,0,0,0,1-.84.77.77,0,0,0-.55-.82,1,1,0,0,0,.19-.34,2.56,2.56,0,0,0-.57-.81.61.61,0,0,0-.66,0,1,1,0,0,0-.75-.69.61.61,0,0,1-.36-.33c-.56-1.09-.88-1.22-1.89-.71-.43.21-.66.59-.42,1a2.18,2.18,0,0,1,.25,1.29,1.6,1.6,0,0,0,0,.44,1.07,1.07,0,0,0-1.17.38s0,.06,0,.08a1.45,1.45,0,0,0-1.34.13,2.19,2.19,0,0,0-.39,2h0a1.28,1.28,0,0,0-1.17,0,1,1,0,0,0-.43.4,2,2,0,0,0-1.89.39,1.78,1.78,0,0,1,.23-.74,1.36,1.36,0,0,0-.61-1.45,1.8,1.8,0,0,0-1.68.74c0,.08-.09.17-.13.27a.61.61,0,0,0-.23,0,1,1,0,0,0-.78.68,1.18,1.18,0,0,0-.79.11c-.42.26-.41.66-.4,1.07,0,.11,0,.22,0,.32a2.48,2.48,0,0,0-2.56-.29,3.11,3.11,0,0,0-.72.48.76.76,0,0,0,.18-.31A1.6,1.6,0,0,0,91.51,104Zm-9.79-6.38a.84.84,0,0,0,1.14-.08,1,1,0,0,0,.24-.77.26.26,0,0,0,.16.09c.32,0,.61-.68.64-.94s-.34-.45-.57-.52-.64.07-.58.46c0,0,0,.05,0,.09a1.25,1.25,0,0,0-1.42.58A.85.85,0,0,0,81.72,97.61ZM94,87a1.08,1.08,0,0,0,.24-1.33c-.53-.69-1.29-1-1.74-.59a1.44,1.44,0,0,0-.15,1.77A1.3,1.3,0,0,0,94,87ZM81.65,94A1,1,0,0,0,83,93.8a2.54,2.54,0,0,0-.16-1c-.24-.42-.92-.36-1.29,0A.77.77,0,0,0,81.65,94ZM110.8,79.78a.71.71,0,0,0,0-1.08.94.94,0,0,0-1.22,0,.9.9,0,0,0,0,1.22A.84.84,0,0,0,110.8,79.78Zm-3,35.45a.59.59,0,0,0,.73,0h0a1.37,1.37,0,0,0,1.33-1,.76.76,0,0,0-.67-.88,1.17,1.17,0,0,0-1,.26l-.11,0a.38.38,0,0,0-.18-.32c-.3-.19-.49.22-.59.37s.06.37.13.41A1.34,1.34,0,0,0,107.82,115.23ZM101.7,86.31a1.57,1.57,0,0,0,2.35-2.06,1.55,1.55,0,0,0-2.32,0A1.58,1.58,0,0,0,101.7,86.31Zm-.58,5.76a1.16,1.16,0,0,0,.73,1.64,1.37,1.37,0,0,0,1.72-.88.8.8,0,0,0,.05-.44l.15.07a2.37,2.37,0,0,0,.08.34,3,3,0,0,1,0,1.36s0,0,0,0a.88.88,0,0,0-.14,1,1.7,1.7,0,0,0,1,2,1.56,1.56,0,0,0,2.28-.85,2.69,2.69,0,0,0-.09-1,1.92,1.92,0,0,0,1,0,.49.49,0,0,0-.2.36,1.38,1.38,0,0,0,.89,1.19h0a1.1,1.1,0,0,0-.44.38.41.41,0,0,0,.3.67c.27,0,1,.06,1.09-.24s-.44-.73-.7-.84a.84.84,0,0,0,.4-.26.86.86,0,0,0,.28.58c.22.2.76-.06.91-.41s-.39-1.1-.85-.9c0,0-.07.06-.11.09a.81.81,0,0,0-.81-.78,1.65,1.65,0,0,0-.38,0,1.15,1.15,0,0,0,.39-.4,2,2,0,0,0-.06-1.51A1.25,1.25,0,0,0,107,91.84c-.24,0-.4-1.54-1.74-1.27h-.06a1.42,1.42,0,0,0-.28-1.47,1.52,1.52,0,0,0,1.32-.42c.87-.71,1-1.58.47-2.25a1.62,1.62,0,0,0-2.34,0,1.57,1.57,0,0,0-.14,2.24l.17.16a1,1,0,0,0-1,.5,1.23,1.23,0,0,0,.59,1.54l.07,0a.81.81,0,0,0-.83.67s0,0,0,0a1.28,1.28,0,0,0-.58-.42A1.16,1.16,0,0,0,101.12,92.07Zm-8.83-4.38a.25.25,0,0,0,.21.29.27.27,0,0,0,.26-.24c0-.08-.15-.22-.22-.22S92.3,87.57,92.29,87.69Zm12.45-7.57c.07-.23,0-.67-.12-.77a.76.76,0,0,0-.71.2.8.8,0,0,0-.89.23c-.57.54-.74,1-.46,1.36a1.42,1.42,0,0,0,1.68.09.93.93,0,0,0,.18-.83A.7.7,0,0,0,104.74,80.12ZM78.32,194.93a.68.68,0,0,0-.19,1,.62.62,0,0,0,.87.24.66.66,0,0,0,.37-.91A.76.76,0,0,0,78.32,194.93Zm368.75-59.05a1.66,1.66,0,0,0-1.74.25,1.22,1.22,0,0,0-.47-.92,1.65,1.65,0,0,0-2.31-.18,2,2,0,0,0-.28,1.69.79.79,0,0,0-.92.46.93.93,0,0,0,.53,1.1.86.86,0,0,0,1.13-.43.58.58,0,0,0,.05-.16,1.59,1.59,0,0,0,1.66-.27l.09-.07a1.46,1.46,0,0,0,1.07,1.25,2.18,2.18,0,0,0,.72.16.74.74,0,0,0-.12.6A1.14,1.14,0,0,0,448,140a1.44,1.44,0,0,0,.89-1.28,1.14,1.14,0,0,0-.95-1A1.6,1.6,0,0,0,447.07,135.88Zm.56-17.31a1.35,1.35,0,0,0,.9.5c.67,0,.58-.65.68-1.18-.55-.35-1-.58-1.49-.1A.82.82,0,0,0,447.63,118.57ZM446,147.93a.57.57,0,0,0,.85-.41,2.81,2.81,0,0,0-.17-.79.85.85,0,0,0-1.11.54C445.5,147.66,445.75,147.81,446,147.93Zm4.11-32.34a.88.88,0,0,0,1.07-.6.82.82,0,0,0-.59-1c-.53-.2-1-.08-1.07.28A1.41,1.41,0,0,0,450.15,115.59Zm.54-4.25c.05-.14-.24-.48-.39-.58s-.41.08-.42.16a.62.62,0,0,0,.15.54C450.13,111.53,450.63,111.48,450.69,111.34Zm-14.46,32a.92.92,0,1,0,.64-1.73,1,1,0,0,0-1.16.63A.88.88,0,0,0,436.23,143.33Zm15-19.35c-.6-.22-1.33,0-1.48.44a1.7,1.7,0,0,0,.91,1.89,1.06,1.06,0,0,0,1.22-.74A1.15,1.15,0,0,0,451.27,124ZM440,149a.88.88,0,0,0-1.16.38.92.92,0,0,0,.42,1.16,1,1,0,0,0,1.25-.44A.86.86,0,0,0,440,149Zm-5.74-3.62c0,.06,0,.11,0,.17a1.43,1.43,0,0,0-.77-.76c-.51-.18-1.05.18-1.33.9a1.23,1.23,0,0,0,.42,1.48,1.6,1.6,0,0,0,1.78-.64.84.84,0,0,0,.06-.24,1.51,1.51,0,0,0,.53.5,2.72,2.72,0,0,0,1.85.3,1.27,1.27,0,0,1,.69.12,1.11,1.11,0,0,0,1.76-.59.59.59,0,0,0,.27.18c.37.11.85-.23,1-.72a1,1,0,0,0-.48-1.34.84.84,0,0,0-1.07.59h0a1.64,1.64,0,0,0-.78-.33,1.66,1.66,0,0,1-1.09-.48,1.77,1.77,0,0,0-1.69-.39A1.53,1.53,0,0,0,434.28,145.35ZM446,142.4a1.78,1.78,0,0,0-1-1.83,1,1,0,0,0-1.31.68,1.08,1.08,0,0,0,.73,1.59C445.1,143.08,445.85,142.88,446,142.4ZM455,125.09a.87.87,0,1,0,.71-1.57,1,1,0,0,0-1.12.55A.77.77,0,0,0,455,125.09Zm-22.33,15.23a.9.9,0,0,0,.69-.93c0-.65-.62-.74-1.16-1a2.12,2.12,0,0,0-.64.92,1.26,1.26,0,0,0-.54-.44,1.79,1.79,0,0,0-1.77.47c-.22-.25-.52-.31-1.1-.25l-.37-.32.15-.14c.34-.35.72-.68.56-1.27a.67.67,0,0,1,.13-.48,4.8,4.8,0,0,0,.35-.54.55.55,0,0,0,.39-.08.78.78,0,0,0,.12-.56s-.28-.13-.4-.1a1.8,1.8,0,0,0-.67-.72c-.39-.29-.83-.33-1.1.08a2.16,2.16,0,0,1-1,.8,1.66,1.66,0,0,0-.83,2.34,3,3,0,0,1,.16.54c-.2.63,0,.94.34,1.14a.65.65,0,0,0,.44.08,1.27,1.27,0,0,0,.39.45l.84-.1a1.82,1.82,0,0,0,1.34.66,1.31,1.31,0,0,0,.71.68,1.63,1.63,0,0,0,2.23-.68,1.45,1.45,0,0,0,.05-.66A.82.82,0,0,0,432.62,140.32Zm22.79-20.86c.21.14,1.22.05,1.38-.35s-.65-1-1-1.18a1,1,0,0,0-1,.44C454.59,118.76,455.09,119.26,455.41,119.46ZM453,126.72a.86.86,0,0,0,.4,1.15.67.67,0,0,0,1-.34.83.83,0,0,0-.35-1.16A.84.84,0,0,0,453,126.72Zm5.4-.71c.1-.2-.23-.48-.38-.58s-.37,0-.42.16a.58.58,0,0,0,.14.54C457.8,126.2,458.26,126.21,458.35,126ZM84.06,184.78a.87.87,0,0,0-.58-1.08.91.91,0,0,0-1.06.61.88.88,0,0,0,.06.55,1.58,1.58,0,0,0-.32-.31l-.84.12c-.54-.54-1.22-.78-1.6-.55a1.52,1.52,0,0,0-1.09-.76,1.25,1.25,0,0,0-1.56.91,2,2,0,0,0,1.23,2.16,1.45,1.45,0,0,0,1.46-.81c.22.2.51.24,1,.18a12.33,12.33,0,0,0,1.29,1,.56.56,0,0,0,.86-.6,7.74,7.74,0,0,0-.31-1,.78.78,0,0,0,1.41-.39Zm368.53-52.72c.19.1.8.1.94-.14s-.26-.73-.45-.89-.88,0-.89.37A.83.83,0,0,0,452.59,132.06Zm-2.56-11a1,1,0,0,0,.49,1.13,1,1,0,0,0,1.2-.59.8.8,0,0,0-.48-1A.86.86,0,0,0,450,121.1Zm3-7.91c0-.07-.1-.25-.17-.27s-.24,0-.28.11a.25.25,0,0,0,.14.33A.27.27,0,0,0,453,113.19Zm-.27,6.53c-.11.37-.14.75.3,1s1.1-.32,1.09-.61-.32-.51-.59-.66A.51.51,0,0,0,452.77,119.72Zm-.24-2.57a.6.6,0,0,0,.59-.33.54.54,0,0,0-.21-.51.51.51,0,0,0-.5.17C452.34,116.62,452.28,117.08,452.53,117.15Zm-365,85.51a1.38,1.38,0,0,0-2-.49,1.48,1.48,0,0,0-.58,1.88,1.69,1.69,0,0,0,2.25.27A1.13,1.13,0,0,0,87.49,202.66Zm-.64,15.08s-.08.13-.1.23a.51.51,0,0,0-.37.16.77.77,0,0,0,0,.56c0,.06.41.09.46,0a1.44,1.44,0,0,0,.17-.33.56.56,0,0,0,.34,0c.12-.08.1-.37.17-.66C87.23,217.72,87,217.64,86.85,217.74ZM85.08,198.3a1,1,0,0,0,.81-.21.79.79,0,0,0,.06-.7,6.27,6.27,0,0,0-.63-1.17c-.2-.33-.47-.33-.81-.09,0,.11-.13.29-.07.39a1.84,1.84,0,0,1,.09,1.18C84.51,197.89,84.84,198.23,85.08,198.3ZM93.56,230a1.48,1.48,0,0,0-2,0,1.32,1.32,0,0,0,.44,1.6,1.19,1.19,0,0,0,1.59-.35A.82.82,0,0,0,93.56,230Zm-1.15,4.9a.48.48,0,0,0-.17-.71.52.52,0,0,0-.63.18.46.46,0,0,0,0,.63A.47.47,0,0,0,92.41,234.9Zm.22,2.35a.55.55,0,0,0-.15-.58c-.16-.1-.49-.27-.6-.09a.58.58,0,0,0,.05.59C92,237.28,92.52,237.44,92.63,237.25Zm-7.25-43a.85.85,0,0,0-.72-1c-.41,0-.51.24-.58.54s.16.81.56.76A2.54,2.54,0,0,0,85.38,194.21Zm.11-15.44a.69.69,0,0,0,.25,0,1.51,1.51,0,0,0-.4.61,2.73,2.73,0,0,0,0,1.87,1.19,1.19,0,0,1,0,.7,1.11,1.11,0,0,0,.89,1.63.61.61,0,0,0-.13.3.58.58,0,0,0,.08.33.85.85,0,0,0-.58,1.09,1.3,1.3,0,0,0,1.61.89c.71-.18.72-.61,1.18-.68s.58-.37.62-.87.07-1.27-.63-1.3a1,1,0,0,0-.36.05.92.92,0,0,0-.56-.29h0a1.62,1.62,0,0,0,.2-.83,1.53,1.53,0,0,1,.28-1.15,1.82,1.82,0,0,0,.08-1.74,1.55,1.55,0,0,0-1.44-.91l-.16,0a1.5,1.5,0,0,0,.6-.9c.09-.53-.37-1-1.12-1.15a1.52,1.52,0,0,0-.6,0,.37.37,0,0,0,.09-.16.8.8,0,0,0-.56-.85.73.73,0,0,0-.74,1.05.67.67,0,0,0,.62.28.72.72,0,0,0-.2.33A1.61,1.61,0,0,0,85.49,178.77Zm-1.88,14.47a.87.87,0,0,0-1.14-.41,1.82,1.82,0,0,0-.57,1.78c.34.55.9.61,1.56.18S84.06,193.89,83.61,193.24Zm-1.28,7.42c.3.54,1,.84,1.42.59a1.35,1.35,0,0,0,.5-1.47c-.27-.46-1.07-.5-1.71-.09A.64.64,0,0,0,82.33,200.66ZM105.07,244a.86.86,0,0,0-.58.84,1.58,1.58,0,0,0-1.08,1.09l-.18.54c-.34-.12-.65-.26-1-.34a.81.81,0,0,0-1.15.58,1.28,1.28,0,0,0,.28,1.47,1.16,1.16,0,0,0,1.37.16,6.11,6.11,0,0,0,.93-.66,4.51,4.51,0,0,0,.52.17,1.72,1.72,0,0,0,1.8-.65,1.91,1.91,0,0,0,.15-1.4,1.51,1.51,0,0,0,.47-1.08A1.17,1.17,0,0,0,105.07,244Zm11.72,22.69a.92.92,0,0,0-.69-.37,1.72,1.72,0,0,0-1.78-.61.85.85,0,0,0-.49.67h0a1,1,0,0,0-1.24-.18,1,1,0,0,0,.06.88.51.51,0,0,0,.83.24,1.21,1.21,0,0,0,.37-.38s0,.09,0,.13a1.15,1.15,0,0,0,1.53.79l.08-.05a.8.8,0,0,0,1,.09A1,1,0,0,0,116.79,266.72ZM100,246.08c-.41.14-.62.54-.38.87a2.43,2.43,0,0,0,.64.48.84.84,0,0,0,.49-1.12C100.61,245.94,100.32,246,100,246.08Zm11.19,24.49a.94.94,0,0,0,1.13.5,1,1,0,0,0,.5-1.14.79.79,0,0,0-.93-.52.69.69,0,0,0-.48,0,.56.56,0,0,0-.16.49A.87.87,0,0,0,111.22,270.57Zm5.23-.12c-.55-.39-.85.15-1.26.51a1.5,1.5,0,0,0,.64.93c-.16.3-.23.71-.1.84a1,1,0,0,0,.87.13.51.51,0,0,0,.41-.76,1.35,1.35,0,0,0-.29-.43.53.53,0,0,0,.14-.28A1.29,1.29,0,0,0,116.45,270.45Zm-3.77,3.21a1.41,1.41,0,0,0,.36-1.45.88.88,0,0,0-1.21-.17.83.83,0,0,0-.17,1.2C112,273.71,112.37,273.88,112.68,273.66Zm3.79,2.61c-.19.21-.41.46-.34.73s.87.5,1.21.24a.47.47,0,0,0,.18-.28v-.2a.94.94,0,0,0-.12-.3A.57.57,0,0,0,116.47,276.27Zm-14.35-34.4a1.84,1.84,0,0,0-2-1,1.66,1.66,0,0,0-1.12,2,1.58,1.58,0,0,0,.28.39,1.36,1.36,0,0,0,.37.78,1.48,1.48,0,0,0,1.78-.11A1.65,1.65,0,0,0,102.12,241.87ZM104,255.82c-.4.16-.33.75-.3,1a.55.55,0,0,0,.68.54c.41-.08.81-.57.61-.88S104.36,255.66,104,255.82Zm1.18-5.2a.81.81,0,0,0,.1-.71.86.86,0,0,0-1.14-.43.8.8,0,0,0-.53,1,.83.83,0,0,0,.41.55.38.38,0,0,0,0,.15.73.73,0,0,0,1.24.32A.69.69,0,0,0,105.15,250.62Zm-22-160.73c.24-.22-.12-.91-.3-1.08s-.57,0-.77.09a.42.42,0,0,0,0,.74C82.3,89.79,82.93,90.12,83.16,89.89ZM94.79,213.72c.34.54.76.65,1.08.45a.8.8,0,0,0,.21-1.1.6.6,0,0,0-1-.14A2.26,2.26,0,0,0,94.79,213.72Zm5,13.89a.93.93,0,0,0-.24-1.19,1,1,0,0,0-1.21.26.86.86,0,0,0,.18,1.19A.93.93,0,0,0,99.76,227.61ZM97.63,210.2a1.72,1.72,0,0,0-2-.42,1.26,1.26,0,0,0-.07,1.56,1.07,1.07,0,0,0,1.09.53,2.91,2.91,0,0,0,.41,1.5c-.5.29-1.05.52-.74,1.21a.87.87,0,0,0,1,.6h.06a2.88,2.88,0,0,0,0,.59,1.45,1.45,0,0,0,.13.44,1.09,1.09,0,0,0,2,.07,7.06,7.06,0,0,0,.71-1.67,1.7,1.7,0,0,0-1-1.73l-.12,0a.88.88,0,0,0,.13-1,1.67,1.67,0,0,0-1.5-.68A.86.86,0,0,0,97.63,210.2Zm4.2-26.23a1.85,1.85,0,0,1-.56.32,1,1,0,0,1,1.11.31,1,1,0,1,1-1.77,1.11.79.79,0,0,1,.2-1.2,1.86,1.86,0,0,1,.34-.18,1.27,1.27,0,0,1-.34,0,1.53,1.53,0,0,1-1.17.09,1.56,1.56,0,0,1-.52-1.94,3.47,3.47,0,0,1,.25-.29,4.35,4.35,0,0,1-1.36-.12,1,1,0,0,1-.26-.2,1.83,1.83,0,0,1-1.31.74,1.88,1.88,0,0,1-.77-.14c-.28.33-.73.43-1.5.35a1.82,1.82,0,0,1-1-.4,2,2,0,0,1-.31,1.58,8.68,8.68,0,0,1-1.33.9c.22.51,0,.92-.6,1.13-.43-.21-.78-.56-.52-1,.36-.58.08-1-.15-1.44a1.66,1.66,0,0,1,.37-2,2.26,2.26,0,0,1,2.14.07,1.49,1.49,0,0,1,0-.56,1.72,1.72,0,0,1,.83-1.21.62.62,0,0,1-.19,0c-.46-.08-.79-.79-.64-1.38a1.18,1.18,0,0,1,1.47-1c.61.14,1.08.71,1,1.17a.61.61,0,0,1,0,.12c.28-.52.34-1.15.88-1.36h0a.83.83,0,0,1-.6-.88,1.06,1.06,0,0,1,1-.84.83.83,0,0,1,.57,1,1,1,0,0,1-.39.63,2.42,2.42,0,0,1,1.31.42,2.35,2.35,0,0,1,1,1.29,1.57,1.57,0,0,1,1.34.4c.53.59.26,1.6.4,1.73s.86-.2,1.28.29A2.29,2.29,0,0,1,101.83,184Zm-7.31-4.34a2.2,2.2,0,0,1-.25.17h.14Zm7.32,45.76a.63.63,0,0,0-.59.28.7.7,0,0,0,.21.63.74.74,0,0,0,.77-.16C102.43,225.9,102,225.45,101.84,225.39ZM96,197.64a1.29,1.29,0,0,0-1.58-.55l-.09-.17a1.66,1.66,0,0,0-2-.34,1.45,1.45,0,0,1,.34-.46,1.27,1.27,0,0,0,.54-1.37c-.1-.37-.87-.73-1.4-.75a1.82,1.82,0,0,0-1.35-.15,1.09,1.09,0,0,0-.25,1.58,1.32,1.32,0,0,0,.39.44c0,.18,0,.37,0,.56A.71.71,0,0,0,91,197.5a.83.83,0,0,0,.64,0,1.6,1.6,0,0,0,.07,1.28,1.72,1.72,0,0,0,1.64.81,1.69,1.69,0,0,0,2,.44A1.65,1.65,0,0,0,96,197.64Zm-3.62,5.28a.72.72,0,0,0,.31-1,.87.87,0,0,0-1.15-.4.84.84,0,0,0-.23,1.19A.76.76,0,0,0,92.33,202.92Zm8,17.51a1.26,1.26,0,0,0-.51,1.74,1.93,1.93,0,0,0,.74.64,2.23,2.23,0,0,0,2.8.95.88.88,0,0,1,1,.16,1,1,0,0,0,1.35-.44.59.59,0,0,0,0-.65.79.79,0,0,0,.37-1,1.06,1.06,0,0,0-.58-.56c-.41-.12-.67.07-1,.64-.39-.59-.69-1.25-1-1.91a3.87,3.87,0,0,0,.72-1.13.9.9,0,0,0,.83,0,.86.86,0,0,0,.25-1.18.87.87,0,0,0-1.16-.38.92.92,0,0,0-.36.42,3.75,3.75,0,0,0-.62-.37l-.06,0a1,1,0,0,0-.78-1.27.87.87,0,0,0-.84,1.19.93.93,0,0,0,.25.33,1.2,1.2,0,0,0-.31.67,7.55,7.55,0,0,0,.14,1.89A1.59,1.59,0,0,0,100.32,220.43Zm-1.53-2.79c-.06.1-.13.19-.19.28h0c-.16-.25-.55-.15-.66-.07a.51.51,0,0,0-.2.56c.1.2.42.19.58.14l.11-.09a.63.63,0,0,0,.19.38.94.94,0,0,0,.81.09.69.69,0,0,0,.37-.57C99.76,217.8,99.35,217.62,98.79,217.64Zm6.51,1.29a1,1,0,0,0,.33.75.81.81,0,0,0,1.13-.15,1,1,0,0,0-.22-1.34C106.28,218,105.41,218.26,105.3,218.93Zm-6.42,4.79a1,1,0,0,0-.3,1.44,1.09,1.09,0,0,0,1.54-.22.71.71,0,0,0-.1-1A.92.92,0,0,0,98.88,223.72Zm11.79-129.4a.81.81,0,1,0-1.21-1.08.81.81,0,0,0-.14,1.12A1.07,1.07,0,0,0,110.67,94.32Zm2.92,3a.88.88,0,0,0-.51-1c-.59-.28-1,.22-1.39.6l.11.32h-.14a.59.59,0,0,0-.28-.3.53.53,0,0,0-.46.28.82.82,0,0,0,0,.3.91.91,0,0,0-.33.38,1.58,1.58,0,0,0,.52,1.61,1.55,1.55,0,0,0,.33.94,1.24,1.24,0,0,0,.63.39.58.58,0,0,0,.43.33c.29.06.73-.31.88-.61a2.09,2.09,0,0,0,.68-1.34,2.13,2.13,0,0,0,.45.23c.23.08,1.19-.23,1.26-.66s-.87-.88-1.23-.93a1,1,0,0,0-.81.44,1.32,1.32,0,0,0-.56-.34A.78.78,0,0,0,113.59,97.36Zm2.19,105.51a.75.75,0,0,0-.13.27c-.37.17-.58.59-.72.59s-.68-.92-1.47-1a1.12,1.12,0,0,0-.54.11.91.91,0,0,0-.16-.13c-.36-.19-.75-.41-1-.07-.42.61-.4,1.15,0,1.43l0,0a.29.29,0,0,0,0,.09c0,.06,0,.11,0,.17a1.76,1.76,0,0,0-1.13.4c0,1,.23,1.36.78,1.44a.85.85,0,0,0,.83-.34,1.45,1.45,0,0,0,1.35.38c.56-.2,1.05-1,1.29-.94s.64,1,1.44,1a1.24,1.24,0,0,0,1.08-.61,1.4,1.4,0,0,0-.13.36.81.81,0,0,0,0,.41,1.77,1.77,0,0,0-2,.36,2,2,0,0,0-.32,1.55,2.4,2.4,0,0,0-.6.84.8.8,0,0,0-1-.17.92.92,0,0,0-.23,1.2.82.82,0,0,0,.37.32,1.63,1.63,0,0,0-1.7.73,1.57,1.57,0,0,0,.37,2,1.44,1.44,0,0,0,.78.33l-.12.05a1,1,0,0,0-.59,1.19l0-.06a1.82,1.82,0,0,0-1.28-.8l.21-.05c.31-.58.17-1-.33-1.23a8.78,8.78,0,0,0,.35-1.57s0,0,0-.06a1,1,0,0,0,.24-.35c.16-.45,0-1.06-.44-1.15a1.8,1.8,0,0,0,.37-.22c.6-.46.87-.83.86-1.26a1.45,1.45,0,0,0,1.5-.3c.28-.34,0-1.18-.41-1.48a.74.74,0,0,0-1.06.29,2.19,2.19,0,0,0-.34.66v0a1.62,1.62,0,0,0-2.4-.34l-.17.14a1.79,1.79,0,0,0-.06-1.37,1.14,1.14,0,0,0-1.51-.19,1,1,0,0,0-.15.13,1,1,0,0,0-.48.37c-.52.76-.52,1.3,0,1.69a1.15,1.15,0,0,0,.84.1.84.84,0,0,0,.81,0l.15-.13a1.83,1.83,0,0,0,0,.84,1.12,1.12,0,0,0-1,.11,1.78,1.78,0,0,0-.17,1.82l.26.37s0,.09,0,.14A1.63,1.63,0,0,0,109,212.7c.49.19,1,.28,1.09,1,0,0,0,0,0,0a1.09,1.09,0,0,0-.81-.18,2.94,2.94,0,0,0-1.46.84s0,0,0,0a.84.84,0,0,0-1.21-.16h0a1.65,1.65,0,0,0-.43-.73,1.62,1.62,0,0,1-.59-1,.85.85,0,0,0,0-.17,1.49,1.49,0,0,0,.55-.93.91.91,0,0,0,.75-.1,1,1,0,0,0,.26-1.28,1,1,0,0,0-1.31-.18.93.93,0,0,0-.34.52,2.84,2.84,0,0,0-1-.32,1.56,1.56,0,0,0-1.43,1.31,1.7,1.7,0,0,0-.22.15l-.11.12a1.47,1.47,0,0,0-.17-1.06.85.85,0,0,0-.81-.34,2.49,2.49,0,0,0-.07-.59,1.38,1.38,0,0,0-.61-.17,2,2,0,0,0,.29-2.12,1.82,1.82,0,0,0-2.25-.4l0,0-.1-.09a1.82,1.82,0,0,0-2.11,0,1.4,1.4,0,0,0-.18-.52,1.11,1.11,0,0,0-1.42-.55,1.41,1.41,0,0,0-.57,1.6,1.58,1.58,0,0,0,1.69.6,1.93,1.93,0,0,0,.57,1.38,1.46,1.46,0,0,0,2-.22,1.89,1.89,0,0,0,1.56.56l0,0a.73.73,0,0,0,.07.69,1,1,0,0,0,.23.16,1.15,1.15,0,0,0-.37,1.27,1.6,1.6,0,0,0,1.81.55,1,1,0,0,0,.2-.16,1.44,1.44,0,0,0,.12.71,2.23,2.23,0,0,0,.57.82,1,1,0,0,0-.17.11,1.45,1.45,0,0,0,.19,1.77,1.29,1.29,0,0,0,1.65-.18l0-.05a1.1,1.1,0,0,0,1.29,0,.61.61,0,0,0,.11.31.9.9,0,0,0,1,.13v0a2.1,2.1,0,0,0,.69,1.88c.56.47,1.33,0,2.06.18l.38.09a.77.77,0,0,0,0,.84c.2.37.55.59.93.38s.65-.49.68-.77a.65.65,0,0,0-.32-.68,2.48,2.48,0,0,0,.84-1.74,1.9,1.9,0,0,0-.1-.83,1.51,1.51,0,0,0,.12.26c.38.59,1.1.87,1.51.58a1.75,1.75,0,0,0,.3-2,.89.89,0,0,0-.72-.44,2,2,0,0,0,.66-.57,1.33,1.33,0,0,0-.16-2.09,1.37,1.37,0,0,0-.35-.2.79.79,0,0,0,.58-.09l.13-.1a1.6,1.6,0,0,0,1.5.78H116a1.22,1.22,0,0,0-.15,1,2,2,0,0,0-1,.7,1.57,1.57,0,0,0,.28,2.22,1.23,1.23,0,0,0,1.62,0,1.22,1.22,0,0,0,.24.1,1.36,1.36,0,0,0,.57,0v-4.67a1.45,1.45,0,0,0-.36,0,1.27,1.27,0,0,0,.16-1,2.4,2.4,0,0,0-.12-.38,2.37,2.37,0,0,0,.32-.14v-3.56a.76.76,0,0,0-.08.11,1.31,1.31,0,0,0,.08-.21v-2.73a.32.32,0,0,0-.1-.1A1.47,1.47,0,0,0,115.78,202.87Zm-2.44-98a1.72,1.72,0,0,0-.79-.47,1.41,1.41,0,0,0-.78-1.1,1.24,1.24,0,0,0-1.06,1.14.83.83,0,0,0,.15.43.93.93,0,0,0-.68.68,1.59,1.59,0,0,0,.56,1.24,1.88,1.88,0,0,0,.16.23,1.64,1.64,0,0,0,2.44-2.15Zm2.5-15.59a1.38,1.38,0,0,0,.37,1.43A2.59,2.59,0,0,0,116,91a1.79,1.79,0,0,0-.58-.94c-.89-.83-1.4-.84-2.17-.18a1.61,1.61,0,0,0,.07,2.42.8.8,0,0,0,.17.15,1.74,1.74,0,0,0-1.34.29,1.13,1.13,0,0,0,.07,1.52,1.22,1.22,0,0,0,.4.33.59.59,0,0,0,.32.54.94.94,0,0,0,.8-.12.71.71,0,0,0,.22-.65h0l0,0a1.14,1.14,0,0,0,.31-1.49,1,1,0,0,0-.15-.13,1.71,1.71,0,0,0,1.4-.46,1.37,1.37,0,0,0,.33-.45,2.31,2.31,0,0,0,.61.82,1.14,1.14,0,0,0-1,1.31,4.75,4.75,0,0,0,.38,1.24.82.82,0,0,0-.83.15,1.54,1.54,0,0,0-.13,1.66.81.81,0,0,0,.58.22,1.42,1.42,0,0,0,.11,1,2,2,0,0,0,1.92,1V89C116.79,88.72,116.07,88.82,115.84,89.3Zm-5.56,129.46a1.8,1.8,0,0,0-1.66-.62,1.17,1.17,0,0,0-.35,1.67.54.54,0,0,1,.15,1.06.69.69,0,0,0,.56.84,1.33,1.33,0,0,0,1-.2c.52-.52.06-1-.2-1.5l.08,0A.85.85,0,0,0,110.28,218.76Zm3,12.69a1.39,1.39,0,0,0,.51-.86c0-.34-.63-.62-1-.41s-.33.45-.42.58C112.6,231.37,113,231.66,113.3,231.45Zm311.52-96.63V136h0A1.74,1.74,0,0,0,424.82,134.82Zm-308.35,82c-1.26.52-1.57,1.4-1,2.47a1.8,1.8,0,0,1,.19.69.94.94,0,0,0-.57-.36.73.73,0,0,0,.1-1,.91.91,0,0,0-1.25-.37.86.86,0,0,0-.16,1.21.85.85,0,0,0,.6.37l.12,1.08.33.15c.2-.21.68-.36.86-.64v.16a0,0,0,0,1,0,0,.9.9,0,0,0,.06,1.06,3.86,3.86,0,0,0,.09.49l-.07,0-.16,0s-.12.12-.14.17l-.17.1a2,2,0,0,0-.45,2c-.29-.12-.52-.23-.56-.35-.08-.29.88-1.28.46-2.24a1.76,1.76,0,0,0-2.27-.89,3,3,0,0,0-1.46,2.83,1,1,0,0,0,.59.65.51.51,0,0,0,.29.13c.24.09.45.14.49.23s-.75,1.29-.42,2.27a2.49,2.49,0,0,0,2.59,1.28,2.44,2.44,0,0,0,1.56-1,2,2,0,0,0,0-2.19,1,1,0,0,0,.45-.67c.07-.47.11-.36.5-.49a1.19,1.19,0,0,0,0,.72.88.88,0,0,0,.5.48v-8.39A1.11,1.11,0,0,0,116.47,216.82ZM78.7,149.91a1.66,1.66,0,0,0,.59.53.6.6,0,0,0,.48.62.65.65,0,0,0,.89-.41,2.37,2.37,0,0,0,1.24-.6.9.9,0,0,1,1-.21,1,1,0,0,0,1.09-.91c.06-.54-.26-.71-.7-.77a2.22,2.22,0,0,1-1-.23c-.58-.41-1.09-.9-1.67-1.39.55-1.67.28-2.2-1.29-2.31a1.18,1.18,0,0,0-1.28,1.48,9.59,9.59,0,0,0,.94,1.92A2.06,2.06,0,0,0,78.7,149.91Zm1.88-28.25c.13-.35-.44-1.06-.72-1s-.48.37-.6.65a.52.52,0,0,0,.39.77C80,122.12,80.41,122.12,80.58,121.66Zm-2.88,1.7a6.36,6.36,0,0,0,.53,1,1.27,1.27,0,0,0,1.52.37,1.39,1.39,0,0,0,.71-1.62,1.2,1.2,0,0,0-.66-.65A1.64,1.64,0,0,0,77.7,123.36Zm6.34-.25c-.15.62.14,1.32.6,1.43a1.29,1.29,0,0,0,.72-.07.81.81,0,0,0,.58.35,1,1,0,0,0,1-.9,1,1,0,0,0,0-.17,1.61,1.61,0,0,0,1.63-1.22,1.66,1.66,0,0,0-.93-1.71,1.08,1.08,0,0,0,.11-.18.67.67,0,0,0-.44-1,.83.83,0,0,0-1.12.47.86.86,0,0,0,.27.91,2,2,0,0,0-1,1.23v0A1.12,1.12,0,0,0,84,123.11Zm-7.58-.36c.15.06.62.07.66-.18a.62.62,0,0,0-.39-.56.56.56,0,0,0-.49.26A.53.53,0,0,0,76.46,122.75Zm.15,7.64a1,1,0,0,0,.17,0,1.83,1.83,0,0,0,.64.35,1,1,0,0,0,1.11-.75,1.19,1.19,0,0,0-.69-1.39,1.27,1.27,0,0,0-.28,0,1.15,1.15,0,0,0-.63-.28,1.49,1.49,0,0,0-1.12,1.13A1,1,0,0,0,76.61,130.39Zm2.9-1.64c.74.14,1.07-.12,1.2-1s-.14-1.26-.68-1.33a1.13,1.13,0,0,0-.61.16.86.86,0,0,0,0-.27c-.1-.67-.7-.52-1.24-.57l-.1.22a.65.65,0,0,0-.47-.21c-.2,0-.28.37-.23.56a.46.46,0,0,0,.52.3.76.76,0,0,0,.33.63.58.58,0,0,0,.28.09.64.64,0,0,0-.06.16A1.11,1.11,0,0,0,79.51,128.75ZM98.4,120a.83.83,0,0,0-.81-.9.82.82,0,0,0-1,.62,1.08,1.08,0,0,0,.89,1A.83.83,0,0,0,98.4,120Zm11.74-2.69a1.8,1.8,0,0,0-1.26.28,1.05,1.05,0,0,0-.33-.59.82.82,0,0,0-.71.06l-.09.06a1.64,1.64,0,0,0-2.2.39,1.72,1.72,0,0,0-.06,1.26,1,1,0,0,0-.21.53v0a.75.75,0,0,0-.31.3,1.08,1.08,0,0,0-.52.21l0-.26a.71.71,0,0,0-.35-1.1,1,1,0,0,0-1.21.51c0,.08-.1.16-.15.25l0,0a1.2,1.2,0,0,0-1.44,0,2.24,2.24,0,0,0-.36,1.69,2.44,2.44,0,0,0-.18.66.81.81,0,0,0,0,.22,1.77,1.77,0,0,0-1-.83c.31,0,.68-.14.74-.42s-.43-.7-.67-.83A.56.56,0,0,0,99,120c-.17.38,0,1,.39,1h.07a1.26,1.26,0,0,0-.85,1,1.17,1.17,0,0,0,1.09,1.41c.6.12,1.29-.25,1.35-.71a.67.67,0,0,0,0-.2,1.77,1.77,0,0,0,1.26.78,1.73,1.73,0,0,0,.56,0,2.28,2.28,0,0,0,0,2.14,1.64,1.64,0,0,0,2,.26c.47-.25.83-.54,1.43-.22a.52.52,0,0,0,.69-.16.53.53,0,0,0,.28,0l-.1,0a.85.85,0,0,0,.65,1c.4.06.53-.2.61-.5s-.1-.81-.49-.8a1.59,1.59,0,0,0-.3.06l.09,0a.62.62,0,0,0,.09-.9.66.66,0,0,0-1-.21.59.59,0,0,1-.77.32,8.46,8.46,0,0,0-1-1.28,2,2,0,0,0-1.6-.23,1.71,1.71,0,0,0,.33-1,.77.77,0,0,0,.4-.31,1.79,1.79,0,0,0,1.56.06.88.88,0,0,0,.34-.71,2.42,2.42,0,0,0,.65.27,1.24,1.24,0,0,0,.67-.08c-.16.37-.19.89,0,1.07a1.23,1.23,0,0,0,1.46,0,.88.88,0,0,0,0-1.22,1.05,1.05,0,0,0-.73-.29,2.17,2.17,0,0,0,.55-.74,1.89,1.89,0,0,0,.93.39,2,2,0,0,0,.74,0,.77.77,0,0,0,0,.61,1.12,1.12,0,0,0,1.58.31,1.45,1.45,0,0,0,.57-1.45,1.08,1.08,0,0,0-.37-.5.78.78,0,0,0-.13-.61,1.36,1.36,0,0,0-.81-.37A1.48,1.48,0,0,0,110.14,117.35Zm-20.3,7.91a.76.76,0,0,0,.58.74c.43.14.71-.13.94-.47s.5-.73.73-1.1.55-.83.26-1.37c0,0,0-.1,0-.16l.07,0c.13-.11.42-.43.26-.63a.19.19,0,0,0-.12-.07c.24-.72.1-1-.56-1.37,0-.26-.06-.66-.26-.74s-.7.33-.84.54a.5.5,0,0,0,0,.12.61.61,0,0,0-.19.29,2.23,2.23,0,0,1-.83,1,1.6,1.6,0,0,0-.64,1.76.7.7,0,0,0-.09.17A1.06,1.06,0,0,0,89.84,125.26Zm10.31-.75c0-.13,0-.26,0-.32s.53,0,.67.13a.55.55,0,0,1,0,.47.81.81,0,0,1-.51,0,1.27,1.27,0,0,1,0,1.06c0,.08,0,.18,0,.26a.93.93,0,0,1,.23,0,1,1,0,0,1,1-.85,1,1,0,0,1,.8,1,.77.77,0,0,1-.1.29,1.24,1.24,0,0,1,.69-.11c.49.11.77.83.59,1.52a2,2,0,0,1-.1.26h.19a1.63,1.63,0,0,1,.83.14h0a.85.85,0,0,1,.91-.82,1,1,0,0,1,.78,1.2c-.06.52-.45.95-.84.94a.63.63,0,0,1-.3-.12c-.13.7-.5,1-1.07,1a.54.54,0,0,1-.11.33c-.4.55-.16.95,0,1.44a1.37,1.37,0,0,1,.07.34.88.88,0,0,1,.73.51,1,1,0,0,1-.16.9,1.17,1.17,0,0,1-1,.22l-.11-.07s0,0,0,0a2.28,2.28,0,0,1-2.12-.22,1.56,1.56,0,0,1,0,.56.41.41,0,0,1,0,.08c.08.17.16.34.22.51a1.07,1.07,0,0,1-.36,1.29,1.26,1.26,0,0,1,0,.72,1.17,1.17,0,0,1-1.54.9c-.61-.18-1-.78-.88-1.24a1.56,1.56,0,0,1,.64-.79c-.09-.11-.18-.22-.26-.34a1.54,1.54,0,0,1-1-1.87c.28-1,.73-1.24,1.92-1a1.84,1.84,0,0,1,1,.48,2,2,0,0,1,.42-1.55,9.86,9.86,0,0,1,1.4-.81.91.91,0,0,1,0-.39,2.61,2.61,0,0,1-1.79.11,1.55,1.55,0,0,1-.63-.37.7.7,0,0,1,0,.25,1.6,1.6,0,0,1-1.59,1h0a.81.81,0,0,1-.38,0,.8.8,0,0,1-.55-.87,2.19,2.19,0,0,1-1.38.06A2.21,2.21,0,0,1,95,131,1.42,1.42,0,0,1,94,129.38a1.79,1.79,0,0,1,1.76-1.45,1.2,1.2,0,0,1,.39.13,1.21,1.21,0,0,1,.63-.29,1.65,1.65,0,0,1-.44-1.61,1.82,1.82,0,0,1-1.86.72,1.43,1.43,0,0,1-.5-.18,1,1,0,0,1,.09.68.94.94,0,0,1-1.21.53,1.15,1.15,0,0,1-.6-1.42.76.76,0,0,1,1-.55.7.7,0,0,1,.23.11,1.28,1.28,0,0,1-.09-.55,1.2,1.2,0,0,1-.29-1.23,1.65,1.65,0,0,1,1.6-1,1.06,1.06,0,0,1,.65.71,1.48,1.48,0,0,1,.51.27,1.48,1.48,0,0,1,.21-.7c-.06-.19-.12-.38-.17-.56.3-.67,1-.81,1.5-1.07a.56.56,0,0,1,.73.75,7.53,7.53,0,0,1-.57,1.08.67.67,0,0,1,.06.15.86.86,0,0,1-.15.77.81.81,0,0,1-.08.45,1.65,1.65,0,0,1,.76-.07,1.15,1.15,0,0,1,.89-1A1.39,1.39,0,0,1,100.15,124.51Zm-3.66,1.21h0a.25.25,0,0,0,0,.07ZM99.12,127A1.43,1.43,0,0,1,98,128.16l.08.08a1.94,1.94,0,0,1,.47.9.73.73,0,0,1,.39,0,1.5,1.5,0,0,1,.92.56.88.88,0,0,1,0-.16,1.54,1.54,0,0,1,.83-1.49l.49-.15a2,2,0,0,1,0-.23,1.5,1.5,0,0,1,.35-.57,1.06,1.06,0,0,1-.25,0A.66.66,0,0,1,101,127a1.12,1.12,0,0,1-.37.58C100.17,127.84,99.19,127.48,99.12,127Zm-24,4.63c.4.07.52-.2.61-.49s-.1-.82-.5-.8-.62,0-.76.25S74.7,131.59,75.12,131.66Zm.26,17.77a1.47,1.47,0,0,0-1.67.8,1.57,1.57,0,0,0,.93,1.64c.48.15,1.15-.35,1.32-1C76.17,150.09,76,149.61,75.38,149.43Zm-.89,4.42c.3.31.45,1,.91,1s.92-.65.62-1.12c-.14-.21-.73-.15-1.12-.16C74.8,153.53,74.69,153.69,74.49,153.85Zm36.75-45.39a.83.83,0,0,0-.39-1.22,1.76,1.76,0,0,0-1.37,0,1.33,1.33,0,0,0-.65-.38,1,1,0,0,0-.53.1,1.55,1.55,0,0,0-1.89.22,1.29,1.29,0,0,0-.28,1.65l-.12.1a1.42,1.42,0,0,0-.9-.61,1.73,1.73,0,0,0-1.92,1.19,2.39,2.39,0,0,0,.89,1.7.73.73,0,0,0-.3.16,2,2,0,0,0-.18,1.89,1.1,1.1,0,0,0,1.6,0c.58-.47.59-.89,0-1.53a1.62,1.62,0,0,0-.19-.18,1.54,1.54,0,0,0,1-.56s0,.06,0,.08a1.73,1.73,0,0,0,2.1.2,1,1,0,0,0,.61.26.72.72,0,0,0,.83-.7,1,1,0,0,0-.77-1h0a1.76,1.76,0,0,0-.06-.4s.06-.11.1-.17a1.79,1.79,0,0,0,.57-.34,1.2,1.2,0,0,0,.37.23A1.18,1.18,0,0,0,111.24,108.46ZM74.63,128.05c-.18,0-.55-.07-.59.14a.59.59,0,0,0,.27.53c.14.06.65,0,.68-.18A.56.56,0,0,0,74.63,128.05Zm-2,4.65c-.25.15-.47.37-.44.55a1,1,0,0,0,.53.69.47.47,0,0,0,.16,0,1.17,1.17,0,0,0,.63.55c.64.09,1-.29,1.15-1.08.08-.64-.3-1-1.08-1.11A1,1,0,0,0,72.64,132.7Zm2.42,4.77c-.54-.06-1,.06-1,.61a.72.72,0,0,0,.32.61.93.93,0,0,0,.8,0C75.6,138.27,75.3,137.86,75.06,137.47Zm7.66,19.33a1,1,0,0,0,.73.4c.17,0,.44-.26.53-.47a4.94,4.94,0,0,0,.27-.95,4.94,4.94,0,0,0,1-.61.63.63,0,0,1,.12-.07h0a2.27,2.27,0,0,0-.45.53.55.55,0,0,0,.31.83.64.64,0,0,0,.93-.36,1.58,1.58,0,0,0-.12-.84c.49,0,.8-.13.91-.53a.88.88,0,0,0-.92-1.11c-.6,0-.76-.37-1.07-.75,1-.88,1-1.69,0-2.31a1.46,1.46,0,0,0-.3-.17c-.71-.32-1.15-.13-1.39.61a3.1,3.1,0,0,0-.15.58.75.75,0,0,0-.21.34.87.87,0,0,0,.43,1,1.52,1.52,0,0,1-.48.06.81.81,0,0,0-.94.49c0-.41-.38-.95-.66-1a1.23,1.23,0,0,0-1.17.87.87.87,0,0,0,.76,1,1.1,1.1,0,0,0,.92-.34,1,1,0,0,0,.27.95,4.65,4.65,0,0,0,1,.8l-.32.28C82.58,156.11,82.59,156.59,82.72,156.8ZM76,136.46a1.07,1.07,0,0,0-.37-.89.37.37,0,0,0,0-.23.9.9,0,0,0-.65-.35c-.25-.05-.47-.16-.72,0s-.21.54.09.76l.11.06a.63.63,0,0,0-.25.37,1.23,1.23,0,0,0,.93,1.13A.87.87,0,0,0,76,136.46Zm-.13-13.53c-.09.25,0,.39.25.46a.3.3,0,0,0,.43-.23.32.32,0,0,0-.23-.47C76.07,122.62,75.92,122.69,75.86,122.93Zm-3.68,9c.68.07,1.09-.36,1.16-1.21a1.18,1.18,0,0,0-.88-1.14c-.55-.06-1.63.65-1.66,1.1S71.44,131.85,72.18,131.93Zm21.87,76.94c.29-1.13-.52-2-1.29-1.78s-.87,1-1.06,1a2.93,2.93,0,0,1-.37,0s0,0,0,0,0-.29-.08-.34-.27,0-.3.09a.24.24,0,0,0,0,.3.54.54,0,0,0-.48.43c-.32,1.34,1,1.31,1,1.74a1.29,1.29,0,0,1,0,.25,1,1,0,0,0-.6.29,1.24,1.24,0,0,0,.19,1.64l0,0a1.27,1.27,0,0,0,1.38,1.19A1.52,1.52,0,0,0,94,212c-.06-1.25-1.32-1-1.06-1.75S93.77,210,94.05,208.87Zm13.66,22.63c0,.52,1.08.91,1.4.63s-.09-1.41-.6-1.41A.87.87,0,0,0,107.71,231.5Zm1.82-2.72a1.22,1.22,0,0,0-1.2.37.91.91,0,0,0,.24,1.29,1.08,1.08,0,0,0,1.33-.23A1.44,1.44,0,0,0,109.53,228.78ZM110,239a.87.87,0,0,0-1-1.1,1.17,1.17,0,0,0-.79.65.93.93,0,0,0,.27.87A1,1,0,0,0,110,239Zm.12-5.67c.08.36,0,.75.48,1l.11,0a1,1,0,0,0-.19,1.77c.08.08.18.15.27.23a1.45,1.45,0,0,0,.11,1.61,2,2,0,0,0,2.42.08,1.41,1.41,0,0,0,.45-1.29.81.81,0,0,0,.12-.14.67.67,0,0,0,0-.93,5,5,0,0,0-2.33-1.48,1.21,1.21,0,0,0,.48-.57,1.36,1.36,0,0,0,0-.87.9.9,0,0,0,.63-1.14.87.87,0,0,0-1-.51,1,1,0,0,0-.64.81,1.18,1.18,0,0,0-.75.26A1,1,0,0,0,110.15,233.36ZM102.07,227a1.17,1.17,0,0,0-.36,1.33c.71,1.63,1.17,1.86,2.88,1.41h.15a1.92,1.92,0,0,0-.61.33.54.54,0,0,0,0,.88.66.66,0,0,0,1,0,1.55,1.55,0,0,0,.19-.82.78.78,0,0,0,1-.16.89.89,0,0,0-.45-1.38c-.56-.21-.57-.62-.72-1.09,1.25-.45,1.51-1.21.85-2.15a2.75,2.75,0,0,0-.22-.26c-.55-.56-1-.55-1.52,0a1.31,1.31,0,0,0-.19,1.87,3.93,3.93,0,0,1-.92-.19A.79.79,0,0,0,102.07,227Zm4.77-3.85a1.84,1.84,0,0,0-.52,2.22,1.73,1.73,0,0,0,2,.74.92.92,0,0,0,.13.5,1,1,0,0,0,.55.4,1.32,1.32,0,0,0,0,.72,1.22,1.22,0,0,0,1.54-.12,2.35,2.35,0,0,0-.39-.84l.21-.12c0-.66.09-1.36-.62-1.67a1.13,1.13,0,0,0-.57-.07,2.42,2.42,0,0,0,.07-1,.46.46,0,0,0,.34-.22.78.78,0,0,0-.19-1,.74.74,0,0,0-1.06.26h0A1.74,1.74,0,0,0,106.84,223.17Zm-6.54,12.75a.73.73,0,0,0,0,.79c.19.24.73-.08.82-.22a.67.67,0,0,0-.14-.64A.71.71,0,0,0,100.3,235.92Zm-.25-2.52a1.45,1.45,0,0,0,.08,1.85c.36.28,1.56-.09,1.88-.58a1.18,1.18,0,0,0-2-1.27Zm16.5-4.37c-.87-.21-1.76.08-1.88,1a1.62,1.62,0,0,0,.31,1.31,2.1,2.1,0,0,0-.73.63,1,1,0,0,0-.15.33l0,0c-.6.21-.81.58-.68,1a.79.79,0,0,0,1,.45.33.33,0,0,0,.1-.06s.07.07.12.1a2.18,2.18,0,0,0,.92.36,1.18,1.18,0,0,0,0,1,1.62,1.62,0,0,0,.29.48,1.1,1.1,0,0,0-.5.23,1.65,1.65,0,0,0-.18,2.3,5.58,5.58,0,0,0,1.08,0,1.26,1.26,0,0,0,1.06-1.14,1.56,1.56,0,0,0-.48-1.09h0a1.58,1.58,0,0,0,.67-.66v-1.48a1.37,1.37,0,0,0-.83-.27l.17-.17a1.3,1.3,0,0,0,0-1.56c.26-.19.42-.45.63-.52v-2.76a1.8,1.8,0,0,0-.17,1A3.11,3.11,0,0,0,116.55,229Zm-7.7,5.06c-.22,0-.29.37-.27.53s.26.52.54.42.27-.5.22-.63S109.06,234,108.85,234.09Zm-9.11-2.47c.36-.49.19-1-.46-1.54s-1.12-.4-1.4,0A2.22,2.22,0,0,0,98,232,1.22,1.22,0,0,0,99.74,231.62ZM428.66,124.86c.66.37,1-.26,1.44-.65-.27-.65-.52-1.16-1.24-1-.42.07-.73.35-.66.77A1.36,1.36,0,0,0,428.66,124.86ZM117.29,242.24a1.83,1.83,0,0,0-1.37-.76,1.36,1.36,0,0,0-1.2.76,1.15,1.15,0,0,0,.14,1.15h0a.77.77,0,0,0-.54,0,.92.92,0,1,0,.64,1.73,1,1,0,0,0,.47-1.23s0,0,0,0a1,1,0,0,0,.29.11c.31.55.75.8,1.21.65a1.24,1.24,0,0,0,.6-.65v-1.05a.23.23,0,0,0-.07-.07A1,1,0,0,0,117.29,242.24ZM430.93,120.65c.15-.32-.38-1.08-1.05-1a.94.94,0,0,0-.63.52.81.81,0,0,0,.45,1C430.27,121.48,430.77,121,430.93,120.65Zm-2.77-7.45a1,1,0,0,0,.14.8.7.7,0,0,0,.65.2c.52-.19.58-.63.4-1.16C428.92,112.89,428.46,112.68,428.16,113.2ZM117.42,253.09c-.54-.09-.87.52-.85.81a.54.54,0,0,0,.28.37,1.14,1.14,0,0,0-.45.65,1.21,1.21,0,0,0,.35,1.19,1.85,1.85,0,0,0-.33-.21.77.77,0,0,0-1.11.39,1.06,1.06,0,0,0-.59.13.86.86,0,0,0-.27,1.26.91.91,0,0,0,1.19.25.73.73,0,0,0,.16-.14,1.08,1.08,0,0,0,1.33-.49,1,1,0,0,0-.29-1.11,1.64,1.64,0,0,0,.56.32.25.25,0,0,0,.12,0v-5.29a1.34,1.34,0,0,0-.44,1A2.17,2.17,0,0,0,117.42,253.09Zm307.8-127.77a1.5,1.5,0,0,0,1.45-.12.81.81,0,0,0,.25-.23.73.73,0,0,0,.42-.41.74.74,0,0,0-.54-1,.56.56,0,0,0-.48.08.89.89,0,0,0-.83-.07,1.46,1.46,0,0,0-.58,1l-.09-.06v1.6a.93.93,0,0,0,.41-.67A1.15,1.15,0,0,0,425.22,125.32ZM114.39,257.93a1,1,0,0,0-1.13-.69,1.36,1.36,0,0,0-.71,1.51.71.71,0,0,0,.24.34,1,1,0,0,0,0,.56.35.35,0,0,0,.43.13.56.56,0,0,0,.21-.52l0,0h.09A1.15,1.15,0,0,0,114.39,257.93ZM102,113.34c.15.07.5,0,.56-.21a.45.45,0,0,0-.19-.53.65.65,0,0,0-.65.2C101.62,113,101.83,113.26,102,113.34Zm323.78,30.79a.31.31,0,0,0,.14-.45,1.73,1.73,0,0,0-.15-.19h0a1.69,1.69,0,0,0-.85-2.09l-.12,0v3a1.22,1.22,0,0,0,.59-.29A.31.31,0,0,0,425.79,144.13ZM72.91,126.94c.28.39.43.93.84,1a.83.83,0,0,0,.73-.17c.19-.14.45-.2.61-.54a1.83,1.83,0,0,0,0-1.51,1.2,1.2,0,0,0,.7-.63.86.86,0,0,0-.7-1,.82.82,0,0,0-1,.69,1.92,1.92,0,0,0,0,.22.86.86,0,0,0-.23,0,1.15,1.15,0,0,0-1,.67A1.37,1.37,0,0,0,72.91,126.94Zm.42-4.19c0-.16-.12-.26-.2-.29s-.24.13-.25.2,0,.24.14.27A.25.25,0,0,0,73.33,122.75ZM74.78,121a2.74,2.74,0,0,0-.71-.57c-.38-.14-.65.13-.71.51s0,.69.4.81A.92.92,0,0,0,74.78,121ZM70.4,118.6a1.06,1.06,0,0,0-.37.82c.16.61.69.71,1.29.64.29-.41.55-.85.19-1.31A.75.75,0,0,0,70.4,118.6Zm355.2,2.63c.53.11.73-.18.83-.62a2.35,2.35,0,0,1,.33-.91c.47-.54,1-1,1.56-1.53,1.45.66,2,.53,2.34-.65a.45.45,0,0,0,0-.18,2.09,2.09,0,0,1,.05-.21,1.18,1.18,0,0,0-1.34-1.43,10.08,10.08,0,0,0-2,.74,2,2,0,0,0-2.23-.53,1.72,1.72,0,0,0-.35.25v3.21l0,0a.9.9,0,0,1,0,.58v.53A1.08,1.08,0,0,0,425.6,121.23ZM71,125.43c0,.09.12.41.19.41a.67.67,0,0,0,.53-.2c.06-.11,0-.61-.19-.65S71.08,125.28,71,125.43Zm35.35-10.3a1,1,0,1,0-1.21-1.7,1,1,0,0,0-.25,1.12,1.77,1.77,0,0,0-.35-.55,2.31,2.31,0,0,0-2.45,0c-.47.44-.11,1.15-.23,1.29s-.44,0-.85.11a1.22,1.22,0,0,0-.15-.17.38.38,0,0,0,.11-.11c.06-.11,0-.57-.19-.64s-.36.16-.47.33a1.15,1.15,0,0,0-.31-.11,1.38,1.38,0,0,0-1.32.51,1.07,1.07,0,0,0-.2.69.91.91,0,0,0-.22-.11,1.59,1.59,0,0,0-1.07.22,1.3,1.3,0,0,0-.24-1.74c-1.06-.85-2-.7-2.63.33a3.07,3.07,0,0,1-1.07.84h0a.77.77,0,0,0-.46.1.55.55,0,0,0,0-.37.71.71,0,0,0-.83-.26,2.08,2.08,0,0,0,.12-.32c.54.23.95-.1,1.27-.6-.13-.48-.29-1-.88-1a.78.78,0,0,0-.63.26,2.63,2.63,0,0,0-.39-.49,3,3,0,0,0-3.18.09c-.59.59-.08,1.5-.22,1.69s-1.49,0-2.19.72a1.53,1.53,0,0,0-.35.71.21.21,0,0,0-.1-.09c-.21-.08-.46.28-.54.44a.32.32,0,0,0,0,.27,1.18,1.18,0,0,0-.41.4,1.28,1.28,0,0,0-.12,1.25s-.08-.06-.13-.07a.93.93,0,0,0-1,.64,1,1,0,0,0,.66,1.06.76.76,0,0,0,1-.52,1,1,0,0,0,0-.56,1.25,1.25,0,0,0,1,.11,2.71,2.71,0,0,0,.69-.28,1.88,1.88,0,0,0,1.06.44,2,2,0,0,0,2-1.13.86.86,0,0,0,.05-.23,2.16,2.16,0,0,0,0-1.18c0-.31,0-.57,0-.66s1.25.07,1.94-.44a.77.77,0,0,0,.52.73h.11a1.58,1.58,0,0,0-.64,1.86,1.89,1.89,0,0,0,.16.38.63.63,0,0,0-.26-.11.8.8,0,0,0-.75.7c0,.43.26.56,1.16.55a.64.64,0,0,0,.18-.66,1.47,1.47,0,0,0,1.38.44s0,0,0,0c1,.88.19,1.34.71,2.21a1.3,1.3,0,0,0,.34.31,1.32,1.32,0,0,0,.48.17.84.84,0,0,0,.62.09.59.59,0,0,0,.36-.39,1.24,1.24,0,0,0,.29-.79,6.37,6.37,0,0,0-.15-1.5h0a1.15,1.15,0,0,0,.66-.75,1.91,1.91,0,0,0,.71-.58.53.53,0,0,0,.12,0,1.12,1.12,0,0,0,1.44-.92,1.2,1.2,0,0,0,0-.37,1,1,0,0,0,.61.31l.26,0a1.72,1.72,0,0,0,.32.77,1.94,1.94,0,0,0,1.19.75,1.53,1.53,0,0,0,1.55-.8c.21-.56-.06-1.43.11-1.59a.39.39,0,0,1,.18,0,.73.73,0,0,0,.17.26,1,1,0,0,0,1.25,0c.62-.62.77-1.29.38-1.68h0a1.42,1.42,0,0,0,0-.2,1.63,1.63,0,0,0,.19.34A.8.8,0,0,0,106.35,115.13Zm-20.89-3.79a1.39,1.39,0,0,0-1,.58v0a.91.91,0,0,0-.67.09,1.52,1.52,0,0,0-.28,2,1.54,1.54,0,0,0,2.06.07.87.87,0,0,0,.31-.76,1.07,1.07,0,0,0,.63-1.06A.94.94,0,0,0,85.46,111.34Zm10.65,1.8a.91.91,0,0,0,.08-1.26,3,3,0,0,0-.89.18.54.54,0,0,0-.06.87C95.47,113.18,95.75,113.4,96.11,113.14ZM87,110.89c.06.31.3.59.56.58a.86.86,0,0,0,.61-.26,1.18,1.18,0,0,1,.29.16c1.45,1.07,2.44.13,3-1a1.85,1.85,0,0,0,.14-1.17,1.88,1.88,0,0,0-1-1.21c-.54-.32-.7-.93-1.32-1a2.58,2.58,0,0,0-2.72,1.5,2.08,2.08,0,0,0,0,2A.82.82,0,0,0,87,110.89ZM78.2,170c.08-.25-.16-.61-.23-.82-.61-.19-.85.08-1,.41s0,.75.37.79A.94.94,0,0,0,78.2,170Zm-7.07-20.07a.43.43,0,0,0,.39.64c.27,0,1-.07,1-.38s-.59-.7-.84-.75S71.23,149.67,71.13,149.89Zm14.5,20.19a1.1,1.1,0,0,0,.26.14,1.32,1.32,0,0,0,1.34-.41,1.67,1.67,0,0,0,1.63-1.22,1.72,1.72,0,0,0-1.27-2,1.42,1.42,0,0,0-1.74,1.26,1.1,1.1,0,0,0-.77.56,1.25,1.25,0,0,0,0,.81.52.52,0,0,0-.13-.06,1.39,1.39,0,0,0-1.5.77,1.52,1.52,0,0,0,1,1.68c.43.07,1-.46,1.13-1.08A1.25,1.25,0,0,0,85.63,170.08ZM89,180a.92.92,0,1,0,1.81.33,1,1,0,0,0-.83-1,.57.57,0,0,0-.13,0,1.24,1.24,0,0,0,.34-.22c.63,0,1.08-.24,1.18-.7a1.55,1.55,0,0,0-.89-1.41.53.53,0,0,0-.25,0l-.26-.26-.44-.35a9.47,9.47,0,0,0,.67-.8,1.65,1.65,0,0,0,.2-.4,1.52,1.52,0,0,0,.2.06,1.55,1.55,0,0,0,.67-.07.85.85,0,0,0,0,.74.91.91,0,0,0,1,.52.73.73,0,0,0,.52-.4,1.1,1.1,0,0,0,1.37.16,1.8,1.8,0,0,0,.86-1.31.48.48,0,0,0,.37-.23c.25-.43-.15-1-.74-1.08-.16,0-.31.13-.4.32a1.45,1.45,0,0,0-1.17,0,1.1,1.1,0,0,0-.52.69.79.79,0,0,0-.06.22,1.18,1.18,0,0,0-.49-.14,1.41,1.41,0,0,0,.34-.62,1.82,1.82,0,0,0-1.28-1.89h0a4.38,4.38,0,0,0,.5,0,2,2,0,0,0,1.23-.76.84.84,0,0,0,.59-.07.65.65,0,0,1,.49.05c1.11.53,1.44.45,1.94-.57a.71.71,0,0,0-.23-1,1,1,0,0,0-.34-.19,2.47,2.47,0,0,1-.68-.72,1.66,1.66,0,0,0-2.45-.41,3,3,0,0,1-.5.26c-.65-.09-.93.17-1.07.54a1.48,1.48,0,0,0,0,.19,1.69,1.69,0,0,0-.39,1.22l0,.56c-.36,0-.7,0-1,.05-.64.08-.85.34-.86,1a1.31,1.31,0,0,0,.81,1.26,1.19,1.19,0,0,0,.36.09,3.4,3.4,0,0,0,0,.45,1.24,1.24,0,0,0-.94.05.49.49,0,0,0-.15.1A1.84,1.84,0,0,0,87,172.61a1.41,1.41,0,0,0-1.67,1,1.52,1.52,0,0,0,2.56,1.62.27.27,0,0,0,0,.09,5.73,5.73,0,0,0,.28,1.1c-.11.14-.24.28-.34.43a1.73,1.73,0,0,0,0,1.91,1.93,1.93,0,0,0,1.71.64A.84.84,0,0,0,89,180Zm-9.13-7.2a1.24,1.24,0,0,0,.27-.52.9.9,0,0,0,.16,0A1,1,0,0,0,81,172c.34-.51.1-.92-.36-1.31.38,0,.58.4,1.34-.08,1-.63,1-1.85.28-2.19s-1.3.12-1.45,0l-.06-.06c.25-.59.52-1.17.77-1.75,1.21.43,1.34.35,1.47-.75l-.14-.09a1.61,1.61,0,0,0,.43-.7,1.94,1.94,0,0,0-.92-1.86,4,4,0,0,0-.58-.41c-.29-.21-.67,0-.82.43a2.2,2.2,0,0,0-.86,1.32,1.38,1.38,0,0,0,.14,1.06c-.52.14-.82.72-.85,1.73a1.17,1.17,0,0,1-.3.14c-.46.12-.56.46-.56.87a.81.81,0,0,0,.56.77h0c.07.32.2.59.08.74-.28.33-1.11.56-1.55,1a1.37,1.37,0,0,0-.07,2.14A1.51,1.51,0,0,0,79.82,172.84Zm5,0a.63.63,0,0,0-.53.23c-.08.14.14.45.28.51s.62,0,.67-.18S85,172.85,84.8,172.82Zm-11.73-28.5c.15-.08.34-.28.34-.42a10.94,10.94,0,0,0-.21-1.3c.69-.8.85-1.62.38-2a1.76,1.76,0,0,0-2.08.22c-.5.54-.37.93.68,2-.35.45-.78.86-.24,1.4A.89.89,0,0,0,73.07,144.32ZM80,159.69a1.12,1.12,0,0,0,1.25-.47,1.42,1.42,0,0,0,.56.91,1,1,0,0,0,.78-.19.82.82,0,0,0-.14.28,1.59,1.59,0,0,0,.4,1.49.88.88,0,0,0,0,.33c.09.6.58.69,1.08.62a.92.92,0,0,0,.19-1.11,1.72,1.72,0,0,0,.63-.87,1.17,1.17,0,0,0-.73-1.15,1.38,1.38,0,0,0-1.07.1.87.87,0,0,0,.09-.11.64.64,0,0,0-.44-.87,1.58,1.58,0,0,0-1.08-.1.9.9,0,0,0-.53-.94.64.64,0,0,0,.18-.3c.12-.52-.44-1.1-1.18-1.25-.47-.09-.71.16-.82.57a1.46,1.46,0,0,0,.18,1.07.84.84,0,0,0-.13.25A2.27,2.27,0,0,0,80,159.69Zm7.89,39c.5.51,1,.68,1.25.45a1.41,1.41,0,0,0,.06-1.47l0,0a.8.8,0,0,0,.64-.84,1.76,1.76,0,0,0-1.62-1.66,2.07,2.07,0,0,0-1.91,2c.07.7,1,.73,1.4.41s.34-.19.68,0a1.12,1.12,0,0,0-.51.2A.64.64,0,0,0,87.84,198.65ZM78.15,180.1c-.07.22.17.44.32.5s.59,0,.64-.26-.3-.49-.44-.5S78.21,179.89,78.15,180.1Zm347.48-29.84c-.26-.79.57-.68.12-1.76a1.62,1.62,0,0,0-.93-.94v4.33a3.69,3.69,0,0,0,.41,1,1.37,1.37,0,0,0,2.09.45,1.52,1.52,0,0,0,.2-2.26C426.73,150.06,425.89,151,425.63,150.26ZM89.79,79.43A1.41,1.41,0,0,0,90,77.36a1.79,1.79,0,0,0-2.36-.18,1.87,1.87,0,0,0-.12,2.29A1.55,1.55,0,0,0,89.79,79.43Zm1.74,2.17c.6-.07.57-.57.58-1-.42-.34-.85-.47-1.22-.06a.74.74,0,0,0-.06.69A.92.92,0,0,0,91.53,81.6Zm-4.68,1.84c-.55.19-1.13.3-1,1a.87.87,0,0,0,.84.77c.17,0,.44-.05.51-.17a11.29,11.29,0,0,0,.53-1.21c1-.3,1.6-.9,1.42-1.51a1.76,1.76,0,0,0-1.86-1C86.62,81.61,86.51,82,86.85,83.44Zm3.43-10.25c.23-.21.12-.74-.21-1.1a.47.47,0,0,0-.77,0c-.27.28-.44.62-.15,1A.92.92,0,0,0,90.28,73.19Zm-.43,15.7a1.23,1.23,0,0,0-1.34,1,.85.85,0,0,0,.55,1.1,1.28,1.28,0,0,0,.91-.19c0,.16,0,.32,0,.5-.7.34-1.49.81-1.48,1.75a2.15,2.15,0,0,0,2.62,1.86h.05a8,8,0,0,0-.55.67c-.49-.29-1-.67-1.42-.06a.89.89,0,0,0-.05,1.15.66.66,0,0,0,.46.27,11,11,0,0,0,1.26-.36,3.51,3.51,0,0,0,.51.26,1.17,1.17,0,0,0-.15,1.43,3.71,3.71,0,0,1-.87-.36.8.8,0,0,0-1.12,0A1.17,1.17,0,0,0,88.58,99c.38,1.74.79,2.06,2.55,1.94h.14v0a2.25,2.25,0,0,0-.66.2.55.55,0,0,0-.2.87.67.67,0,0,0,1,.2l.09-.11a1.36,1.36,0,0,0,1,1.11,1.09,1.09,0,0,0,1.18-.66c.17-.8-.07-1.49-.56-1.68a.9.9,0,0,0-.44-.83c-.51-.31-.45-.72-.5-1.2,1.31-.21,1.72-.9,1.24-2A1.61,1.61,0,0,0,93,96.4a1.77,1.77,0,0,0-.07-1.08,1,1,0,0,0,.47-.3c.33-.43.16-.74-.18-1a2.12,2.12,0,0,1-.67-.7c-.27-.66-.44-1.36-.66-2.08,1.37-1.11,1.43-1.7.16-2.63a1.17,1.17,0,0,0-1.85.48A.88.88,0,0,0,89.85,88.89Zm-3.6-13.14a.47.47,0,0,0,.19-.64c-.19-.29-.54,0-.69.08a.52.52,0,0,0,0,.45A.63.63,0,0,0,86.25,75.75ZM81.54,86.38a1.63,1.63,0,0,0,2.1.49A2.11,2.11,0,0,0,84,84.39a1.66,1.66,0,0,0-2.17-.15A1.62,1.62,0,0,0,81.54,86.38ZM84,92.46a1.25,1.25,0,0,0,1.63-.1c.62-.57.72-1.07.31-1.55a1.46,1.46,0,0,0-1.84-.23A1.57,1.57,0,0,0,84,92.46ZM86.5,89.9a1.29,1.29,0,0,0,1.12-.63,1.29,1.29,0,0,0,.54.08.7.7,0,0,0,.47-.49c.06-.55-.3-.8-.86-.89l0,0a1.27,1.27,0,0,0-1.13-.67,1.16,1.16,0,0,0-1.4,1.12A1.37,1.37,0,0,0,86.5,89.9Zm0-17.91c.16-.18.33-.59.22-.75s-.58-.21-.76-.12-.45.69-.31.87S86.37,72.1,86.46,72Zm9.23-3.18c.11-.06.29-.53.19-.64s-.54,0-.69.08a.52.52,0,0,0,0,.45A.67.67,0,0,0,95.69,68.81ZM96.5,89.5l-.32-.12c-.09,0-.38.18-.37.25a.65.65,0,0,0,.26.5.49.49,0,0,0,.62-.27s0,0,0-.07c.46.54,1.31.2,2,.56l.36.16a.76.76,0,0,0-.18.82c.13.4.43.69.84.55a1.68,1.68,0,0,0,.7-.43.55.55,0,0,0,.25.11c.31,0,.65-.38.71-.86s-.12-.59-.47-.61a3.26,3.26,0,0,0,.6-1.1,1.83,1.83,0,0,0,0-1.18,1.86,1.86,0,0,0-1.16-1.06c-.57-.24-.81-.83-1.43-.81a2.58,2.58,0,0,0-2.5,1.86A2.18,2.18,0,0,0,96.5,89.5ZM96.88,73a.55.55,0,0,0,0-.6c-.14-.13-.43-.36-.57-.21a.56.56,0,0,0-.06.59C96.29,72.93,96.73,73.18,96.88,73ZM82.31,77.11a.27.27,0,0,0,0-.35c-.05-.06-.26,0-.31,0a.24.24,0,0,0,0,.3A.24.24,0,0,0,82.31,77.11Zm17.13-6.55a.88.88,0,0,0-.06-1.22.82.82,0,0,0-1.21,0c-.41.39-.5.82-.22,1.08A1.41,1.41,0,0,0,99.44,70.56Zm-6.35.75a.85.85,0,0,0,.07-1.22A.67.67,0,0,0,92.1,70a.82.82,0,0,0-.13,1.2A.87.87,0,0,0,93.09,71.31Zm-29,79.76a.74.74,0,0,0,.2.51c.06.06.41-.06.43-.14s.14-.52-.12-.65S64.07,151,64.06,151.07ZM92.75,78c-.32,0-.46.34-.33.69a1.36,1.36,0,0,0,.74.73.41.41,0,0,0,.54-.35.88.88,0,0,0-.37-.64C93.16,78.24,93,78,92.75,78Zm5.86-10.74a.27.27,0,0,0,0-.35c0-.06-.26,0-.31,0s-.11.22,0,.3A.24.24,0,0,0,98.61,67.25ZM96,79.63A13.14,13.14,0,0,0,96.71,78a.77.77,0,0,0-.5-1,.81.81,0,0,0-1,.43,2.74,2.74,0,0,1-.44.63,1.23,1.23,0,0,0-.29,1.61C94.74,80.18,95.25,80.27,96,79.63Zm.13-4a.57.57,0,0,0,0-.94c-.25-.15-.53-.33-.78-.21a1,1,0,0,0,0,1.24C95.59,76,95.84,75.83,96.08,75.63ZM92,75.48a1,1,0,0,0,.08.86.68.68,0,0,0,1.06.15.75.75,0,0,0,.12-1C93.06,75.17,92.12,75.16,92,75.48ZM66,107.23c.68.18,1.35.4,2,.59-.27,1.26-.18,1.38.93,1.37.39-.54.24-1-.28-1.39.65-1.45,0-2.15-1.65-2a2.46,2.46,0,0,1-.17-.27c-.18-.44-.52-.5-.94-.45s-.56.29-.68.65C64.93,106.6,65.13,107,66,107.23Zm1.11-7.75a.48.48,0,0,0,.62-.27c.1-.33-.34-.41-.51-.47s-.38.17-.37.25A.63.63,0,0,0,67.13,99.48Zm-2.82,5.45c.26,0,.59-.23.79-.33.11-.63-.19-.83-.52-.89s-.76.05-.75.46S64.1,104.89,64.31,104.93Zm5.19-3a.48.48,0,0,0,.54-.5.52.52,0,0,0-.47-.46.45.45,0,0,0-.52.35A.47.47,0,0,0,69.5,101.9Zm-2.22.68c0,.14,0,.64.27.64s.43-.29.43-.41,0-.56-.21-.57A.57.57,0,0,0,67.28,102.58Zm-6.43,17.3a.73.73,0,0,0,.32,1.24.76.76,0,0,0,.69-1.12A.79.79,0,0,0,60.85,119.88ZM62,111.34c-.14-.06-.42.2-.46.34s.07.62.26.65.49-.34.51-.49A.66.66,0,0,0,62,111.34Zm1.82,7.15a1.73,1.73,0,0,0,1.44,1.26,2,2,0,0,0,1.67-1A1,1,0,0,0,67,118a1.58,1.58,0,0,0-1.9-1.15l-.56.11c0-.36-.09-.7-.17-1-.16-.62-.44-.8-1.07-.73a1.29,1.29,0,0,0-1.15,1,1.14,1.14,0,0,0,.52,1.27,6.15,6.15,0,0,0,1,.5A5.12,5.12,0,0,0,63.83,118.49ZM82.36,81.65a1.43,1.43,0,0,0,.27-1.75,1,1,0,0,0-1.33-.17,1.23,1.23,0,0,0-.13,1.64A.84.84,0,0,0,82.36,81.65ZM62.6,108c.6.3,1-.06,1.34-.66-.28-.46-.44-1-1.09-.87a.73.73,0,0,0-.65.81A1,1,0,0,0,62.6,108Zm8-10.16a.76.76,0,0,0,.94-.59.87.87,0,0,0-.64-.94.74.74,0,0,0-.94.57A.9.9,0,0,0,70.61,97.83ZM79.74,92c0,.38.15.73.55.69s1.09-.23,1.11-.54-.64-.69-.93-.82S79.75,91.58,79.74,92Zm.18-9a1.42,1.42,0,0,0-.09-1.87A1.33,1.33,0,0,0,78,83,1.36,1.36,0,0,0,79.92,83ZM81,89.19c.17,0,.53.07.63-.2s-.26-.48-.34-.47a.74.74,0,0,0-.49.26C80.74,88.84,80.89,89.18,81,89.19Zm-2.93.29c.18-.26.52-1,.3-1.2s-.94,0-1.23.19-.25.73,0,1S77.83,89.81,78.05,89.48Zm-2.21-2.76c.12-.12.39-.36.24-.61s-.52-.11-.57,0a.74.74,0,0,0-.12.54A.54.54,0,0,0,75.84,86.72Zm-2.56,6.57a1.42,1.42,0,0,0-.11.35c-.07.43-.47,1.25,0,1.65s.78-.1,1.08-.15c.79-.13,1.43-1,1.16-1.63,0,0,0-.05,0-.08a.66.66,0,0,0,.12-.17,1.26,1.26,0,0,0-.22-1.48A1,1,0,0,0,74,91.6c-.37.21-1.25.44-1.24,1.08C72.73,93.13,73,93.21,73.28,93.29Zm0,7.93c.61.09,1-.15,1.08-.69.12-.76-.37-1.63-1-1.69A1.31,1.31,0,0,0,72.2,100,1.19,1.19,0,0,0,73.27,101.22Zm3.94.3c.7,0,1.16-.79,1.17-1.07A1.24,1.24,0,0,0,77,99.71a.94.94,0,0,0,.2,1.81Zm-2.48,3.85a1.21,1.21,0,0,0,1.18,1.35c.6.08,1-.33,1.13-1.14.09-.66-.19-1.17-.69-1.22A2.19,2.19,0,0,0,74.73,105.37ZM99.07,76.16a1.21,1.21,0,0,0,.17-1.55,1.56,1.56,0,0,0-1.79-.2c-.32.3-.17,1.27.28,1.77A1,1,0,0,0,99.07,76.16ZM126,66.06a.57.57,0,0,0,.54-.13c.08-.11.1-.57-.1-.67s-.49.23-.59.37S125.82,66,126,66.06ZM99.46,79.84a1.58,1.58,0,0,0-.14-1.7.8.8,0,0,0-1.2,0c-.66.64-.76,1.17-.31,1.66A1.43,1.43,0,0,0,99.46,79.84Zm26-11.2a.87.87,0,1,0-1.56-.74A1,1,0,0,0,124.4,69,.79.79,0,0,0,125.44,68.64Zm-6.17,6.3c0-.67-.63-.6-1.16-.72l-.2.34a.76.76,0,0,0-.64.63c.32,1-.21,1.21-.46,1.74a1.4,1.4,0,0,0-1.11.64c-.16.41.39,1.21,1,1.47a.88.88,0,0,0,.8-.15V78h1.3a7.2,7.2,0,0,0,.74-1.53,1.51,1.51,0,0,0-.32-1.3A.63.63,0,0,0,119.27,74.94Zm7.29-2a1.05,1.05,0,0,0-.72-1.23,1.15,1.15,0,0,0-1.6.61c-.23.59,0,1.33.41,1.49A1.69,1.69,0,0,0,126.56,72.92Zm2.33-6a.87.87,0,0,0,1.21-.45.93.93,0,0,0-.54-1.19.87.87,0,0,0-1.18.53A.91.91,0,0,0,128.89,66.88Zm-7.56,6.59a1,1,0,0,0,1.15-.46,1,1,0,0,0-.47-1.14.42.42,0,0,0-.07-.19c0-.06-.27,0-.32,0s0,0,0,0a.81.81,0,0,0-.71.5A.86.86,0,0,0,121.33,73.47Zm-2.8-1.55c.23-.1.51-.39.51-.6,0-.57-.67-.77-1-.7a.77.77,0,0,0-.21,1.14A.7.7,0,0,0,118.53,71.92Zm.18-3.23c.39.17.9-.31,1.11-.62s.07-1.22-.32-1.4-1.07.63-1.21,1A1,1,0,0,0,118.71,68.69Zm1.69.64c-.29,0-.52.3-.68.57a.52.52,0,0,0,.3.81c.37.11.74.15,1-.28S120.69,69.32,120.4,69.33Zm7.46,0a.82.82,0,0,0-1.16.33.83.83,0,0,0,.32,1.07.87.87,0,0,0,1.16-.37A.67.67,0,0,0,127.86,69.28ZM139.43,71c-.22.36-.11,1,.26,1s1,.11,1.16-.29-.34-.74-.56-.9A.55.55,0,0,0,139.43,71Zm.86,5.44,0,0a1.24,1.24,0,0,0-.06-.47,1.14,1.14,0,0,0-.1-.19c.12-.16.24-.32.34-.48a.82.82,0,0,0-.22-1.28,1.27,1.27,0,0,0-1.48-.16,1.14,1.14,0,0,0-.56,1.26,1.38,1.38,0,0,0,.08.27,1.11,1.11,0,0,0-.33.59,1.6,1.6,0,0,0-1.88.79A1.76,1.76,0,0,0,136,78h5A1.59,1.59,0,0,0,140.29,76.46Zm-2.1-7.41a1.14,1.14,0,0,0,1.55-.74,1.12,1.12,0,0,0-.48-1.54,1.68,1.68,0,0,0-1.92.87C137.13,68.1,137.58,68.84,138.19,69.05Zm3.91,1.33c0-.15-.43-.17-.57-.1s-.39.48-.28.64.59.11.7,0A.61.61,0,0,0,142.1,70.38ZM131,73.18a1.8,1.8,0,0,0-1.8.57c-.28.62,0,1.21.76,1.52.56.24,1.09-.07,1.38-.81A.93.93,0,0,0,131,73.18Zm1.39-2c.1-.19.12-.8-.12-.94s-.74.24-.9.43a.61.61,0,0,0,.36.9A.86.86,0,0,0,132.35,71.16Zm4.43-6.31c.06-.15-.09-.28-.16-.31s-.25.09-.27.16a.25.25,0,0,0,.1.29A.26.26,0,0,0,136.78,64.85ZM133,66.37a.73.73,0,0,0,.67-.14.91.91,0,0,0,.2-.77.81.81,0,0,0-1.17-.22A.78.78,0,0,0,133,66.37ZM134.36,72a1.49,1.49,0,0,0,.29.36,1.09,1.09,0,0,0,1.85-.7,6.45,6.45,0,0,0,0-1.81,1.69,1.69,0,0,0-1.58-1.22c-.39,0-1.21.31-1,1.1C134.84,70.71,133.94,71.07,134.36,72Zm-11,2.85a1.67,1.67,0,0,0-2.1,0,1.23,1.23,0,0,0,.15,1.64l.15.1c-.11.53,0,.93.4,1.08a.93.93,0,0,0,1.27-.55.81.81,0,0,0-.08-.65A1.1,1.1,0,0,0,123.36,74.84Zm-18.9,2.36a.8.8,0,0,0-.11-1.19c-.31-.25-.66-.54-1-.26-.53.52-.61,1.06-.31,1.4A.93.93,0,0,0,104.46,77.2Zm.83-6.94a.7.7,0,1,0-.91-1,.52.52,0,0,0-.08.86C104.59,70.35,104.91,70.55,105.29,70.26Zm0-2.64c.22-.13.59-1.07.31-1.4s-1.23.11-1.5.36A1,1,0,0,0,104,67.7C104.27,68,104.93,67.81,105.26,67.62Zm2.5,11a.46.46,0,0,0-.43.36c-.12.37-.13.75.3,1a.92.92,0,0,0,1.07-.36c.1-.24-.11-.57-.43-.78a.78.78,0,0,0,.68-.18,1.61,1.61,0,0,0,0-1.87,1.48,1.48,0,0,0-1.67,0,1.09,1.09,0,0,0-.18,1.33A2.41,2.41,0,0,0,107.76,78.6Zm-3.33-6.74a.86.86,0,0,0-.13,1.29.94.94,0,0,0,1.23.07,1,1,0,0,0,0-1.33A.8.8,0,0,0,104.43,71.86Zm1.26,10.91a1.41,1.41,0,0,0,.18.14c-.18,0-.31.3-.38.41s.07.42.14.43a.72.72,0,0,0,.55-.14.52.52,0,0,0,0-.55,2.38,2.38,0,0,0,2-.14,1.64,1.64,0,0,0,0-2.16,1.77,1.77,0,0,0-2.25-.23A1.73,1.73,0,0,0,105.69,82.77ZM101,74.16a1.35,1.35,0,0,0,.85-.58c.27-.61-.32-.81-.74-1.14-.57.33-1,.67-.77,1.29A.82.82,0,0,0,101,74.16Zm-2.58,6.76a1.79,1.79,0,0,0-.51,1.76c.16.36.33.89.83.78a2.05,2.05,0,0,1,1.66.46.68.68,0,0,0,1.06-.26c.28-.45.15-1.18-.32-1.25a1.46,1.46,0,0,1-1.22-1A1.37,1.37,0,0,0,98.38,80.92Zm3.52-11.77a.61.61,0,0,0,0-.68.54.54,0,0,0-.55,0,.53.53,0,0,0-.08.53C101.34,69.07,101.72,69.34,101.9,69.15Zm.44,10a.83.83,0,0,0,1-.29,1,1,0,0,0,0-1.23c-.49-.47-1-.22-1.52,0C101.7,78.6,101.82,79,102.34,79.16Zm11.55-2.51c.13.08.63.11.69-.09a.56.56,0,0,0-.29-.53c-.18,0-.54-.14-.6.06A.58.58,0,0,0,113.89,76.65Zm-.23-6a.27.27,0,0,0-.16-.31c-.08,0-.26.09-.28.16s0,.24.1.28A.25.25,0,0,0,113.66,70.61Zm3.78.29a.6.6,0,0,0-.32-.6.53.53,0,0,0-.51.19.52.52,0,0,0,.16.51C116.9,71.07,117.37,71.14,117.44,70.9Zm-2.19-.32a.94.94,0,0,0,0-1.31.88.88,0,0,0-1.3,0,.92.92,0,0,0,0,1.22A.87.87,0,0,0,115.25,70.58Zm-1.06,2.14c-.21.53-.1,1,.26,1.07a1.39,1.39,0,0,0,1.38-.56.88.88,0,0,0-.57-1.08A.83.83,0,0,0,114.19,72.72Zm-3,4a1.12,1.12,0,0,0,0,1.71c.4.45,1,.4,1.59-.14a.93.93,0,0,0,.25-1.3A1.83,1.83,0,0,0,111.23,76.77Zm-.09-3.38a0,0,0,0,0,0,0h0a1,1,0,0,0,.24,0,.89.89,0,0,0,.4-.15.67.67,0,0,0,.15-1.07.81.81,0,0,0-1.19-.2.84.84,0,0,0-.17,1.11A.82.82,0,0,0,111.14,73.39Zm-1.89,1.52a1.06,1.06,0,0,0-.12-1.43,1.14,1.14,0,0,0-1.7-.13,1.18,1.18,0,0,0-.28,1.52A1.71,1.71,0,0,0,109.25,74.91Zm.83-4.35a.94.94,0,0,0,.15-1.31.93.93,0,0,0-1.23,0,1,1,0,0,0,0,1.24A.76.76,0,0,0,110.08,70.56Zm2.16-2c.11-.06.33-.46.19-.64s-.53,0-.69.08a.37.37,0,0,0,0,.45A.59.59,0,0,0,112.24,68.58Zm-19,174.34a.74.74,0,0,0,.4,1,1,1,0,0,0,.82,0c.56-.38.43-.9.08-1.49C93.94,242.41,93.4,242.3,93.19,242.92Zm336.69-92.25a.61.61,0,0,0-.86.46,2.2,2.2,0,0,0,.21.83c.59.23,1,.08,1.13-.28A.8.8,0,0,0,429.88,150.67Zm2.91,1.74a1.09,1.09,0,0,0,1.63-1.13,6.67,6.67,0,0,0-.42-1.75,1.7,1.7,0,0,0-1.83-.81c-.38.1-.65.32-.62.7a4.84,4.84,0,0,0,.88,2.72A1.58,1.58,0,0,0,432.79,152.41Zm-2.18-9.52a1.8,1.8,0,0,0-2,1,1.43,1.43,0,0,0,.68,1.83,1.86,1.86,0,0,0,2.31-.63A1.91,1.91,0,0,0,430.61,142.89ZM65,144.53a1.18,1.18,0,0,0-1.45,1.08,1.16,1.16,0,0,0,.93,1.53,1.36,1.36,0,0,0,1.6-1.08A1.43,1.43,0,0,0,65,144.53Zm364.89,4.34c.23-.67,0-1.27-.48-1.42a1.7,1.7,0,0,0-1.9.87,1.25,1.25,0,0,0,.87,1.3A1.08,1.08,0,0,0,429.9,148.87Zm-.4,5.32c.25-.59.12-1.08-.23-1.09a1.34,1.34,0,0,0-.95.32c-.24.24.08.88.48.94A1.71,1.71,0,0,0,429.5,154.19Zm3.4,1.1c-.42,0-.84,1.13-.46,1.46a.86.86,0,0,0,1.12-.07C433.87,156.27,433.33,155.28,432.9,155.29Zm1.88-2.23c-.28-.1-.53.21-.57.34a.51.51,0,0,0,.16.57c.2.1.46-.1.55-.24S435.06,153.17,434.78,153.06Zm1,1.35c-.34-.16-.9.47-.88,1.13s.91.74,1.23.62S436.09,154.58,435.75,154.41Zm-2.08,5.84c-.08.23.07,1,.34,1s.7-.4.75-.6a.81.81,0,0,0-.27-.71A.53.53,0,0,0,433.67,160.25ZM111.33,284.87c-.18.07-.31.53-.25.73s.59.57.8.46.24-.72.15-.84S111.51,284.8,111.33,284.87Zm1.47-3.17a.47.47,0,0,0-.17.75c.22.32.52.55,1,.33a.92.92,0,0,0,.34-1.08C113.76,281.43,113.21,281.44,112.8,281.7Zm3.56-7.29c-.14-.4-.82-.46-1.19-.41s-.93.73-.83,1.15c-.15.12-.38.33-.26.48a.56.56,0,0,0,.57.17.8.8,0,0,0,.29-.31,2.63,2.63,0,0,0,.93-.06,1,1,0,0,0,.51-.76.76.76,0,0,0,.08.21,1.16,1.16,0,0,0,1.06.29v-2.1a.79.79,0,0,0-.53.09A1.7,1.7,0,0,0,116.36,274.41Zm-1.26,11.42c-.33.13-.11.52,0,.69a.51.51,0,0,0,.43.14.68.68,0,0,0,.21-.52A.47.47,0,0,0,115.1,285.83Zm323-135.76a1,1,0,0,0-1.41-.63.88.88,0,0,0,0,1.46,1.16,1.16,0,0,0,1,0A1,1,0,0,0,438.08,150.07ZM112.6,278.59a.85.85,0,0,0-1.18-.3.67.67,0,0,0-.32,1,.82.82,0,0,0,1.15.34A.87.87,0,0,0,112.6,278.59Zm4.12.62c-.33.13-.52,1-.23,1.24a1,1,0,0,0,.86.09.5.5,0,0,0,.17-.11v-1.1A.76.76,0,0,0,116.72,279.21Zm-.78,11c-.07,0-.07.26,0,.31a.25.25,0,0,0,.29.09.25.25,0,0,0,.09-.35A.28.28,0,0,0,115.94,290.21ZM425.23,159.92a.51.51,0,0,0,.27.45.56.56,0,0,0,.51-.24c.05-.13-.13-.35-.25-.63C425.52,159.67,425.28,159.76,425.23,159.92ZM117.35,285.06a1.84,1.84,0,0,0,.17.22v-2.1A1.79,1.79,0,0,0,117.35,285.06ZM426.94,155.94c-.41-.17-.66.27-.72.45s.12.44.2.67c.22-.09.54-.11.64-.27S427.36,156.12,426.94,155.94Zm25.9-10.45a1.75,1.75,0,0,0-1.92,1.3,2,2,0,0,0,1.61,2.23c.71.06.89-.85.65-1.3s-.1-.33.18-.78A.89.89,0,0,0,452.84,145.49ZM438.23,159a.34.34,0,0,0-.42.15.55.55,0,0,0,.15.54c.1.08.56.09.66-.11S438.38,159.08,438.23,159Zm15.84-25.39c-1,.94-1.36.05-2.27.49a1.24,1.24,0,0,0-.35.3,1.08,1.08,0,0,0,.74,1.83,6.39,6.39,0,0,0,1.8,0,1.71,1.71,0,0,0,1.2-1.6C455.18,134.2,454.84,133.39,454.07,133.6Zm2.15,3.38c-.47-.21-1.19.25-1.39.87a1.13,1.13,0,0,0,.77,1.54,1.12,1.12,0,0,0,1.53-.52A1.67,1.67,0,0,0,456.22,137Zm-2.83,6.2a2.5,2.5,0,0,1-.69-.64,1.25,1.25,0,0,0-1.25-.77c-.44,0-1.06,1-1,1.49s.07,1,.74,1.09c.49.07,1,.21,1.46.32a.72.72,0,0,0,1.13-.24A.94.94,0,0,0,453.39,143.18ZM111.75,267.84a.83.83,0,0,0,.59-1,.87.87,0,0,0-1-.62,2.13,2.13,0,0,0-.08-.32c-.09-.24-.94-.78-1.32-.56s-.12,1.23.07,1.54a1,1,0,0,0,.79.36A.79.79,0,0,0,111.75,267.84ZM457.39,132.59a.75.75,0,0,0,.16.66.9.9,0,0,0,.77.18.8.8,0,0,0,.19-1.17A.78.78,0,0,0,457.39,132.59Zm1.74,3.32c-.08,0-.24,0-.28.11a.26.26,0,0,0,.14.34.28.28,0,0,0,.31-.18C459.33,136.11,459.2,135.93,459.13,135.91Zm-.69-6.77a.87.87,0,0,0-.55-1.17.91.91,0,0,0-1.09.53.87.87,0,0,0,.47,1.21A.92.92,0,0,0,458.44,129.14Zm-8.51-.22c-.63-.26-1.21.05-1.5.8-.23.57.09,1.08.83,1.37a1,1,0,0,0,1.28-.38A1.83,1.83,0,0,0,449.93,128.92Zm7.86,12c-.08-.05-.37,0-.42.16a.56.56,0,0,0,.15.54c.1.07.56.08.66-.12S457.94,141,457.79,140.94Zm-4.74-.95a.55.55,0,0,0-.17-.86c-.36-.21-1-.08-1,.28s-.09,1,.31,1.16S452.9,140.22,453.05,140Zm-9.94,11.83a1,1,0,0,0-.8-.11c-.48.17-.54.56-.32,1.48.49.09,1,.36,1.36-.27A.8.8,0,0,0,443.11,151.82Zm-1.28,5.33a.66.66,0,0,0-.31.58.67.67,0,0,0,.55.37.71.71,0,0,0,.52-.58C442.61,157.21,442,157.11,441.83,157.15Zm7.37-24.35a1.19,1.19,0,1,0-.85,2.22,1.36,1.36,0,0,0,1.67-.53A1.66,1.66,0,0,0,449.2,132.8Zm-9.41,20.36a1.57,1.57,0,0,0-2.12.91,1.25,1.25,0,0,0,.62,1.7,2,2,0,0,0,2.33-.83A1.46,1.46,0,0,0,439.79,153.16Zm2.73-10.68c-.11-.65-.47-.92-1-.79a8.87,8.87,0,0,0-.65-1.48,2,2,0,0,0-1.5-.58,1.83,1.83,0,0,0,.58-.94c.33-1.17.11-1.64-.83-2a1.61,1.61,0,0,0-2.12,1.16.83.83,0,0,0-.06.21,1.73,1.73,0,0,0-.87-1.06,1.12,1.12,0,0,0-1.32.74,1.18,1.18,0,0,0,.74,1.63A1.15,1.15,0,0,0,437,139a.65.65,0,0,0,.05-.2,1.74,1.74,0,0,0,1.05,1,1.35,1.35,0,0,0,.55.09,2.25,2.25,0,0,0-.44,2.09,1.63,1.63,0,0,0,1.87.71c.51-.14.93-.34,1.43.12S442.24,142.86,442.52,142.48Zm5.91,7.41c-.11.38.15.54.43.65a.57.57,0,0,0,.85-.41,2.56,2.56,0,0,0-.17-.79A.85.85,0,0,0,448.43,149.89Zm.56-5a.77.77,0,0,0-.4-1.12.92.92,0,0,0-1.23.46.86.86,0,0,0,.59,1.06A.8.8,0,0,0,449,144.91Zm-2.45,6.46a1.66,1.66,0,0,0-2,1,1.83,1.83,0,0,0,.91,2.08,1.65,1.65,0,0,0,2.12-.76A2.41,2.41,0,0,0,446.54,151.37ZM445.07,148a.85.85,0,0,0-.39-1.23,1.78,1.78,0,0,0-1.7.49,1.16,1.16,0,0,0,.7,1.55C444.18,149.07,444.76,148.73,445.07,148ZM429,157.83c-.35.77-.35,1.22.05,1.42.56.28.91,0,1.19-.51A1.22,1.22,0,0,0,429,157.83ZM79,207.08c-.14.06-.4.43-.33.62s.58.15.7.07.28-.42.19-.56A.58.58,0,0,0,79,207.08Zm-3.3-19.27a.67.67,0,0,0-.27.6.71.71,0,0,0,.66.41c.31,0,.31-.66.23-.81A.64.64,0,0,0,75.71,187.81Zm2.5,1.14c.33-.3,0-1.67-.48-1.83s-1.09.87-.84,1.36S77.88,189.24,78.21,189ZM78,181.53c.1-.36-.62-.8-1.27-.66s-.56,1-.39,1.32S77.85,181.9,78,181.53Zm4.91,10.09v0a2,2,0,0,0,.15.33c.38.56,1,.59,1.67.1a1.18,1.18,0,0,0,.3-1.41c-.3-.46-1.56-.83-1.91-.56a1,1,0,0,0-.34.72,1.76,1.76,0,0,0-1.24-.94,1.84,1.84,0,0,0-1.89,1.26A1.65,1.65,0,0,0,80.73,193,2.41,2.41,0,0,0,82.86,191.62Zm-4.79,9c-.25,0-.63.4-.92.65-.08.07-.05.27-.08.52.42,0,1,.44,1.32.07A.79.79,0,0,0,78.07,200.63Zm2.4,4.87c-.1.05-.08.31-.12.47a1.29,1.29,0,0,0,.57.08c.09,0,.33-.36.22-.55S80.62,205.43,80.47,205.5Zm2.1,9.33c-.49.23-.29.92-.41,1.3l.21.18,1.29-.45.07-.36C83.39,215.3,83.06,214.6,82.57,214.83ZM85.31,206a1.76,1.76,0,0,0-2.14-.44,1.3,1.3,0,0,0,1.66,2A1.18,1.18,0,0,0,85.31,206Zm-2.93-9.45a1.26,1.26,0,0,0-1.3-.41,1.22,1.22,0,0,0-.26,1.44.88.88,0,0,0,1.21.16A1,1,0,0,0,82.38,196.55Zm-10.55-16c-.23,0-.92.24-.94.52s.51.62.72.63a.83.83,0,0,0,.65-.39A.53.53,0,0,0,71.83,180.52Zm-1-25.27a.92.92,0,0,0-.52-1,1.06,1.06,0,0,0-1.15.53.84.84,0,0,0,.55,1A.93.93,0,0,0,70.82,155.25Zm-1.26,11.86c-.52-.17-.85.47-1.19.66a2.45,2.45,0,0,0,0,.27l1.25.56.3-.21C69.83,168,70.07,167.27,69.56,167.11Zm1.11,5c-.12,0-.4.22-.4.34a.58.58,0,0,0,.33.47c.13,0,.32-.2.57-.37C71,172.4,70.83,172.18,70.67,172.16ZM68,157.36a1.26,1.26,0,0,0-1.49,0,1,1,0,0,0-.36,1.3c.17.4.29,1.31.92,1.37s.6-.51.83-.71A1.4,1.4,0,0,0,68,157.36ZM84.7,214.2c-.12.07-.11.24-.09.32s.22.11.23.09a.94.94,0,0,0,.15-.32C84.9,214.26,84.81,214.14,84.7,214.2ZM74.32,172.51c-.18,0-.41.19-.62.31.12.2.2.52.37.58s.72.18.82-.26S74.5,172.54,74.32,172.51ZM110,275.26c-.13.07-.11.53,0,.69s.38.19.43.14a.63.63,0,0,0,.21-.52C110.59,275.45,110.16,275.19,110,275.26ZM73.66,184.4a.55.55,0,0,0-.5.24c-.06.12,0,.57.23.63s.43-.32.5-.48S73.83,184.42,73.66,184.4Zm-.28-9c-.81-.21-1.26-.13-1.38.3-.18.6.19.89.71,1.08A1.2,1.2,0,0,0,73.38,175.45Zm3.21,3.44c-.09-.42-1.27-.63-1.52-.19a.85.85,0,0,0,.26,1.08C75.8,180,76.67,179.31,76.59,178.89Zm30.53,88.51a.93.93,0,0,0-.53,1.2.88.88,0,0,0,1.18.53.91.91,0,0,0,.48-1.12A.86.86,0,0,0,107.12,267.4Zm-5-8.45c-.69.26-1.06.86-.83,1.38a1.67,1.67,0,0,0,1.92.86,1.23,1.23,0,0,0,.49-1.57A1.13,1.13,0,0,0,102.12,259Zm2.49,5.94a.91.91,0,0,0-.71.35.81.81,0,0,0,.61,1,.76.76,0,0,0,.64-1A.7.7,0,0,0,104.61,264.89Zm-2.33-10.22a1.27,1.27,0,0,0,1.46-.23,1.74,1.74,0,0,0-.21-1.79c-.34-.33-.69-.71-1.26-.34-.42.26-.88.46-1.32.69a.73.73,0,0,0-.71.92.94.94,0,0,0,1.1.71A2.27,2.27,0,0,1,102.28,254.67Zm-.79,8.79c-.14.06-.14.25-.12.33s.24.12.31.09.18-.15.14-.26A.25.25,0,0,0,101.49,263.46Zm7.8,8.9c-.07,0-.07.26,0,.31a.25.25,0,0,0,.29.09.25.25,0,0,0,.09-.35A.28.28,0,0,0,109.29,272.36Zm-8.4-22.09a2.07,2.07,0,0,0-2.68-.65c-.57.42-.13,1.23.35,1.41s.3.19.37.71.51,1.19,1.34.77A1.76,1.76,0,0,0,100.89,250.27Zm9,12.55a.84.84,0,0,0-.74-.24c-.2.05-.67.44-.62.72s.68.39.92.38S110.11,263.09,109.89,262.82Zm-.32,7.9a.57.57,0,0,0-.46-.31c-.13,0-.49.3-.43.51s.49.22.67.2S109.64,270.88,109.57,270.72Zm-2.8-11.57a6.74,6.74,0,0,0-1.37,1.19,1.69,1.69,0,0,0,.14,2c.26.29,1,.7,1.49,0,.14-1.34,1-.91,1.42-1.84a1.45,1.45,0,0,0,.07-.45A1.09,1.09,0,0,0,106.77,259.15ZM88.19,231a.74.74,0,0,0,0,1.1.88.88,0,0,0,1.14-.1.75.75,0,0,0-.06-1.1A.86.86,0,0,0,88.19,231Zm-1.37-18.41a1.46,1.46,0,0,0,.2-1.75,1,1,0,0,0-1.43-.46,1.39,1.39,0,0,0-.59,1.75A1.51,1.51,0,0,0,86.82,212.55Zm1.74,22.8c-.08.06,0,.42,0,.45a.64.64,0,0,0,.56,0,.47.47,0,0,0,.07-.66C89,234.88,88.69,235.23,88.56,235.35Zm1.19-11.9a.85.85,0,0,0,.14,1.12,1,1,0,0,0,1.24-.06.92.92,0,0,0-.12-1.13A1.07,1.07,0,0,0,89.75,223.45Zm-3.39,1.48a1,1,0,0,0-.81,1.08c0,.44-.22,1.32.35,1.62s.75-.25,1-.36c.75-.28,1.2-1.28.83-1.82A1.27,1.27,0,0,0,86.36,224.93ZM141.49,66.58a.6.6,0,0,0,.55-.14c.07-.1.09-.56-.11-.66s-.49.22-.58.37A.36.36,0,0,0,141.49,66.58ZM97.06,246c-.12.1,0,.46.08.57s.57.23.69.08-.06-.59-.18-.68A.68.68,0,0,0,97.06,246Zm-5.44-5.93c-.22.26-.33.68,0,.87a1,1,0,0,0,.9-.05c.17-.21.08-.63.09-.85C92.15,239.66,91.83,239.82,91.62,240.09Zm6.91-1.19c-.28-.61-.74-.69-1.34-.43-1-1.28-1.87-1.08-2.55.48-.11,0-.22,0-.33,0-.47-.06-.69.21-.84.6a.82.82,0,0,0,.24.92c.62.68,1,.7,1.69,0,.49-.5,1-1,1.49-1.47C97.86,239.89,98,239.87,98.53,238.9Zm.67,19.57c-.13,0-.49.3-.43.52s.49.21.67.19.29-.23.22-.39A.58.58,0,0,0,99.2,258.47Zm9-17.19a.74.74,0,0,0,.22-.76.9.9,0,0,0-1.06-.62,1,1,0,0,0-.67,1.15.85.85,0,0,0,.93.53.77.77,0,0,0-.14.6,1,1,0,0,0,.54.72c.61.16.95-.26,1.18-.82C109,241.65,108.73,241.23,108.19,241.28ZM425.32,147a1.52,1.52,0,0,0,1.83-.73c.15-.4-.27-1-.85-1.3a1.11,1.11,0,0,0-1.47.41,0,0,0,0,1,0,0v.93A1.11,1.11,0,0,0,425.32,147Zm5.88-9.1c.36.13.82-.43.9-.93a.69.69,0,0,0,0-.92.65.65,0,0,0-.73,0,.68.68,0,0,0-.63.06C430.43,136.32,430.73,137.69,431.2,137.86ZM117.1,268.73a1,1,0,0,0-.53,1.23.79.79,0,0,0,1,.46v-1.69A.85.85,0,0,0,117.1,268.73Zm317.25-151c.38-.79.26-1.58-.26-1.82a1.45,1.45,0,0,0-1.65.67,1.28,1.28,0,0,0,.62,1.53A1.08,1.08,0,0,0,434.35,117.77ZM111.59,262.28a1.84,1.84,0,0,0,1.63,1,1,1,0,0,0,.56-.46,1,1,0,0,0,1,0,.61.61,0,0,1,.76-.67.91.91,0,0,0,.44-1.14.85.85,0,0,0-1.15-.37.71.71,0,0,0-.48.64.76.76,0,0,0-.53.09s0,0-.07.06a1.11,1.11,0,0,0-1.38-.26A.94.94,0,0,0,111.59,262.28ZM435,135.83a.85.85,0,0,0-.59-1.07.81.81,0,0,0-1.06.39,1.07,1.07,0,0,0,.64,1.18A.82.82,0,0,0,435,135.83Zm0,4.87a1.6,1.6,0,0,0-1.55.63c-.17.43.34,1.3.9,1.55a.71.71,0,0,0,1-.4C435.75,141.63,435.61,140.93,435.06,140.7Zm-8.65-8.59a.61.61,0,0,0,.18-.05,1.84,1.84,0,0,0,.61-1.77l-.05,0c0-.27.08-.47.18-.53.26-.16,1.47.49,2.28-.16,0,0,0-.05.07-.07a.53.53,0,0,0,.06.24.8.8,0,0,0,.72.42.81.81,0,0,0-.42.33,1.68,1.68,0,0,0-1.32,1.79c.1,1.43,1.2,1.82,1.79,1.65s1-.81,1.4-.78-.42.39.82.9,2.87-.83,1.85-2.07c-.15-.19,1.19-1.05.35-2.13s-1.76-1.13-2.64-.27a3.13,3.13,0,0,1-1.23.58l0,0a.8.8,0,0,0-.41,0,.48.48,0,0,0,.17,0,.68.68,0,0,0,.2-1,.61.61,0,0,0-.86-.25h0a2,2,0,0,0-.27-1.71,3,3,0,0,0-3.12-.63c-.71.44-.42,1.44-.6,1.59s-.69-.07-1.31,0v4.38A2.22,2.22,0,0,0,426.41,132.11Zm4.94-7.68a.67.67,0,0,0-.11,1,1.37,1.37,0,0,0,.92.45.68.68,0,0,0,.57-.49,2.48,2.48,0,0,0,1.9.33,1.82,1.82,0,0,0,1-.55,1.91,1.91,0,0,0,.43-1.51c-.05-.62.37-1.11.07-1.65a2.59,2.59,0,0,0-2.79-1.39,2.09,2.09,0,0,0-1.62,1.17c-.21.47.07.91.26,1.39-.41-.1-.89-.39-1.15-.07s-.26,1.1.29,1.24c.24.06.64-.38.93-.63,0,0,0-.07,0-.1a1.23,1.23,0,0,1,0,.2,2.47,2.47,0,0,0,0,.39A.77.77,0,0,0,431.35,124.43ZM116.6,247.19a1.42,1.42,0,0,0,.08.18,1.75,1.75,0,0,0-1.47-.12,1.72,1.72,0,0,0-.47.3,2.3,2.3,0,0,0-1-1.89,1,1,0,0,0-.35-.07,1.17,1.17,0,0,0-.21-.47c-.42-.6-.82-.45-1.06-.86s-.54-.41-1-.27l0,0a1.14,1.14,0,0,0-.07-.32h0a1.61,1.61,0,0,0,.81-.25,1.63,1.63,0,0,1,1.13-.34,1.78,1.78,0,0,0,1.54-.79,1.54,1.54,0,0,0,.07-1.7.71.71,0,0,0-.1-.14,1.51,1.51,0,0,0,1.08.08c.51-.2.68-.82.43-1.56-.19-.55-.86-1-1.28-.85a1.61,1.61,0,0,0-.94,1.64.65.65,0,0,0,.11.22,1.58,1.58,0,0,0-.73,0,2.34,2.34,0,0,0-1.11.52,1,1,0,0,0-.31-1,2.6,2.6,0,0,0-.84.35c-.3.26-.2.63.11.86a.84.84,0,0,0,.57.21h0a1.13,1.13,0,0,1-.6.36,1.11,1.11,0,0,0-1,1.59.49.49,0,0,0-.32,0,1,1,0,0,0-.32,1.21,1.13,1.13,0,0,0,.78.72.75.75,0,0,0,0,.2c.22.66.69.61.88.52s.61.08.43.25-.18.45.19.89a1,1,0,0,1-.91.48c-.5,0-.62.46-.59.94.5.42,1,.39,1.28-.05a9.31,9.31,0,0,0,1.45.7,1.94,1.94,0,0,0,1.53-.53,1.75,1.75,0,0,0,.14,1,2.06,2.06,0,0,0-1,1.2l.22.41a.88.88,0,0,0-.36,0,.87.87,0,0,0-.59,1.06.69.69,0,0,0,.07.15,1.58,1.58,0,0,0-1.09,1.28.43.43,0,0,0,0,.11,1.46,1.46,0,0,0-1.62-.26,2.16,2.16,0,0,0-.66.35.75.75,0,0,0-.3-.54,1.12,1.12,0,0,0-1.54.46,1.43,1.43,0,0,0,.15,1.55,1.15,1.15,0,0,0,1.37.14,1.6,1.6,0,0,0,1.83.88,1.65,1.65,0,0,0,1.16-1.31,1.29,1.29,0,0,0,1,.4c1.16,0,1.84-.64,1.88-1.36a1.41,1.41,0,0,0-.26-.82.88.88,0,0,0,.29-.17c.54-.48.56-.78.17-1.54.1-.32.2-.61.29-.89a1.66,1.66,0,0,0,1.94-2.32,1.24,1.24,0,0,0-.1-.2l.31.16v-2.11h0C116.88,246.11,116.44,246.75,116.6,247.19Zm-6.13,10.38a1.38,1.38,0,0,0-.93,1.49,1.65,1.65,0,0,0,1.72.76,1.13,1.13,0,0,0,.78-1.59A1.14,1.14,0,0,0,110.47,257.57ZM94.92,234.46c.63.49,1.52.25,2.14-.57a1.27,1.27,0,0,0-.22-1.88,1.71,1.71,0,0,0-2.32.4A1.73,1.73,0,0,0,94.92,234.46Zm-.21-6.2a.83.83,0,0,0,1.1-.3,1.3,1.3,0,0,0-.37-1.53,1.25,1.25,0,0,0-1.32.84A.85.85,0,0,0,94.71,228.26Zm.56-4a2.62,2.62,0,0,0-.35-.93.65.65,0,0,0-.71-.14.53.53,0,0,0-.78-.17c-.19.14-.51.81-.34,1a.58.58,0,0,0,.47.12.86.86,0,0,0,.37.52A1,1,0,0,0,95.27,224.27Zm-5.09-8c.16-.07.64-.36.41-.75s-.7-.17-.85-.07-.17.43-.24.66C89.73,216.21,90,216.39,90.18,216.31Zm18.59,31.52a.76.76,0,0,0-.65-1.14.78.78,0,0,0-.59.82C107.6,247.94,107.89,248,108.77,247.83ZM91.53,219.74a1.2,1.2,0,0,0-.46-1.47c-.73.42-1,.78-.79,1.18C90.56,220,91,220,91.53,219.74Zm-2.86,1.4c.33.19.71.22.87-.15s.32-1.06.06-1.23-.91.22-1.17.42S88.33,220.94,88.67,221.14Zm18.8,29.3a1.77,1.77,0,0,0,1.94.75,1.14,1.14,0,0,0,.22-.12.32.32,0,0,0,.4-.08c.1-.14.32-.5.14-.66a.31.31,0,0,0-.12-.05,1.26,1.26,0,0,0-.08-.45,1.07,1.07,0,0,0-1.58-.74C107.72,249.33,107.29,250,107.47,250.44Zm-.88-12.66a1.5,1.5,0,0,0-.34-.48,1.61,1.61,0,0,0-.66-2,1.61,1.61,0,0,0,1.44-.82.81.81,0,0,0,.48.14c.37-.09.38-.94-.07-1.43a.66.66,0,0,0-.78-.12,1.41,1.41,0,0,0-1.13-.45,1.58,1.58,0,0,0-1.5,1.21c-.13.52.44,1.06,1.13,1.34a1.22,1.22,0,0,0-.46.06,2.1,2.1,0,0,0-1,.84,2.53,2.53,0,0,0-2.2,2,2.11,2.11,0,0,0,.42,2,1.07,1.07,0,0,0,.76.3.69.69,0,0,0,0,.38.8.8,0,0,0,.89.69,1,1,0,0,0,.68-.44.63.63,0,0,0,.1-.33c1.35.41,2-.59,2.32-1.66A1.82,1.82,0,0,0,106.59,237.78Zm-8.9-1.11c.29.14.88.55,1.2.14s-.17-.93-.35-1.21-.68-.21-1,.13S97.28,236.48,97.69,236.67Zm4.73-4.61c-.13,0-.49.3-.43.51s.49.22.67.2.28-.24.22-.4A.59.59,0,0,0,102.42,232.06Zm344.2-121.8a.85.85,0,0,0,1.12-.48.67.67,0,0,0-.37-1,.84.84,0,0,0-1.13.43A.86.86,0,0,0,446.62,110.26Zm-2.25,6.35a1,1,0,0,0,.62,1.18,1.2,1.2,0,0,0,1.46-.55,1.53,1.53,0,0,0-.63-1.68C445.4,115.4,444.61,116,444.37,116.61Zm-.69-2.39c-.1.39.15.54.43.66s.82,0,.85-.41.05-.62-.17-.79S443.8,113.81,443.68,114.22ZM448,129.4a1,1,0,0,0-.52-1.11.9.9,0,0,0-1.08.58.85.85,0,0,0,.64,1A.72.72,0,0,0,448,129.4Zm.93-2.53a1.47,1.47,0,0,0-.76-1.49,1.13,1.13,0,0,0-1.27.44c-.35.86-.19,1.68.36,1.89A1.58,1.58,0,0,0,448.94,126.87ZM439.74,113a1.32,1.32,0,0,0-.31,1,.41.41,0,0,0,.55.33c.24-.11.32-.36.41-.62s.21-.45.12-.71S440,112.72,439.74,113Zm.08,2.22c-.37.53-.22,1,.67,1.36a14,14,0,0,0,1.84-.07.77.77,0,0,0,.67-.91.8.8,0,0,0-.85-.74,2.42,2.42,0,0,1-.76-.12A1.24,1.24,0,0,0,439.82,115.21Zm7.51-1.1c.05-.18.12-.55-.08-.6a.58.58,0,0,0-.56.21c-.07.13-.09.64.12.69S447.29,114.22,447.33,114.11Zm-10.28,15.75c1,.46,1.88.22,2.22-.6a1.62,1.62,0,0,0-1-2.09,1.56,1.56,0,0,0-2.05.89C435.85,128.82,436.17,129.48,437.05,129.86Zm6-25.2c.23.06.67,0,.77-.15s-.08-.61-.25-.73-.82-.09-.91.12S442.89,104.62,443,104.66Zm-1,8a.74.74,0,0,0,1-.35c.19-.3-.22-1.14-.57-1.12a.91.91,0,0,0-.73.46A.67.67,0,0,0,442,112.63Zm-4.89,12.09c-.36.81,0,1.5.92,1.88a1.33,1.33,0,0,0,2-.72,1.53,1.53,0,0,0-1-2.07A1.56,1.56,0,0,0,437.12,124.72Zm8.79-2.91a.93.93,0,0,0,.58,1.26.8.8,0,0,0,1-.63c.09-.4.19-.83-.2-1C446.6,121.21,446.08,121.38,445.91,121.81Zm-7.73,13.4a1.56,1.56,0,0,0,1.69-.43c.34-.5.27-1.41.48-1.52s1.12.43,1.76,0a1.25,1.25,0,0,0,.51-1.13,1.4,1.4,0,0,0,.11.37.78.78,0,0,0,1.15.4,1,1,0,1,0-.79-1.93,1,1,0,0,0-.5,1,1.7,1.7,0,0,0-.21-.61,2.31,2.31,0,0,0-2.38-.59c-.56.31-.38,1.09-.52,1.2s-1.1-.33-1.77.09a1.91,1.91,0,0,0-.51,2.17A1.88,1.88,0,0,0,438.18,135.21Zm2.25-15.89a1.83,1.83,0,0,0-1.8.33c-.25.31-.65.7-.32,1.11a2.07,2.07,0,0,1,.34,1.68.68.68,0,0,0,.71.83c.52,0,1.12-.4,1-.85a1.44,1.44,0,0,1,.37-1.55A1.37,1.37,0,0,0,440.43,119.32Zm5.18,3c.2-.65-.26-1-.65-1.38-1,.32-1.25.6-1.18,1.14a.84.84,0,0,0,.71.76A1,1,0,0,0,445.61,122.3Zm-2.86-4.44c-.87-.3-1.39-.15-1.62.47a1.42,1.42,0,0,0,.76,1.47,1.58,1.58,0,0,0,1.45-.89A.8.8,0,0,0,442.75,117.86Zm4.32,13.91a1.16,1.16,0,0,0-1.48.44,1,1,0,0,0,.41,1.26,1.35,1.35,0,0,0,1.52-.69A.76.76,0,0,0,447.07,131.77Zm-4.95-8.62a1.42,1.42,0,0,0,.68,1.54c.4.17,1.14-.28,1.31-.8s-.08-.76-.57-.94C442.8,122.68,442.29,122.75,442.12,123.15Zm2.1,2.81a1.71,1.71,0,0,0-2.14.72,2.37,2.37,0,0,0,1,2.33,1.65,1.65,0,0,0,1.95-.94A1.76,1.76,0,0,0,444.22,126Zm-.93-18.42a.91.91,0,0,0,.39,1.06c.29.12.72-.22.89-.68a.47.47,0,0,0-.32-.7C443.87,107.1,443.49,107.1,443.29,107.54ZM97.05,97.28a1,1,0,0,0-1-.08.64.64,0,0,0-.64-.46.75.75,0,0,0-.57.4.93.93,0,0,0,.15.79.56.56,0,0,0,.47.19.89.89,0,0,0,0,.52c.38.81,1.1.65,1.83.4C97.48,98.4,97.69,97.72,97.05,97.28ZM94.79,81.51a1.54,1.54,0,0,0-1.68,1.09,1.58,1.58,0,0,0,3.1.45C96.39,82.45,95.63,81.78,94.79,81.51Zm.45,9.85a1,1,0,0,0,0-1.36c-.2-.28-1.12-.15-1.35.49a.94.94,0,0,0,.17.79A.82.82,0,0,0,95.24,91.36Zm-.33,11a1.08,1.08,0,0,0,1.14.15,1.51,1.51,0,0,0,.84-.12c.57-.24.59-1.26.26-2.07a1.54,1.54,0,0,0-1.91-.59,1.63,1.63,0,0,0-.53,1.62A.89.89,0,0,0,94.91,102.41Zm1.87-9.77a1.54,1.54,0,0,0-.92-.55A1.88,1.88,0,0,0,94,93.47c-.17.82.46,1.54,1.51,1.73a1.36,1.36,0,0,0,.4,0,.69.69,0,0,0,.19.7c.27.28.81.34,1,.08a.79.79,0,0,0,0-1,.71.71,0,0,0-.28-.18,1.59,1.59,0,0,0,.37-.77v0a1.15,1.15,0,0,0,.77-.07c.63-.42.21-1,.07-1.57C97.53,92.31,97.06,92.3,96.78,92.64Zm1,4.09a1.35,1.35,0,0,0-.08,1,.41.41,0,0,0,.61.19.91.91,0,0,0,.26-.69,1.08,1.08,0,0,0,0-.73C98.37,96.27,98,96.41,97.8,96.73Zm-11,0a1,1,0,0,0-1.23,0A.86.86,0,0,0,85.51,98a1,1,0,0,0,1.3,0A.93.93,0,0,0,86.8,96.73Zm1.56,5a10.13,10.13,0,0,0-1.79,1.18,1.83,1.83,0,0,0-2.5,2.65c-.15-.34-.63-.34-1-.06s-.44.68-.07,1,.76.7,1.16.36,0-.94-.11-1.24a2.48,2.48,0,0,0,.45.53.87.87,0,0,1,.33.92,1,1,0,0,0,1,1c.55,0,.68-.35.68-.79a2.2,2.2,0,0,1,.11-1c.11-.21.24-.41.37-.61a1.41,1.41,0,0,0,.6-.31,1.11,1.11,0,0,0,.19-.91h0c1.72.34,2.21,0,2.12-1.57A1.17,1.17,0,0,0,88.36,101.72Zm-1.64-9.54a1.6,1.6,0,0,0-1.81,1.16,1.63,1.63,0,0,0,1,1.93h.23a0,0,0,0,1,0,0,1.1,1.1,0,0,0,1.56.08.71.71,0,0,0,.1-1,1,1,0,0,0,.21-.47A1.64,1.64,0,0,0,86.72,92.18Zm.84,8.19c.46-.31.42-.75.13-1.23-.45,0-1-.14-1.12.43a1,1,0,0,0,.32.75A.67.67,0,0,0,87.56,100.37Zm13-6.49a3,3,0,0,0-2,2.5c.07.83,1.09,1,1.15,1.25s-.09.23-.23.44a1.16,1.16,0,0,0-1.13.8.74.74,0,0,0,.56,1.09,2.52,2.52,0,0,0,1.5,1.43,1.42,1.42,0,0,0-.07.22,1.39,1.39,0,0,0,1.07,1.26c.45,0,1.15-.67,1.2-1.19a.73.73,0,0,0-.11-.49,1.69,1.69,0,0,0,.37-.29,2.19,2.19,0,0,0,.52-1,.94.94,0,0,0,.58.3,1.22,1.22,0,0,0,1.3-.86,1.55,1.55,0,0,0-1-1.5c-.33,0-.76.35-1,.83h0c-.41-.66-1.52-1.07-1.55-1.37a.77.77,0,0,1,.2-.36.29.29,0,0,0,0,.09c0,.41.26.5.56.55s.8-.2.74-.6-.1-.61-.35-.72-.37,0-.58.19a1.64,1.64,0,0,0,.34-1.26A1.78,1.78,0,0,0,100.56,93.88Zm-16.34,8a1.22,1.22,0,0,0,1.8,0c.44-.41.38-1-.16-1.6s-1-.6-1.38-.26A2.25,2.25,0,0,0,84.22,101.91ZM148.39,77a2.09,2.09,0,0,0-2-.17c-.44.21-.53.69-.69,1.16h3.66A2.44,2.44,0,0,0,148.39,77Zm277.54,57.86A1.47,1.47,0,0,0,426,133a.94.94,0,0,0-1.21-.38v2.16A1.43,1.43,0,0,0,425.93,134.83ZM116,262.45a1.61,1.61,0,0,0-.74,1.72,1.48,1.48,0,0,0,1.55.64.91.91,0,0,0,.32-.2,1,1,0,0,0,.11.27,1.74,1.74,0,0,0,.25.29v-1.76a.46.46,0,0,0-.07.07C117.14,262.71,116.54,262.26,116,262.45Zm310-149.8a1.46,1.46,0,0,0-.62-1.74,1.07,1.07,0,0,0-.54,0v2.29C425.39,113.28,425.78,113.14,426,112.65ZM113,82.82c-.31.1-.27.51,0,.77a1.35,1.35,0,0,0,1,.33.4.4,0,0,0,.33-.54c-.1-.24-.35-.33-.6-.43S113.27,82.73,113,82.82ZM142,78h.54A1.1,1.1,0,0,0,142,78ZM112.6,80.55a1.15,1.15,0,0,0-.23-.21c-.3-.19-1.15.2-1.14.55a1,1,0,0,0,.44.74.55.55,0,0,0,.38.11,1,1,0,0,0,.16.39.94.94,0,0,0,1.31.2,1.38,1.38,0,0,0,.07-1.67A.73.73,0,0,0,112.6,80.55ZM121.75,78h.74a.09.09,0,0,0,0,0A.9.9,0,0,0,121.75,78Zm-47.54,90.4c.47.12,1.2-.49,1.35-1.14a1,1,0,0,0-.73-1.31,1.39,1.39,0,0,0-1.63.87A1.49,1.49,0,0,0,74.21,168.36Zm14,46.28a1.36,1.36,0,0,0,1.89-.42,1.42,1.42,0,0,0-.45-1.81,1.33,1.33,0,0,0-1.44,2.23ZM69.62,112.71c-.23.68.53,1.23.58,2,.11,1.79,1.46,2,2.64,1.65a1.81,1.81,0,0,0,1-.65,1.83,1.83,0,0,0,.28-1.54c-.1-.61.27-1.13-.08-1.65a2.58,2.58,0,0,0-2.9-1.12A2.09,2.09,0,0,0,69.62,112.71Zm6.23,51.72a.49.49,0,0,0-.43-.6.54.54,0,0,0-.52.41.45.45,0,0,0,.28.56A.48.48,0,0,0,75.85,164.43ZM83.32,98a1.58,1.58,0,0,0-1.51,1.13c-.09.5.49,1.1,1.12,1.19.84.11,1.29-.14,1.39-.76A1.48,1.48,0,0,0,83.32,98Zm-14,50.09a1.64,1.64,0,0,0,2-.72,2.1,2.1,0,0,0-1.06-2.27,1.65,1.65,0,0,0-1.9,1A1.62,1.62,0,0,0,69.3,148.07Zm3.32,18.61a.66.66,0,0,0,.53-.21.48.48,0,0,0-.19-.64c-.31-.14-.45.28-.53.44S72.55,166.68,72.62,166.68ZM145.12,75l-.05,0a1.17,1.17,0,0,0,.13-1.11,1.36,1.36,0,0,0-.84-.59.82.82,0,0,0,.25-.49c.08-.49.23-1,.35-1.44a.72.72,0,0,0-.21-1.14,1,1,0,0,0-1.27.35,2.19,2.19,0,0,1-.65.67,1.29,1.29,0,0,0-.8,1.24c0,.36.65.84,1.15,1a1.61,1.61,0,0,0-.17,2,.94.94,0,0,0,.9.38.86.86,0,0,0,.51.81.84.84,0,0,0,1.07-.57A.8.8,0,0,0,145.12,75Zm-67,99.88a1.32,1.32,0,0,0-.49-.87c-.28-.19-.85.23-.84.64a1.56,1.56,0,0,0,.29.65C77.68,175.49,78.14,175.27,78.1,174.92Zm-.59-12.1a1.43,1.43,0,0,0,.51.28,1.34,1.34,0,0,0,1.53-.73,1.81,1.81,0,0,0,.52.2,1.14,1.14,0,0,0,1.42-.95,1.38,1.38,0,0,0-1.17-1.75,1.46,1.46,0,0,0-1.27.32.69.69,0,0,0-.15-.07,1.7,1.7,0,0,0-1.93,1,1.37,1.37,0,0,0-.62-.32c-.46-.1-1.1.44-1.19,1a1.24,1.24,0,0,0,1,1.58A1.32,1.32,0,0,0,77.51,162.82Zm-1.27,3.9c.14.06.64,0,.68-.18a.57.57,0,0,0-.36-.49c-.19,0-.56-.07-.59.14A.56.56,0,0,0,76.24,166.72Zm-3.65-7.21a.57.57,0,0,0-.32-.49c-.14,0-.58,0-.65.24s.31.5.46.52S72.56,159.67,72.59,159.51ZM77.51,103a.44.44,0,0,0-.07.62.5.5,0,1,0,.72-.68A.51.51,0,0,0,77.51,103Zm.83,5.46A.81.81,0,0,1,79,108a4.49,4.49,0,0,1,.69-1.13,1.19,1.19,0,0,1,1.34-.33.81.81,0,0,1,.68.9h0a2.54,2.54,0,0,1,.43.64,1.31,1.31,0,0,1,1.58-.49c.77.15,1,.56.78,1.31,0,.11-.08.21-.13.32-.5,1-1.29,1.17-2.29.29-.34.36-.69.57-.61,1.16a.88.88,0,0,1-1,1.06c-.41-.06-.63-.35-.65-.84a1.51,1.51,0,0,1-.82.23.65.65,0,0,1-.47-.88.56.56,0,0,1,.19-.33,2.48,2.48,0,0,1-.39-.5A.8.8,0,0,1,78.34,108.47ZM79.67,110a1.94,1.94,0,0,1,.29.21h0a.62.62,0,0,0-.08-.12l-.11-.12Zm-9.17-2.62c0,.32-.06,1,.46,1.13s.73-.6.88-.9-.14-.7-.58-.78S70.47,106.92,70.5,107.37Zm10.24-3.63a1.52,1.52,0,0,0,2.21-.15,1.27,1.27,0,0,0,.15-1.89,1.72,1.72,0,0,0-2.36-.06A1.74,1.74,0,0,0,80.74,103.74Zm-2.15.08a.94.94,0,0,0,.85,1,.92.92,0,0,0,.92-.79,1,1,0,0,0-.81-.93A.86.86,0,0,0,78.59,103.82Zm-5.89-1.28a1.74,1.74,0,0,0-1.61,1.34c-.12.79.52,1.46,1.54,1.6a1.27,1.27,0,0,0,1.54-1.1A1.7,1.7,0,0,0,72.7,102.54Zm2.77,11a1.54,1.54,0,0,0,1.81.86,1.67,1.67,0,0,0,.75-1.55.7.7,0,0,0,.41,0c.61-.26.58-.8.35-1.45-.54-.08-1.05-.3-1.37.27,0,0,0,.08,0,.13a1.48,1.48,0,0,0-1.34-.27C75.43,111.72,75.26,112.72,75.47,113.58Zm1.82-7.76c.08.13.53.37.67.21a.55.55,0,0,0,0-.6c-.14-.13-.43-.36-.57-.2A.58.58,0,0,0,77.29,105.82Zm-.87,2.8c-.26.22-.45.61-.12.87a1,1,0,0,0,.89.12c.2-.17.2-.6.25-.82C77,108.3,76.68,108.4,76.42,108.62Zm9.47,80.95c.57.14,1-.1,1.13-.59a1.77,1.77,0,0,0-.78-1.59,1.15,1.15,0,0,0-1.4,1C84.71,188.89,85.14,189.39,85.89,189.57Zm97.37-119a.85.85,0,0,0,.46-1.13.68.68,0,0,0-1-.46.84.84,0,0,0-.5,1.1A.88.88,0,0,0,183.26,70.59Zm-1.18,4c-.08-.35-1-.66-1.2-.4a1,1,0,0,0-.2.84.68.68,0,0,0,1,.48A.75.75,0,0,0,182.08,74.59Zm2.28-.28c-.27,0-.62.79-.41,1.16s.48.28.77.17a.57.57,0,0,0,.31-.89C184.84,74.53,184.63,74.27,184.36,74.31Zm-3.55,2.5c-.29-.14-.54.18-.53.55a1.31,1.31,0,0,0,.19.6h.93a1.21,1.21,0,0,0-.17-.56C181.12,77.18,181.06,76.93,180.81,76.81Zm2.48.19a2.35,2.35,0,0,1-.62.45,1.57,1.57,0,0,0-.61.51h2.56a.76.76,0,0,0-.2-1A.81.81,0,0,0,183.29,77Zm-6.52-7.88c.2-.12.49-.45.44-.64s-.49-.39-.69-.35-.65.51-.56.73S176.64,69.19,176.77,69.12Zm22,8.4c.28-.24.55-.45.78-.69a.82.82,0,0,0,0-1.29,1.26,1.26,0,0,0-.2-.2,1,1,0,0,0,.24,0,.92.92,0,0,0,.55-1.19.93.93,0,0,0-1.15-.42,1,1,0,0,0-.42,1.18.71.71,0,0,0,.12.18,1.15,1.15,0,0,0-1.36,1.15,5.55,5.55,0,0,0,.12,1.12,1.07,1.07,0,0,0-1.27-.22,1.39,1.39,0,0,0-.75.87h3.69l0,0C199,77.8,198.88,77.66,198.74,77.52ZM186.3,73.41a.54.54,0,0,0,.16-.58c-.09-.16-.29-.48-.48-.37a.57.57,0,0,0-.24.54C185.78,73.15,186.12,73.52,186.3,73.41Zm-5.86,2.4c-.05-.06-.2-.13-.29-.06a.24.24,0,0,0-.06.36.27.27,0,0,0,.35,0A.33.33,0,0,0,180.44,75.81Zm-.29-5.44a.48.48,0,0,0-.72-.28c-.35.18-.62.45-.46.9a.92.92,0,0,0,1,.48C180.28,71.35,180.35,70.81,180.15,70.37Zm-4,4-.12.08-.11,0a1,1,0,0,0-.48.63,1.87,1.87,0,0,0-.14,1.38,1.56,1.56,0,0,0,2.2.7,1.41,1.41,0,0,0,.83-1.91A1.79,1.79,0,0,0,176.2,74.41ZM192,70.47a.55.55,0,0,0-.24.48c0,.14.33.52.56.39a.61.61,0,0,0,.19-.65A.57.57,0,0,0,192,70.47Zm-5.46-1.42c.13,0,.44-.41.39-.55s-.51-.18-.68-.14-.24.35-.2.41A.7.7,0,0,0,186.52,69.05Zm8.36,6.06a.81.81,0,0,0-1-.39.84.84,0,0,0-.31,1.46.69.69,0,0,0-.09.64.76.76,0,0,0,1.31,0,.71.71,0,0,0-.1-.62A1,1,0,0,0,194.88,75.11ZM196,71c.24,0,.9-.83.73-1.23s-1.2-.29-1.54-.14a1,1,0,0,0-.43,1C194.9,71,195.6,71,196,71Zm-.47,1.3a1,1,0,0,0-.88-.06.51.51,0,0,0-.35.79c.19.34.43.63.88.48S195.72,72.47,195.51,72.27Zm-5.66-1.55a.82.82,0,0,0-1.16-.33c-.51.23-.74.62-.56,1a1.4,1.4,0,0,0,1.38.56A.87.87,0,0,0,189.85,70.72Zm-.52,4.46a.8.8,0,0,0,.48.62,1.34,1.34,0,0,0,1-.28c.45-.49,0-.87-.34-1.32C189.82,74.33,189.3,74.52,189.33,75.18Zm-2.92-.26c-.41.18-.57,1.15-.3,1.77a1,1,0,0,0,1.27.4,1.21,1.21,0,0,0,.66-1.41A1.55,1.55,0,0,0,186.41,74.92Zm3.38-6.42c.14-.07.12-.26.09-.33s-.24-.11-.31-.08-.17.17-.12.28A.25.25,0,0,0,189.79,68.5ZM176.4,73.22a1.33,1.33,0,0,0-1.71-2,1.37,1.37,0,0,0-.16,1.93A1.43,1.43,0,0,0,176.4,73.22Zm-22.51,3.44a1.67,1.67,0,0,0-.91,0,1.35,1.35,0,0,0-1.5-.2c-.27.19-.34.93-.2,1.48h3.45A1.46,1.46,0,0,0,153.89,76.66Zm1.66-2.36a1.71,1.71,0,0,0,.31-2.34,1.74,1.74,0,0,0-2.08-.23,1.52,1.52,0,0,0-.09,2.22A1.28,1.28,0,0,0,155.55,74.3Zm-.72-5a.52.52,0,0,0,0-.66.46.46,0,0,0-.61-.13.5.5,0,1,0,.6.79Zm0-3.16c.32-.16.07-.53,0-.7s-.4-.16-.44-.1a.65.65,0,0,0-.17.54A.46.46,0,0,0,154.81,66.09Zm-2.42,2.66c.14-.12.4-.39.26-.54a.57.57,0,0,0-.58-.13c-.14.07-.43.49-.28.65A.57.57,0,0,0,152.39,68.75Zm-3.29-.83c.53-.36.46-.71.28-1s-.56-.51-.85-.21a1,1,0,0,0-.22.87C148.46,67.81,148.89,67.84,149.1,67.92Zm-2.9-.33a.73.73,0,0,0-1,.1,1,1,0,0,0-.24.79c.19.64.73.67,1.4.5C146.47,68.46,146.74,68,146.2,67.59Zm5.58,6.31c-.26-.4-.63-.51-.93-.17a2,2,0,0,0-.54.71,3.11,3.11,0,0,0-.75.15.86.86,0,0,0,.52,1.12c.39.11.54-.14.67-.42a1,1,0,0,0,.05-.23,2.66,2.66,0,0,0,.82-.2C152,74.76,152,74.27,151.78,73.9Zm-6-2.69A1.76,1.76,0,0,0,147,73.15a1.33,1.33,0,0,0,.91-.07c0,.21.16.43.52.8.66-.09.88-.5.81-1.16,1.5-.54,1.58-1.46.3-2.58a1.73,1.73,0,0,1,.07-.31c.2-.44,0-.72-.33-1a.8.8,0,0,0-.94,0c-.84.39-1,.79-.53,1.61l.24.47-.07,0c-.46.23-.33.1-.77-.19S146,70.3,145.78,71.21Zm294.45,34.84c.17-.3-.24-.48-.38-.58a.52.52,0,0,0-.43.15.65.65,0,0,0,.15.54A.47.47,0,0,0,440.23,106.05ZM171.8,69c.27-.12.16-.52.1-.58a.78.78,0,0,0-.53-.16c-.07,0-.21.36-.16.42S171.53,69.08,171.8,69Zm-4.15,5.57a2.53,2.53,0,0,0-.37.68,1.25,1.25,0,0,0-1.44,0,1.34,1.34,0,0,0-.73.8,1.16,1.16,0,0,0-.46.17,1.24,1.24,0,0,0-.07,1.63,1.54,1.54,0,0,0,.17.19h1.61a1.84,1.84,0,0,0,.19-.4,1.25,1.25,0,0,0,1-1.86,1.74,1.74,0,0,0,.8-.28c.13-.11.1-.56,0-.78A.42.42,0,0,0,167.65,74.54Zm3.31-.18a2,2,0,0,0-.63.66,1,1,0,0,0-.93-.21,1.24,1.24,0,0,0-.64,1.52.85.85,0,0,0,1,.65,1.2,1.2,0,0,0,.56-.45,2.11,2.11,0,0,0,2.31.47,1.66,1.66,0,0,0,.38-2.14A1.61,1.61,0,0,0,171,74.36ZM169.4,71c.24-.2,0-.94-.06-1.24s-.7-.33-1-.06-.42.62-.11.88S169.16,71.19,169.4,71Zm-10.53-3.54a.87.87,0,0,0,.23-1.11.73.73,0,0,0-1.06-.28.89.89,0,0,0-.24,1.12A.76.76,0,0,0,158.87,67.45Zm12.32,5.21a.28.28,0,0,0,.1-.34c0-.08-.24-.11-.31-.07s-.17.16-.12.27A.25.25,0,0,0,171.19,72.66Zm-6.48-2.81a.94.94,0,0,0-.3,1.2.92.92,0,0,0,1.11.22,1.06,1.06,0,0,0,.31-1.22A.84.84,0,0,0,164.71,69.85ZM161.65,78h.47A.83.83,0,0,0,161.65,78Zm-.77-4.87a.85.85,0,0,0-1.11.27.84.84,0,0,0-.05,1.14,1.3,1.3,0,0,0,1.58.1A1.23,1.23,0,0,0,160.88,73.09Zm3.62-5.54a1.25,1.25,0,0,0,.91-1.19,1,1,0,0,0-.8-1.09c-.41-.11-1.19-.59-1.64-.14s0,.79,0,1.09C163.05,67,163.87,67.75,164.5,67.55ZM159,69.89a1.33,1.33,0,0,0-1.66-.06,1.19,1.19,0,0,0-.14,1.62c.37.51.8.61,1.24.3A1.47,1.47,0,0,0,159,69.89Zm112.22,7.17c-.07,0-.1.41,0,.46s.43.31.65.12,0-.54-.07-.57A.73.73,0,0,0,271.22,77.06Zm-7.33-.81c-.43,0-1.32-.22-1.61.35s.25.75.36,1a1.09,1.09,0,0,0,.19.33h2.05a1.39,1.39,0,0,0,.09-.91A1,1,0,0,0,263.89,76.25Zm160.93,28.36v.15h0A.27.27,0,0,0,424.82,104.61Zm.93-2.85c.16-.24-.15-.52-.23-.53a.75.75,0,0,0-.54.14c-.05,0,0,.42.1.45S425.59,102,425.75,101.76Zm-.82,8.57s-.06,0-.11-.07v.38h0C425,110.58,424.94,110.41,424.93,110.33ZM250.06,77.1c-.39,0-.76,0-.87.5a.65.65,0,0,0,0,.36h1.22a1,1,0,0,0,.07-.23C250.57,77.36,250.41,77.13,250.06,77.1Zm-11-1.56a1.22,1.22,0,0,0-1.37.91.84.84,0,0,0,.51,1.11,1.41,1.41,0,0,0,1.54-.87A1,1,0,0,0,239.09,75.54Zm9.62-1.68c-.18-.07-.82.07-.88.3s.39.66.54.66.66-.11.72-.29S248.9,73.94,248.71,73.86Zm-6.89.4c-.08,0-.24,0-.26.16a.26.26,0,0,0,.21.3c.16,0,.25-.15.27-.23S241.89,74.27,241.82,74.26Zm3.58,2c-.09,0-.39.16-.38.24a.64.64,0,0,0,.25.5c.11,0,.51.09.62-.24S245.57,76.31,245.4,76.24Zm184.89,27.52a1.41,1.41,0,0,0,1.63-.92,1.33,1.33,0,0,0-2.54-.78A1.35,1.35,0,0,0,430.29,103.76Zm6.6-.67c0-.08-.1-.25-.17-.27s-.24,0-.28.11a.25.25,0,0,0,.14.33A.27.27,0,0,0,436.89,103.09Zm.67,15.26c.61-.12.86-1.1.73-2a1.56,1.56,0,0,0-1.74-1,1.6,1.6,0,0,0-.71,2.09A1.58,1.58,0,0,0,437.56,118.35Zm-.14-5.89a.74.74,0,0,0-.65.25,1,1,0,0,0,0,.81c.34.5.77.25,1.19,0C438,113,438,112.6,437.42,112.46Zm.46-1.48a1.41,1.41,0,0,0,1.94-.77,1.79,1.79,0,0,0-.91-2.18,1.86,1.86,0,0,0-2.1.92C436.46,109.71,436.9,110.56,437.88,111Zm-5.33-5.62a1.43,1.43,0,0,0,1.69-.56,1,1,0,0,0-.45-1.26,1.22,1.22,0,0,0-1.52.63A.84.84,0,0,0,432.55,105.36Zm-4.08,3.49a2.08,2.08,0,0,0,2.36-.82,1.65,1.65,0,0,0-.84-2,1.6,1.6,0,0,0-2,.72A1.63,1.63,0,0,0,428.47,108.85Zm-192.56-35A1.17,1.17,0,0,0,234.47,75a1.36,1.36,0,0,0,1.23,1.48,1.41,1.41,0,0,0,1.41-1.22C237.22,74.49,236.75,74,235.91,73.88ZM425.29,108.7c0,.27,0,1,.27,1.09.15,0,.33-.07.49-.24.26.28.54.68.92.51s.31-.91.44-1.29l-.2-.19-.84.28a1.2,1.2,0,0,0-.41-.48A.42.42,0,0,0,425.29,108.7Zm6,2.19c.07.15.25.36.39.37a12.14,12.14,0,0,0,1.31-.07c.73.77,1.53,1,2,.58a1.75,1.75,0,0,0,0-2.09c-.49-.54-.89-.46-2,.48-.41-.4-.78-.86-1.37-.38A.9.9,0,0,0,431.3,110.89ZM209.53,73.7a1.11,1.11,0,0,1,.14-.29.75.75,0,0,0-.12-1,.79.79,0,0,0-.91-.24c-.9.2-1.12.57-.86,1.46.2.67.38,1.35.56,2-1.21.44-1.26.58-.67,1.51.66.06,1-.3,1-1C210.28,75.94,210.55,75.06,209.53,73.7Zm-9.69,3.16a.84.84,0,0,0-.52,1s0,.06.06.1h1.54a.78.78,0,0,0,0-.52A.81.81,0,0,0,199.84,76.86Zm9.69-5.43c.59-.25.6-.6.48-.92s-.44-.62-.79-.39-.47.61-.39.81S209.34,71.31,209.53,71.43Zm.49,6a2.57,2.57,0,0,0-.61.49h1.52a.61.61,0,0,0,0-.13C210.73,77.39,210.39,77.21,210,77.47Zm3.28-1.34a1.43,1.43,0,0,0-.66,1.83h2.73a1.62,1.62,0,0,0-.08-1.17A1.75,1.75,0,0,0,213.3,76.13ZM207,78h.42a.45.45,0,0,0-.21-.06A.36.36,0,0,0,207,78Zm6-5.51a.57.57,0,0,0-.54-.24c-.15,0-.52.38-.41.57a.56.56,0,0,0,.58.15C212.73,72.84,213.05,72.63,212.94,72.45Zm-10.27,1.11c-.07-.21-.51-.18-.68-.15s-.27.26-.19.41a.54.54,0,0,0,.48.28C202.41,74.08,202.75,73.77,202.67,73.56Zm-.5-1.19c0-.16-.39-.26-.53-.22s-.49.39-.41.57.55.23.68.17A.64.64,0,0,0,202.17,72.37Zm1.55,2.91a.77.77,0,0,0-.32.3,1.19,1.19,0,0,0-.7,0,1.54,1.54,0,0,0-.7,1.94.84.84,0,0,0,.4.43h1.15a1.81,1.81,0,0,0,.88-1h.06a.94.94,0,0,0,.44-1.24A.86.86,0,0,0,203.72,75.28Zm3-4.78a.73.73,0,0,0-1-.12,1,1,0,0,0-.4.72c.06.67.58.81,1.27.79C206.84,71.4,207.21,71,206.76,70.5Zm8.09,3.43a.52.52,0,0,0,.15-.64.44.44,0,0,0-.57-.26.47.47,0,0,0-.28.7A.47.47,0,0,0,214.85,73.93Zm16.39,2.45c-.07,0-.28.31-.24.39s.22.48.51.43.26-.47.22-.54A.75.75,0,0,0,231.24,76.38Zm-6-4.3c-.38-.2-1-.83-1.58-.48s-.14.77-.19,1.07c-.12.8.53,1.68,1.19,1.61a1.25,1.25,0,0,0,1.13-1A1,1,0,0,0,225.25,72.08Zm2.73,5.1c-.3.18-.49.48-.31.78H229a3.49,3.49,0,0,0,0-.51C228.89,77.11,228.33,77,228,77.18Zm2.54-2.29a.78.78,0,0,0-.49.25c-.05.06.09.41.18.42s.53.09.64-.18S230.61,74.89,230.52,74.89ZM229,78h1.14a3.48,3.48,0,0,0-.51-.31C229.42,77.55,229.15,77.72,229,78Zm-4.61-1.38a1,1,0,0,0-.56,1,1.22,1.22,0,0,0-.71.15c-.13.07-.31.14-.5.23h2.51a1.05,1.05,0,0,0,.31-1A.84.84,0,0,0,224.39,76.58ZM217.18,75a1.19,1.19,0,0,0-.46,1.55c.25.57.64.77,1.15.56.71-.3,1.19-1.17.93-1.71A1.32,1.32,0,0,0,217.18,75Zm-2-5.06a.66.66,0,0,0-.28.49c0,.12.21.47.55.38s.17-.51.14-.68S215.29,69.91,215.23,70Zm3.43,1.52a.88.88,0,0,0-.47,1,.75.75,0,0,0,1,.49.86.86,0,0,0,.46-1A.73.73,0,0,0,218.66,71.48Z"/><rect class="cls-4" x="102.37" y="352.89" width="75.71" height="32.81" rx="16.4"/><circle class="cls-5" cx="161.59" cy="369.29" r="13.48"/><polygon class="cls-6" points="486.81 98.37 481.3 98.37 481.3 92.86 476.69 92.86 476.69 98.37 471.18 98.37 471.18 102.97 476.69 102.97 476.69 108.48 481.3 108.48 481.3 102.97 486.81 102.97 486.81 98.37"/><circle class="cls-6" cx="46.14" cy="334.84" r="6.85"/><rect class="cls-7" x="219.15" y="145.27" width="256.88" height="199.34"/><path class="cls-8" d="M480,308.71a.77.77,0,0,0,.48-.87,1,1,0,0,0-1.35-.16C478.94,308,479.58,308.84,480,308.71Z"/><path class="cls-8" d="M478.84,306c.17-.1.15-.39.09-.52s-.36-.37-.57-.21-.09.49,0,.58S478.67,306.07,478.84,306Z"/><path class="cls-8" d="M479.46,295.24a.73.73,0,0,0-1.09-.29,1.57,1.57,0,0,0-.44,1.49,1,1,0,0,0,1.48.21C479.82,296.39,479.84,295.8,479.46,295.24Z"/><path class="cls-8" d="M479.42,315.56a.49.49,0,0,0,.07-.49c-.07-.1-.33-.07-.59-.11,0,.26,0,.48.06.59A.45.45,0,0,0,479.42,315.56Z"/><path class="cls-8" d="M478.58,300.7a.87.87,0,0,0,.26-1.14.8.8,0,0,0-1.31.9A.79.79,0,0,0,478.58,300.7Z"/><path class="cls-8" d="M476.28,317.71s.09-.19.07-.21-.2-.07-.29-.11l0,.07v.21A.26.26,0,0,0,476.28,317.71Z"/><path class="cls-8" d="M478,317.53c.14,0,.26-.33.24-.46s-.31-.46-.48-.41-.25.47-.2.59A.59.59,0,0,0,478,317.53Z"/><path class="cls-8" d="M476.39,328.46a.42.42,0,0,0-.36-.34V329l.09,0A.4.4,0,0,0,476.39,328.46Z"/><path class="cls-8" d="M477.4,313.33c0-.21.17-.46.1-.61s-.36-.53-.68-.31-.11.62,0,.75S477.19,313.27,477.4,313.33Z"/><path class="cls-8" d="M476,261v1.58a1.12,1.12,0,0,0,.57-1A.7.7,0,0,0,476,261Z"/><path class="cls-8" d="M476.72,309.69a.88.88,0,0,0-.69-.46v1.22a.64.64,0,0,0,.49-.16A1.46,1.46,0,0,0,476.72,309.69Z"/><path class="cls-8" d="M484.43,298a1.48,1.48,0,0,0,.43-1.94,2.11,2.11,0,0,0-2.22-.34,1.43,1.43,0,0,0-.19,2A1.62,1.62,0,0,0,484.43,298Z"/><path class="cls-8" d="M479.94,293.65a2.42,2.42,0,0,0-.67-.25.76.76,0,0,0-.12,1.08c.24.26.47.14.69,0A.5.5,0,0,0,479.94,293.65Z"/><path class="cls-8" d="M482.42,293.61c.24.27.47.15.69,0a.5.5,0,0,0,.09-.82,2.22,2.22,0,0,0-.66-.24A.74.74,0,0,0,482.42,293.61Z"/><path class="cls-8" d="M484,281.5c0,.2,0,.57.18.64a.65.65,0,0,0,.6-.27c.08-.14,0-.7-.17-.76S484,281.38,484,281.5Z"/><path class="cls-8" d="M484.68,276c0,.13.1.22.17.24s.2-.1.21-.16a.2.2,0,0,0-.11-.23A.21.21,0,0,0,484.68,276Z"/><path class="cls-8" d="M481.85,300c.29-.32.74-.59.44-1.14a.71.71,0,0,0-.93-.34.87.87,0,0,0-.46.55C480.8,299.45,481.06,299.68,481.85,300Z"/><path class="cls-8" d="M483.71,290.16c.37-.5-.21-1.06-.66-1.09s-.3-.08-.5-.5a.78.78,0,0,0-1.32-.29,1.53,1.53,0,0,0,.06,2A1.81,1.81,0,0,0,483.71,290.16Z"/><path class="cls-8" d="M480.88,287.09a.82.82,0,0,0-1.11-.31,2.07,2.07,0,0,1-.79.21,1.1,1.1,0,0,0-1.16.57c-.18.34.23,1.24.63,1.45s.77.41,1.16,0,.61-.62.92-.93A.63.63,0,0,0,480.88,287.09Z"/><path class="cls-8" d="M482.62,279.25c.27.12.39-.24.46-.37s-.1-.35-.16-.35a.6.6,0,0,0-.45.17A.42.42,0,0,0,482.62,279.25Z"/><path class="cls-8" d="M483.26,265.46c.15-.25-.14-.64-.47-.69s-.63.05-.65.39.07.93.33,1S483.12,265.69,483.26,265.46Z"/><path class="cls-8" d="M476,265.79v2a1.25,1.25,0,0,0,1.3-.69,1.33,1.33,0,0,0-.78-1.39A.71.71,0,0,0,476,265.79Z"/><path class="cls-8" d="M479.9,276.6c-.67-.24-1.35.21-1.63,1.07a1.19,1.19,0,0,0,.81,1.56,1.5,1.5,0,0,0,1.77-.93A1.58,1.58,0,0,0,479.9,276.6Z"/><path class="cls-8" d="M480.44,284.58a.73.73,0,0,0-.86.4.72.72,0,0,0,.5.91.58.58,0,0,0,.82-.4A.7.7,0,0,0,480.44,284.58Z"/><path class="cls-8" d="M477.73,291.76a.77.77,0,0,0,1.07.06.72.72,0,0,0,.19-1,.68.68,0,0,0-1-.23A.82.82,0,0,0,477.73,291.76Z"/><path class="cls-8" d="M481.39,283.06a.41.41,0,0,0,.57-.33c.06-.32,0-.64-.35-.78a.79.79,0,0,0-.87.41s0,0,0,.06-.44,0-.57,0a.31.31,0,0,0-.08.39.5.5,0,0,0,.47.14.6.6,0,0,0,.23-.35A1,1,0,0,0,481.39,283.06Z"/><path class="cls-8" d="M477.45,290.39a.25.25,0,0,0,.17.24c.07,0,.2-.1.22-.16a.21.21,0,0,0-.12-.23A.21.21,0,0,0,477.45,290.39Z"/><path class="cls-8" d="M485.51,266.45a.61.61,0,0,0-.17-.44.45.45,0,0,0-.36.12c0,.14-.12.44.1.55S485.51,266.52,485.51,266.45Z"/><path class="cls-8" d="M479.51,267.4a.36.36,0,0,0-.32-.55c-.24,0-.84,0-.9.32s.5.6.71.64S479.42,267.58,479.51,267.4Z"/><path class="cls-8" d="M482.19,261.08a1.05,1.05,0,0,0,1.26,0,.82.82,0,0,0,.31-1.1c-.14-.34-.23-1.11-.77-1.17s-.51.43-.71.6C481.78,259.85,481.72,260.77,482.19,261.08Z"/><path class="cls-8" d="M478.33,282s-.08-.06-.11-.09c.16-.12.28-.27.27-.4a.81.81,0,0,0-.45-.58.58.58,0,0,0-.83.37.9.9,0,0,0,0,.28,1.49,1.49,0,0,0-.69.2,1.08,1.08,0,0,0,0,1.45,1,1,0,0,0,1.5.15A1,1,0,0,0,478.33,282Z"/><path class="cls-8" d="M477.82,272.1c-.12.08-.28.24-.28.36a9.12,9.12,0,0,0,.16,1.1c-.59.68-.73,1.37-.33,1.73a1.47,1.47,0,0,0,1.76-.16c.43-.46.32-.79-.56-1.67.3-.38.67-.72.21-1.18A.75.75,0,0,0,477.82,272.1Z"/><path class="cls-8" d="M476,282.84v1.07a.61.61,0,0,0,.52-.2C476.67,283.52,476.37,282.93,476,282.84Z"/><path class="cls-8" d="M476,298v.63A.86.86,0,0,0,476,298Z"/><path class="cls-8" d="M476.53,285.26l0,0c-.17,0-.37.05-.39.17a.37.37,0,0,0,.08.24.42.42,0,0,0,.08.45c.21.17.72.54,1,.31s.08-.72,0-.94A.48.48,0,0,0,476.53,285.26Z"/><path class="cls-8" d="M477,306.41a1,1,0,0,0-.08-1.74,4.76,4.76,0,0,0-.84-.34v2.22a3.25,3.25,0,0,0,.54,0A1.72,1.72,0,0,0,477,306.41Z"/><path class="cls-8" d="M477.34,279.41a.24.24,0,0,0,0-.31c0-.05-.23,0-.28,0s-.11.18-.05.26A.21.21,0,0,0,477.34,279.41Z"/><path class="cls-8" d="M477.54,263.58a.87.87,0,0,0-.93.74,2.13,2.13,0,0,0,.56.62c.36.19.82-.15.92-.6A.66.66,0,0,0,477.54,263.58Z"/><path class="cls-8" d="M478.15,302.05a.86.86,0,0,0-.46-.66.88.88,0,0,0-1.13.74.77.77,0,0,0,1.1.67A1,1,0,0,0,478.15,302.05Z"/><path class="cls-8" d="M483.57,272.38a.71.71,0,0,0-1,.34,1.21,1.21,0,0,0,.61,1.38.82.82,0,0,0,1-.48A1,1,0,0,0,483.57,272.38Z"/><path class="cls-8" d="M476.8,288.66c.12-.46,0-.82-.33-.88a1.06,1.06,0,0,0-.44.07v1.4A.71.71,0,0,0,476.8,288.66Z"/><path class="cls-8" d="M476.72,276.87a.8.8,0,0,0-.68,0h0v.88l.07.11c.45.05.81,0,.89-.51A.59.59,0,0,0,476.72,276.87Z"/><path class="cls-8" d="M476.8,280c.25-.11.18-.45-.08-.64a1.15,1.15,0,0,0-.69-.21V280l.16.05A.86.86,0,0,0,476.8,280Z"/><path class="cls-8" d="M476,255.54a.45.45,0,0,0,.38-.33.37.37,0,0,0-.23-.48.39.39,0,0,0-.15,0Z"/><path class="cls-8" d="M476,336.61v2a1.06,1.06,0,0,0,.36-.34c.21-.33.83-.88.56-1.38S476.3,336.64,476,336.61Z"/><path class="cls-8" d="M476.55,331.87a.67.67,0,0,0-.52.54v.2a.41.41,0,0,0,0,.11.78.78,0,0,0,.89.5.65.65,0,0,0,.52-.84A.8.8,0,0,0,476.55,331.87Z"/><path class="cls-8" d="M467.57,344.61h-.08a1.6,1.6,0,0,0-.47.08,1.28,1.28,0,0,0-.58,1.58,1.2,1.2,0,0,0,2.2-.94A1.18,1.18,0,0,0,467.57,344.61Z"/><path class="cls-8" d="M477,327.18a.54.54,0,0,0,.26-.47c0-.14-.3-.5-.48-.42a.54.54,0,0,0-.18.52C476.7,327,476.86,327.25,477,327.18Z"/><path class="cls-8" d="M476.41,322.46l-.38.07v1.57l.15-.08a1.28,1.28,0,0,1,.25.15.67.67,0,0,0,.93,0,.73.73,0,0,0,.29-.8C477.54,322.52,477.23,322.29,476.41,322.46Z"/><path class="cls-8" d="M459.53,344.89a.94.94,0,0,0-.15-.28h-2.46a1.25,1.25,0,0,0-.18,1.15,1.59,1.59,0,0,0,1.88,1A1.67,1.67,0,0,0,459.53,344.89Z"/><path class="cls-8" d="M459.25,348.4c-.12,0-.44.16-.39.47s.44.19.6.17.24-.29.2-.35S459.38,348.39,459.25,348.4Z"/><path class="cls-8" d="M477.2,318.42c-.15.31-.75.65-.52,1.06s.83.2,1.17.28l.14-.19c-.15-.37-.32-.74-.47-1.1Z"/><path class="cls-8" d="M463,348.67a.26.26,0,0,0-.11.3c0,.07.21.11.27.09s.17-.14.14-.24A.24.24,0,0,0,463,348.67Z"/><path class="cls-8" d="M464.55,344.9a1.27,1.27,0,0,0-.84,1.36.87.87,0,0,0,1,.61,1.11,1.11,0,0,0,.69-1.31C465.3,345.07,465,344.81,464.55,344.9Z"/><path class="cls-8" d="M479.82,305.16c-.28.17-.07.88.43,1.18s1-.33,1-.62S480.1,305,479.82,305.16Z"/><path class="cls-8" d="M483.35,308.7a.47.47,0,0,0-.17.75c.13.16.74.39.92.22s0-.7-.09-.84A.76.76,0,0,0,483.35,308.7Z"/><path class="cls-8" d="M484.38,305.46c-.07,0-.18.27-.08.39a.5.5,0,0,0,.47.14c.1,0,.33-.38.22-.54S484.52,305.4,484.38,305.46Z"/><path class="cls-8" d="M484.71,301.93a.57.57,0,0,0,.29.5.61.61,0,0,0,.53-.23.62.62,0,0,0-.18-.66C485.12,301.38,484.76,301.79,484.71,301.93Z"/><path class="cls-8" d="M485.12,269.77a1.17,1.17,0,0,0-1.37.91,1.21,1.21,0,0,0,.91,1.3,1.13,1.13,0,0,0,.46-2.21Z"/><path class="cls-8" d="M480.79,301.57a1.37,1.37,0,0,0-.32,2,1.11,1.11,0,0,0,1.55.34,1.73,1.73,0,0,0,.49-2.13A1.29,1.29,0,0,0,480.79,301.57Z"/><path class="cls-8" d="M457.73,351.45c-.19.09-.47.37-.44.54s.41.38.59.36.62-.41.56-.61S457.85,351.39,457.73,351.45Z"/><path class="cls-8" d="M478.84,320.46c-.6,0-.77.46-.81,1.07.42.26.77.62,1.24.26a.65.65,0,0,0,.19-.91A.93.93,0,0,0,478.84,320.46Z"/><path class="cls-8" d="M478.72,323.61c-.23.06-.38.43-.51.59.18.55.5.59.79.5s.59-.35.41-.68S478.9,323.56,478.72,323.61Z"/><path class="cls-8" d="M478.67,329.13c-.12,0-.44.16-.39.47s.44.19.6.17.24-.29.2-.35S478.81,329.12,478.67,329.13Z"/><path class="cls-8" d="M479.16,311.81c.41.62.74.83,1.08.63s.4-.69.18-1.13A1.07,1.07,0,0,0,479.16,311.81Z"/><path class="cls-8" d="M449,350.81c-.11,0-.43.34-.39.46s.45.2.6.18.24-.3.21-.35S449.12,350.8,449,350.81Z"/><path class="cls-8" d="M440.64,348.41c-.22,0-.87.67-.75,1s1.06.35,1.37.24a.87.87,0,0,0,.46-.9C441.61,348.42,441,348.37,440.64,348.41Z"/><path class="cls-8" d="M435.21,345.14c-.11,0-.44.27-.39.46s.44.2.6.18a.33.33,0,0,0,.21-.35A.52.52,0,0,0,435.21,345.14Z"/><path class="cls-8" d="M438.51,344.61h-1.27a.78.78,0,0,0-.13.69.85.85,0,0,0,1,.46.93.93,0,0,0,.46-1Z"/><path class="cls-8" d="M441.9,344.61a1,1,0,0,0,0,.17.72.72,0,0,0,.91.41.81.81,0,0,0,.58-.58Z"/><path class="cls-8" d="M441.55,346.22c-.33.08-.58.86-.4,1s.51.17.79.12a.46.46,0,0,0,.37-.68C442.17,346.39,442,346.11,441.55,346.22Z"/><path class="cls-8" d="M478.07,253.87c.27.13.39-.23.46-.37s-.1-.34-.17-.34a.54.54,0,0,0-.44.17A.39.39,0,0,0,478.07,253.87Z"/><path class="cls-8" d="M476,259.18a1,1,0,0,0,.18.08,1.24,1.24,0,0,0,1.53-.61,1.12,1.12,0,0,0-.84-1.13.91.91,0,0,0-.87.31Z"/><path class="cls-8" d="M479.81,262.86a.79.79,0,0,0,.44.86.9.9,0,0,0,1-.44.71.71,0,0,0-.45-.85A.8.8,0,0,0,479.81,262.86Z"/><path class="cls-8" d="M455,349.1c-.27.09-.37.57-.22,1s.33.43.62.3.59-.35.48-.77A.82.82,0,0,0,455,349.1Z"/><path class="cls-8" d="M444,348.34a.53.53,0,0,0-.22.57.49.49,0,0,0,.44.23.48.48,0,0,0,.25-.41C444.4,348.59,444.18,348.24,444,348.34Z"/><path class="cls-8" d="M479.29,257.29a.74.74,0,0,0,.87-.43.62.62,0,0,0-.38-.85.74.74,0,0,0-.87.42A.65.65,0,0,0,479.29,257.29Z"/><path class="cls-8" d="M446.91,345.11a.83.83,0,0,0-.25-.5h-.9a.54.54,0,0,0-.15.09c-.44.41,0,.78.21,1.21C446.4,345.83,446.88,345.7,446.91,345.11Z"/><path class="cls-8" d="M449.49,346.91a.48.48,0,0,0-.18.51c.07.15.23.45.4.37a.53.53,0,0,0,.26-.47C449.94,347.19,449.66,346.83,449.49,346.91Z"/><path class="cls-8" d="M452,349.66a.76.76,0,0,0-.49,1,.6.6,0,0,0,.83.48.75.75,0,0,0,.53-.95A.78.78,0,0,0,452,349.66Z"/><path class="cls-8" d="M453.82,345.37a.68.68,0,0,0-.46.79c.05.32.82.66,1.05.44a.85.85,0,0,0,.24-.74A.62.62,0,0,0,453.82,345.37Z"/><path class="cls-8" d="M451.75,345.24c-.15-.33-.41-.29-.68-.21a.51.51,0,0,0-.34.78c.15.2.32.45.57.44A.9.9,0,0,0,451.75,345.24Z"/><path class="cls-8" d="M446,351.06a.26.26,0,0,0-.11.3c0,.07.22.11.27.08s.17-.13.14-.23A.23.23,0,0,0,446,351.06Z"/><path class="cls-8" d="M446.5,348a.79.79,0,0,0-.39,1,.75.75,0,0,0,1,.38c.48-.17.71-.5.57-.81A1.26,1.26,0,0,0,446.5,348Z"/><path class="cls-8" d="M449.5,345.55c.26-.09.43-.5.47-.94h-1.89a.59.59,0,0,0,0,.14A1.38,1.38,0,0,0,449.5,345.55Z"/><path class="cls-8" d="M479.32,269.55a1.78,1.78,0,0,0,.87,1.93,1.38,1.38,0,0,0,1.62-.87,1.34,1.34,0,0,0-.76-1.65A1.38,1.38,0,0,0,479.32,269.55Z"/><path class="cls-9" d="M219.15,152.69V155a1.23,1.23,0,0,1,0-2.29ZM213,182.6c-.56-.07-1.2.58-1.32,1.32a.92.92,0,0,0,.6,1.07,1,1,0,0,0,.44.94,1.09,1.09,0,0,0,1.35-.77.67.67,0,0,0-.14-.67.58.58,0,0,0,.08-.18C214.06,183.77,213.4,182.65,213,182.6Zm6.19-25.34v-1.93a1,1,0,0,0-.41.61A1.27,1.27,0,0,0,219.15,157.26Zm-5.8,18.16a1.27,1.27,0,0,0,1.46-.77,1.07,1.07,0,0,0-.51-1.24c-.82-.3-1.6-.11-1.78.44A1.43,1.43,0,0,0,213.35,175.42Zm4.72,5.5,0,.09-.1,0a2.21,2.21,0,0,1-.94-.24,16.65,16.65,0,0,1-1.41-1.16,2.21,2.21,0,0,0,.47-1.61l-.69-.49c0-.79-.37-1.47-.83-1.51a.78.78,0,0,0-.84.52,1.37,1.37,0,0,0-.12.61,1.14,1.14,0,0,0-.83,1.42,10.81,10.81,0,0,0,.94,1.92,2.06,2.06,0,0,0-.3,2.28,2.16,2.16,0,0,0,3.21.14.88.88,0,0,1,1-.21.87.87,0,0,0,.75-.25,1.84,1.84,0,0,0,.34.27,1.38,1.38,0,0,0,.51.17v-2.36A.86.86,0,0,0,218.07,180.92ZM211,259.5a1,1,0,0,0-.3,1.44,1.09,1.09,0,0,0,1.54-.22.72.72,0,0,0-.11-1A.9.9,0,0,0,211,259.5Zm.88,3.89a.93.93,0,0,0-.24-1.19,1,1,0,0,0-1.21.26.85.85,0,0,0,.18,1.2A.94.94,0,0,0,211.89,263.39Zm6.26-2.23a2.75,2.75,0,0,0-.22-.26.88.88,0,0,0-1.52.05,1.3,1.3,0,0,0-.18,1.87,3.81,3.81,0,0,1-.92-.19.81.81,0,0,0-1.12.17,1.16,1.16,0,0,0-.35,1.33c.7,1.63,1.17,1.86,2.87,1.41h.15a2.45,2.45,0,0,0-.61.33.54.54,0,0,0,0,.88.65.65,0,0,0,1,0,1.55,1.55,0,0,0,.2-.82.76.76,0,0,0,1-.16.84.84,0,0,0,.07-.9,1.54,1.54,0,0,0,.38-.23c-.24-.81-.53-1.15-1-1a.69.69,0,0,0-.46.31,4.37,4.37,0,0,1-.2-.61C218.55,262.86,218.82,262.1,218.15,261.16Zm.2,18.73a.49.49,0,0,0-.32,0,.8.8,0,0,0-.39.76l-.18-.06a1.56,1.56,0,0,0-1.92,1.11c-.06.18-.12.35-.18.54l-.34-.13a.88.88,0,0,0,0-.38,1.17,1.17,0,0,0-1.55-.72c-.52.14-.74.78-.52,1.51a1,1,0,0,0,.14.31,1.3,1.3,0,0,0,.37,1.12,1.15,1.15,0,0,0,1.37.16,5.66,5.66,0,0,0,.93-.66,4.68,4.68,0,0,0,.53.17,1.71,1.71,0,0,0,1.79-.65,1.76,1.76,0,0,0,.19-1.2.8.8,0,0,0,.64,0,.69.69,0,0,0,.2-.13v-3.37A1.08,1.08,0,0,0,218.35,279.89Zm-6.1-8.85c.36.27,1.57-.1,1.89-.59a1.18,1.18,0,0,0-2-1.27A1.46,1.46,0,0,0,212.25,271ZM201.48,221.6a.73.73,0,0,0,.67.41c.31,0,.3-.66.22-.81a.64.64,0,0,0-.62-.2A.67.67,0,0,0,201.48,221.6Zm-.1-8.63c.46.24,1.33-.47,1.25-.89s-1.27-.63-1.52-.19A.84.84,0,0,0,201.38,213Zm1-19c-.46-.1-1.1.44-1.19,1a1.24,1.24,0,0,0,1,1.58c.68.1,1.35-.27,1.41-.79A1.76,1.76,0,0,0,202.39,194Zm1.22,12.26a1.52,1.52,0,0,0,2.26-.2c.81-.95-.31-1.61.42-2s.77.44,1.75-.19,1-1.85.28-2.19-1.3.12-1.45,0-.62-.86-1.17-.5c-1.15.76-.2,1.61-.47,1.94s-1.11.56-1.55,1A1.37,1.37,0,0,0,203.61,206.23Zm13.27-10.33a.42.42,0,0,1-.48-.61,1.65,1.65,0,0,0-1.31-1.63,1.29,1.29,0,0,0-.64.05,1.26,1.26,0,0,0-.86-.77,1.69,1.69,0,0,0-2,1.23,1.74,1.74,0,0,0,1.13,1.76,1.21,1.21,0,0,0,.68,0,1.58,1.58,0,0,0,.5.65,1.67,1.67,0,0,0,1.19,1.71,1.64,1.64,0,0,0,2-1.3.4.4,0,0,0,0-.11.44.44,0,0,0,.15-.22C217.36,196.32,217.13,196.08,216.88,195.9Zm-14.76,19.89c.22-.12.14-.51.08-.59s-.27-.36-.52-.23a.31.31,0,0,0-.13.46C201.64,215.57,201.9,215.91,202.12,215.79Zm3.66,22.76a1.2,1.2,0,0,0,.4-.37.82.82,0,0,0,.38-.19c.12-.21.2-.64.07-.78a.51.51,0,0,0-.37-.09c0-.07,0-.15-.1-.23a1.37,1.37,0,0,0-2-.48,1.49,1.49,0,0,0-.58,1.87A1.68,1.68,0,0,0,205.78,238.55ZM205,187.06a1.08,1.08,0,0,0-1.14.53.83.83,0,0,0,.54,1,.93.93,0,0,0,1.12-.51A.92.92,0,0,0,205,187.06Zm6.83,10.71a.87.87,0,0,0-.57-1.07.72.72,0,0,0-.74.26.47.47,0,0,0-.4-.3c-.28,0-.49.26-.52.41a.45.45,0,0,0,.29.55.52.52,0,0,0,.39,0,.73.73,0,0,0,.6.71A.72.72,0,0,0,211.82,197.77Zm-4-4.45a.44.44,0,0,0,.2,0,1.46,1.46,0,0,0,1,1,1.2,1.2,0,0,0,1.35-.91c.17-.6,0-1-.54-1.15a1.59,1.59,0,0,0-.78,0,.74.74,0,0,0-.45-.41c-.66-.25-1.18-.21-1.33.11A1.46,1.46,0,0,0,207.8,193.32ZM206,189.25c-.47-.09-.71.16-.82.57-.15.6.18,1.31.63,1.4a1.34,1.34,0,0,0,1.38-.72C207.26,190,206.71,189.4,206,189.25Zm.41,3.81a1.47,1.47,0,0,0-1.71,1,1.3,1.3,0,0,0,.49,1.23.69.69,0,0,0,.46.9.89.89,0,0,0,.94-.37,1.14,1.14,0,0,0,1-1A1.38,1.38,0,0,0,206.37,193.06Zm2.31,23.19a1,1,0,0,0,.37-1.5.88.88,0,0,0-1.43.28,1.18,1.18,0,0,0,.17,1A1,1,0,0,0,208.68,216.25ZM213.86,240l0,0c-.31-.19-1.1,0-1.18.28a1,1,0,0,0,.25.84.57.57,0,0,0,.36.2.72.72,0,0,0,0,.22,1.54,1.54,0,0,0,1.91.51c.37-.24.41-1,.09-1.56A1.1,1.1,0,0,0,213.86,240Zm.69,8.38a.79.79,0,0,0,.2-1.09.6.6,0,0,0-1-.15,2.19,2.19,0,0,0-.32.79C213.8,248.49,214.22,248.61,214.55,248.4Zm.37-4.56a.48.48,0,0,0,.1-.3c0-.26-.26-.41-.48-.56s-.38-.33-.66-.31-.39.42-.19.74a1.37,1.37,0,0,0,.71.53l-.15.08a1.26,1.26,0,0,0-.07,1.56,1.08,1.08,0,0,0,1.66.29c.59-.4.78-1,.46-1.43A1.8,1.8,0,0,0,214.92,243.84Zm2.17-53.62a.62.62,0,0,0,.4-.54c0-.21-.36-.31-.55-.26s-.4.29-.32.5A.43.43,0,0,0,217.09,190.22Zm1.8-14.2c0,.17-.07.6.17.66a.14.14,0,0,0,.09,0v-.89A.31.31,0,0,0,218.89,176ZM214,234.23a1.9,1.9,0,0,0,.82-1.08l.15-.05c.1-.08.18-.58.07-.67a.29.29,0,0,0-.21,0,1.49,1.49,0,0,0-.24-.55,1.28,1.28,0,0,0-1.58-.56.51.51,0,0,0-.09-.16,1.65,1.65,0,0,0-2.08-.29A1.61,1.61,0,0,0,212,233.8,1.68,1.68,0,0,0,214,234.23Zm-5.18-4.56c.37.65.78.73,1.51.29s.87-.92.58-1.38a1.93,1.93,0,0,0-1.83-.49A1.09,1.09,0,0,0,208.85,229.67Zm-2.55-9c0,.49-.17,1.07.51,1.29a.81.81,0,0,0,1.05-.43,1,1,0,0,0-.05-.81C207.56,220.26,207.17,220.27,206.3,220.65Zm6.47,14.19a.67.67,0,0,0-1.07.09.83.83,0,0,0,.1,1.2.89.89,0,0,0,1.13-.08A.85.85,0,0,0,212.77,234.84Zm-8.42,16.07a1.6,1.6,0,0,0,.14,2.14,1.62,1.62,0,0,0,2.15.09,2.09,2.09,0,0,0-.14-2.5A1.64,1.64,0,0,0,204.35,250.91Zm14.3-58.56a1.18,1.18,0,0,0-1.56.69,1.44,1.44,0,0,0,.75,1.7c.33.09,1-.33,1.31-.79v-1.19A1,1,0,0,0,218.65,192.35Zm-12.72,34.94a1,1,0,0,0-.21,1.23c.51.71,1.15,1,1.6.66a1.17,1.17,0,1,0-1.39-1.89ZM204.88,234c-.65.28-1,.66-.89,1a1.44,1.44,0,0,0,1.35.62,1.23,1.23,0,0,0,.46-1.27A.64.64,0,0,0,204.88,234Zm4.87,18.5c-.74.41-1,.77-.8,1.17.28.56.75.52,1.26.3A1.22,1.22,0,0,0,209.75,252.51Zm-4.6-39c.06-.29-.3-.49-.43-.5s-.47.05-.53.26.17.44.32.5S205.1,213.82,205.15,213.53Zm1.33,18.38a.65.65,0,0,0,0,1c.51.5,1,.67,1.26.45a1.45,1.45,0,0,0,.06-1.48A1.23,1.23,0,0,0,206.48,231.91Zm6.25,11.2c.28-1.13-.52-2.05-1.3-1.79s-.86,1-1.05,1a1.76,1.76,0,0,0-1.69.57,1.85,1.85,0,0,0,.32,2.27,1.22,1.22,0,0,0,.91.29,2.67,2.67,0,0,0-.19.85,2.21,2.21,0,0,0,.1.69,1.33,1.33,0,0,0-.61.11c-.66.32-.69.73-.09,2.07-.33.19-.68.36-.78.66a2.93,2.93,0,0,0-.18.57l.3.11a.84.84,0,0,0,.9.47.66.66,0,0,0,.47-.27,11,11,0,0,0,.29-1.28c.82-.43,1.27-1,1.17-1.55a1.51,1.51,0,0,0,1.35-1.65.88.88,0,0,0,.73.24c.57-.18.45-.68.36-1.13-.47-.25-.91-.3-1.2.18a.66.66,0,0,0,0,.15c-.34-.62-1.13-.56-.92-1.2S212.44,244.24,212.73,243.11Zm-4.67-46.85c-.82-.23-1.63.42-1.9,1.51a1.42,1.42,0,0,0,1,1.74,1.86,1.86,0,0,0,2.16-1.22A1.94,1.94,0,0,0,208.06,196.26Zm1.67,11a1.71,1.71,0,0,0-1.2-1.71c-.47-.05-1,.5-1.13,1.08a1.09,1.09,0,0,0,1,1.36C209.12,208.09,209.67,207.79,209.73,207.26Zm.17-11.41a1,1,0,0,0-.13-1.49c-.52.1-1,.24-.94.87S209.4,195.92,209.9,195.85Zm-4.22,18.47c-.42-.08-.6.15-.73,1.05a.76.76,0,0,0,1.3-.2A.79.79,0,0,0,205.68,214.32Zm3.3-2.87a1.78,1.78,0,0,0,0-1.25,1.12,1.12,0,0,0-.18-.28l0,0a.83.83,0,0,0-.13-1.29,1.3,1.3,0,0,0-1.48-.26,1.15,1.15,0,0,0-.63,1.23,2.77,2.77,0,0,0,.15.68,3.72,3.72,0,0,0-1.08.82,1.76,1.76,0,0,0-.21.41,1.08,1.08,0,0,0,1,1.45s0,.06,0,.08a2,2,0,0,0,1.84.63,1,1,0,0,0,.62-.41A1.54,1.54,0,0,0,209,211.45Zm-3.25-2.51a.81.81,0,0,0,.91-.66.61.61,0,0,0-.61-.76,2.11,2.11,0,0,0-.77.35C205.13,208.5,205.35,208.87,205.73,208.94ZM211,237.15a.73.73,0,0,0,.32-1.05.88.88,0,0,0-1.16-.39.83.83,0,0,0-.22,1.18A.75.75,0,0,0,211,237.15Zm-10.89-30.56c.17.07.72.18.82-.26s-.39-.6-.57-.63-.41.19-.62.31C199.86,206.21,199.94,206.53,200.11,206.59Zm-.05-14.26c.11.15.2.37.36.45s.48,0,.54-.25-.33-.41-.49-.46S200.2,192.23,200.06,192.33Zm-.86,25.5c-.06.12,0,.57.23.63s.43-.32.5-.48-.05-.37-.23-.39A.56.56,0,0,0,199.2,217.83Zm0-17.86a1.51,1.51,0,0,0,1,1.58c.48.12,1.2-.49,1.35-1.14a1,1,0,0,0-.72-1.31A1.4,1.4,0,0,0,199.24,200Zm-1.2,9c-.18.6.19.89.71,1.08a1.2,1.2,0,0,0,.67-1.38C198.61,208.43,198.16,208.51,198,208.94Zm.71-25.05a.79.79,0,0,0,.2.52c.06.05.42-.06.44-.15s.13-.52-.13-.65S198.76,183.8,198.75,183.89Zm11.58,4.41a.58.58,0,0,0-.49-.28c-.1.06-.29.12-.32.23a1.81,1.81,0,0,1-.75.93c-.15.12-.13.6,0,.81a1,1,0,0,0,.73.41.57.57,0,0,0,.36-.23,1.06,1.06,0,0,0,.37.07.85.85,0,0,0,.92-.68A1.3,1.3,0,0,0,210.33,188.3Zm-9.39-1.58c-.1,0-.21.16-.4.32.29.31.44,1,.9,1s.93-.65.62-1.12C201.92,186.67,201.33,186.73,200.94,186.72Zm-4,27.51c0,.27.52.62.72.63a.81.81,0,0,0,.65-.39.53.53,0,0,0-.42-.76C197.64,213.68,197,214,196.93,214.23Zm11.68-28.64a.73.73,0,0,0-.92.35.63.63,0,0,0-.36-.26,1.21,1.21,0,0,0-1.17.86.88.88,0,0,0,.76,1,1.08,1.08,0,0,0,1-.4.89.89,0,0,0,.3.11,1,1,0,0,0,1.09-.88C209.11,186.13,208.92,185.75,208.61,185.59Zm-2.19-3.37c-.16,0-.49.27-.59.5a.54.54,0,0,0-.05.22.7.7,0,0,0-.44.55.61.61,0,0,0,.47.76.66.66,0,0,0,.9-.41.81.81,0,0,0-.06-.53c.28,0,.57-.14.62-.34S206.67,182.27,206.42,182.22Zm-3.69,8a1.25,1.25,0,0,0-1.49,0,1,1,0,0,0-.36,1.31c.17.39.29,1.3.92,1.37s.61-.51.83-.72A1.38,1.38,0,0,0,202.73,190.19Zm7.94,81.19c-.21-.31-.69-.21-1,.13s-.3.75.11.95.88.54,1.21.13S210.85,271.66,210.67,271.38Zm-3.14,4.92c.48-.5,1-1,1.48-1.47,1,.84,1.12.82,1.65-.15-.28-.61-.74-.69-1.35-.43a3.34,3.34,0,0,0-.39-.43.94.94,0,0,0,.62-.31.64.64,0,0,0-.14-.63.68.68,0,0,0-.66.06.77.77,0,0,0-.06.69c-.72-.49-1.39-.11-1.92,1.1-.1,0-.21,0-.32,0-.47-.06-.69.21-.84.6a.81.81,0,0,0,.23.92C206.45,277,206.88,277,207.53,276.3Zm-3.14-28a1.42,1.42,0,0,0,.18-1.38,1.26,1.26,0,0,0,.92-.09c.42-.24.53-1.18.2-1.76a1,1,0,0,0-1.43-.46,1.44,1.44,0,0,0-.62,1.7.94.94,0,0,0-.66.31,1.22,1.22,0,0,0,.19,1.63A.83.83,0,0,0,204.39,248.26Zm-1.31-4.7a.26.26,0,0,0,0,.3.25.25,0,0,0,.36-.05c.09-.13,0-.29-.09-.34S203.12,243.5,203.08,243.56Zm7.45-51.42c0,.71.25,1.17.6,1.19a1.43,1.43,0,0,0,1.06-1c0-.34-.58-.86-1-.89A.65.65,0,0,0,210.53,192.14Zm1.78,91.13a.57.57,0,0,0-.38.86,2.49,2.49,0,0,0,.64.49.84.84,0,0,0,.49-1.13C212.89,283.13,212.6,283.17,212.31,283.27Zm-13.63-59.73c.12-.12.34-.44.24-.64s-.54-.08-.6,0a.83.83,0,0,0-.1.56A.58.58,0,0,0,198.68,223.54Zm4.82,18.23a1.17,1.17,0,0,0,.48-1.53,1.74,1.74,0,0,0-2.14-.44,1.3,1.3,0,0,0,1.66,2Zm-6.69-11.62a.61.61,0,0,0,.86.23.66.66,0,0,0,.37-.91.76.76,0,0,0-1-.3A.67.67,0,0,0,196.81,230.15ZM199.48,220a11.89,11.89,0,0,0,1.29,1,.56.56,0,0,0,.86-.59c-.17-.57-.19-1.25-.8-1.66l-.84.11c-.56-.56-1.28-.81-1.64-.52a.79.79,0,0,0-.26,1C198.35,220,198.63,220.14,199.48,220ZM199,254.49c.1-.14.32-.43.13-.65s-.54,0-.58.07a.77.77,0,0,0,0,.56C198.54,254.53,198.91,254.56,199,254.49Zm.85-14.76c-.1-.18-.52-.07-.67,0s-.08.3-.12.47a1.67,1.67,0,0,0,.57.08C199.69,240.26,199.92,239.92,199.81,239.73Zm100.25-94.46h1.27A1,1,0,0,0,301,145,.74.74,0,0,0,300.06,145.27Zm48.46,0h.4s0,0-.07-.05A.28.28,0,0,0,348.52,145.27Zm19.35,0h.5A.78.78,0,0,0,367.87,145.27ZM218.52,285.14a1.12,1.12,0,0,0,.63.29V284.2h-.05C218.61,284.19,218.49,284.66,218.52,285.14ZM323.2,144.92a1,1,0,0,0-.33.35h2.06A2.26,2.26,0,0,0,323.2,144.92ZM209.64,256.56a1.5,1.5,0,0,0-1.86.13,1.58,1.58,0,0,0,.27,1.87,1.26,1.26,0,0,0,1.58-.41C210.13,257.47,210.13,257,209.64,256.56ZM206.83,264a.83.83,0,0,0,1.1-.3,1.3,1.3,0,0,0-.37-1.53,1.23,1.23,0,0,0-1.31.84A.85.85,0,0,0,206.83,264Zm7-92.08a1.56,1.56,0,0,0,.7-1.8c-.17-.6-1.17-.75-2-.53a1.55,1.55,0,0,0-.83,1.83A1.6,1.6,0,0,0,213.84,172Zm-7.78,88.51a1,1,0,0,0,1.34-.42,2.82,2.82,0,0,0-.35-.93c-.32-.36-1-.18-1.27.27A.78.78,0,0,0,206.06,260.47ZM306.71,143.39a1,1,0,0,0-.56.9,1.14,1.14,0,0,0-.2.44,1.68,1.68,0,0,0-1.74.54h4a2,2,0,0,0,0-.24,2.43,2.43,0,0,1,.14-.2.83.83,0,0,0-.22-1.28A1.29,1.29,0,0,0,306.71,143.39ZM207,270.24a1.51,1.51,0,0,0,2.14-.57,1.25,1.25,0,0,0-.21-1.87,1.71,1.71,0,0,0-2.33.39A1.73,1.73,0,0,0,207,270.24Zm12,2.95.16.13v-1.88A1,1,0,0,0,219,273.19Zm-.49-115.33-.56.1c-.06-.36-.09-.7-.18-1-.14-.52-.37-.72-.81-.73a1,1,0,0,0-.59-.47.79.79,0,0,0-1,.57.94.94,0,0,0,.14.86h0a1.13,1.13,0,0,0,.52,1.28,5.07,5.07,0,0,0,1,.49,4.69,4.69,0,0,0,.11.54,1.54,1.54,0,0,0,.15.35c-.33,0-.63,0-.72.32-.16.73.06,1.22.5,1.35a.93.93,0,0,0,1.19-.71.34.34,0,0,0,0-.1.84.84,0,0,0,.31,0,1.77,1.77,0,0,0,.52-.07v-2.81A2,2,0,0,0,218.5,157.86Zm-3,7.84a1.57,1.57,0,0,0-1-1.35.81.81,0,0,0-1,.69c-.21.9,0,1.39.64,1.56A1.4,1.4,0,0,0,215.54,165.7Zm2.29-14.08a1,1,0,0,0,.66,1.06.76.76,0,0,0,.66-.11v-1.45a.7.7,0,0,0-.27-.14A.93.93,0,0,0,217.83,151.62Zm-3.62,9.24a.73.73,0,0,0,.33,1.24.76.76,0,0,0,.69-1.12A.82.82,0,0,0,214.21,160.86Zm-.08-1.69c-.1-.66-.7-.51-1.24-.56-.29.58-.47,1.1.06,1.5a.8.8,0,0,0,.78,0A1.27,1.27,0,0,0,214.13,159.17Zm88.4-13.9h1a.7.7,0,0,0-.42-.27A.74.74,0,0,0,302.53,145.27Zm.71-1.05a1.37,1.37,0,0,0-.5-1.69,1.66,1.66,0,0,0-1.71.79,1.2,1.2,0,1,0,2.21.9Zm-97.6,111.94c.26.1.94.3,1.12,0s-.3-.86-.51-1-.56.08-.73.25A.41.41,0,0,0,205.64,256.16Zm71.95-114a.92.92,0,0,0,0,1.22.85.85,0,0,0,1.21-.1.72.72,0,0,0,0-1.09A1,1,0,0,0,277.59,142.14Zm-22.23,2.76a.81.81,0,0,0-.57.37h2A1.77,1.77,0,0,0,255.36,144.9Zm-9.3-.22a1.49,1.49,0,0,0-.36.59h2.5a1.6,1.6,0,0,0-.34-.72A1.17,1.17,0,0,0,246.06,144.68ZM214.55,270.56c-.15.29,1,1.2,1.4,1.1s.38-.94-.07-1.43S214.71,270.26,214.55,270.56Zm76.09-125.77c-.39-.1-.83-.21-1,.18a1.84,1.84,0,0,0-.07.3h1.63A.78.78,0,0,0,290.64,144.79Zm0-1.28c.3-.3,0-.82-.12-1.06a.62.62,0,0,0-.41-.32.8.8,0,0,0,.36-.37,1,1,0,0,0-.57-1.2.79.79,0,0,0-1,.45.86.86,0,0,0,.43,1.22,1,1,0,0,0,.3,0c-.31.26-.45.8-.16,1S290.36,143.81,290.67,143.51Zm-8.36,1.27a.94.94,0,0,0-.47,0,1.21,1.21,0,0,0-.22-.61.77.77,0,0,0-1.11,0,1.2,1.2,0,0,0-.41,1.19h2.5A.56.56,0,0,0,282.31,144.78Zm3.82-1.8c-.37.54-.6,1-.13,1.49a.83.83,0,0,0,.78.11,1.35,1.35,0,0,0,.51-.89C287.28,143,286.66,143.09,286.13,143Zm11.48,1.45a1,1,0,0,0-1.11.48.76.76,0,0,0-.55-.14,1.72,1.72,0,0,0-.84-1.33,1,1,0,0,0-.69.06,1.09,1.09,0,0,0-.87.09,2.35,2.35,0,0,1-.88.32,1.27,1.27,0,0,0-1.26.78.83.83,0,0,0,.07.58h6.63A.69.69,0,0,0,297.61,144.43Zm15.57-1a1.51,1.51,0,0,0-1.91-.49,1.53,1.53,0,0,0-.28,2,.74.74,0,0,0,.33.28h1.85a.92.92,0,0,0,.34-.43.8.8,0,0,0-.25-1A.77.77,0,0,0,313.18,143.44Zm-44.12.91a1,1,0,0,0-1,.78.27.27,0,0,1,0,.09,2.53,2.53,0,0,1-.18-.37,1.35,1.35,0,0,0-1.5-.45,1.47,1.47,0,0,0-.52.87h3.93A.93.93,0,0,0,269.06,144.35Zm-1.57-1a1.6,1.6,0,0,0-.14-1.7.79.79,0,0,0-.54-.24s0,0,0,0c-.07-.28-.42-.43-.72-.52a.52.52,0,0,0-.71.49c0,.35,0,.67.39.81a.88.88,0,0,0,.07,1.21A1.41,1.41,0,0,0,267.49,143.31Zm-3.25-.72a9,9,0,0,0,.5-1.16.76.76,0,0,0-.5-1,.8.8,0,0,0-1.05.42,2.34,2.34,0,0,1-.45.63,1.24,1.24,0,0,0-.28,1.61.74.74,0,0,0,.6.46.94.94,0,0,0,.7.71,1,1,0,0,0,1-.84A.76.76,0,0,0,264.24,142.59Zm67.14.62a1,1,0,0,0,0,1.4,2.63,2.63,0,0,0,1-.06c.44-.2.46-.88.11-1.29A.77.77,0,0,0,331.38,143.21ZM278,144.27a.67.67,0,0,0-1,.35.87.87,0,0,0-.05.65h1.55A.86.86,0,0,0,278,144.27Zm-6.94-1c-.58.54-.74,1-.46,1.36a1.39,1.39,0,0,0,1.67.09,1.22,1.22,0,0,0-.12-1.53A.72.72,0,0,0,271.05,143.25Zm-54,22.43a.31.31,0,0,0,.26.4c.17,0,.59,0,.65-.2s-.3-.44-.4-.44S217.09,165.41,217,165.68Zm-13.38,59.15c-.3-.45-1.55-.82-1.91-.55a1.46,1.46,0,0,0-.05,1.86c.38.56,1,.6,1.67.1A1.17,1.17,0,0,0,203.65,224.83Zm-1.23,10.66a1.38,1.38,0,0,0,.51-1.48c-.27-.45-1.08-.49-1.72-.09a.65.65,0,0,0-.21,1C201.31,235.44,202,235.73,202.42,235.49Zm59.28-90.22h1.73a3.11,3.11,0,0,0-.61-.29A1.39,1.39,0,0,0,261.7,145.27ZM202.13,229c.55-.36.6-.9.15-1.54-.31-.46-.77-.63-1.13-.42a1.81,1.81,0,0,0-.58,1.78C200.92,229.39,201.47,229.46,202.13,229Zm12.2,43.57a1.13,1.13,0,0,0-1.19-.32,2,2,0,0,0-1.25,2.15,1.45,1.45,0,0,0,1.79.81h0a2.14,2.14,0,0,0,.35.58c.49.54,1.33.13,2,.46a2.26,2.26,0,0,0,.94.23,1,1,0,0,0,1.45-.44.72.72,0,0,0,0-.46,3.51,3.51,0,0,0,.34-.85,1.82,1.82,0,0,0-.09-1.18,1.91,1.91,0,0,0-1.22-1c-.58-.21-.86-.78-1.48-.73A2.89,2.89,0,0,0,214.33,272.59Zm3.95-109.8a1,1,0,0,0-.63-1c-.67-.13-1,.36-1.31.79.42.92.73,1.18,1.26,1.05A.84.84,0,0,0,218.28,162.79ZM211.4,265.86c-.53-.4-1.11-.4-1.4,0a2.25,2.25,0,0,0,.1,1.91,1.22,1.22,0,0,0,1.76-.38C212.22,266.91,212.06,266.36,211.4,265.86Zm4.39,11.06a1,1,0,0,0-.67,1.15.86.86,0,0,0,1.1.51.87.87,0,0,0,.63-1A.9.9,0,0,0,215.79,276.92Zm-4.94-7.84c-.12,0-.48.3-.42.51s.49.22.67.2.28-.24.22-.4A.59.59,0,0,0,210.85,269.08Zm-11.1-38.7a1.23,1.23,0,0,0-.26,1.43.87.87,0,0,0,1.21.16,1,1,0,0,0,.35-1.18C200.83,230.44,200,230.18,199.75,230.38Zm4,2.16a1,1,0,0,0,.81-.21c.14-.11.14-.5.06-.71a6.91,6.91,0,0,0-.62-1.17c-.2-.33-.48-.33-.82-.09,0,.11-.12.29-.07.39a1.8,1.8,0,0,1,.09,1.19C203.18,232.13,203.52,232.47,203.75,232.54Zm6.17-69.35c-.28,0-.62,0-.76.25s.23,1,.65,1,.52-.19.61-.49S210.32,163.18,209.92,163.19ZM204.76,273a.58.58,0,0,0-.16-.58c-.16-.1-.49-.27-.6-.09a.58.58,0,0,0,.06.59C204.17,273.06,204.65,273.22,204.76,273Zm-.22-2.35a.47.47,0,0,0-.18-.71.53.53,0,0,0-.63.18.45.45,0,0,0,.06.63A.47.47,0,0,0,204.54,270.68Zm-2.21-20.59.07-.35s0,0,0,0a1.51,1.51,0,0,0-.56-1.51,1.33,1.33,0,0,0-1.44,2.23,1.31,1.31,0,0,0,1.69-.23ZM260,139a1,1,0,0,0,.08.87.68.68,0,0,0,1.06.14.75.75,0,0,0,.12-1C261.09,138.65,260.15,138.64,260,139ZM205.69,265.78a1.48,1.48,0,0,0-1.95,0,1.31,1.31,0,0,0,.44,1.6,1.18,1.18,0,0,0,1.58-.35A.82.82,0,0,0,205.69,265.78Zm7.82,12.16a1.61,1.61,0,0,0-.72-.34c0-.29-.27-.57-.81-1-.42.25-1,.4-.86,1.09a.93.93,0,0,0,.29.5,1.33,1.33,0,0,0,2.36,1.21A1.06,1.06,0,0,0,213.51,277.94Zm-1.1,14.9c-.4.16-.33.75-.3,1a.55.55,0,0,0,.68.54c.41-.07.81-.57.61-.88S212.8,292.68,212.41,292.84Zm1.28-5.91a.87.87,0,0,0-1.14-.43.8.8,0,0,0-.53,1,.76.76,0,0,0,1,.59A.92.92,0,0,0,213.69,286.93Zm-5.22-3.83c-.41.14-.62.55-.38.87a2.43,2.43,0,0,0,.64.48.84.84,0,0,0,.49-1.12C209.05,283,208.76,283,208.47,283.1Zm1.49-.65c.12-.15-.07-.59-.19-.67a.63.63,0,0,0-.58,0c-.12.1,0,.46.07.57S209.84,282.6,210,282.45ZM200.56,256c-.27.21-.11.76.23,1s.72.22.88-.15.32-1.06.05-1.23S200.81,255.76,200.56,256Zm10,22.93a1.84,1.84,0,0,0-2-1,1.66,1.66,0,0,0-1.12,2,2.42,2.42,0,0,0,2.3,1.13A1.64,1.64,0,0,0,210.56,278.89Zm25.22-135.75a1,1,0,0,0-1.41.44,1.09,1.09,0,0,0,.94,1.24.71.71,0,0,0,.83-.58A.91.91,0,0,0,235.78,143.14Zm-32.71,35.8a1.61,1.61,0,0,0,.93,1.95,1.64,1.64,0,0,0,2-.72A2.1,2.1,0,0,0,205,177.9,1.67,1.67,0,0,0,203.07,178.94Zm50.2-35.21a1.77,1.77,0,0,0-1.67.73,1.49,1.49,0,0,0-.26.81h2.5s0-.07,0-.1A1.35,1.35,0,0,0,253.27,143.73Zm8.09-1.84a3.07,3.07,0,0,0-.25-.26c.63-.19.41-.76.39-1.3-.62-.22-1.16-.33-1.48.24a.81.81,0,0,0,.09.78,1.6,1.6,0,0,0,.41.22.56.56,0,0,0-.07.58,1.36,1.36,0,0,0,.74.73.41.41,0,0,0,.54-.35A.91.91,0,0,0,261.36,141.89Zm-3.31,2.36c-.65.39-.94.68-.95,1H259C258.91,144.73,258.46,144.49,258.05,144.25Zm-25.14-.17a.86.86,0,0,0-1,.73.92.92,0,0,0,.11.46h1.58a.61.61,0,0,0,.08-.26A1,1,0,0,0,232.91,144.08Zm-27.64,27.78c.8.28,1.6-.25,1.92-1.27a1.41,1.41,0,0,0-1-1.84,1.77,1.77,0,0,0-2.08,1.12A1.87,1.87,0,0,0,205.27,171.86ZM210,227a.64.64,0,0,0-.09-.67c-.15-.13-.47,0-.58.19a.47.47,0,0,0,.11.59A.45.45,0,0,0,210,227Zm.41-47a.89.89,0,0,0,.72-.18c0,.06.09.11.13.11s.55-.08.61-.29-.34-.44-.43-.42,0,0-.08,0a.33.33,0,0,0,0-.15c-.25-.49-.69-.5-1.2-.28C210,179.3,209.85,179.79,210.39,180Zm15.67-36.51a1.73,1.73,0,0,0-1.6,1.34,1.39,1.39,0,0,0,0,.41h3.06A1.7,1.7,0,0,0,226.06,143.52ZM218.31,167a1.46,1.46,0,0,1-1.58-.21,1.35,1.35,0,0,0-1.51.43,1.78,1.78,0,0,0,.52,1.75c.33.22.76.57,1.12.21a2,2,0,0,1,1.64-.51.69.69,0,0,0,.65-.33v-.88C219,167.09,218.62,166.84,218.31,167Zm-8.77,10.25c-.16.53.2,1.23.64,1.24s1.13-1.21.9-1.65S209.69,176.7,209.54,177.23ZM219,205.88c-.06.11.06.32.19.43v-.59A.45.45,0,0,0,219,205.88Zm-1.15,32.38c-.26.35.07,1.27.61,1.68a.87.87,0,0,0,.73.09v-2.1A1.44,1.44,0,0,0,217.81,238.26Zm1.34-10.44v.92a1.67,1.67,0,0,1-.47.57,1.5,1.5,0,0,0-.35.49,2.6,2.6,0,0,1,.82.13v2.67a1.64,1.64,0,0,1-1.71-.54l-.12.12A1,1,0,0,1,216,232a.85.85,0,0,1,.25-1.18,1,1,0,0,1,.73-.15.71.71,0,0,1-.41-1.07c0-.31,0-.62,0-.93a1.18,1.18,0,0,1-.93-.6c-.48-1-.58-1.38.09-2h-.09a.8.8,0,0,1-.57-.95.86.86,0,0,1,.94-.77.91.91,0,0,1,.66,1.13,1,1,0,0,1,0,.1,1.21,1.21,0,0,1,1.15.53,2.14,2.14,0,0,1,.35,1.13A1.84,1.84,0,0,1,219.15,227.82Zm-2,2.89H217l.12,0Zm2-17.66v-2a1.43,1.43,0,0,0-.38.7A1.3,1.3,0,0,0,219.15,213.05Zm-.4-3a.51.51,0,0,0,.4.24V209.1C218.89,209.34,218.53,209.67,218.75,210Zm0,22.86a.83.83,0,0,0-1.18.29c-.33.46-.34.9,0,1.1a1.45,1.45,0,0,0,1.14,0,2.25,2.25,0,0,0-.08.24,2.39,2.39,0,0,1-.19.53c-.53.39-.56.77-.4,1.13s.56.45,1,.4l.18,0v-3l0,0A.94.94,0,0,0,218.73,232.9ZM218,201.77a.41.41,0,0,0-.53,0l-.06.08a.78.78,0,0,0-.75.55c-.16.42.1.71.42.95l.54.4a1.41,1.41,0,0,0-.43.1c-.84.32-1,.71-.65,1.51a1.29,1.29,0,0,0-1,1,1.64,1.64,0,0,0,1,2.06,4.79,4.79,0,0,0,.39.49,1.2,1.2,0,0,0,.3-.07,1.53,1.53,0,0,0,.08.26.91.91,0,0,0,1,.52c.65-.14.63-.75.76-1.32a2.14,2.14,0,0,0-1-.46l.14-.19c1.12-.48,1.13-1.33,0-2.4a1.86,1.86,0,0,1,.1-.31.68.68,0,0,0,0-.6,1.12,1.12,0,0,0,.75.21v-3.3a2,2,0,0,0-1,.34Zm-1.4,44a1.54,1.54,0,0,0-1.44,1.39,1.65,1.65,0,0,0,1.16,1.25,3.93,3.93,0,0,0-.3,1.08.92.92,0,0,0-1,.2,1.44,1.44,0,0,0,.19,1.77,1.29,1.29,0,0,0,1.64-.17.91.91,0,0,0,.09-.17,1.08,1.08,0,0,0,1.11-.58,6.76,6.76,0,0,0,.71-1.66,1.63,1.63,0,0,0-.59-1.48,1.83,1.83,0,0,0,.09-.39C218.31,246.35,217.43,245.83,216.56,245.73Zm1.8-25.51a1.08,1.08,0,0,0-1.43,1,1.61,1.61,0,0,0,0,.62l-.05,0a1.14,1.14,0,0,0,.11,1.61,1.51,1.51,0,0,0,.81.32.9.9,0,0,0,.84,1,.86.86,0,0,0,.5-.19v-1.3a1.25,1.25,0,0,0-.19-.15,1.28,1.28,0,0,0,0-.8.86.86,0,0,0-.15-.22,1.74,1.74,0,0,0,.32-.46v-.93A1.2,1.2,0,0,0,218.36,220.22ZM217,252.77c.12-.05.44-.38.28-.63s-.55-.14-.66-.06-.3.35-.2.55S216.83,252.83,217,252.77Zm.74-11.68a1.26,1.26,0,0,0-.17.13.79.79,0,0,0-.49-.24.8.8,0,0,0-.94.62,2.76,2.76,0,0,1-.32.7,1.24,1.24,0,0,0,0,1.64c.41.5.93.48,1.5-.28,0-.11.06-.24.1-.38a1.91,1.91,0,0,0,1.71.63v-3A1.78,1.78,0,0,0,217.73,241.09Zm.76-49.24a1.66,1.66,0,0,0,.66.68v-2.29a1.39,1.39,0,0,0-.21.11A1.27,1.27,0,0,0,218.49,191.85Zm.28,22.55a1.66,1.66,0,0,1,.38-.8v5.14a1.35,1.35,0,0,1-.83,0,1.19,1.19,0,0,1-.56-.7l-.22.15c.22.5,0,.91-.6,1.12-.43-.21-.78-.56-.52-1,.36-.58.08-1-.14-1.44a1.66,1.66,0,0,1-.12-.42,1.66,1.66,0,0,1-1,.45,1.81,1.81,0,0,1-1-.23.8.8,0,0,1,.15.58,1,1,0,0,1-1.24.72c-.51-.08-.93-.49-.89-.88a.66.66,0,0,1,.13-.3,1.11,1.11,0,0,1-.89-1.63,1.19,1.19,0,0,0,0-.7,2.73,2.73,0,0,1,0-1.87,1.62,1.62,0,0,1,.4-.61.7.7,0,0,1-.25,0,1.59,1.59,0,0,1-.94-1.64.93.93,0,0,1,.63-.59,1.53,1.53,0,0,1,.41-1.45,2.28,2.28,0,0,1-.24-1.49,1.41,1.41,0,0,1,1.67-1,1.8,1.8,0,0,1,1.36,1.83,1.71,1.71,0,0,1-.83,1.05.36.36,0,0,1,.07.1c.22.41-.12,1.2-.63,1.58a.71.71,0,0,1,.06.43,1.5,1.5,0,0,1-.6.9l.16,0a1.58,1.58,0,0,1,1.4.85,1.23,1.23,0,0,1,.62-.78,2.13,2.13,0,0,1,.42-.1.9.9,0,0,1,0-.28c.14-.59.91-1.24,1.36-1.15a1.58,1.58,0,0,1,.9,1.41.83.83,0,0,1-.51.58,2.56,2.56,0,0,1,.89,2.47,2.22,2.22,0,0,1,1,.29A1.49,1.49,0,0,1,218.77,214.4Zm-5,2-.17-.15,0,.09h0A1.52,1.52,0,0,1,213.74,216.36ZM219,246.08l.13.14v-1.11A1,1,0,0,0,219,246.08ZM218,198a1,1,0,0,0,.85,1h.17a1.49,1.49,0,0,0,.1.69v-2.35l-.13,0A.87.87,0,0,0,218,198Zm-7.24,7c0-.14-.42-.19-.56-.13s-.42.46-.32.62.57.15.7.07A.67.67,0,0,0,210.79,205.06Zm-.1,11.1a1.07,1.07,0,0,0-.87.24.84.84,0,0,0-.16.56.75.75,0,0,0-.13-.06.9.9,0,0,0-1.07.6,1,1,0,0,0,.66,1.16.86.86,0,0,0,1-.69,1.76,1.76,0,0,0,0-.23l.06.06c.5-.05,1-.13,1.13-.71A.76.76,0,0,0,210.69,216.16Zm3.49,12.14a2.05,2.05,0,0,0-1.9,2c.06.7,1,.73,1.39.41s.31-.17.8,0,1.28.16,1.33-.77A1.76,1.76,0,0,0,214.18,228.3Zm-4.05-1.36c-.09.43.16.81.55.76a2.43,2.43,0,0,0,.74-.3.85.85,0,0,0-.72-1C210.29,226.37,210.19,226.64,210.13,226.94Zm.79-3.82c-.24.09-.29.25-.19.48a.32.32,0,0,0,.46.19c.22-.1.31-.24.21-.48A.31.31,0,0,0,210.92,223.12Zm2.88,3.59a1.18,1.18,0,0,0,.07-.92,1.65,1.65,0,0,0-2.08-1,5.21,5.21,0,0,0-.38,1,1.28,1.28,0,0,0,.7,1.4A1.4,1.4,0,0,0,213.8,226.71Zm.23,9.62a1.42,1.42,0,0,0-.39,2.14,1.44,1.44,0,0,0,2,.7,1,1,0,0,0,.34.78c.35.21.56,0,.75-.24a.56.56,0,0,0-.16-.92,1.73,1.73,0,0,0-.37-.11,1.62,1.62,0,0,0,.17-1.73c.15.1.55.22.64.05a.57.57,0,0,0-.15-.59c-.16-.09-.49-.27-.6-.09a.57.57,0,0,0,0,.46A1.71,1.71,0,0,0,214,236.33Zm1.33-14.27c-.45-1.06-1.31-1.44-2-1.19a1.23,1.23,0,0,0-.5.37c-.16-.33-.38-.61-.59-.66a.87.87,0,0,0-.53,0,1.27,1.27,0,0,0-.05-.48c-.14-.38-.52-.41-.85-.2s-.55.41-.35.82a.75.75,0,0,0,.58.38,1.78,1.78,0,0,0-.2.44c-.13.53.3,1,1.05,1.21a1.25,1.25,0,0,0,.42,0,1.09,1.09,0,0,0,.08.31l.06.1a.69.69,0,0,0-.29.49c-.09.43.16.81.56.76a2.66,2.66,0,0,0,.74-.3,1,1,0,0,0,0-.18,1.81,1.81,0,0,0,.77,0A1.41,1.41,0,0,0,215.36,222.06Zm-4.45,31.36c-.25.38-.58.77-.16,1.19a.93.93,0,0,0,.81.09.71.71,0,0,0,.37-.57C211.88,253.58,211.48,253.4,210.91,253.42Zm-6.77-45.3a1.35,1.35,0,0,0-.48-.88c-.28-.19-.86.23-.85.64a1.64,1.64,0,0,0,.3.65C203.73,208.68,204.19,208.47,204.14,208.12Zm3,9.47c-.7,0-.81.42-.8.63s-.28.53-.37.32c0,0,0,0,0-.06a1.57,1.57,0,0,0-1.26-1.93,1.26,1.26,0,0,0-1.57.92,2,2,0,0,0,1.22,2.15,1.33,1.33,0,0,0,1.59.82c.71-.18.72-.61,1.19-.69s.57-.36.61-.87S207.8,217.62,207.09,217.59Zm-4.75-2.21c.17.28,1.55-.29,1.65-.66s-.62-.8-1.26-.65S202.16,215.09,202.34,215.38ZM207.48,235c-.31.43-.59.89-.08,1.29s.89.1,1.2-.29A1,1,0,0,0,207.48,235Zm7.91-33.64c.27-.65.56-1.29.84-1.91,1.21.42,1.34.34,1.47-.75-.48-.46-.94-.37-1.41.1-1.3-.8-2-.35-2.17,1.18a1.63,1.63,0,0,0-.49-.2,1.43,1.43,0,0,0-1.75,1.29,2.12,2.12,0,0,0,.05.95.69.69,0,0,0-.22.33c-.1.33-.05.76.37.8a1.11,1.11,0,0,0,.71-.26,1.18,1.18,0,0,0,.2.07,1.6,1.6,0,0,0,.81-.07.76.76,0,0,0-.07.43.74.74,0,0,0,.63.61.69.69,0,0,0-.14.48.73.73,0,0,0,.72.74,1,1,0,0,0,.77-.3c.37-.55.07-1-.45-1.39a.75.75,0,0,0-.2-.94.88.88,0,0,0-.44-.18,1.28,1.28,0,0,0,.14-.21C215,202.06,215.21,201.81,215.39,201.38Zm-3.74,2.36a1.09,1.09,0,0,0-.66-1.37,1.4,1.4,0,0,0-1.51.77,1.52,1.52,0,0,0,1,1.68C211,204.89,211.51,204.36,211.65,203.74Zm6.13,67.7c-.07-.16-.28-.38-.49-.33s-.29.37-.27.54.26.52.54.41S217.83,271.56,217.78,271.44Zm-15-60.69a.75.75,0,0,0,1.29-.2.79.79,0,0,0-.56-.85A.73.73,0,0,0,202.8,210.75Zm14.86,57.67-.07,0c-.11-.36-.36-.7-.64-.7a.87.87,0,0,0-.8.78.69.69,0,0,0,.34.48,1.62,1.62,0,0,0-.34.63c-.14.61.65,1.24,1.5,1.47a1.59,1.59,0,0,0,1.5-.81v-.91A1.59,1.59,0,0,0,217.66,268.42Zm-8.3-30.91a.7.7,0,0,0-.08.14,2,2,0,0,0-1.74-.07c-.75.39-.89,1.42-.34,2.41a1.41,1.41,0,0,0,1.93.55,1.88,1.88,0,0,0,.89-1.88.74.74,0,0,0,.51-.23c.19-.24,0-.75-.41-1A.47.47,0,0,0,209.36,237.51Zm-2.88,3.76a.47.47,0,0,0,0,.45.68.68,0,0,0,.56,0,.49.49,0,0,0,.07-.67C206.9,240.81,206.61,241.15,206.48,241.27ZM210.66,199a.58.58,0,0,0,.27.53c.14.07.65,0,.68-.18a.54.54,0,0,0-.36-.48C211.07,198.84,210.7,198.81,210.66,199Zm6.76,59.28a2.15,2.15,0,0,1-.79-.57c-.39-.59-.69-1.24-1-1.91a6.26,6.26,0,0,0,.48-.66,1.11,1.11,0,0,0,.43.27c.32.08.93-1.28.76-1.61s-.65-.22-1.06.07a2.44,2.44,0,0,0-1-.69,1.34,1.34,0,0,0-.64-.13.45.45,0,0,0-.15-.24c-.34-.25-1.35.41-1.24.9a.78.78,0,0,0,.29.41,11.84,11.84,0,0,0,.17,2.09,3.37,3.37,0,0,0-1,1,.57.57,0,0,0-.59,0c-.19.14-.51.81-.33,1s.56.13.81,0a2.17,2.17,0,0,0,2.89,1.21.92.92,0,0,1,.52-.06.64.64,0,0,0,.38.18l.06,0a1,1,0,0,0,1.36-.44C218,258.77,217.81,258.5,217.42,258.29Zm1.72-95.23a.79.79,0,0,0-.63.67c-.2.76-.07,1.26.34,1.39a.74.74,0,0,0,.3,0V162.2h0C218.86,162.42,218.85,162.65,219.14,163.06Zm-5.83,103.56a.54.54,0,0,0,.44-.76c-.09-.22-.67-.67-.92-.55s-.28.75-.19.94A.87.87,0,0,0,213.31,266.62Zm.71-79.87a1,1,0,0,0-1,.69.94.94,0,0,0,.1.66.71.71,0,0,0-.14.31c-.12.88.16,1.51.7,1.58a1.49,1.49,0,0,0,1.37-1.14,1.2,1.2,0,0,0-.45-.82.66.66,0,0,0,.11-.26A.93.93,0,0,0,214,186.75Zm-6,36.17a1.17,1.17,0,0,0-1.13-.29,1.39,1.39,0,0,0-1,.83,2.53,2.53,0,0,1-.12.36,1.2,1.2,0,0,0-.2.45,1.65,1.65,0,0,0,1.13,1.95,2.4,2.4,0,0,0,2.13-1.41,1.5,1.5,0,0,0-.55-1.4A1.33,1.33,0,0,0,208.07,222.92Zm4.75,26a1.34,1.34,0,0,0-.95-.3c-.34,0-.46.76-.18,1s.52.22.67.28C212.91,249.59,213.1,249.12,212.82,248.89Zm6.33-65.73v5.35c-.86.44-1.4.21-2.38-.77a.94.94,0,0,1-.28-.55l-.3-.12c-.33-.19-.38-.45-.5-.65a.81.81,0,0,1-.14-.73c.08-.41.64-.53,1-.79a1.33,1.33,0,0,1,1.28.07l0,0a1.64,1.64,0,0,1,.08-1.17C218.2,183.18,218.58,183,219.15,183.16Zm-.64,2.48a.71.71,0,0,1-.09-.07l0,.08Zm-2.8,4.78h-.13a1.76,1.76,0,0,0-.44-.18c-.64-.18-1.18,0-1.29.52a2.21,2.21,0,0,0,.79,1.74,1,1,0,0,0,.39,0l.3.1c.73.16,1.27-.08,1.37-.61A2,2,0,0,0,215.71,190.42Zm1.76-20a.77.77,0,0,0,.56.81l.15,0a2.52,2.52,0,0,0-.94,2.8,2.07,2.07,0,0,0,1.33,1.49.89.89,0,0,0,.58,0v-6.37l-.21.33C218.15,169.58,217.49,170,217.47,170.43Zm1.2,83.54c-.26-.24-1.14.07-1.24.74a1,1,0,0,0,.32.75.87.87,0,0,0,.59.16,1.16,1.16,0,0,0,.14.79,2.05,2.05,0,0,0,.67.6v-2.42l-.1,0A1.44,1.44,0,0,0,218.67,254Zm-1.46-75.74a.81.81,0,0,0,1-.55c.2-.6-.37-1-.7-1.16s-1,.48-.88,1.14A1,1,0,0,0,217.21,178.23ZM367.64,143.7a.93.93,0,0,0,.56-1.19.77.77,0,0,0-.38-.35.79.79,0,0,0-.07-1.12,1.29,1.29,0,0,0-1.42-.47,1.14,1.14,0,0,0-.81,1.12,5.72,5.72,0,0,0,.12,1.13,4.61,4.61,0,0,0-.4.37,1.72,1.72,0,0,0-.32,1.88,1.12,1.12,0,0,0,.17.2h2.49a1.48,1.48,0,0,0-.07-1.54A.61.61,0,0,0,367.64,143.7Zm-127.71-3.15a1,1,0,0,0,.32.76.71.71,0,0,0,.68,0c.46-.3.42-.74.12-1.22C240.61,140.09,240.1,140,239.93,140.55Zm-.07-9.67a1.42,1.42,0,0,0,1.37-1.27c.08-.73-.4-1.23-1.25-1.3a1.17,1.17,0,0,0-1.4,1.12A1.37,1.37,0,0,0,239.86,130.88Zm-3.24,7c.33,0,.62-.68.64-.93s-.33-.46-.57-.53-.64.07-.58.46S236.3,137.8,236.62,137.83Zm2.62-1.58a2.1,2.1,0,0,0,2.12-1.33,1.66,1.66,0,0,0-1.27-1.76,1.62,1.62,0,0,0-1.82,1.16A1.64,1.64,0,0,0,239.24,136.25Zm-4.9-6.07c.17,0,.53.06.64-.21s-.26-.47-.35-.47a.71.71,0,0,0-.48.27C234.1,129.83,234.26,130.17,234.34,130.18Zm-.68,3.46c.31,0,1.08-.23,1.1-.54s-.64-.69-.93-.82-.72.28-.73.67S233.26,133.68,233.66,133.64Zm4,6.88a1.47,1.47,0,0,0-1-1.56,1.59,1.59,0,0,0-1.51,1.14c-.08.49.49,1.09,1.13,1.18C237.13,141.39,237.58,141.15,237.69,140.52ZM245.87,129c.16,0,.24-.15.26-.23s-.16-.22-.23-.23-.23.06-.25.17A.26.26,0,0,0,245.87,129ZM247,143.6c.19-.85-.1-1.6-.66-1.71a1.44,1.44,0,0,0-1.46,1,1.29,1.29,0,0,0,1,1.36A1.09,1.09,0,0,0,247,143.6Zm1.89-7.41a1.42,1.42,0,0,0,1.71-1.2,1.78,1.78,0,0,0-1.38-1.92,1.86,1.86,0,0,0-1.83,1.38C247.21,135.27,247.84,136,248.89,136.19Zm-7.17,6.52a10,10,0,0,0-1.79,1.17,2.05,2.05,0,0,0-2.3,0,1.78,1.78,0,0,0-.58,1.39H243c.31-.24.41-.71.36-1.48A1.17,1.17,0,0,0,241.72,142.71Zm.7-10.79a1.43,1.43,0,0,0,1.52-.93,1,1,0,0,0-.72-1.12,1.24,1.24,0,0,0-1.35,1A.85.85,0,0,0,242.42,131.92Zm3.84,5.69a1.75,1.75,0,0,0-.47-2c-.6-.42-1-.25-1.86.92-.49-.29-1-.66-1.42-.06a.89.89,0,0,0,0,1.15c.11.14.33.3.47.27a10.16,10.16,0,0,0,1.26-.36C245.07,138.08,245.91,138.14,246.26,137.61Zm-25.12,5.61a.58.58,0,0,0-.49.34c-.05.15,0,.64.26.65s.43-.3.44-.42S221.35,143.23,221.14,143.22Zm0-3c.11-.34-.34-.42-.5-.48s-.39.17-.38.25a.67.67,0,0,0,.27.49A.47.47,0,0,0,221.11,140.2Zm1.82,1.72a.45.45,0,0,0-.52.35.5.5,0,1,0,1,.11C223.4,142.09,223.08,141.93,222.93,141.92ZM216,149c.6.31,1-.06,1.34-.66-.28-.46-.45-1-1.09-.87a.74.74,0,0,0-.65.81A1,1,0,0,0,216,149Zm2.63-2.26c-.27.79-.14,1.18.55,1.43v-2A.85.85,0,0,0,218.6,146.71Zm11.77-6a.85.85,0,0,0-.58,1,.82.82,0,0,0,.79.82c.69,0,1.15-.78,1.16-1.06A1.23,1.23,0,0,0,230.37,140.69Zm1-3.95a.92.92,0,0,0,.93-.65,1.05,1.05,0,0,0-.66-1.07.84.84,0,0,0-.92.66A1,1,0,0,0,231.34,136.74Zm2,1.78a.77.77,0,0,0-.81.76,1,1,0,0,0,1,1c.17-.19.53-.43.65-.76S233.88,138.55,233.35,138.52Zm-6.6,1.3c-.5,0-1.12.55-1.19,1.16a1.18,1.18,0,0,0,1.07,1.22c.62.09,1-.15,1.08-.68C227.84,140.75,227.35,139.89,226.75,139.82Zm.58-7.24c-.38.22-1.26.45-1.25,1.08s.58.54.82.74a1.38,1.38,0,0,0,2-.16,1.25,1.25,0,0,0-.23-1.47A1,1,0,0,0,227.33,132.58Zm-2.42,5.65a.88.88,0,0,0-.64-.95.72.72,0,0,0-.93.58.88.88,0,0,0,.63.95A.77.77,0,0,0,224.91,138.23Zm-7.24,7.68c.27.06.59-.23.8-.33.1-.63-.2-.83-.53-.89s-.76.05-.74.47S217.46,145.87,217.67,145.91ZM269,137.63a1.29,1.29,0,0,0,.85-.58c.28-.61-.31-.81-.74-1.14-.56.33-1,.67-.76,1.29A.82.82,0,0,0,269,137.63Zm-10.88-2.07a.47.47,0,0,0-.77,0c-.28.28-.45.62-.15,1a.92.92,0,0,0,1,.2.52.52,0,0,0-.07.12c-.05.15,0,.65.26.65s.44-.29.44-.41,0-.56-.21-.57a.51.51,0,0,0-.24.07A1,1,0,0,0,258.1,135.56Zm2.35,8.67a1.66,1.66,0,0,0-.32,0V144c-.41-.34-.84-.47-1.21,0a.71.71,0,0,0-.06.69,1.14,1.14,0,0,0,.32.29,1.54,1.54,0,0,0,0,.3h1.63s0-.08,0-.12C260.87,144.74,260.87,144.29,260.45,144.23Zm3.27-11.95c.11-.06.29-.53.19-.64s-.54,0-.69.08-.12.41-.05.45A.67.67,0,0,0,263.72,132.28Zm-2.61,2.5a.79.79,0,0,0,.18-1c.08,0,.14-.1.15-.14s-.34-.42-.5-.48-.16,0-.25.1a.8.8,0,0,0-.57.2.83.83,0,0,0-.12,1.2A.86.86,0,0,0,261.11,134.78Zm-.1,1.9a1.4,1.4,0,0,0,.88,1.2.88.88,0,0,0,.9-.83.81.81,0,0,0-.81-.89C261.42,136.09,261,136.3,261,136.68Zm6.45-2.65a.87.87,0,0,0,0-1.22.82.82,0,0,0-1.21.05c-.41.39-.5.83-.22,1.08A1.38,1.38,0,0,0,267.46,134Zm-.82-3.3a.27.27,0,0,0,0-.35c-.05-.07-.26,0-.31,0s-.11.21,0,.29A.25.25,0,0,0,266.64,130.73Zm-3,4.1a.25.25,0,0,0,.21.29.27.27,0,0,0,.26-.24c0-.08-.15-.22-.22-.22S263.69,134.71,263.68,134.83Zm3.33,4.85c.07.36.57.66.88.77s1.2-.23,1.27-.66-.88-.88-1.24-.92a.86.86,0,0,0-.51.15,1,1,0,0,0-.14-.94,1.54,1.54,0,0,0-1.79-.19c-.33.3-.17,1.26.28,1.76A1,1,0,0,0,267,139.68Zm-2.11-3.19a.55.55,0,0,0,0-.6c-.13-.13-.43-.36-.57-.2a.58.58,0,0,0-.06.59C264.32,136.41,264.76,136.65,264.9,136.49Zm-16.69,1.63a.93.93,0,0,0,.14.79c.44.42.81.07,1.16-.22,0-.54-.18-.95-.74-1A.7.7,0,0,0,248.21,138.12Zm3.48.82a.88.88,0,0,0,.26-.69,1,1,0,0,0,0-.72c-.18-.27-.56-.14-.75.19a1.33,1.33,0,0,0-.08,1A.4.4,0,0,0,251.69,138.94ZM217.85,288.21a1,1,0,0,0,.56-1.36,1.07,1.07,0,0,0-1.58-.74h-.13a.78.78,0,0,0-.5.4,1,1,0,0,0-.29.95A1.76,1.76,0,0,0,217.85,288.21Zm31.59-157.1a.47.47,0,0,0,.61-.27c.11-.33-.33-.41-.5-.47s-.39.17-.38.25A.67.67,0,0,0,249.44,131.11Zm.57,9.15c-.06.06-.11.22,0,.3a.24.24,0,0,0,.36,0,.27.27,0,0,0,0-.35C250.27,140.17,250.05,140.21,250,140.26Zm2.46-11.41c.23,0,.65-.13.71-.31s-.21-.58-.41-.66-.81.1-.86.33S252.32,128.85,252.47,128.85Zm4.77,4.64a.85.85,0,0,0,1-.72.68.68,0,0,0-.59-.9.84.84,0,0,0-1,.68A.86.86,0,0,0,257.24,133.49Zm-4.52,2.45a.69.69,0,0,0,.57.91.75.75,0,0,0,.85-.56c.07-.19-.1-.51-.32-.73a1,1,0,0,0,.67-.1c.16-.18.32-.59.22-.75a.76.76,0,0,0-.76-.11,1,1,0,0,0-.32.8.4.4,0,0,0-.3-.08A1,1,0,0,0,252.72,135.94Zm3.06,7.25a1.67,1.67,0,0,0,2-.28,1.41,1.41,0,0,0,.3-1.9,1,1,0,0,0,.54-.68,1.55,1.55,0,0,0-1-1.5c-.44-.05-1.08.68-1.17,1.35a.25.25,0,0,0,0,.12,1.48,1.48,0,0,0-.87.36,1.59,1.59,0,0,0-.45,1.11c-.91-.09-1.38.17-1.46.83a1.42,1.42,0,0,0,1.07,1.26A1.44,1.44,0,0,0,255.78,143.19Zm.07-4.63c.43.07.79-.2.73-.6s-.1-.61-.35-.72-.93.35-1,.78S255.54,138.51,255.85,138.56Zm-1.38.46a.39.39,0,0,0,0-.43c-.19-.3-.54,0-.69.08s-.09.22-.08.34a2.45,2.45,0,0,1-.54,0,1.24,1.24,0,0,0-1.42.82c-.24.6,0,1,1,1.18a16.68,16.68,0,0,0,1.77-.5.77.77,0,0,0,.45-1A.94.94,0,0,0,254.47,139Zm-.48-6.47c.31,0,.65-.38.71-.87a.47.47,0,0,0-.47-.61c-.39,0-.76.06-.85.53A.91.91,0,0,0,254,132.55Zm10.75,5.39a.53.53,0,0,0-.45.29.28.28,0,0,0,0,.1.44.44,0,0,0-.16-.17c-.25-.15-.54-.32-.78-.2a1,1,0,0,0,0,1.23c.3.27.55.11.78-.09a.71.71,0,0,0,.25-.44c0,.1.1.19.21.19s.48-.31.5-.45A.57.57,0,0,0,264.74,137.94ZM201.88,259.23a.83.83,0,0,0,.14,1.12.94.94,0,0,0,1.23-.06.92.92,0,0,0-.11-1.13A1.07,1.07,0,0,0,201.88,259.23ZM197.4,201.7a1.89,1.89,0,0,0,.33-.13c0-.08,0-.23-.16-.27s-.23.1-.27.17S197.38,201.7,197.4,201.7Zm17.78-48.39c.19,0,.48-.34.5-.49a.68.68,0,0,0-.3-.5c-.15,0-.42.2-.47.35S215,153.28,215.18,153.31ZM200.32,266.74a.73.73,0,0,0,.05,1.1.88.88,0,0,0,1.14-.1.75.75,0,0,0-.06-1.1A.86.86,0,0,0,200.32,266.74Zm3.42,9.13c-.21.26-.32.68,0,.87a1,1,0,0,0,.9-.05c.17-.2.08-.63.09-.85C204.28,275.44,204,275.6,203.74,275.87Zm-.37-27.43c-.12.06-.11.23-.09.31s.22.12.24.09a1.57,1.57,0,0,0,.15-.32C203.58,248.5,203.49,248.38,203.37,248.44ZM196,201.58c-.11-.37.13-1.12-.38-1.28s-.84.47-1.19.66c0,.09,0,.18,0,.28l1.25.55ZM198.06,242c.12-.08.27-.41.18-.55a.57.57,0,0,0-.56-.13c-.14.06-.39.43-.32.62S197.93,242.09,198.06,242Zm8.55,36.17c-.54,0-1.09-.09-1.29.53a.72.72,0,0,0,.39,1,1,1,0,0,0,.83,0C207.09,279.28,207,278.76,206.61,278.17Zm-10-72c.14,0,.33-.2.57-.36-.2-.21-.34-.43-.5-.45s-.39.22-.39.34A.59.59,0,0,0,196.64,206.16Zm.24,17c.33-.29,0-1.66-.47-1.82s-1.1.86-.84,1.36S196.56,223.48,196.88,223.18Zm-.14,11.69c-.24-.06-.63.39-.92.65-.08.07,0,.27-.07.51.42,0,1,.44,1.31.08S197.29,235,196.74,234.87Zm1.75,25.84a1,1,0,0,0-.82,1.08c0,.44-.21,1.32.35,1.62s.75-.25,1-.36c.75-.28,1.2-1.28.82-1.82A1.25,1.25,0,0,0,198.49,260.71Zm9.15,34.78c-.13,0-.49.31-.43.52s.49.22.67.19.29-.23.22-.39A.58.58,0,0,0,207.64,295.49Zm9.91,11.94c-.13,0-.49.3-.43.51s.49.22.67.2.29-.24.22-.4A.57.57,0,0,0,217.55,307.43Zm-2-3a.94.94,0,0,0-.52,1.2.87.87,0,0,0,1.18.53.91.91,0,0,0,.48-1.12A.87.87,0,0,0,215.55,304.42Zm2-4.82c-.2,0-.67.45-.62.72s.68.39.92.38.66-.59.44-.86A.84.84,0,0,0,217.59,299.6Zm-2.38-3.43a6.74,6.74,0,0,0-1.37,1.19,1.69,1.69,0,0,0,.14,2c.26.3,1,.7,1.49,0,.14-1.34,1-.91,1.42-1.84a1.45,1.45,0,0,0,.07-.45A1.09,1.09,0,0,0,215.21,296.17Zm-4.49-4.48a1.27,1.27,0,0,0,1.46-.23,1.74,1.74,0,0,0-.21-1.78c-.34-.34-.69-.72-1.27-.35-.41.26-.87.46-1.31.69a.73.73,0,0,0-.71.92.94.94,0,0,0,1.1.71A2.27,2.27,0,0,1,210.72,291.69Zm-1.39-4.4a2.07,2.07,0,0,0-2.68-.65c-.57.42-.13,1.23.35,1.41s.3.19.37.71.51,1.19,1.34.77A1.76,1.76,0,0,0,209.33,287.29Zm1.23,8.68c-.69.26-1.06.87-.84,1.38a1.69,1.69,0,0,0,1.93.86,1.23,1.23,0,0,0,.49-1.57A1.14,1.14,0,0,0,210.56,296Zm-.63,4.51c-.14.06-.14.25-.12.33s.24.12.3.09.19-.15.15-.26A.25.25,0,0,0,209.93,300.48Zm3.12,1.43a.91.91,0,0,0-.71.35.81.81,0,0,0,.61,1,.76.76,0,0,0,.64-1A.7.7,0,0,0,213.05,301.91Zm-12.37-30.78c-.07.06,0,.42,0,.45a.65.65,0,0,0,.56,0,.47.47,0,0,0,.06-.66C201.1,270.66,200.81,271,200.68,271.13ZM209,161.54c.14.07.65,0,.68-.18a.57.57,0,0,0-.36-.49c-.18,0-.55-.06-.59.14A.58.58,0,0,0,209,161.54Zm1,7.2a.4.4,0,0,0,.26-.58c-.13-.23-.38-.28-.65-.34a1,1,0,0,0-.72,0c-.29.14-.21.54.09.76A1.31,1.31,0,0,0,210,168.74Zm-.8-10.1a1.44,1.44,0,0,0,1.3-.73.88.88,0,0,0-.71-1,.82.82,0,0,0-1,.7C208.67,158.15,208.83,158.57,209.21,158.64Zm.1,26a1,1,0,0,0-.33.44c-.13.64.23,1.07,1,1.2s1-.24,1.17-1c.09-.55-.13-1-.54-1.08a.75.75,0,0,0-.22,0,1.42,1.42,0,0,0,.25-.47c.22-.81,0-1.29-.58-1.48a1.47,1.47,0,0,0-1.67.81A1.57,1.57,0,0,0,209.31,184.68ZM209,171.51a.92.92,0,0,0,.81,0c.46-.38.16-.79-.08-1.18-.53-.06-1,.06-1.05.61A.72.72,0,0,0,209,171.51Zm5.33-16.63c.38.07.76.06.92-.39s-.43-1.07-.72-1-.48.37-.6.65A.51.51,0,0,0,214.35,154.88ZM212.8,153c.41.13.85-.42,1-.76s-.08-1.21-.5-1.34-1,.76-1.07,1.11A1,1,0,0,0,212.8,153Zm-6.61,20.55c-.49.54-.37.94.69,2-.36.45-.79.86-.25,1.4a.89.89,0,0,0,1.14.19.64.64,0,0,0,.33-.42c0-.42-.13-.84-.2-1.3.68-.8.85-1.62.37-2A1.76,1.76,0,0,0,206.19,173.59Zm5-5.36c.56.31,1,.11,1.29-.81a15.48,15.48,0,0,0-.27-1.82.75.75,0,0,0-1-.57.79.79,0,0,0-.65.92,2.84,2.84,0,0,1,0,.77A1.23,1.23,0,0,0,211.19,168.23Zm0-12.65c.14,0,.61.06.65-.19a.61.61,0,0,0-.39-.56.57.57,0,0,0-.49.26A.54.54,0,0,0,211.16,155.58Zm1,8a1,1,0,0,0,1.11-.74,1.2,1.2,0,0,0-.69-1.4,1.56,1.56,0,0,0-1.61.8C210.81,162.65,211.46,163.38,212.11,163.56Zm-10.41,6.05a.65.65,0,0,0,.52-.2.5.5,0,0,0-.18-.65c-.32-.14-.46.29-.54.44S201.62,169.61,201.7,169.61Zm-1.34-3.49c0-.23,0-.67-.22-.75s-.6.14-.7.32,0,.82.21.9S200.34,166.27,200.36,166.12Zm.62,10.76a.85.85,0,0,0,1.16-.41,1.43,1.43,0,0,0-.73-1.62,1,1,0,0,0-1.21.57A1.25,1.25,0,0,0,201,176.88ZM199.19,180a1.37,1.37,0,0,0,1.59-1.09,1.42,1.42,0,0,0-1.08-1.52c-.72-.17-1.28.24-1.45,1.07A1.17,1.17,0,0,0,199.19,180Zm-1.07,13c.15,0,.48-.11.51-.27s-.17-.43-.31-.48-.58,0-.66.23S198,193,198.12,193Zm1.52-20.29a.27.27,0,0,0-.2-.29c-.08,0-.24.12-.25.2a.23.23,0,0,0,.13.26A.25.25,0,0,0,199.64,172.68Zm7.79-5.92a.68.68,0,0,0,1-.45.77.77,0,0,0-.44-.92c-.33-.15-1.12.34-1.07.69A1,1,0,0,0,207.43,166.76Zm-6,18.28c-.17.29.18.74.58.8s.74-.06.75-.46-.09-1.1-.4-1.16S201.58,184.76,201.41,185Zm4.48-26.37a.69.69,0,0,0,.52-.21c.06-.11,0-.6-.19-.64s-.45.28-.53.44S205.81,158.66,205.89,158.67Zm2.14-3.1c0-.16-.13-.26-.21-.28s-.23.12-.25.19,0,.24.14.27A.26.26,0,0,0,208,155.57Zm-3.47,6.89a.87.87,0,0,0,1-.49.84.84,0,0,0-.59-1.06.68.68,0,0,0-1,.47A.84.84,0,0,0,204.56,162.46Zm-1.36,3.1a.9.9,0,0,0,1-.49c.09-.3-.29-.69-.76-.81a.47.47,0,0,0-.67.39C202.71,165,202.75,165.41,203.2,165.56Zm47.29-22.33a2,2,0,0,0,0-1.88,1.55,1.55,0,0,0-1.92-.59,1.6,1.6,0,0,0-.22,2.2,1.87,1.87,0,0,0,.73.51,1.26,1.26,0,0,0,.09,1.37.85.85,0,0,0,1.19.29,1.43,1.43,0,0,0,.26-1.76A.54.54,0,0,0,250.49,143.23Zm101.9-.51c-.27,0-.61.79-.41,1.16s.49.28.77.17a.58.58,0,0,0,.32-.89C352.88,142.94,352.66,142.68,352.39,142.72Zm1.95-.9c.19-.1.21-.47.16-.58s-.3-.47-.48-.37a.57.57,0,0,0-.24.54C353.81,141.56,354.15,141.93,354.34,141.82Zm.22-4.36c.12,0,.44-.41.38-.55s-.5-.18-.68-.14-.24.35-.19.41A.68.68,0,0,0,354.56,137.46Zm-3.05,7.81h.83A.78.78,0,0,0,351.51,145.27Zm-3.32-6.49a.48.48,0,0,0-.72-.28c-.35.18-.62.45-.46.9a.91.91,0,0,0,1,.48C348.32,139.76,348.39,139.22,348.19,138.78ZM326,135.6a.88.88,0,0,0-.25,1.12.75.75,0,0,0,1.07.26.86.86,0,0,0,.24-1.11A.73.73,0,0,0,326,135.6Zm22.9,7a.93.93,0,0,0-.2.84.67.67,0,0,0,.95.48.74.74,0,0,0,.44-.92C350,142.65,349.15,142.34,348.92,142.6Zm11.1-3.72a.51.51,0,0,0-.24.48c.05.15.33.52.55.39a.59.59,0,0,0,.19-.65A.55.55,0,0,0,360,138.88Zm-2.66,4.71c0,.22.3.6.49.62a1.32,1.32,0,0,0,1-.28c.46-.49,0-.87-.33-1.32C357.85,142.74,357.34,142.93,357.36,143.59Zm4.51-.46a.86.86,0,0,0-.54,1.18,1,1,0,0,0,1.15.46,1,1,0,0,0,.43-1.25A.8.8,0,0,0,361.87,143.13Zm-4.05-6.22a.26.26,0,0,0,.1-.33c0-.08-.25-.11-.31-.08a.27.27,0,0,0-.13.28A.26.26,0,0,0,357.82,136.91Zm-3.38,6.42c-.4.18-.57,1.15-.29,1.77a.44.44,0,0,0,.14.17h1.42a1.08,1.08,0,0,0,.36-1.18A1.54,1.54,0,0,0,354.44,143.33Zm3.45-4.2a.83.83,0,0,0-1.16-.33c-.52.23-.74.62-.56.95a1.4,1.4,0,0,0,1.38.56A.88.88,0,0,0,357.89,139.13Zm-25.2.25a.93.93,0,0,0-.31,1.2.92.92,0,0,0,1.12.22,1.07,1.07,0,0,0,.3-1.22A.84.84,0,0,0,332.69,139.38Zm2.94,4.7,0,0a1.33,1.33,0,0,0-2.35,1.23h2.34l0-.05a1.59,1.59,0,0,0,.74-.27c.13-.1.1-.56,0-.77A.42.42,0,0,0,335.63,144.08Zm-6.77-1.45a.85.85,0,0,0-1.12.26.84.84,0,0,0,0,1.14,1.29,1.29,0,0,0,1.57.1A1.22,1.22,0,0,0,328.86,142.63Zm8.51-2.11c.24-.2.06-.94-.06-1.24s-.69-.32-1-.06-.42.62-.12.88S337.13,140.72,337.37,140.52Zm6.87,2.3a1.85,1.85,0,0,0-.85,2.13,1.09,1.09,0,0,0,.17.32h2.58a1.39,1.39,0,0,0,.27-1.53A1.78,1.78,0,0,0,344.24,142.82Zm-11.76-5.74a1.25,1.25,0,0,0,.9-1.18,1,1,0,0,0-.79-1.09c-.42-.12-1.2-.6-1.65-.15s0,.79,0,1.1C331,136.56,331.85,137.28,332.48,137.08Zm12.32.45c.2-.12.49-.45.45-.64s-.49-.39-.69-.35-.65.51-.57.73S344.67,137.6,344.8,137.53Zm-.43,5.22a1.15,1.15,0,0,0,.07-1.79,1.43,1.43,0,0,0-.66-.47h0c-.08-.34-.5-.18-.68-.15a.52.52,0,0,0-.16.22,2,2,0,0,0-.28.16,1.37,1.37,0,0,0-.15,1.93A1.42,1.42,0,0,0,344.37,142.75Zm-5.14-1.68a.29.29,0,0,0,.1-.34c0-.08-.25-.11-.31-.07a.26.26,0,0,0-.13.27A.26.26,0,0,0,339.23,141.07Zm.54-2.57c.27-.12.17-.51.1-.57a.71.71,0,0,0-.53-.17c-.07,0-.21.36-.15.43S339.51,138.62,339.77,138.5Zm-.84,5.39a2.43,2.43,0,0,0-.25.2.92.92,0,0,0,0-.29,1,1,0,0,0-1.2-.58,1.24,1.24,0,0,0-.65,1.52,1.1,1.1,0,0,0,.39.53h4.08a1.43,1.43,0,0,0-.24-.88A1.62,1.62,0,0,0,338.93,143.89Zm12.82-6a.68.68,0,0,0-1-.46.83.83,0,0,0-.5,1.1.87.87,0,0,0,1,.49A.85.85,0,0,0,351.75,137.87ZM387,144.48a.91.91,0,0,0-.38.79h1.85a1.11,1.11,0,0,0-.32-.82A.85.85,0,0,0,387,144.48Zm.36-6a.86.86,0,0,0,.46-1,.73.73,0,0,0-1-.49.89.89,0,0,0-.47,1.05A.75.75,0,0,0,387.35,138.51Zm-.38,2.41a1.32,1.32,0,0,0-1.61-.4,1.19,1.19,0,0,0-.47,1.56c.25.57.65.76,1.15.55C386.75,142.33,387.23,141.46,387,140.92Zm6.45-3.34c-.38-.2-1-.83-1.57-.48s-.15.77-.2,1.07c-.12.8.53,1.68,1.19,1.61a1.24,1.24,0,0,0,1.13-1A1,1,0,0,0,393.42,137.58Zm-10-2.12a.7.7,0,0,0-.28.49c0,.12.21.47.55.38s.18-.51.14-.68S383.46,135.41,383.4,135.46Zm16.5,6.7a.76.76,0,0,0-.49-.28c-.07,0-.28.31-.24.39s.22.48.51.43S400,142.23,399.9,142.16ZM218,296.08a1.62,1.62,0,0,0,1.17.78v-2.31a.69.69,0,0,0-.24.05A1.36,1.36,0,0,0,218,296.08Zm-.16-5.46a.75.75,0,0,0-.3-.54,1.14,1.14,0,0,0-1.55.46,1.45,1.45,0,0,0,.16,1.55,1.15,1.15,0,0,0,1.37.14,1.63,1.63,0,0,0,1.65.92v-3a2.4,2.4,0,0,0-.67.11A2.16,2.16,0,0,0,217.82,290.62ZM392.57,142.08a.81.81,0,1,0,.49,1.55,1.06,1.06,0,0,0,.55-1.13A.83.83,0,0,0,392.57,142.08Zm3.59.6c-.33.19-.54.52-.3.84s.77.8,1.05.65.25-.91.2-1.22S396.5,142.48,396.16,142.68ZM269.92,132.62a.61.61,0,0,0,0-.68.58.58,0,0,0-.56-.05.55.55,0,0,0-.07.53C269.36,132.54,269.75,132.81,269.92,132.62ZM373.2,145.05a.88.88,0,0,0-.39.22h1.8A1.89,1.89,0,0,0,373.2,145.05Zm-.23-.92a.88.88,0,0,0-1.22-.44.92.92,0,0,0-.4,1.15,1,1,0,0,0,.35.43h1A.93.93,0,0,0,373,144.13Zm8.51-2.49a1.5,1.5,0,0,0-.55,2.14,1.26,1.26,0,0,0,1.74.73,1.69,1.69,0,0,0,.79-2.22A1.73,1.73,0,0,0,381.48,141.64Zm-18.82-1a.52.52,0,0,0-.36.75.73.73,0,0,0-.7.95.76.76,0,0,0,1.31,0,.61.61,0,0,0,0-.4.77.77,0,0,0,.29,0c.36-.13.56-1,.35-1.21A1,1,0,0,0,362.66,140.62Zm2.09-2.47c-.16-.4-1.21-.29-1.54-.14a1,1,0,0,0-.43,1c.16.4.86.4,1.23.33S364.91,138.56,364.75,138.15Zm5.33.24a.64.64,0,0,0,.26-.52c0-.15-.38-.26-.53-.21s-.48.38-.41.56S370,138.45,370.08,138.39Zm2.56,3.58a1.51,1.51,0,0,0-1.77-.88,1.15,1.15,0,0,0-.67.71l-.17,0a.37.37,0,0,0-.2.41.54.54,0,0,0,.25.22,1.64,1.64,0,0,0,.09.58,1.08,1.08,0,0,0,1.43.5C372.24,143.3,372.81,142.45,372.64,142Zm5.55,1c-.25.19-.9.51-.7,1s.89.3,1.22.28.52-.49.36-.91S378.56,142.71,378.19,143Zm2.92-5a.57.57,0,0,0-.54-.24c-.15,0-.52.38-.41.57a.56.56,0,0,0,.58.15C380.91,138.34,381.22,138.13,381.11,138Zm-7.21-2.07a1,1,0,0,0-.4.72c.06.67.58.81,1.27.79.24-.48.61-.91.17-1.39A.75.75,0,0,0,373.9,135.88Zm3.8,1.05c.59-.25.6-.6.48-.92s-.44-.62-.79-.38-.47.6-.39.8S377.51,136.81,377.7,136.93Zm0,2.27a1.92,1.92,0,0,1,.14-.29.76.76,0,0,0-.11-1,.82.82,0,0,0-.92-.24c-.9.21-1.12.57-.86,1.46.21.67.38,1.35.56,2-1.21.43-1.26.58-.67,1.51.67.05,1-.31,1-1C378.45,141.44,378.72,140.56,377.7,139.2Zm5.32.23a.52.52,0,0,0,.15-.64.45.45,0,0,0-.57-.26.5.5,0,1,0,.42.9Zm-100.46-1a.61.61,0,0,0-.07,1,.84.84,0,0,0,.77-.06c.17-.13.45-.68.3-.91S282.79,138.29,282.56,138.39Zm4.13-.28c-.35-.17-1.23-.23-1.39.55a1.52,1.52,0,0,1,.08.63.6.6,0,0,0-.24-.24.53.53,0,0,0-.51.19.52.52,0,0,0,.16.51.89.89,0,0,0,.43.06,1.86,1.86,0,0,0-.51,1.1,1.54,1.54,0,0,0,.11.44,1.09,1.09,0,0,0,2,.17,7.16,7.16,0,0,0,.79-1.62A1.7,1.7,0,0,0,286.69,138.11Zm-3.26,4.27a1,1,0,0,0,.42-.39.88.88,0,0,0-.57-1.08.82.82,0,0,0-1.07.57c-.21.52-.1,1,.26,1.07h0a.45.45,0,0,0-.13.1,1.19,1.19,0,1,0,1.6,1.76,1.36,1.36,0,0,0,.28-1.73A1.25,1.25,0,0,0,283.43,142.38Zm-1.75-3a.28.28,0,0,0-.16-.31c-.08,0-.25.09-.28.16a.28.28,0,0,0,.1.29A.26.26,0,0,0,281.68,139.36Zm1.59-5.31a.93.93,0,0,0,0-1.3.86.86,0,0,0-1.29,0,.93.93,0,0,0,0,1.22A.87.87,0,0,0,283.27,134.05Zm5.15,4c-.29,0-.52.3-.68.57a.52.52,0,0,0,.3.81c.37.11.74.15,1-.28S288.71,138.07,288.42,138.08Zm1.56-2.57a.28.28,0,0,0,0-.35.31.31,0,0,0-.32,0c0,.06-.11.21,0,.3A.25.25,0,0,0,290,135.51Zm-3.42-.11c.22-.1.51-.39.51-.6,0-.57-.67-.78-1-.71a.77.77,0,0,0-.21,1.15A.75.75,0,0,0,286.56,135.4Zm4.6,4.51a1.12,1.12,0,0,0,.23-1.6,1.67,1.67,0,0,0-2.1-.05,1.22,1.22,0,0,0,.15,1.64A1.14,1.14,0,0,0,291.16,139.91Zm-10,.6a1.81,1.81,0,0,0-1.87-.26,1,1,0,0,0-.16,1.4l-.07.08c-.06.08.07.42.14.43a1,1,0,0,0,.37,0,1.13,1.13,0,0,0,1.35-.31A.93.93,0,0,0,281.13,140.51Zm5.18-4.12a1,1,0,0,0,.42,1.05c.39.18.9-.31,1.11-.62s.07-1.22-.32-1.39S286.45,136.05,286.31,136.39Zm-14.94,6a1,1,0,0,0,0-1.23c-.49-.47-1-.23-1.52-.05-.15,1,0,1.39.49,1.57A.85.85,0,0,0,271.37,142.35Zm1.92-11.26c.22-.13.59-1.07.31-1.4s-1.24.11-1.51.36a1,1,0,0,0-.07,1.13C272.3,131.5,273,131.28,273.29,131.09Zm0,1.39c-.26-.12-.6.05-.86.22a.52.52,0,0,0-.08.86c.28.26.61.46,1,.17A1,1,0,0,0,273.27,132.48Zm.3,2.88a.8.8,0,0,0-1.11,0,.86.86,0,0,0-.14,1.29,1,1,0,0,0,1.23.07A1,1,0,0,0,273.57,135.36Zm-2.16,3.86c-.53.52-.61,1.06-.31,1.4a.93.93,0,0,0,1.39,0,.8.8,0,0,0-.11-1.18C272.06,139.23,271.72,138.94,271.41,139.22Zm8.86-7.17c.11-.05.33-.46.19-.64s-.54,0-.69.08a.37.37,0,0,0,0,.45A.56.56,0,0,0,280.27,132.05Zm12.15,5.74a.77.77,0,0,0,1-.4.86.86,0,1,0-1.56-.73A1,1,0,0,0,292.42,137.79Zm-12.56-1.07a.66.66,0,0,0,.16-1.06.81.81,0,0,0-1.19-.21.84.84,0,0,0-.17,1.11A.86.86,0,0,0,279.86,136.72ZM278.11,134A.86.86,0,1,0,277,132.7a1,1,0,0,0,0,1.24A.76.76,0,0,0,278.11,134ZM274,144a2,2,0,0,0-.6,1.27h3.22a1.62,1.62,0,0,0-.38-1A1.75,1.75,0,0,0,274,144Zm3.23-5.62a1,1,0,0,0-.11-1.42,1.15,1.15,0,0,0-1.71-.14c-.46.44-.6,1.19-.27,1.52A1.68,1.68,0,0,0,277.27,138.38Zm-.29,3.7a1.62,1.62,0,0,0,0-1.88,1.51,1.51,0,0,0-1.68,0,1.1,1.1,0,0,0-.17,1.33C275.74,142.24,276.54,142.47,277,142.08Zm40.09-4.62c.53-.37.47-.72.28-1s-.56-.52-.85-.22a1,1,0,0,0-.21.87C316.43,137.34,316.86,137.38,317.07,137.46Zm.48,2.22a1.25,1.25,0,0,1,.08-.32.76.76,0,0,0-.33-1,.81.81,0,0,0-.95,0c-.77.35-.94.73-.61,1.43-.13,0-.19-.11-.47-.3a.89.89,0,0,0-1.47.49,1.77,1.77,0,0,0,1.26,1.95,1.81,1.81,0,0,0,1.55-.45c.06.11.12.23.17.34-1.08.68-1.11.83-.33,1.61.66-.08.88-.5.8-1.16C318.76,141.71,318.84,140.79,317.55,139.68Zm-3.37-2.56a.74.74,0,0,0-1,.1,1,1,0,0,0-.24.79c.2.64.74.67,1.41.51C314.44,138,314.71,137.51,314.18,137.12Zm11.13,2.25a1.2,1.2,0,0,0-.13,1.62.82.82,0,0,0,1.24.3,1.47,1.47,0,0,0,.55-1.87A1.31,1.31,0,0,0,325.31,139.37Zm-15.23.54c-.06-.14-.44-.17-.57-.1s-.39.48-.28.64.58.12.7,0A.63.63,0,0,0,310.08,139.91ZM294,134.82a.6.6,0,0,0,.54-.14c.08-.1.1-.57-.1-.66s-.49.22-.59.37S293.84,134.76,294,134.82Zm18.62,6.76c.08-.48.23-1,.35-1.44a.72.72,0,0,0-.21-1.14,1,1,0,0,0-1.27.35,2.09,2.09,0,0,1-.65.67,1.29,1.29,0,0,0-.8,1.24c0,.44,1,1.08,1.47,1S312.52,142.25,312.63,141.58Zm10.16-6c.31-.16.06-.53,0-.69s-.39-.16-.44-.1a.67.67,0,0,0-.17.53A.48.48,0,0,0,322.79,135.62Zm0,3.17a.52.52,0,0,0,0-.66.44.44,0,0,0-.61-.13.5.5,0,1,0,.6.79Zm-4,4.47-.11.12a.47.47,0,0,0-.34-.19,2.64,2.64,0,0,0-.79.15.85.85,0,0,0,.52,1.12.49.49,0,0,0,.32,0c.32.3.88,0,1.17-.06s.41-.59.17-1S319.13,142.93,318.82,143.26Zm5-1.77a1.74,1.74,0,0,0-2.08-.22,1.51,1.51,0,0,0-.08,2.21,1.26,1.26,0,0,0,1.85.35A1.7,1.7,0,0,0,323.83,141.49ZM320,137.62c-.13.07-.42.48-.28.64a.57.57,0,0,0,.6,0c.14-.13.41-.39.27-.55A.58.58,0,0,0,320,137.62Zm-10.53-2.29a.58.58,0,0,0,.55-.14c.07-.1.09-.56-.11-.66s-.48.23-.58.37S309.35,135.28,309.51,135.33Zm-12.6.3a.86.86,0,0,0,1.21-.44.94.94,0,0,0-.54-1.2.87.87,0,0,0-1.18.53A.92.92,0,0,0,296.91,135.63ZM295,139.44a.88.88,0,0,0,1.16-.38.67.67,0,0,0-.32-1,.82.82,0,0,0-1.16.33A.84.84,0,0,0,295,139.44Zm3.94,2.49a1.81,1.81,0,0,0-1.8.57c-.28.62,0,1.21.76,1.52.56.24,1.09-.07,1.38-.8A.94.94,0,0,0,299,141.93Zm-6.72-.87c-.23.59,0,1.32.41,1.48a1.69,1.69,0,0,0,1.91-.86,1.05,1.05,0,0,0-.72-1.24A1.15,1.15,0,0,0,292.26,141.06Zm1.77-1.85c.12-.06.33-.47.2-.64s-.54,0-.69.08a.36.36,0,0,0-.06.45A.59.59,0,0,0,294,139.21Zm10.77-5.61c.06-.15-.09-.27-.16-.31s-.25.1-.27.17a.24.24,0,0,0,.1.28A.25.25,0,0,0,304.8,133.6Zm3.51,6a.55.55,0,0,0-.86.15c-.22.36-.11,1,.26,1s1,.11,1.16-.3S308.53,139.78,308.31,139.62Zm-2.1-1.82a1.14,1.14,0,0,0,1.55-.74,1.12,1.12,0,0,0-.48-1.54,1.69,1.69,0,0,0-1.92.87C305.15,136.85,305.6,137.59,306.21,137.8Zm-5.84,2.11c.1-.19.12-.8-.12-.94s-.74.24-.9.43a.61.61,0,0,0,.36.9A.86.86,0,0,0,300.37,139.91Zm4.17-1.31a1.7,1.7,0,0,0-1.58-1.23c-.39,0-1.21.32-1,1.1.92,1,0,1.35.44,2.28a1.4,1.4,0,0,0,.29.35,1.08,1.08,0,0,0,1.85-.7A6.39,6.39,0,0,0,304.54,138.6ZM301,135.12a.73.73,0,0,0,.67-.14.89.89,0,0,0,.2-.76.82.82,0,0,0-1.17-.23A.78.78,0,0,0,301,135.12Z"/><path class="cls-4" d="M351.58,45.21a10.9,10.9,0,0,0-14.67-4.45,10.72,10.72,0,0,0-4.59,4.67c-1.44,1.85-2.67,3.91-3.86,5.79-2.58,4.05-5,8.19-7.39,12.34-.31.53.44,1.15.87.67,3.16-3.57,6.23-7.21,9.25-10.91.1-.12.2-.25.31-.37a10.51,10.51,0,0,0,.93,2.42,10.82,10.82,0,0,0,6.65,5.3c-3.84,3.27-7.42,7-10.85,10.19a.61.61,0,0,0,.74,1c5.89-3.51,12.83-7.23,18.13-12a10.75,10.75,0,0,0,4.48-14.6Zm-15.44,8.17a6.54,6.54,0,0,1,2.74-8.9A6.58,6.58,0,0,1,342,43.7a6.65,6.65,0,0,1,5.88,3.5,6.57,6.57,0,0,1-2.74,8.9A6.68,6.68,0,0,1,336.14,53.38Z"/><path class="cls-10" d="M384.58,52.6h-5.37a40.28,40.28,0,0,0-38.85-38.93v-5h-3v5A40.3,40.3,0,0,0,298.5,52.6h-5.37v3h5.39a40.3,40.3,0,0,0,38.84,38.24v5.69h3V93.84A40.29,40.29,0,0,0,379.19,55.6h5.39ZM340.36,90.84v-10h-3v10A37.31,37.31,0,0,1,301.52,55.6H312v-3H301.5a37.29,37.29,0,0,1,35.86-35.93V27.38h3V16.67A37.28,37.28,0,0,1,376.21,52.6H365.75v3h10.44A37.3,37.3,0,0,1,340.36,90.84Z"/><path class="cls-11" d="M117.53,227.39l-.77-73.55h.77c40.36,0,73.56,33.21,73.56,73.56Z"/><path class="cls-12" d="M117.53,227.39l68.3-27.32a73.56,73.56,0,0,1-22.65,85Z"/><path class="cls-13" d="M117.53,227.39,177,270.74a73.63,73.63,0,0,1-59.43,30.2c-40.35,0-73.55-33.2-73.55-73.55s33.2-73.56,73.55-73.56h.06Z"/><circle class="cls-5" cx="117.43" cy="227.59" r="45.61"/><path class="cls-14" d="M136,233.73c.16-.12.08-.46,0-.61s-.46-.2-.6,0a.44.44,0,0,0,0,.56A.66.66,0,0,0,136,233.73Z"/><path class="cls-14" d="M134.69,237.45a1.15,1.15,0,0,0,.87.27,1.58,1.58,0,0,0,.45-.14.86.86,0,0,0,.31.54,1.54,1.54,0,0,0,.93.3s0,.07,0,.1a1.43,1.43,0,0,0,1.62,1.51c1.13-.21,1.69-1,1.61-1.68a2,2,0,0,0-2-1.42l-.14,0a1.27,1.27,0,0,0-.41-.79,1.06,1.06,0,0,0-1,0,1.75,1.75,0,0,0,0-.24,5.22,5.22,0,0,0-.9-.6,1.28,1.28,0,0,0-1.52.36A1.39,1.39,0,0,0,134.69,237.45Z"/><path class="cls-14" d="M135.16,227.34a.6.6,0,0,0,.2.95,2.29,2.29,0,0,0,.86,0c.39-.5.35-.93,0-1.16A.79.79,0,0,0,135.16,227.34Z"/><path class="cls-14" d="M137.23,225.29h0a1.15,1.15,0,0,0,.36-.28,1.09,1.09,0,0,0-.64-1.87,6.85,6.85,0,0,0-1.81-.07,1.72,1.72,0,0,0-1.27,1.54c0,.4.13.71.5.79l.67.11a.13.13,0,0,0,0,.06c.23.61.74.78,1.47.5A1,1,0,0,0,137.23,225.29Z"/><path class="cls-14" d="M137.53,251.91c.14.77.54,1,1.29.81s1.23-.42,1.19-1.46c.34.33.56.47.66.67a.81.81,0,0,0,1,.49l.22-.07a.74.74,0,0,0,.65,0,.88.88,0,0,0,.38-1.16.65.65,0,0,0-.13-.16c.17-1.33-.19-1.75-1.68-2.26l-.12-.07v0a2.18,2.18,0,0,0,.68.07.55.55,0,0,0,.52-.72.37.37,0,0,0-.05-.11,4.18,4.18,0,0,0,.26-.52c-.33-.36-.59-.9-1.24-.61a.77.77,0,0,0-.39,1.2l0,0a.76.76,0,0,0-1-.44.89.89,0,0,0-.39,1.39c.34.48.13.83,0,1.3a2.62,2.62,0,0,0-.84-.09,1.82,1.82,0,0,0-.13-.37c-.25-.48-.92-.57-1.59-.2a.85.85,0,0,0-.44,1.21,2,2,0,0,0,1.1.66s0,.07,0,.11S137.51,251.79,137.53,251.91Z"/><path class="cls-14" d="M141.71,226.52a.88.88,0,0,0,.23-1.1c-.31-.41-1.41-.16-1.52.26S141.29,226.8,141.71,226.52Z"/><path class="cls-14" d="M145.23,252.42a1.21,1.21,0,0,0-.81-.64,1,1,0,0,0-.79.45.94.94,0,0,0,.2,1.06.91.91,0,0,0-.36,1,1,1,0,0,0,1.15.46.85.85,0,0,0,.52-1.09,1,1,0,0,0-.2-.29A.91.91,0,0,0,145.23,252.42Z"/><path class="cls-14" d="M133.62,256c-.61.18-.65.89-.57,1.24s1,.57,1.45.07a.94.94,0,0,0,.14-.8A.81.81,0,0,0,133.62,256Z"/><path class="cls-14" d="M114.78,189.55c.31-.15.33-1.08-.25-1.42a1,1,0,0,0-.82,0,.82.82,0,0,0-.26,1.12C113.75,189.84,114.46,189.71,114.78,189.55Z"/><path class="cls-14" d="M112.25,190.37a1,1,0,0,0,.79,1.07.78.78,0,0,0,.9-.64.86.86,0,0,0-.67-1.11A1,1,0,0,0,112.25,190.37Z"/><path class="cls-14" d="M110.54,191.73c.32.5.9.23,1.45.2.17-.69.27-1.25-.38-1.57a.7.7,0,0,0-1,.22.36.36,0,0,1,0,.09A.89.89,0,0,0,110,190h-.09a.84.84,0,0,0-.17-.56.64.64,0,0,0-.9-.09c-.32.22-.48.74-.25,1l.17.13a1.52,1.52,0,0,0-.46.76.78.78,0,0,0,.23.67,1.51,1.51,0,0,0-.55-.19c-.84-.07-1.2.9-1.43.92s-.74-.81-1.52-1.09a1.14,1.14,0,0,0,.56-.61c.15-.66-.26-1.18-1-1.34-.6-.12-1,.29-1.2,1.07a1,1,0,0,0,.33,1.06,2.64,2.64,0,0,0-1.21,1.69,2.45,2.45,0,0,0,.33,1.79,2,2,0,0,0,2.13.76c.72-.29,1.31-1.32,1.62-1.3s.84,1.16,1.79,1.22a.59.59,0,0,0,.06.46c.12.11.55.29.68.07a.6.6,0,0,0-.12-.62,1.89,1.89,0,0,0,1.16-1.71,2.72,2.72,0,0,0-1.14-1.88,1.33,1.33,0,0,0,.28.1A1.19,1.19,0,0,0,110.54,191.73Z"/><path class="cls-14" d="M151.56,233.91a1.72,1.72,0,0,0-1.85-.46,2,2,0,0,0-1,1.64,1,1,0,0,0,.26.71,1.56,1.56,0,0,0,2.21.14l.45-.34c.22.29.4.58.63.83a.82.82,0,0,0,1.28.16,1.29,1.29,0,0,0,.58-1.38,1.12,1.12,0,0,0-1-.89,6.25,6.25,0,0,0-1.14,0C151.79,234.2,151.69,234.05,151.56,233.91Z"/><path class="cls-14" d="M132.26,229a1.27,1.27,0,0,0,1.49-.48,1.07,1.07,0,0,0-.24-1.59.57.57,0,0,0,0-.63c-.1,0-.26-.18-.36-.15a1.91,1.91,0,0,1-1.18-.18c-.18-.07-.59.18-.71.4a1,1,0,0,0,0,.83.66.66,0,0,0,.45.22A1.63,1.63,0,0,0,132.26,229Z"/><path class="cls-14" d="M130.33,228.94a.77.77,0,0,0-.18-.18c-.35-.26-1.09,0-1.49.47a1.11,1.11,0,0,0,0,1.52,1.39,1.39,0,0,0,1.69,0,.71.71,0,0,0,.15-.22,1,1,0,0,0,.52,0,1.22,1.22,0,0,0,.26-1.33A.63.63,0,0,0,130.33,228.94Z"/><path class="cls-14" d="M125.14,201.74a1.39,1.39,0,0,0,.19.42,1.09,1.09,0,0,0,2-.21,7,7,0,0,0,.47-1.75,1.71,1.71,0,0,0-1.22-1.58,1.36,1.36,0,0,0-.57,0c0-.16,0-.33-.08-.5-1-.31-1.36-.26-1.63.22a.85.85,0,0,0,.12,1,1,1,0,0,0,1,.33C125.76,200.64,125,200.83,125.14,201.74Z"/><path class="cls-14" d="M118,184.56c.08-.44-.63-1.12-1.29-1.24a1,1,0,0,0-1,.82,1.77,1.77,0,0,0,0,.23c-.36-.09-.76-.17-1.2-.29-.22-.75-.55-1.61-1.48-1.76a2.08,2.08,0,0,0-2.19,1.68.86.86,0,0,0-.19.54,1.07,1.07,0,0,0,.07.39c-.08.24-.24.34-.45.51a1,1,0,0,0-.06,1.42.56.56,0,0,0,.69.2.84.84,0,0,0,.66.38c.41,0,.86,0,.94-.38a1.56,1.56,0,0,0-.07-.8c.58-.1,1.17-.16,1.79-.24a2.92,2.92,0,0,0,1,1.18,1.06,1.06,0,0,0-.13.65c.15.65.74.46,1.28.47.22-.53.35-1,0-1.34a3.36,3.36,0,0,0,.42-.36,1.23,1.23,0,0,0,.37-1.24A1.36,1.36,0,0,0,118,184.56Z"/><path class="cls-14" d="M121.85,222.51c.26.15.74-.21.82-.58s-.59-1-1-.72A.8.8,0,0,0,121.85,222.51Z"/><path class="cls-14" d="M125.18,220.86c.21-.06.19-.48.15-.65s-.28-.15-.43-.22c-.08.18-.22.36-.21.53S125,220.92,125.18,220.86Z"/><path class="cls-14" d="M128.77,219.79c-.73-.56-1.43-.61-1.8-.14a1.54,1.54,0,0,0,.19,1.66,1.58,1.58,0,0,0,1.72-.44A.71.71,0,0,0,128.77,219.79Z"/><path class="cls-14" d="M130.56,212.51a1,1,0,0,0,1.29.24.87.87,0,0,0,.25-1.27.82.82,0,0,0-.51-.33,1.17,1.17,0,0,0,0-1.58,1.76,1.76,0,0,0-2,.46,1,1,0,0,0,.3,1.44,1.29,1.29,0,0,0,.65.29A.78.78,0,0,0,130.56,212.51Z"/><path class="cls-14" d="M128.51,208.7a.67.67,0,0,0,1,.33.82.82,0,0,0,.41-1.14.78.78,0,0,0-.25-.26,1.2,1.2,0,0,0,.11-.58,1.44,1.44,0,0,0-.94-1.18,1.11,1.11,0,0,0,.29-1.54c-.35-.53-1.07-.79-1.45-.52a1.68,1.68,0,0,0-.39,2.06.76.76,0,0,0,.52.3,1.33,1.33,0,0,0-.24.33,1.59,1.59,0,0,0-2,.29,1.64,1.64,0,0,0-.23,1.73,1.07,1.07,0,0,0-.25,0,1.33,1.33,0,0,0,0-1,1.11,1.11,0,0,0-1.68-.25c-.52.32-.57.92-.14,1.59a1.45,1.45,0,0,0,.44.42,1.42,1.42,0,0,0-.21,1.63,1.92,1.92,0,0,0,1.55.72.8.8,0,0,0,.19,1,.91.91,0,0,0,1.2-.21.84.84,0,0,0,0-1.12,1.06,1.06,0,0,0,0-.22.23.23,0,0,0-.08-.11,1.63,1.63,0,0,0,.1-1.51l-.05-.11a1.44,1.44,0,0,0,1.49-.68,1.81,1.81,0,0,0,.35-.65,1,1,0,0,0,.22.17A.91.91,0,0,0,128.51,208.7Z"/><path class="cls-14" d="M121.44,217.47c-.17-.38-.74-.65-1-.39s-.68.78-.44,1.13.81.15,1.06.06A.56.56,0,0,0,121.44,217.47Z"/><path class="cls-14" d="M125,227a1.13,1.13,0,0,0,1.53.74,1.37,1.37,0,0,0,.94-1.88,1.51,1.51,0,0,0-.93-.95,1.53,1.53,0,0,0-.22-2.05,1.37,1.37,0,0,0-.63-.23.85.85,0,0,0,.28-.69.91.91,0,0,0-.71-.92c-.58-.14-.83.31-1.15.73a.3.3,0,0,0-.21,0,.59.59,0,0,0-.2.52,1.12,1.12,0,0,0-.48.06,1.23,1.23,0,0,0-.83,1.69c.25.64.91,1,1.38.82a1,1,0,0,0,.24-.14,1.53,1.53,0,0,0,.46.69,1.35,1.35,0,0,0,.56.25A2,2,0,0,0,125,227Zm-.36-4.21a.83.83,0,0,0-.28-.28l0-.05a1,1,0,0,0,.32.28Z"/><path class="cls-14" d="M122.48,219.47a.82.82,0,0,0-.22-1.1.9.9,0,0,0-1.1,1.4A1.08,1.08,0,0,0,122.48,219.47Z"/><path class="cls-14" d="M94.89,200.45a.61.61,0,0,0-.51.24c0,.12,0,.58.23.63s.44-.31.5-.48A.35.35,0,0,0,94.89,200.45Z"/><path class="cls-14" d="M94.48,195.24c-.06.42.48.66.73.77a.56.56,0,0,0,.82-.32c.14-.39-.09-1-.46-1S94.54,194.81,94.48,195.24Z"/><path class="cls-14" d="M96.51,190.53a1.59,1.59,0,0,0,1.68-1.14,1.42,1.42,0,0,0,0-.29c0,.05.07.11.11.15a1.48,1.48,0,0,0,.82.33,1,1,0,0,0,.21.66,1.12,1.12,0,0,0-.08.26,1.36,1.36,0,0,0,.82,1.55,1.67,1.67,0,0,0,1.52-1.11,1.13,1.13,0,0,0-.85-1.43,1.06,1.06,0,0,0-.48-.58,1.15,1.15,0,0,0,0-.8c-.19-.46-.58-.52-1-.57s-.72-.23-1.11.09a.77.77,0,0,0-.24.43,1.52,1.52,0,0,0-.32-.35,1.23,1.23,0,0,0,.81-.63,2.36,2.36,0,0,0,.35-1.06,45,45,0,0,0-5.09,2.7l0,.13a1.53,1.53,0,0,0,.67.74,1.15,1.15,0,0,0-.27,1,2.23,2.23,0,0,0-1,0,5.51,5.51,0,0,0-.37,1,1.28,1.28,0,0,0,.69,1.4,1.4,1.4,0,0,0,1.7-.51,1.21,1.21,0,0,0,.08-.84,1,1,0,0,0,.49,0A1.14,1.14,0,0,0,96.51,190.53Z"/><path class="cls-14" d="M158.14,243.15a1,1,0,0,0-.69-.46c-.67,0-.85.51-.89,1.2.46.28.85.68,1.37.28A.74.74,0,0,0,158.14,243.15Z"/><path class="cls-14" d="M157.33,246.19c-.25.07-.42.48-.55.66.2.6.55.65.87.55s.66-.39.45-.75S157.54,246.13,157.33,246.19Z"/><path class="cls-14" d="M98.76,197.82a1.61,1.61,0,0,0,2,.45,1.78,1.78,0,0,0,.78-1.48.78.78,0,0,0,.15-.92c-1.1-.79-.29-1.32-.88-2.14a1.33,1.33,0,0,0-.36-.29,1.31,1.31,0,0,0-1-.11,2.22,2.22,0,0,0-.33-1.46,1.21,1.21,0,0,0-1.78-.26c-1,.78-.9,1.16-.36,2.24a1.36,1.36,0,0,0,1.76.49.38.38,0,0,0,0,.15,5.83,5.83,0,0,0,.2,1.24l0,0a1.2,1.2,0,0,0-.46.74,1,1,0,0,0-.9.12.88.88,0,0,0-.37.78,1.11,1.11,0,0,0-.95,1c-.12.72.22,1.35.77,1.41a1.68,1.68,0,0,0,1.71-1.23.78.78,0,0,0-.16-.62s0,0,.07,0A.43.43,0,0,0,98.76,197.82Z"/><path class="cls-14" d="M101.76,206.89c-.32,0-.39.42-.2.74a1.36,1.36,0,0,0,.87.57.4.4,0,0,0,.46-.44c0-.26-.25-.41-.48-.56S102,206.87,101.76,206.89Z"/><path class="cls-14" d="M103.72,208.15a.81.81,0,0,0,.48.33,1.72,1.72,0,0,0,.16,1,.71.71,0,0,0,1,.27c.78-.48,1.09-1.12.78-1.63a1.38,1.38,0,0,0-.91-.47,11.25,11.25,0,0,0,.37-1.58.69.69,0,0,0,0-.2c.2-.47-.17-.86-.44-1.32a2,2,0,0,0-1,.36,1.38,1.38,0,0,0-.18-.68l0,0c.28.11.48-.06.65-.28a.57.57,0,0,0-.17-.92c-.27-.1-.59-.22-.8,0s-.16.6,0,.93a1.86,1.86,0,0,0-1.86-.14,1.35,1.35,0,0,0-.44.45c-.34,0-.72.16-.77.37a1,1,0,0,0,.24.83.6.6,0,0,0,.54.24,1.6,1.6,0,0,0,2.16.74,1.42,1.42,0,0,0,.44-.5s0,.05,0,.08a3.15,3.15,0,0,1-.26.56A1.22,1.22,0,0,0,103.72,208.15Z"/><path class="cls-14" d="M98,201.61a.47.47,0,0,0-.76.12,1.12,1.12,0,0,0-.17.41,1.63,1.63,0,0,0-1.7,0,1.42,1.42,0,0,0-.4,2.14,1.45,1.45,0,0,0,2.11.62,1.75,1.75,0,0,0,.67-2,.82.82,0,0,0,.67-.23C98.59,202.4,98.39,201.9,98,201.61Z"/><path class="cls-14" d="M145,244.33a.64.64,0,0,0,.59-.27h0a2.5,2.5,0,0,0,2.75-.49,2.11,2.11,0,0,0,.75-1.86c-.11-.72-1-.85-1.43-1.5-.92-1.55-2.19-1.07-3.11-.27a1.89,1.89,0,0,0-.58,1,1.91,1.91,0,0,0,.45,1.5,4.25,4.25,0,0,1,.42,1,.46.46,0,0,0-.22.14C144.38,243.81,144.81,244.27,145,244.33Z"/><path class="cls-14" d="M142.72,220.6c-.54.13-1,.79-.76,1.17s1.62.38,1.89-.05S143.25,220.46,142.72,220.6Z"/><path class="cls-14" d="M144.18,235.94c-.07.49-.1,1,.43,1.25a.76.76,0,0,0,1.06-.37,1,1,0,0,0,0-.9C145.2,235.45,144.68,235.6,144.18,235.94Z"/><path class="cls-14" d="M143.16,226.05a.56.56,0,0,0,.39,1c.59,0,1.26.1,1.79-.4,0-.12,0-.24,0-.36l0,0c.2.13.94.19,1.08,0s-.2-.78-.37-.89l-.15,0a1,1,0,0,0,.34-1,.78.78,0,0,0-.87-.46c-.72.09-.91.34-1,1.19A11.35,11.35,0,0,0,143.16,226.05Z"/><path class="cls-14" d="M140.87,216.36c.21-.44.62-.89.1-1.38a.79.79,0,0,0-1.12-.07,1.05,1.05,0,0,0-.32.75C139.56,216.16,139.92,216.33,140.87,216.36Z"/><path class="cls-14" d="M137,196.71c.07,0,.07-.26,0-.32a.26.26,0,0,0-.29-.08.27.27,0,0,0-.08.36A.28.28,0,0,0,137,196.71Z"/><path class="cls-14" d="M136.2,193.82c.12-.07.1-.52,0-.69s-.38-.18-.43-.13a.64.64,0,0,0-.2.53C135.64,193.65,136.07,193.9,136.2,193.82Z"/><path class="cls-14" d="M145.46,222a.59.59,0,0,0,.56,0c.1-.08.24-.53.07-.67s-.53.09-.66.21A.35.35,0,0,0,145.46,222Z"/><path class="cls-14" d="M145.2,217c-.3-.1-.56.46-.56.63a.65.65,0,0,0,.47.45.68.68,0,0,0,.51-.42A.71.71,0,0,0,145.2,217Z"/><path class="cls-14" d="M138.79,223.27c-.18.24.06.57.17.64s.44.16.59,0,0-.46-.07-.59S139,223,138.79,223.27Z"/><path class="cls-14" d="M140.54,220.76a1.26,1.26,0,0,0,1.81-.13,2,2,0,0,0-.17-2.48,1.46,1.46,0,0,0-1.94.32A1.57,1.57,0,0,0,140.54,220.76Z"/><path class="cls-14" d="M137.38,229.58c.17.3.87.16,1-.2a1.61,1.61,0,0,0,0-.72c-.49-.4-1-.41-1.11-.08A1.37,1.37,0,0,0,137.38,229.58Z"/><path class="cls-14" d="M140.58,237.55a.31.31,0,0,0,0-.25,2,2,0,0,0-.35,0c0,.1-.08.22,0,.31S140.51,237.6,140.58,237.55Z"/><path class="cls-14" d="M137.51,227.38a1.18,1.18,0,0,0,1.31.61c.51-.19,1.15-1.33,1-1.74a1.47,1.47,0,0,0-1.8-.47C137.36,226,137.18,226.6,137.51,227.38Z"/><path class="cls-14" d="M141.2,223.85a.56.56,0,0,0,.41,0,.22.22,0,0,0,.16,0c.13,0,.17-.19.18-.34a1.25,1.25,0,0,0,.18-.64c0-.33-1.53-.42-1.78-.14S140.56,223.7,141.2,223.85Z"/><path class="cls-14" d="M142.89,211.15a2.41,2.41,0,0,0-2.54.34,1.64,1.64,0,0,0,.44,2.21,1.85,1.85,0,0,0,2.26-.3A1.67,1.67,0,0,0,142.89,211.15Z"/><path class="cls-14" d="M140,208.1a2.47,2.47,0,0,0-.8,0,.85.85,0,0,0,.22,1.21c.35.21.56,0,.75-.24A.57.57,0,0,0,140,208.1Z"/><path class="cls-14" d="M131.57,193.36c-.14.07-.46.46-.32.63a.58.58,0,0,0,.6.06c.15-.11.43-.36.3-.53A.59.59,0,0,0,131.57,193.36Z"/><path class="cls-14" d="M136.9,211a.57.57,0,0,0-.17-.93,2.49,2.49,0,0,0-.8-.05.84.84,0,0,0,.22,1.21C136.49,211.48,136.71,211.28,136.9,211Z"/><path class="cls-14" d="M138.4,235.17a.3.3,0,0,0-.28.4.32.32,0,0,0,.42.31c.25,0,.35-.18.29-.42S138.65,235.12,138.4,235.17Z"/><path class="cls-14" d="M135.45,213.81a1.16,1.16,0,0,0,1.69-.26c.35-.41.18-1.06-.41-1.55a.84.84,0,0,0-1.28,0A1.79,1.79,0,0,0,135.45,213.81Z"/><path class="cls-14" d="M134.77,220.91a.66.66,0,0,0,.81.56.78.78,0,0,0,.54-.58.9.9,0,0,0,1.1,0,1.19,1.19,0,0,0,.3-1,1,1,0,0,0-.71-.57,1,1,0,0,0-1,.87.75.75,0,0,0-.61,0A.63.63,0,0,0,134.77,220.91Z"/><path class="cls-14" d="M139.68,232.73a1,1,0,0,0,.29-.28l.4,0c0-.24,0-.55-.09-.69a.3.3,0,0,0-.08-.07,1.33,1.33,0,0,0-.57-1.09c-.43-.22-.81-.63-1.21-.51a.87.87,0,0,0-.57.49c-.1.21-.31.38-.3.76a1.8,1.8,0,0,0,.72,1.39A1.33,1.33,0,0,0,139.68,232.73Z"/><path class="cls-14" d="M137.47,216.92a.91.91,0,0,0-1.14,1.41.9.9,0,0,0,1.22-.08A1,1,0,0,0,137.47,216.92Z"/><path class="cls-14" d="M137.69,247.15a.91.91,0,0,0,.55-.63,1.71,1.71,0,0,0,1.68-.07,1.82,1.82,0,0,0,.56-2.2,1.65,1.65,0,0,0-2.15-.69,2.51,2.51,0,0,0-.76,1.86.86.86,0,0,0-.59,0,1.42,1.42,0,0,0-.5,1.39A1.22,1.22,0,0,0,137.69,247.15Z"/><path class="cls-14" d="M137.74,243.48c.48-.09.63-.46.78-.84s.38-.64.16-1.09a1.14,1.14,0,0,0-1.59-.26,1.47,1.47,0,0,0-.5.72.89.89,0,0,0-1.15.59.87.87,0,0,0,.54,1,1,1,0,0,0,1-.32A1.26,1.26,0,0,0,137.74,243.48Z"/><path class="cls-14" d="M133.31,187.44a.48.48,0,0,0,.16-.76c-.23-.32-.54-.54-1-.31a.91.91,0,0,0-.32,1.08C132.36,187.72,132.9,187.7,133.31,187.44Z"/><path class="cls-14" d="M134.61,195.88c-.31-.47-.73-.64-1-.41a1.43,1.43,0,0,0-.34,1.45.88.88,0,0,0,1.22.16A.82.82,0,0,0,134.61,195.88Z"/><path class="cls-14" d="M132.89,201.8c-.31.24-.56.52-.33.95s1.08.4,1.24.16a1,1,0,0,0-.08-.88A.51.51,0,0,0,132.89,201.8Z"/><path class="cls-14" d="M134.9,199.68a.58.58,0,0,0,.14-.54.54.54,0,0,0-.51-.16c-.14.07-.47.41-.31.61A.64.64,0,0,0,134.9,199.68Z"/><path class="cls-14" d="M152.62,231.67a.8.8,0,0,0,1-.36.73.73,0,0,0-.86-.95A.76.76,0,0,0,152.62,231.67Z"/><path class="cls-14" d="M134,197.62c-.16-.14-.52.1-.66.21s-.11.36,0,.45a.59.59,0,0,0,.56,0C134.06,198.21,134.19,197.77,134,197.62Z"/><path class="cls-14" d="M135.06,189.79a.84.84,0,0,0-1.17-.33.88.88,0,0,0-.32,1.08.85.85,0,0,0,1.19.28A.68.68,0,0,0,135.06,189.79Z"/><path class="cls-14" d="M139.71,205.08c.25-.66-.57-1.08-1.07-1s-.35,0-.71-.38a.89.89,0,0,0-1.32-.17,2,2,0,0,0-.22-1.4,1,1,0,0,0-1.1-.26.61.61,0,0,0-.24.5,1.2,1.2,0,0,0-.73.27,2.25,2.25,0,0,1-.8.49,1.27,1.27,0,0,0-1.08,1c-.08.43.66,1.28,1.16,1.37s1,.21,1.25-.41c.2-.46.47-.88.7-1.32a1,1,0,0,0,.17-.19.91.91,0,0,0,.77.09s0,0,0,0a1.12,1.12,0,0,0-.1.16,1.75,1.75,0,0,0,.73,2.2A2,2,0,0,0,139.71,205.08Z"/><path class="cls-14" d="M135.59,250.16a1.69,1.69,0,0,0,.28-.26l.08,0a.43.43,0,0,0,.2-.4.5.5,0,0,0,0-.26c0-.9-.76-1-1.53-1.09-.39.53-.84,1.08-.42,1.74A.93.93,0,0,0,135.59,250.16Z"/><path class="cls-14" d="M113.94,235.73a5,5,0,0,0-2.33-1.48,1.21,1.21,0,0,0,.48-.57,1.36,1.36,0,0,0,0-.87.9.9,0,0,0,.63-1.14.87.87,0,0,0-1-.51,1,1,0,0,0-.64.81,1.18,1.18,0,0,0-.75.26,1,1,0,0,0-.19,1.13c.08.36,0,.75.48,1l.11,0a1,1,0,0,0-.19,1.77c.08.08.18.15.27.23a1.45,1.45,0,0,0,.11,1.61,2,2,0,0,0,2.42.08,1.41,1.41,0,0,0,.45-1.29.81.81,0,0,0,.12-.14A.67.67,0,0,0,113.94,235.73Z"/><path class="cls-14" d="M115.31,256.29a1.06,1.06,0,0,0-.59.13.86.86,0,0,0-.27,1.26.91.91,0,0,0,1.19.25.73.73,0,0,0,.16-.14,1.08,1.08,0,0,0,1.33-.49,1,1,0,0,0-.29-1.11,1.64,1.64,0,0,0,.56.32,2.29,2.29,0,0,0,2.2-1.08c.22-.61-.42-1.08-.38-1.26s1-.45,1.29-1.21a1.93,1.93,0,0,0-1-2,2.83,2.83,0,0,0-.93-.2c-.18-.07-.48-.12-.61,0a.16.16,0,0,0,0,.15,1.52,1.52,0,0,0-.83,1.33,2.17,2.17,0,0,0,.34.82c-.54-.09-.87.52-.85.81a.54.54,0,0,0,.28.37,1.14,1.14,0,0,0-.45.65,1.21,1.21,0,0,0,.35,1.19,1.85,1.85,0,0,0-.33-.21A.77.77,0,0,0,115.31,256.29Z"/><path class="cls-14" d="M108.77,247.83a.76.76,0,0,0-.65-1.14.78.78,0,0,0-.59.82C107.6,247.94,107.89,248,108.77,247.83Z"/><path class="cls-14" d="M108.19,241.28a.74.74,0,0,0,.22-.76.9.9,0,0,0-1.06-.62,1,1,0,0,0-.67,1.15.85.85,0,0,0,.93.53.77.77,0,0,0-.14.6,1,1,0,0,0,.54.72c.61.16.95-.26,1.18-.82C109,241.65,108.73,241.23,108.19,241.28Z"/><path class="cls-14" d="M116.92,244.64a1.54,1.54,0,0,0,.76-1.48.67.67,0,0,0-.23-.29,1,1,0,0,0-.16-.63,1.83,1.83,0,0,0-1.37-.76,1.36,1.36,0,0,0-1.2.76,1.15,1.15,0,0,0,.14,1.15h0a.77.77,0,0,0-.54,0,.92.92,0,1,0,.64,1.73,1,1,0,0,0,.47-1.23s0,0,0,0a1,1,0,0,0,.29.11C116,244.54,116.46,244.79,116.92,244.64Z"/><path class="cls-14" d="M118.59,250.71a.25.25,0,0,0,.09-.35.27.27,0,0,0-.34-.05c-.08,0-.08.26,0,.32A.24.24,0,0,0,118.59,250.71Z"/><path class="cls-14" d="M105.07,244a.86.86,0,0,0-.58.84,1.58,1.58,0,0,0-1.08,1.09l-.18.54c-.34-.12-.65-.26-1-.34a.81.81,0,0,0-1.15.58,1.28,1.28,0,0,0,.28,1.47,1.16,1.16,0,0,0,1.37.16,6.11,6.11,0,0,0,.93-.66,4.51,4.51,0,0,0,.52.17,1.72,1.72,0,0,0,1.8-.65,1.91,1.91,0,0,0,.15-1.4,1.51,1.51,0,0,0,.47-1.08A1.17,1.17,0,0,0,105.07,244Z"/><path class="cls-14" d="M115.17,238.09a5.58,5.58,0,0,0,1.08,0,1.26,1.26,0,0,0,1.06-1.14,1.56,1.56,0,0,0-.48-1.09h0a1.72,1.72,0,0,0,.87-1.9,1.14,1.14,0,0,0-1-.51l.17-.17a1.3,1.3,0,0,0,0-1.56c.4-.29.56-.74,1-.46.71.43,0,.89,1,1.42s2.11,0,2-.85a1.46,1.46,0,0,0-.5-1,1.07,1.07,0,0,0-.2-.38c.08-.25.33-.88-.13-1.16a1.4,1.4,0,0,0-.5-1.1,1.35,1.35,0,0,0-2.31,1.2,3.11,3.11,0,0,0-.8-.39c-.87-.21-1.76.08-1.88,1a1.62,1.62,0,0,0,.31,1.31,2.1,2.1,0,0,0-.73.63,1,1,0,0,0-.15.33l0,0c-.6.21-.81.58-.68,1a.79.79,0,0,0,1,.45.33.33,0,0,0,.1-.06s.07.07.12.1a2.18,2.18,0,0,0,.92.36,1.18,1.18,0,0,0,0,1,1.62,1.62,0,0,0,.29.48,1.1,1.1,0,0,0-.5.23A1.65,1.65,0,0,0,115.17,238.09Z"/><path class="cls-14" d="M122,271a.84.84,0,0,0,0-.81c-.06-.22-.25-.48-.41-.51h-.17a.81.81,0,0,0-.77,0c-.55.4-.41,1-.32,1.49C121.36,271.48,121.76,271.44,122,271Z"/><path class="cls-14" d="M129.06,227.92a.65.65,0,0,0,.54-.82l0-.1a1.19,1.19,0,0,0,.66-.4,2.13,2.13,0,0,0,.32-2,1.75,1.75,0,0,0,0-1.08.66.66,0,0,0-.9-.42,1.38,1.38,0,0,0-.9.89,1.5,1.5,0,0,0-.85.51,1.8,1.8,0,0,0,.26,2.09,1,1,0,0,0-.2.57C128,227.52,128.63,228,129.06,227.92Z"/><path class="cls-14" d="M89.74,215.49c-.15.1-.17.43-.24.66.23.06.5.24.68.16s.64-.36.41-.75S89.89,215.39,89.74,215.49Z"/><path class="cls-14" d="M133.41,267.69a.71.71,0,0,0,.33-.61,1.17,1.17,0,0,0-.22-.43,2.07,2.07,0,0,0,1.14-1.31,1.93,1.93,0,0,0-.17-1.39,1.56,1.56,0,0,0-1.61-.69,2.23,2.23,0,0,0-.69.47,1.44,1.44,0,0,0-.81-.88,1.6,1.6,0,0,0-1.89.44v0a1.34,1.34,0,0,0-.42.4,1.29,1.29,0,0,0,.14-.36.78.78,0,0,0-.66-1,1.13,1.13,0,0,0-.75.08.53.53,0,0,0-.43-.49,1.56,1.56,0,0,1-.5-.18.94.94,0,0,0,.37-1.19,1.36,1.36,0,0,0-1.63-.38.68.68,0,0,0-.3.35,1,1,0,0,0-.37.16c-.43.31-.59,1-.19,1.29a1.42,1.42,0,0,1,.72,1.42,1.37,1.37,0,0,0,1.21,1,1.39,1.39,0,0,0,.72-.49,1,1,0,0,0,.59.44,1,1,0,0,0,1-.51,1.75,1.75,0,0,0-.2.61,2.32,2.32,0,0,0,1.53,1.93c.64.08,1-.64,1.14-.65s.53.66,1.11.92a2,2,0,0,0-.26.51C132.57,267.64,132.91,267.93,133.41,267.69Z"/><path class="cls-14" d="M91.09,212.46a1.27,1.27,0,0,0,1.38,1.19A1.52,1.52,0,0,0,94,212c-.06-1.25-1.32-1-1.06-1.75s.86-.21,1.14-1.34-.52-2-1.29-1.78-.87,1-1.06,1a2.93,2.93,0,0,1-.37,0s0,0,0,0,0-.29-.08-.34-.27,0-.3.09a.24.24,0,0,0,0,.3.54.54,0,0,0-.48.43c-.32,1.34,1,1.31,1,1.74a1.29,1.29,0,0,1,0,.25,1,1,0,0,0-.6.29,1.24,1.24,0,0,0,.19,1.64Z"/><path class="cls-14" d="M102.12,241.87a1.84,1.84,0,0,0-2-1,1.66,1.66,0,0,0-1.12,2,1.58,1.58,0,0,0,.28.39,1.36,1.36,0,0,0,.37.78,1.48,1.48,0,0,0,1.78-.11A1.65,1.65,0,0,0,102.12,241.87Z"/><path class="cls-14" d="M105.22,251.48a.69.69,0,0,0-.07-.86.81.81,0,0,0,.1-.71.86.86,0,0,0-1.14-.43.8.8,0,0,0-.53,1,.83.83,0,0,0,.41.55.38.38,0,0,0,0,.15A.73.73,0,0,0,105.22,251.48Z"/><path class="cls-14" d="M100,246.08c-.41.14-.62.54-.38.87a2.43,2.43,0,0,0,.64.48.84.84,0,0,0,.49-1.12C100.61,245.94,100.32,246,100,246.08Z"/><path class="cls-14" d="M107.47,250.44a1.77,1.77,0,0,0,1.94.75,1.14,1.14,0,0,0,.22-.12.32.32,0,0,0,.4-.08c.1-.14.32-.5.14-.66a.31.31,0,0,0-.12-.05,1.26,1.26,0,0,0-.08-.45,1.07,1.07,0,0,0-1.58-.74C107.72,249.33,107.29,250,107.47,250.44Z"/><path class="cls-14" d="M101.49,263.46c-.14.06-.14.25-.12.33s.24.12.31.09.18-.15.14-.26A.25.25,0,0,0,101.49,263.46Z"/><path class="cls-14" d="M99.2,258.47c-.13,0-.49.3-.43.52s.49.21.67.19.29-.23.22-.39A.58.58,0,0,0,99.2,258.47Z"/><path class="cls-14" d="M100.27,252.51a1.76,1.76,0,0,0,.62-2.24,2.07,2.07,0,0,0-2.68-.65c-.57.42-.13,1.23.35,1.41s.3.19.37.71S99.44,252.93,100.27,252.51Z"/><path class="cls-14" d="M107.12,267.4a.93.93,0,0,0-.53,1.2.88.88,0,0,0,1.18.53.91.91,0,0,0,.48-1.12A.86.86,0,0,0,107.12,267.4Z"/><path class="cls-14" d="M103.21,261.19a1.23,1.23,0,0,0,.49-1.57,1.13,1.13,0,0,0-1.58-.67c-.69.26-1.06.86-.83,1.38A1.67,1.67,0,0,0,103.21,261.19Z"/><path class="cls-14" d="M108.52,260.07a1.09,1.09,0,0,0-1.75-.92,6.74,6.74,0,0,0-1.37,1.19,1.69,1.69,0,0,0,.14,2c.26.29,1,.7,1.49,0,.14-1.34,1-.91,1.42-1.84A1.45,1.45,0,0,0,108.52,260.07Z"/><path class="cls-14" d="M109.89,262.82a.84.84,0,0,0-.74-.24c-.2.05-.67.44-.62.72s.68.39.92.38S110.11,263.09,109.89,262.82Z"/><path class="cls-14" d="M109.11,270.41c-.13,0-.49.3-.43.51s.49.22.67.2.29-.24.22-.4A.57.57,0,0,0,109.11,270.41Z"/><path class="cls-14" d="M112,258.23a1.14,1.14,0,0,0-1.57-.66,1.38,1.38,0,0,0-.93,1.49,1.65,1.65,0,0,0,1.72.76A1.13,1.13,0,0,0,112,258.23Z"/><path class="cls-14" d="M79,207.08c-.14.06-.4.43-.33.62s.58.15.7.07.28-.42.19-.56A.58.58,0,0,0,79,207.08Z"/><path class="cls-14" d="M98.53,238.9c-.28-.61-.74-.69-1.34-.43-1-1.28-1.87-1.08-2.55.48-.11,0-.22,0-.33,0-.47-.06-.69.21-.84.6a.82.82,0,0,0,.24.92c.62.68,1,.7,1.69,0,.49-.5,1-1,1.49-1.47C97.86,239.89,98,239.87,98.53,238.9Z"/><path class="cls-14" d="M113.22,263.25a1,1,0,0,0,.56-.46,1,1,0,0,0,1,0,.61.61,0,0,1,.76-.67.91.91,0,0,0,.44-1.14.85.85,0,0,0-1.15-.37.71.71,0,0,0-.48.64.76.76,0,0,0-.53.09s0,0-.07.06a1.11,1.11,0,0,0-1.38-.26.94.94,0,0,0-.73,1.11A1.84,1.84,0,0,0,113.22,263.25Z"/><path class="cls-14" d="M80.47,205.5c-.1.05-.08.31-.12.47a1.29,1.29,0,0,0,.57.08c.09,0,.33-.36.22-.55S80.62,205.43,80.47,205.5Z"/><path class="cls-14" d="M88.56,235.35c-.08.06,0,.42,0,.45a.64.64,0,0,0,.56,0,.47.47,0,0,0,.07-.66C89,234.88,88.69,235.23,88.56,235.35Z"/><path class="cls-14" d="M97.06,246c-.12.1,0,.46.08.57s.57.23.69.08-.06-.59-.18-.68A.68.68,0,0,0,97.06,246Z"/><path class="cls-14" d="M89.32,230.86a.86.86,0,0,0-1.13.1.74.74,0,0,0,0,1.1.88.88,0,0,0,1.14-.1A.75.75,0,0,0,89.32,230.86Z"/><path class="cls-14" d="M87.84,198.65c.5.51,1,.68,1.25.45a1.41,1.41,0,0,0,.06-1.47l0,0a.8.8,0,0,0,.64-.84,1.76,1.76,0,0,0-1.62-1.66,2.07,2.07,0,0,0-1.91,2c.07.7,1,.73,1.4.41s.34-.19.68,0a1.12,1.12,0,0,0-.51.2A.64.64,0,0,0,87.84,198.65Z"/><path class="cls-14" d="M95.36,200a1.65,1.65,0,0,0,.59-2.36,1.29,1.29,0,0,0-1.58-.55l-.09-.17a1.66,1.66,0,0,0-2-.34,1.45,1.45,0,0,1,.34-.46,1.27,1.27,0,0,0,.54-1.37c-.1-.37-.87-.73-1.4-.75a1.82,1.82,0,0,0-1.35-.15,1.09,1.09,0,0,0-.25,1.58,1.32,1.32,0,0,0,.39.44c0,.18,0,.37,0,.56A.71.71,0,0,0,91,197.5a.83.83,0,0,0,.64,0,1.6,1.6,0,0,0,.07,1.28,1.72,1.72,0,0,0,1.64.81A1.69,1.69,0,0,0,95.36,200Z"/><path class="cls-14" d="M106.76,219.53a1,1,0,0,0-.22-1.34c-.26-.24-1.13.07-1.24.74a1,1,0,0,0,.33.75A.81.81,0,0,0,106.76,219.53Z"/><path class="cls-14" d="M91.49,201.47a.84.84,0,0,0-.23,1.19.76.76,0,0,0,1.07.26.72.72,0,0,0,.31-1A.87.87,0,0,0,91.49,201.47Z"/><path class="cls-14" d="M105.46,221.3c-.41-.12-.67.07-1,.64-.39-.59-.69-1.25-1-1.91a3.87,3.87,0,0,0,.72-1.13.9.9,0,0,0,.83,0,.86.86,0,0,0,.25-1.18.87.87,0,0,0-1.16-.38.92.92,0,0,0-.36.42,3.75,3.75,0,0,0-.62-.37l-.06,0a1,1,0,0,0-.78-1.27.87.87,0,0,0-.84,1.19.93.93,0,0,0,.25.33,1.2,1.2,0,0,0-.31.67,7.55,7.55,0,0,0,.14,1.89,1.59,1.59,0,0,0-1.19.23,1.26,1.26,0,0,0-.51,1.74,1.93,1.93,0,0,0,.74.64,2.23,2.23,0,0,0,2.8.95.88.88,0,0,1,1,.16,1,1,0,0,0,1.35-.44.59.59,0,0,0,0-.65.79.79,0,0,0,.37-1A1.06,1.06,0,0,0,105.46,221.3Z"/><path class="cls-14" d="M102.66,232.77c.09,0,.28-.24.22-.4a.59.59,0,0,0-.46-.31c-.13,0-.49.3-.43.51S102.48,232.79,102.66,232.77Z"/><path class="cls-14" d="M140.83,266.33a.75.75,0,0,0-1.05.63c.36-.2.71-.41,1.05-.62Z"/><path class="cls-14" d="M97.82,225.42c.19-.11.09-.53,0-.7a.35.35,0,0,0-.43-.12.57.57,0,0,0-.2.52C97.26,225.24,97.62,225.52,97.82,225.42Z"/><path class="cls-14" d="M102.23,226.14c.2-.24-.24-.69-.39-.75a.63.63,0,0,0-.59.28.7.7,0,0,0,.21.63A.74.74,0,0,0,102.23,226.14Z"/><path class="cls-14" d="M99.74,231.62c.36-.49.19-1-.46-1.54s-1.12-.4-1.4,0A2.22,2.22,0,0,0,98,232,1.22,1.22,0,0,0,99.74,231.62Z"/><path class="cls-14" d="M127.48,238.12c.18-.58-.22-.87-.7-1a1,1,0,0,0-.53,1.4C126.76,238.63,127.29,238.73,127.48,238.12Z"/><path class="cls-14" d="M137.24,263.84a1.15,1.15,0,0,0,1.51.22,1.18,1.18,0,0,0,.4-1.75,1.13,1.13,0,0,0-1.4-.59l-.15.12a1.77,1.77,0,0,0-.2-1.46c-.05-.07-.12-.12-.17-.18a1,1,0,0,0,.18-.17,3.15,3.15,0,0,0,.22-.29,2.13,2.13,0,0,0,1-1.15,1,1,0,0,0,0-.43,2,2,0,0,0,1.87-1,1.71,1.71,0,0,0,.11-.7,1.32,1.32,0,0,1,.36.81c.05.68.6,1,1.1,1.34a1.54,1.54,0,0,0,1.68-.29l.11-.12a1.66,1.66,0,0,0,0,.7,1.46,1.46,0,0,0-1-.05c-.71.25-1,.62-.92,1.13a.67.67,0,0,0-.85-.07c-.79.47-1.11,1.1-.81,1.62a1.55,1.55,0,0,0,1.61.44,1.48,1.48,0,0,0,.37-1.34,1.4,1.4,0,0,0,1.31.46,1.59,1.59,0,0,0,.86-1.52,1.4,1.4,0,0,0,1.12-.19s0,.07,0,.1c.06.48.71.69,1.2.48a.75.75,0,0,0,.37-1,1,1,0,0,0-.89-.49.75.75,0,0,0-.05-.5,1.6,1.6,0,0,0-1.8-.58,1,1,0,0,0-.2.16,1.48,1.48,0,0,0-.11-.72,2.22,2.22,0,0,0-.54-.81v0a1.06,1.06,0,0,0-1-.73,1.08,1.08,0,0,1-.2-.29,1.11,1.11,0,0,0-1.75-.6.53.53,0,0,0-.11-.31,1,1,0,0,0-1.25-.05,1.23,1.23,0,0,0-.43.48c-.47-.12-.54-.33-.69-.66a1,1,0,0,0-1.37-.39c-.47.26-.43.62-.23,1a2.26,2.26,0,0,1,.34.91,10.92,10.92,0,0,1-.08,1.14.91.91,0,0,1-.24-.49c-.09-.48-.58-.51-1-.38-.31.58-.19,1,.31,1.24-.11.46-.24.82-.32,1.16-.57.41-.55.94,0,1.87l.09.12a2.9,2.9,0,0,0-.34.19,2.1,2.1,0,0,0-.82.93,1.36,1.36,0,0,0-1.35-.52,1.07,1.07,0,0,0-.74,1.12c.22.85.82,1.38,1.37,1.22a1.3,1.3,0,0,0,.8-1,3.07,3.07,0,0,0,.16.31,1.61,1.61,0,0,0,2.39.38,1.18,1.18,0,0,0,.18-.13A1.75,1.75,0,0,0,137.24,263.84Z"/><path class="cls-14" d="M131.3,233.65a1.61,1.61,0,0,0-3.11.42,1.69,1.69,0,0,0-.89,1.89,1.88,1.88,0,0,0,1,1.09,1.7,1.7,0,0,0,.35.48c.63.56,1.64.33,2.37-.53a1.38,1.38,0,0,0,0-1.77A1.75,1.75,0,0,0,131.3,233.65Z"/><path class="cls-14" d="M127.13,235.53a.75.75,0,0,0-.14-1.09.73.73,0,0,0-1.09.08.87.87,0,0,0,0,1.22A.83.83,0,0,0,127.13,235.53Z"/><path class="cls-14" d="M128.18,259.6a3,3,0,0,0,1,.2s0,.05,0,.08c.24,1.13,1,1.66,1.73,1.55a2,2,0,0,0,1.24-1.17.8.8,0,0,0,1,.2.92.92,0,0,0,.25-1.2.86.86,0,0,0-1.16-.34.6.6,0,0,0-.13.09,1.39,1.39,0,0,0-.64-.61,1.91,1.91,0,0,0,.19-1.49c-.18-.61-.91-.69-1.41-1.09a.63.63,0,0,0,.16-.22,1,1,0,0,0-.15-1h0c0-.41-.12-.79-.56-.83a1.34,1.34,0,0,0-1,.26.73.73,0,0,0-.15.27,1.09,1.09,0,0,0-.4.33,1,1,0,0,0-.11.27,3,3,0,0,0-1.12.85,1.74,1.74,0,0,0,.22,2.52C127.6,258.74,127.6,259.38,128.18,259.6Z"/><path class="cls-14" d="M122.9,263.77a.9.9,0,0,0,1.2.2.85.85,0,0,0,.12-1.21.72.72,0,0,0-1.07-.19.81.81,0,0,0-.24.28.57.57,0,0,0,0-.26.9.9,0,0,0-.26-.37,1.66,1.66,0,0,0,.37-.16c.53-.31.59-.91.17-1.59A.93.93,0,0,0,122,260a1.82,1.82,0,0,0-.61,1.79l.07.07h0c-.42.12-.69.95-.48,1.46s.55.52,1,.34a1.55,1.55,0,0,0,.9-.66A.9.9,0,0,0,122.9,263.77Z"/><path class="cls-14" d="M125.28,259.79a1.1,1.1,0,0,0,.72-.21,1.13,1.13,0,0,0,.31-1.67,1.42,1.42,0,0,0-1.45-.65,1.77,1.77,0,0,0-1.08.06c-1,.32-1.32.95-1,1.82a1.54,1.54,0,0,0,2.13.91A1.19,1.19,0,0,0,125.28,259.79Z"/><path class="cls-14" d="M97.5,222.37a1.23,1.23,0,0,0,.31-1.19h0c.32.09.93-1.27.75-1.61s-1-.16-1.37.39a.61.61,0,0,0,0,.65,1.43,1.43,0,0,0-1.51.3,1.58,1.58,0,0,0,.26,1.87A1.26,1.26,0,0,0,97.5,222.37Z"/><path class="cls-14" d="M106,225.38a2.75,2.75,0,0,0-.22-.26c-.55-.56-1-.55-1.52,0a1.31,1.31,0,0,0-.19,1.87,3.93,3.93,0,0,1-.92-.19.79.79,0,0,0-1.11.17,1.17,1.17,0,0,0-.36,1.33c.71,1.63,1.17,1.86,2.88,1.41h.15a1.92,1.92,0,0,0-.61.33.54.54,0,0,0,0,.88.66.66,0,0,0,1,0,1.55,1.55,0,0,0,.19-.82.78.78,0,0,0,1-.16.89.89,0,0,0-.45-1.38c-.56-.21-.57-.62-.72-1.09C106.43,227.08,106.69,226.32,106,225.38Z"/><path class="cls-14" d="M110.28,218.76a1.8,1.8,0,0,0-1.66-.62,1.17,1.17,0,0,0-.35,1.67.54.54,0,0,1,.15,1.06.69.69,0,0,0,.56.84,1.33,1.33,0,0,0,1-.2c.52-.52.06-1-.2-1.5l.08,0A.85.85,0,0,0,110.28,218.76Z"/><path class="cls-14" d="M111.23,219.19c.29-.16.65-.49.68-.77a.65.65,0,0,0-.32-.68,2.48,2.48,0,0,0,.84-1.74,1.9,1.9,0,0,0-.1-.83,1.51,1.51,0,0,0,.12.26c.38.59,1.1.87,1.51.58a1.75,1.75,0,0,0,.3-2,.89.89,0,0,0-.72-.44,2,2,0,0,0,.66-.57,1.33,1.33,0,0,0-.16-2.09,1.37,1.37,0,0,0-.35-.2.79.79,0,0,0,.58-.09l.13-.1a1.6,1.6,0,0,0,1.5.78H116a1.22,1.22,0,0,0-.15,1,2,2,0,0,0-1,.7,1.57,1.57,0,0,0,.28,2.22,1.23,1.23,0,0,0,1.62,0,1.22,1.22,0,0,0,.24.1,1.43,1.43,0,0,0,1.47-.5,1.13,1.13,0,0,0-.17-1.36,1.7,1.7,0,0,0,.58-.95c.27.39.85.44.91.58s-.61,1-.4,1.73a1.94,1.94,0,0,0,2,1.08,1.88,1.88,0,0,0,1.23-.68,1.27,1.27,0,0,0,.17-.35,7.13,7.13,0,0,0,1.18.86,1.85,1.85,0,0,0,.85,1.36l.18.11a1.79,1.79,0,0,0-1.26.54.41.41,0,0,1,0,.08,1.1,1.1,0,0,0-.15,1.54,1.11,1.11,0,0,0,1.53.5,1.42,1.42,0,0,0,.44-.6,1.91,1.91,0,0,0,.34-.31,1.15,1.15,0,0,0,0-1.53.91.91,0,0,0-.17-.09,1.75,1.75,0,0,0,1.28-.73,1.58,1.58,0,0,0,.24-.51,2.25,2.25,0,0,0,1.89,1,1.64,1.64,0,0,0,1.19-1.61c0-.53-.08-1,.5-1.35.41-.27.25-.73,0-1.11-.65-.07-1,.2-1,.75a9.53,9.53,0,0,0-1.6.23,2,2,0,0,0-1,1.29,1.82,1.82,0,0,0-.74-.81l-.18-.1a.76.76,0,0,0-.5-.58c-1.34.17-1.12-.76-2.11-1a1.44,1.44,0,0,0-.46,0,1.33,1.33,0,0,0-.68.46c-.43-.36-1.15-.53-1.2-.73a1,1,0,0,1,.17-.4.84.84,0,0,0,.5-.1,1.66,1.66,0,0,0,.34-1.85,1.51,1.51,0,0,0-.55-.5.93.93,0,0,0,.11-.66,1.08,1.08,0,0,0-.62-.83s0-.07,0-.11a1.16,1.16,0,0,0-1.45-.52,1,1,0,0,0-.42,1.26,1,1,0,0,0,.46.36s0,.05,0,.07a.88.88,0,0,0,.63.69l-.06.07a1.49,1.49,0,0,0-.36,0,2.23,2.23,0,0,0-1.18,1.52.73.73,0,0,0-.07-.19,1.63,1.63,0,0,0-1.53-.83,1.27,1.27,0,0,0,.16-1,2.4,2.4,0,0,0-.12-.38,1.44,1.44,0,0,0,.68-.41,1.56,1.56,0,0,0,0-1.71l.06,0a1.09,1.09,0,0,0,1.3-.75,1,1,0,0,0-.1-.71.89.89,0,0,0,.69-.43.72.72,0,0,0-.22-1.06.94.94,0,0,0-1.21.2.83.83,0,0,0-.07.73,1,1,0,0,0-.88.53,1.85,1.85,0,0,0,.18-.62.91.91,0,0,0-.06-.42.83.83,0,0,0,.21-.16,1.59,1.59,0,0,0-.35-1.84,1.47,1.47,0,0,0-1.64.33.75.75,0,0,0-.13.27c-.37.17-.58.59-.72.59s-.68-.92-1.47-1a1.12,1.12,0,0,0-.54.11.91.91,0,0,0-.16-.13c-.36-.19-.75-.41-1-.07-.42.61-.4,1.15,0,1.43l0,0a.29.29,0,0,0,0,.09c0,.06,0,.11,0,.17a1.76,1.76,0,0,0-1.13.4c0,1,.23,1.36.78,1.44a.85.85,0,0,0,.83-.34,1.45,1.45,0,0,0,1.35.38c.56-.2,1.05-1,1.29-.94s.64,1,1.44,1a1.24,1.24,0,0,0,1.08-.61,1.4,1.4,0,0,0-.13.36.81.81,0,0,0,0,.41,1.77,1.77,0,0,0-2,.36,2,2,0,0,0-.32,1.55,2.4,2.4,0,0,0-.6.84.8.8,0,0,0-1-.17.92.92,0,0,0-.23,1.2.82.82,0,0,0,.37.32,1.63,1.63,0,0,0-1.7.73,1.57,1.57,0,0,0,.37,2,1.44,1.44,0,0,0,.78.33l-.12.05a1,1,0,0,0-.59,1.19l0-.06a1.82,1.82,0,0,0-1.28-.8l.21-.05c.31-.58.17-1-.33-1.23a8.78,8.78,0,0,0,.35-1.57s0,0,0-.06a1,1,0,0,0,.24-.35c.16-.45,0-1.06-.44-1.15a1.8,1.8,0,0,0,.37-.22c.6-.46.87-.83.86-1.26a1.45,1.45,0,0,0,1.5-.3c.28-.34,0-1.18-.41-1.48a.74.74,0,0,0-1.06.29,2.19,2.19,0,0,0-.34.66v0a1.62,1.62,0,0,0-2.4-.34l-.17.14a1.79,1.79,0,0,0-.06-1.37,1.14,1.14,0,0,0-1.51-.19,1,1,0,0,0-.15.13,1,1,0,0,0-.48.37c-.52.76-.52,1.3,0,1.69a1.15,1.15,0,0,0,.84.1.84.84,0,0,0,.81,0l.15-.13a1.83,1.83,0,0,0,0,.84,1.12,1.12,0,0,0-1,.11,1.78,1.78,0,0,0-.17,1.82l.26.37s0,.09,0,.14A1.63,1.63,0,0,0,109,212.7c.49.19,1,.28,1.09,1,0,0,0,0,0,0a1.09,1.09,0,0,0-.81-.18,2.94,2.94,0,0,0-1.46.84s0,0,0,0a.84.84,0,0,0-1.21-.16h0a1.65,1.65,0,0,0-.43-.73,1.62,1.62,0,0,1-.59-1,.85.85,0,0,0,0-.17,1.49,1.49,0,0,0,.55-.93.91.91,0,0,0,.75-.1,1,1,0,0,0,.26-1.28,1,1,0,0,0-1.31-.18.93.93,0,0,0-.34.52,2.84,2.84,0,0,0-1-.32,1.56,1.56,0,0,0-1.43,1.31,1.7,1.7,0,0,0-.22.15l-.11.12a1.47,1.47,0,0,0-.17-1.06.85.85,0,0,0-.81-.34,2.49,2.49,0,0,0-.07-.59,1.38,1.38,0,0,0-.61-.17,2,2,0,0,0,.29-2.12,1.82,1.82,0,0,0-2.25-.4l0,0-.1-.09a1.82,1.82,0,0,0-2.11,0,1.4,1.4,0,0,0-.18-.52,1.11,1.11,0,0,0-1.42-.55,1.41,1.41,0,0,0-.57,1.6,1.58,1.58,0,0,0,1.69.6,1.93,1.93,0,0,0,.57,1.38,1.46,1.46,0,0,0,2-.22,1.89,1.89,0,0,0,1.56.56l0,0a.73.73,0,0,0,.07.69,1,1,0,0,0,.23.16,1.15,1.15,0,0,0-.37,1.27,1.6,1.6,0,0,0,1.81.55,1,1,0,0,0,.2-.16,1.44,1.44,0,0,0,.12.71,2.23,2.23,0,0,0,.57.82,1,1,0,0,0-.17.11,1.45,1.45,0,0,0,.19,1.77,1.29,1.29,0,0,0,1.65-.18l0-.05a1.1,1.1,0,0,0,1.29,0,.61.61,0,0,0,.11.31.9.9,0,0,0,1,.13v0a2.1,2.1,0,0,0,.69,1.88c.56.47,1.33,0,2.06.18l.38.09a.77.77,0,0,0,0,.84C110.5,219.18,110.85,219.4,111.23,219.19Z"/><path class="cls-14" d="M102,234.67a1.18,1.18,0,0,0-2-1.27,1.45,1.45,0,0,0,.08,1.85C100.49,235.53,101.69,235.16,102,234.67Z"/><path class="cls-14" d="M120.5,268.51a.8.8,0,0,0-1.18-.11c-.32.26-.66.54-.44.9.41.62.92.8,1.31.56A.93.93,0,0,0,120.5,268.51Z"/><path class="cls-14" d="M122.5,265.52a1,1,0,0,0,.22-1.16,1.62,1.62,0,0,0-1.84-.36,1.5,1.5,0,0,0-.31,1.64.87.87,0,0,0-.95-.16.82.82,0,0,0-.36,1.14c.19.36.4.75.8.62.68-.28,1-.74.82-1.17a1.16,1.16,0,0,0-.14-.24,1.13,1.13,0,0,0,1,.27l.44,0A3.65,3.65,0,0,0,122.5,265.52Z"/><path class="cls-14" d="M112.84,230.18c-.22.13-.33.45-.42.58.18.61.6.9.88.69a1.39,1.39,0,0,0,.51-.86C113.84,230.25,113.18,230,112.84,230.18Z"/><path class="cls-14" d="M117,224.79c.14.47,1,.78,1.66.59a1.16,1.16,0,0,0,.52-.33.63.63,0,0,0,.16.56,2.18,2.18,0,0,1,.48,1.21,1.66,1.66,0,0,0,2,1.44,3.68,3.68,0,0,1,.56,0l.21.11a1.43,1.43,0,0,0-.37,1.4,1.88,1.88,0,0,0,2.14,1.25l.18-.08a1.54,1.54,0,0,0,.55,1,.86.86,0,0,0,0,.45.72.72,0,0,0,.95.54.88.88,0,0,0,.65-.87,1.87,1.87,0,0,0,.55-.51,1.73,1.73,0,0,0,.37-1.43,1.18,1.18,0,0,0,.35-.68c-.35-.39-.73-.77-1.23-.37l-.09.09a1.81,1.81,0,0,0-1.15,0,1.6,1.6,0,0,0,0-.23,1.51,1.51,0,0,0-1.71-1,1.07,1.07,0,0,0-.15-.72c-.21-.39-.39-.79-.61-1.17s-.45-.88-1.07-.89a.64.64,0,0,1-.42-.26c-.76-1-1.1-1-2-.33l-.14.14a.86.86,0,0,0,0-.57,1.63,1.63,0,0,0-.83-.9,1.33,1.33,0,0,0,.57-1s0,0,0-.06a1,1,0,0,0,.25-1.1c0-.14-.09-.29-.13-.44a1.26,1.26,0,0,0,.6-.51c.83-1.07,0-3-1.49-2.34-.22.09-.69-1.43-2-.92s-1.57,1.4-1,2.47a1.8,1.8,0,0,1,.19.69.94.94,0,0,0-.57-.36.73.73,0,0,0,.1-1,.91.91,0,0,0-1.25-.37.86.86,0,0,0-.16,1.21.85.85,0,0,0,.6.37l.12,1.08.33.15c.2-.21.68-.36.86-.64v.16a0,0,0,0,1,0,0,.9.9,0,0,0,.06,1.06,3.86,3.86,0,0,0,.09.49l-.07,0-.16,0s-.12.12-.14.17l-.17.1a2,2,0,0,0-.45,2c-.29-.12-.52-.23-.56-.35-.08-.29.88-1.28.46-2.24a1.76,1.76,0,0,0-2.27-.89,3,3,0,0,0-1.46,2.83,1,1,0,0,0,.59.65.51.51,0,0,0,.29.13c.24.09.45.14.49.23s-.75,1.29-.42,2.27a2.49,2.49,0,0,0,2.59,1.28,2.44,2.44,0,0,0,1.56-1,2,2,0,0,0,0-2.19,1,1,0,0,0,.45-.67c.07-.47.11-.36.5-.49A1.19,1.19,0,0,0,117,224.79Z"/><path class="cls-14" d="M100.3,235.92a.73.73,0,0,0,0,.79c.19.24.73-.08.82-.22a.67.67,0,0,0-.14-.64A.71.71,0,0,0,100.3,235.92Z"/><path class="cls-14" d="M98.31,226.68a.86.86,0,0,0,.18,1.19.89.89,0,0,0,1-1.45A1,1,0,0,0,98.31,226.68Z"/><path class="cls-14" d="M98.79,217.64c-.06.1-.13.19-.19.28h0c-.16-.25-.55-.15-.66-.07a.51.51,0,0,0-.2.56c.1.2.42.19.58.14l.11-.09a.63.63,0,0,0,.19.38.94.94,0,0,0,.81.09.69.69,0,0,0,.37-.57C99.76,217.8,99.35,217.62,98.79,217.64Z"/><path class="cls-14" d="M95.47,220.09c.5-.15.64-1.26.3-1.51s-1.35.41-1.24.91A.86.86,0,0,0,95.47,220.09Z"/><path class="cls-14" d="M94.79,213.72c.34.54.76.65,1.08.45a.8.8,0,0,0,.21-1.1.6.6,0,0,0-1-.14A2.26,2.26,0,0,0,94.79,213.72Z"/><path class="cls-14" d="M94.13,219.4c-.14-.09-.56.08-.74.25a.42.42,0,0,0,.12.73c.26.09.94.3,1.13,0S94.34,219.54,94.13,219.4Z"/><path class="cls-14" d="M100.12,224.94a.71.71,0,0,0-.1-1,.92.92,0,0,0-1.14-.21,1,1,0,0,0-.3,1.44A1.09,1.09,0,0,0,100.12,224.94Z"/><path class="cls-14" d="M97.63,210.2a1.72,1.72,0,0,0-2-.42,1.26,1.26,0,0,0-.07,1.56,1.07,1.07,0,0,0,1.09.53,2.91,2.91,0,0,0,.41,1.5c-.5.29-1.05.52-.74,1.21a.87.87,0,0,0,1,.6h.06a2.88,2.88,0,0,0,0,.59,1.45,1.45,0,0,0,.13.44,1.09,1.09,0,0,0,2,.07,7.06,7.06,0,0,0,.71-1.67,1.7,1.7,0,0,0-1-1.73l-.12,0a.88.88,0,0,0,.13-1,1.67,1.67,0,0,0-1.5-.68A.86.86,0,0,0,97.63,210.2Z"/><path class="cls-14" d="M88.23,214.64a1.36,1.36,0,0,0,1.89-.42,1.42,1.42,0,0,0-.45-1.81,1.33,1.33,0,0,0-1.44,2.23Z"/><path class="cls-14" d="M88.81,200.78c-.31.44-.59.89-.09,1.29s.89.1,1.21-.29A1,1,0,0,0,88.81,200.78Z"/><path class="cls-14" d="M90.46,206.31a1.88,1.88,0,0,0,.74-2.37,2,2,0,0,0-2.33-.6c-.75.4-.9,1.42-.34,2.41A1.42,1.42,0,0,0,90.46,206.31Z"/><path class="cls-14" d="M93.56,224.17a.86.86,0,0,0,.37.52,1,1,0,0,0,1.34-.42,2.62,2.62,0,0,0-.35-.93.65.65,0,0,0-.71-.14.53.53,0,0,0-.78-.17c-.19.14-.51.81-.34,1A.58.58,0,0,0,93.56,224.17Z"/><path class="cls-14" d="M86.21,199.78c-.66.27-1,.66-.89,1a1.43,1.43,0,0,0,1.34.61,1.23,1.23,0,0,0,.47-1.27A.64.64,0,0,0,86.21,199.78Z"/><path class="cls-14" d="M94.52,217.36a2.11,2.11,0,0,0-.14-2.5s-.11,0-.15-.07a.35.35,0,0,0-.08-.13,1.35,1.35,0,0,0-1-.3.41.41,0,0,0-.3.33,1.41,1.41,0,0,0-.68.44,1.6,1.6,0,0,0,.14,2.14A1.64,1.64,0,0,0,94.52,217.36Z"/><path class="cls-14" d="M128.26,268.93a2.42,2.42,0,0,1,.65-.4,1.23,1.23,0,0,0,.89-1.38c-.06-.65-.5-.92-1.39-.61a15.16,15.16,0,0,0-1.35,1.25.76.76,0,0,0,.07,1.13A.81.81,0,0,0,128.26,268.93Z"/><path class="cls-14" d="M87.05,194.28c.51.72,1.14,1,1.59.67a1.5,1.5,0,0,0,.21-1.77,1.11,1.11,0,0,0-.81-.29c-.37.32-.74.64-1.1,1A.7.7,0,0,0,87.05,194.28Z"/><path class="cls-14" d="M137.87,267.94a3.07,3.07,0,0,0,.34-1l0,0a.68.68,0,0,0,.26-.35c.49,0,.93,0,1-.61a.89.89,0,0,0-.48-1,.65.65,0,0,0-.54,0,4.78,4.78,0,0,0-.48.43.79.79,0,0,0-.7.07.74.74,0,0,0-.29.39c-.78,0-1.32.34-1.38.86a1.39,1.39,0,0,0,.33.91,1.16,1.16,0,0,0-.67,1.17c0,.12-.33.15-.7.29a2.24,2.24,0,0,0-.65.1,1.44,1.44,0,0,0-1,.95,46.47,46.47,0,0,0,4.86-2.09Z"/><path class="cls-14" d="M94.71,228.26a.83.83,0,0,0,1.1-.3,1.3,1.3,0,0,0-.37-1.53,1.25,1.25,0,0,0-1.32.84A.85.85,0,0,0,94.71,228.26Z"/><path class="cls-14" d="M108.85,234.09c-.22,0-.29.37-.27.53s.26.52.54.42.27-.5.22-.63S109.06,234,108.85,234.09Z"/><path class="cls-14" d="M109.53,228.78a1.22,1.22,0,0,0-1.2.37.91.91,0,0,0,.24,1.29,1.08,1.08,0,0,0,1.33-.23A1.44,1.44,0,0,0,109.53,228.78Z"/><path class="cls-14" d="M110.09,226.79l.21-.12c0-.66.09-1.36-.62-1.67a1.13,1.13,0,0,0-.57-.07,2.42,2.42,0,0,0,.07-1,.46.46,0,0,0,.34-.22.78.78,0,0,0-.19-1,.74.74,0,0,0-1.06.26h0a1.74,1.74,0,0,0-1.42.2,1.84,1.84,0,0,0-.52,2.22,1.73,1.73,0,0,0,2,.74.92.92,0,0,0,.13.5,1,1,0,0,0,.55.4,1.32,1.32,0,0,0,0,.72,1.22,1.22,0,0,0,1.54-.12A2.35,2.35,0,0,0,110.09,226.79Z"/><path class="cls-14" d="M110,239a.87.87,0,0,0-1-1.1,1.17,1.17,0,0,0-.79.65.93.93,0,0,0,.27.87A1,1,0,0,0,110,239Z"/><path class="cls-14" d="M94.92,234.46c.63.49,1.52.25,2.14-.57a1.27,1.27,0,0,0-.22-1.88,1.71,1.71,0,0,0-2.32.4A1.73,1.73,0,0,0,94.92,234.46Z"/><path class="cls-14" d="M126.2,268.34a2.35,2.35,0,0,0,.62-2.46h0a1.27,1.27,0,0,0,0-.26,1.42,1.42,0,0,0-1.53-.63.88.88,0,0,0-.34.37.72.72,0,0,0-.2.09,1.75,1.75,0,0,0-.65,2.16A1.72,1.72,0,0,0,126.2,268.34Z"/><path class="cls-14" d="M97.69,236.67c.29.14.88.55,1.2.14s-.17-.93-.35-1.21-.68-.21-1,.13S97.28,236.48,97.69,236.67Z"/><path class="cls-14" d="M106.59,237.78a1.5,1.5,0,0,0-.34-.48,1.61,1.61,0,0,0-.66-2,1.61,1.61,0,0,0,1.44-.82.81.81,0,0,0,.48.14c.37-.09.38-.94-.07-1.43a.66.66,0,0,0-.78-.12,1.41,1.41,0,0,0-1.13-.45,1.58,1.58,0,0,0-1.5,1.21c-.13.52.44,1.06,1.13,1.34a1.22,1.22,0,0,0-.46.06,2.1,2.1,0,0,0-1,.84,2.53,2.53,0,0,0-2.2,2,2.11,2.11,0,0,0,.42,2,1.07,1.07,0,0,0,.76.3.69.69,0,0,0,0,.38.8.8,0,0,0,.89.69,1,1,0,0,0,.68-.44.63.63,0,0,0,.1-.33c1.35.41,2-.59,2.32-1.66A1.82,1.82,0,0,0,106.59,237.78Z"/><path class="cls-14" d="M107.71,231.5c0,.52,1.08.91,1.4.63s-.09-1.41-.6-1.41A.87.87,0,0,0,107.71,231.5Z"/><path class="cls-14" d="M155.63,250a.56.56,0,0,0,.14-.4c0-.15-.34-.55-.54-.45a.56.56,0,0,0-.2.57,1.14,1.14,0,0,0,.26.36l-.13,0a1.22,1.22,0,0,0,.43,1.48,3.13,3.13,0,0,0,.52-.34l.36-.56a.5.5,0,0,0-.06-.26A.71.71,0,0,0,155.63,250Z"/><path class="cls-14" d="M141,258.7a.92.92,0,0,0-1.56,1,1,1,0,0,0,1.31.2A.88.88,0,0,0,141,258.7Z"/><path class="cls-14" d="M89.65,192.88a.76.76,0,0,0,.94-.37.37.37,0,0,0,.16.35.45.45,0,0,0,.55-.1.61.61,0,0,0-.08-.67c-.14-.13-.41,0-.54.14a.91.91,0,0,0-.56-1l-1,.83A.78.78,0,0,0,89.65,192.88Z"/><path class="cls-14" d="M95,206a.49.49,0,0,0,.06-.67c-.24-.25-.53.09-.66.21s0,.42,0,.45A.68.68,0,0,0,95,206Z"/><path class="cls-14" d="M111.63,220.65a2.38,2.38,0,0,0,.33-.74.85.85,0,0,0-1.21-.22c-.32.25-.2.52,0,.78A.56.56,0,0,0,111.63,220.65Z"/><path class="cls-14" d="M140,261.13c0-.21-.38-.45-.63-.52a.73.73,0,0,0-.63.26c-.26.49,0,.86.45,1.15C139.6,261.86,140.09,261.71,140,261.13Z"/><path class="cls-14" d="M145.76,260.15a1.91,1.91,0,0,0-.59,2.32,1.33,1.33,0,0,0,.57.47c.77-.61,1.51-1.24,2.23-1.89A1.84,1.84,0,0,0,145.76,260.15Z"/><path class="cls-14" d="M144.78,263.37c.31-.06.54-.36.31-.67s-.61-.78-.91-.66-.24.89-.14,1.12c0,0,0,0,0,0a1.21,1.21,0,0,0-1.08.1,1.56,1.56,0,0,0-.45.5.82.82,0,0,0-.53-.51.91.91,0,0,0-1.11.31c-.38.54,0,1,.33,1.48a2,2,0,0,0,1.06-.34v0a2.43,2.43,0,0,0-1,1.27c1.2-.73,2.36-1.53,3.48-2.37a2.34,2.34,0,0,0-.4-.32A1,1,0,0,0,144.78,263.37Z"/><path class="cls-14" d="M122,249.4a.63.63,0,0,0-.27.1,1.68,1.68,0,0,0-.44,2.06,1.23,1.23,0,0,0,1.64.15,1.06,1.06,0,0,0,.15-.15,1.24,1.24,0,0,0,1,1.28,1.7,1.7,0,0,0,1.83-.47.35.35,0,0,0,.33-.08c.22-.21.7-.76.46-1.11a.48.48,0,0,0-.35-.19,5.34,5.34,0,0,1,.49-.89h0a.89.89,0,0,0,.54-.91,1,1,0,0,0,.07-.15,1,1,0,0,1,0,.25,1.25,1.25,0,0,0,.53,1.37.74.74,0,0,0,.51.06,2.11,2.11,0,0,0,1.21.9,2.63,2.63,0,0,0,2-.59.87.87,0,0,0,1.06.16.85.85,0,0,0,.17-1.2.79.79,0,0,0-.39-.33c-.07-.57-.63-1-.6-1.18s1.34-.65,1.61-1.64a2.51,2.51,0,0,0-1.43-2.52,6.08,6.08,0,0,0-.74-.18.58.58,0,0,0-.41,0,1.64,1.64,0,0,0-.68.13,2.13,2.13,0,0,0-1.23,1.61.79.79,0,0,0,.11,1,1.4,1.4,0,0,0,.38.31c.24.37.47.67.41.83s-.25.22-.52.37l-.61-.74a.77.77,0,0,0-1.3-.32,1.73,1.73,0,0,0-.27-.35,1.92,1.92,0,0,0-1.08-.6.84.84,0,0,0-.34-.45,1,1,0,0,0-1.23.09,1.33,1.33,0,0,0,0,1.3c-.11.43-.12.88-.36,1.06s.06-.57-1.22-.15A1.65,1.65,0,0,0,122,249.4Z"/><path class="cls-14" d="M120.13,258.19a.61.61,0,0,0,.93.25.85.85,0,0,0,.09-.77c-.1-.19-.58-.57-.84-.46S120.08,258,120.13,258.19Z"/><path class="cls-14" d="M120.63,254.08c-.23.32-.46,1.16.28,1.47a.65.65,0,0,1,.14,0,1.41,1.41,0,0,0,.07.53,1.62,1.62,0,0,0,2.15.92,1.52,1.52,0,0,0,1-1.19,1,1,0,0,0-.13-1,1.15,1.15,0,0,0-.69-.66,7.49,7.49,0,0,0-.94-.65A1.7,1.7,0,0,0,120.63,254.08Z"/><path class="cls-14" d="M118.38,258.75a1.56,1.56,0,0,0-.94,1.33.85.85,0,0,0-.47.1.81.81,0,0,0-.42,1.13.83.83,0,0,0,1.06.37.78.78,0,0,0,.33-.32,1.66,1.66,0,0,0,1.54.45,1.72,1.72,0,0,0,1.17-1.93A2.34,2.34,0,0,0,118.38,258.75Z"/><path class="cls-14" d="M123.42,244.17c.11,0,.31,0,.39-.08a1.15,1.15,0,0,1,.55-.36c.12.88.43,1.06,1.42,1,.48,0,.84-.29.78-.78a2.11,2.11,0,0,1,.27-1.28,1.76,1.76,0,0,0,.18-.85.49.49,0,0,0,.46-.05.91.91,0,0,0,.23-.57,1.13,1.13,0,0,0,.06.41,1.61,1.61,0,0,0,1.77,1.08,2.15,2.15,0,0,0,1.14-1.63l0,0a1.69,1.69,0,0,0-.55-2.2,1.09,1.09,0,0,0-.15-.08.82.82,0,0,0-1-.36.89.89,0,0,0-.48.61l-.06.06a1.47,1.47,0,0,0-.35,1.12,1.66,1.66,0,0,0-.4.82,1.16,1.16,0,0,0-.15-.71,1.24,1.24,0,0,0-1.36,0,1.13,1.13,0,0,0-.1.13.83.83,0,0,0-.16-.09,5.24,5.24,0,0,1-.47-.3.93.93,0,0,0-.68-.66.57.57,0,0,0-.23-.56,1.46,1.46,0,0,0-1.4.47c-.17.3.14,1,.53,1.24a.28.28,0,0,0,.12,0c0,.33-.08.65-.11,1a1.6,1.6,0,0,0,.14,1.06,9.19,9.19,0,0,0-.64.76C123,243.67,123.07,243.93,123.42,244.17Z"/><path class="cls-14" d="M120.53,233.57a.71.71,0,0,0-.25,0,1.54,1.54,0,0,0-.92,1.75c.12.34.66.53,1.19.48a1.72,1.72,0,0,0,.61,1,1.65,1.65,0,0,0,1.32.22,1.61,1.61,0,0,0,1.7.56,1.73,1.73,0,0,0,1.08-2.09,1.38,1.38,0,0,0-1.69-.95,1.61,1.61,0,0,0-2.79-1.6A1.47,1.47,0,0,0,120.53,233.57Z"/><path class="cls-14" d="M124,271.12a1,1,0,0,0,.34-.4,1,1,0,0,0,.64,0c.42-.15.65-1.1.43-1.74a1,1,0,0,0-1.24-.49,1.39,1.39,0,0,0-.65.59,1.24,1.24,0,0,0-.65.18.74.74,0,0,0-.12,1.1C123.19,271.07,123.64,271.33,124,271.12Z"/><path class="cls-14" d="M126.92,243.11c-.33.41-.08,1.18.53,1.64a.64.64,0,0,0,1-.15,1.17,1.17,0,0,0,.06-1.54A1.34,1.34,0,0,0,126.92,243.11Z"/><path class="cls-14" d="M94.43,202.2c.12-.2.21-.63.07-.77s-.61-.1-.77,0-.31.77-.13.92S94.36,202.33,94.43,202.2Z"/><path class="cls-14" d="M101.34,254.63a2.27,2.27,0,0,1,.94,0,1.27,1.27,0,0,0,1.46-.23,1.74,1.74,0,0,0-.21-1.79c-.34-.33-.69-.71-1.26-.34-.42.26-.88.46-1.32.69a.73.73,0,0,0-.71.92A.94.94,0,0,0,101.34,254.63Z"/><path class="cls-14" d="M104.35,257.38c.41-.08.81-.57.61-.88s-.6-.84-1-.68-.33.75-.3,1A.55.55,0,0,0,104.35,257.38Z"/><path class="cls-14" d="M93.59,243.88a1,1,0,0,0,.82,0c.56-.38.43-.9.08-1.49-.55,0-1.09-.09-1.3.53A.74.74,0,0,0,93.59,243.88Z"/><path class="cls-14" d="M104.51,266.26a.76.76,0,0,0,.64-1,.7.7,0,0,0-.54-.4.91.91,0,0,0-.71.35A.81.81,0,0,0,104.51,266.26Z"/><path class="cls-14" d="M91.66,241a1,1,0,0,0,.9-.05c.17-.21.08-.63.09-.85-.5-.4-.82-.24-1,0S91.29,240.77,91.66,241Z"/><path class="cls-14" d="M93.56,230a1.48,1.48,0,0,0-2,0,1.32,1.32,0,0,0,.44,1.6,1.19,1.19,0,0,0,1.59-.35A.82.82,0,0,0,93.56,230Z"/><path class="cls-14" d="M91.88,236.58a.58.58,0,0,0,.05.59c.11.11.59.27.7.08a.55.55,0,0,0-.15-.58C92.32,236.57,92,236.4,91.88,236.58Z"/><path class="cls-14" d="M110.89,256.09a1.65,1.65,0,0,0,1.16-1.31,1.29,1.29,0,0,0,1,.4c1.16,0,1.84-.64,1.88-1.36a1.41,1.41,0,0,0-.26-.82.88.88,0,0,0,.29-.17c.54-.48.56-.78.17-1.54.1-.32.2-.61.29-.89a1.66,1.66,0,0,0,1.94-2.32,1.24,1.24,0,0,0-.1-.2,1.79,1.79,0,0,0,1.35.25.78.78,0,0,0,.43-.39,1.75,1.75,0,0,0,1-.68c.39-.56.21-1.13-.5-1.6a1.16,1.16,0,0,0-1.42.23.51.51,0,0,0-.09.18,2,2,0,0,0-.52.07c-.59.17-1,.81-.87,1.25a1.42,1.42,0,0,0,.08.18,1.75,1.75,0,0,0-1.47-.12,1.72,1.72,0,0,0-.47.3,2.3,2.3,0,0,0-1-1.89,1,1,0,0,0-.35-.07,1.17,1.17,0,0,0-.21-.47c-.42-.6-.82-.45-1.06-.86s-.54-.41-1-.27l0,0a1.14,1.14,0,0,0-.07-.32h0a1.61,1.61,0,0,0,.81-.25,1.63,1.63,0,0,1,1.13-.34,1.78,1.78,0,0,0,1.54-.79,1.54,1.54,0,0,0,.07-1.7.71.71,0,0,0-.1-.14,1.51,1.51,0,0,0,1.08.08c.51-.2.68-.82.43-1.56-.19-.55-.86-1-1.28-.85a1.61,1.61,0,0,0-.94,1.64.65.65,0,0,0,.11.22,1.58,1.58,0,0,0-.73,0,2.34,2.34,0,0,0-1.11.52,1,1,0,0,0-.31-1,2.6,2.6,0,0,0-.84.35c-.3.26-.2.63.11.86a.84.84,0,0,0,.57.21h0a1.13,1.13,0,0,1-.6.36,1.11,1.11,0,0,0-1,1.59.49.49,0,0,0-.32,0,1,1,0,0,0-.32,1.21,1.13,1.13,0,0,0,.78.72.75.75,0,0,0,0,.2c.22.66.69.61.88.52s.61.08.43.25-.18.45.19.89a1,1,0,0,1-.91.48c-.5,0-.62.46-.59.94.5.42,1,.39,1.28-.05a9.31,9.31,0,0,0,1.45.7,1.94,1.94,0,0,0,1.53-.53,1.75,1.75,0,0,0,.14,1,2.06,2.06,0,0,0-1,1.2l.22.41a.88.88,0,0,0-.36,0,.87.87,0,0,0-.59,1.06.69.69,0,0,0,.07.15,1.58,1.58,0,0,0-1.09,1.28.43.43,0,0,0,0,.11,1.46,1.46,0,0,0-1.62-.26,2.16,2.16,0,0,0-.66.35.75.75,0,0,0-.3-.54,1.12,1.12,0,0,0-1.54.46,1.43,1.43,0,0,0,.15,1.55,1.15,1.15,0,0,0,1.37.14A1.6,1.6,0,0,0,110.89,256.09Z"/><path class="cls-14" d="M86.93,227.27c.75-.28,1.2-1.28.83-1.82a1.27,1.27,0,0,0-1.4-.52,1,1,0,0,0-.81,1.08c0,.44-.22,1.32.35,1.62S86.65,227.38,86.93,227.27Z"/><path class="cls-14" d="M110.78,267.28a.79.79,0,0,0,1,.56.83.83,0,0,0,.59-1,.87.87,0,0,0-1-.62,2.13,2.13,0,0,0-.08-.32c-.09-.24-.94-.78-1.32-.56s-.12,1.23.07,1.54A1,1,0,0,0,110.78,267.28Z"/><path class="cls-14" d="M92.24,234.19a.52.52,0,0,0-.63.18.46.46,0,0,0,0,.63.5.5,0,1,0,.58-.81Z"/><path class="cls-14" d="M116.84,272.76a.48.48,0,0,0,.17-.66,1.35,1.35,0,0,0-.29-.43.53.53,0,0,0,.14-.28,1.29,1.29,0,0,0-.41-.94c-.55-.39-.85.15-1.26.51a1.5,1.5,0,0,0,.64.93c-.16.3-.23.71-.1.84h1.11Z"/><path class="cls-14" d="M113,272.21a.88.88,0,0,0-1.21-.17.68.68,0,0,0-.27.34c.51.07,1,.13,1.56.18A.72.72,0,0,0,113,272.21Z"/><path class="cls-14" d="M111.22,270.57a.94.94,0,0,0,1.13.5,1,1,0,0,0,.5-1.14.79.79,0,0,0-.93-.52.69.69,0,0,0-.48,0,.56.56,0,0,0-.16.49A.87.87,0,0,0,111.22,270.57Z"/><path class="cls-14" d="M113.48,267.34a1.21,1.21,0,0,0,.37-.38s0,.09,0,.13a1.15,1.15,0,0,0,1.53.79l.08-.05a.8.8,0,0,0,1,.09,1,1,0,0,0,.3-1.2.92.92,0,0,0-.69-.37,1.72,1.72,0,0,0-1.78-.61.85.85,0,0,0-.49.67h0a1,1,0,0,0-1.24-.18,1,1,0,0,0,.06.88A.51.51,0,0,0,113.48,267.34Z"/><path class="cls-14" d="M117.58,270.41a.85.85,0,0,0,.62-1.13,1,1,0,0,0-1.1-.55,1,1,0,0,0-.53,1.23A.79.79,0,0,0,117.58,270.41Z"/><path class="cls-14" d="M87.49,202.66a1.38,1.38,0,0,0-2-.49,1.48,1.48,0,0,0-.58,1.88,1.69,1.69,0,0,0,2.25.27A1.13,1.13,0,0,0,87.49,202.66Z"/><path class="cls-14" d="M84.44,196.52a1.84,1.84,0,0,1,.09,1.18c0,.19.31.53.55.6a1,1,0,0,0,.81-.21.79.79,0,0,0,.06-.7,6.27,6.27,0,0,0-.63-1.17.42.42,0,0,0-.56-.23l-.32.34A.25.25,0,0,0,84.44,196.52Z"/><path class="cls-14" d="M132.13,268.88a1.92,1.92,0,0,0-1.23-1.05h0a.39.39,0,0,0-.57,0,1.2,1.2,0,0,0-.31.13,1.62,1.62,0,0,0-.45,2.3,1.57,1.57,0,0,0,.19.26.71.71,0,0,0-.38.34l0,0a1.32,1.32,0,0,0-2-.64.61.61,0,0,0-.63-.05c-.41.14-.61.54-.38.86a1.94,1.94,0,0,0,.26.31,1.43,1.43,0,0,0,0,.5,43,43,0,0,0,5.56-1.51A1.44,1.44,0,0,0,132.13,268.88Z"/><path class="cls-14" d="M83.66,215.86l.07-.36c-.34-.2-.67-.9-1.16-.67s-.29.92-.41,1.3l.21.18Z"/><path class="cls-14" d="M116.84,264.81a.91.91,0,0,0,.32-.2,1,1,0,0,0,.11.27c.34.54,1,.81,1.44.55a1.69,1.69,0,0,0,.43-2.05,1.06,1.06,0,0,0-1.42-.15,1.29,1.29,0,0,0-.27.25c-.31-.77-.91-1.22-1.42-1a1.61,1.61,0,0,0-.74,1.72A1.48,1.48,0,0,0,116.84,264.81Z"/><path class="cls-14" d="M82.54,199.69a.64.64,0,0,0-.21,1c.3.54,1,.84,1.42.59a1.35,1.35,0,0,0,.5-1.47C84,199.32,83.18,199.28,82.54,199.69Z"/><path class="cls-14" d="M120.61,244.49a2,2,0,0,0-.11-1.1,1.37,1.37,0,0,0,.7,0,1.82,1.82,0,0,0,1-2.06,1.35,1.35,0,0,0-1.7-.87l-.37.17a1.47,1.47,0,0,0-1,.54,1.25,1.25,0,0,0,0,1,1,1,0,0,0,.07.29,1.55,1.55,0,0,0,.39.54.81.81,0,0,0-.61.42.91.91,0,0,0,.07,1.15C119.54,245,120.05,244.67,120.61,244.49Z"/><path class="cls-14" d="M120.1,248.33a.85.85,0,0,0,1.14.43.81.81,0,0,0,.56-1,.84.84,0,0,0-.4-.39,2.15,2.15,0,0,0,1,0,.19.19,0,0,1,0,.07.35.35,0,0,0,.43.13.55.55,0,0,0,.21-.52.28.28,0,0,0-.06-.1.9.9,0,0,0-.23-1.12,1,1,0,0,0,0-.72c-.13-.28-.73-.24-1,0a.56.56,0,0,0-.14.38,1.42,1.42,0,0,0-.57.51.87.87,0,0,0,0,1.21l.09,0a1,1,0,0,0-.6,0A.84.84,0,0,0,120.1,248.33Z"/><path class="cls-14" d="M113.26,257.24a1.36,1.36,0,0,0-.71,1.51.71.71,0,0,0,.24.34,1,1,0,0,0,0,.56.35.35,0,0,0,.43.13.56.56,0,0,0,.21-.52l0,0h.09a1.15,1.15,0,0,0,.84-1.3A1,1,0,0,0,113.26,257.24Z"/><path class="cls-14" d="M84.84,214.61a.94.94,0,0,0,.15-.32c-.09,0-.18-.15-.29-.09s-.11.24-.09.32S84.83,214.63,84.84,214.61Z"/><path class="cls-14" d="M89.6,219.76c-.26-.18-.91.22-1.17.42s-.1.76.24,1,.71.22.87-.15S89.86,219.93,89.6,219.76Z"/><path class="cls-14" d="M91.13,224.51a.92.92,0,0,0-.12-1.13,1.07,1.07,0,0,0-1.26.07.85.85,0,0,0,.14,1.12A1,1,0,0,0,91.13,224.51Z"/><path class="cls-14" d="M118.89,240.09a1.36,1.36,0,0,0,.61-.51,1.16,1.16,0,0,0,1.26-.47c.48-.58.4-1-.26-1.51a1.17,1.17,0,0,0-1.21-.29,1.27,1.27,0,0,0-1.2-.26c-.92.32-1.58,1.29-1.35,2A1.9,1.9,0,0,0,118.89,240.09Z"/><path class="cls-14" d="M86.84,218.71a1.44,1.44,0,0,0,.17-.33.56.56,0,0,0,.34,0c.12-.08.1-.37.17-.66-.29,0-.54-.08-.67,0s-.08.13-.1.23a.51.51,0,0,0-.37.16.77.77,0,0,0,0,.56C86.41,218.75,86.79,218.78,86.84,218.71Z"/><path class="cls-14" d="M91.07,218.27c-.73.42-1,.78-.79,1.18.28.55.75.51,1.25.29A1.2,1.2,0,0,0,91.07,218.27Z"/><path class="cls-14" d="M86.82,212.55a1.46,1.46,0,0,0,.2-1.75,1,1,0,0,0-1.43-.46,1.39,1.39,0,0,0-.59,1.75A1.51,1.51,0,0,0,86.82,212.55Z"/><path class="cls-14" d="M84.83,207.54a1.18,1.18,0,0,0,.48-1.54,1.76,1.76,0,0,0-2.14-.44,1.3,1.3,0,0,0,1.66,2Z"/><path class="cls-14" d="M129.59,199.85a1.13,1.13,0,0,0,1.68-.33,1.11,1.11,0,0,0-.08-1.61,1,1,0,0,0-.24-.09c-.21-.41-.48-.67-1-.58-.22,0-.55.39-.54.58a1.22,1.22,0,0,0,0,.17,1.2,1.2,0,0,0-.35.28A1.22,1.22,0,0,0,129.59,199.85Z"/><path class="cls-14" d="M118.9,183.52c.28,0,.62-.06.74-.3s-.3-1-.73-1-.5.24-.57.54S118.5,183.57,118.9,183.52Z"/><path class="cls-14" d="M119.67,185.79c.18,0,.56,0,.58-.19a.58.58,0,0,0-.31-.5c-.15-.06-.65,0-.66.23S119.55,185.77,119.67,185.79Z"/><path class="cls-14" d="M123.26,187.73a.67.67,0,0,0-.5.24c-.06.12.09.6.23.63s.43-.32.5-.48S123.34,187.73,123.26,187.73Z"/><path class="cls-14" d="M122.44,188.66a1.59,1.59,0,0,0-1,3c.56.27,1.34-.37,1.75-1.14A1.55,1.55,0,0,0,122.44,188.66Z"/><path class="cls-14" d="M109.06,185c-.32-.55-.67-1.06-1.62-.85a.31.31,0,0,0,0-.08,3.4,3.4,0,0,1,.45-.7,1.07,1.07,0,0,0,.29-.37,44.08,44.08,0,0,0-4.28,1.12l.15.07a.75.75,0,0,0-.22,1,.84.84,0,0,0,.93.37,1.72,1.72,0,0,0,.79.44,1.74,1.74,0,0,0,1.1-.2c.21.7.77.94,1.61.72a1.73,1.73,0,0,0,.32-.11C109.28,186.1,109.44,185.65,109.06,185Z"/><path class="cls-14" d="M114.24,182.71a.78.78,0,0,0,.89-.64c-.57,0-1.13.07-1.69.12A1.5,1.5,0,0,0,114.24,182.71Z"/><path class="cls-14" d="M105.52,190.06c.6.26,1.24.57,1.78,0a1.14,1.14,0,0,0,.25-.44,1.55,1.55,0,0,0,1.17-1,1.08,1.08,0,0,0-.65-1.16c-.91-.2-1.69.1-1.8.68a.54.54,0,0,0,0,.18h0a1,1,0,0,0-.6.41.66.66,0,0,0,.12-.27.91.91,0,0,0-.76-1,.85.85,0,0,0-.9.81.72.72,0,0,0,.66.86,1,1,0,0,0,.85-.39A2.09,2.09,0,0,0,105.52,190.06Z"/><path class="cls-14" d="M102.07,186.06a1.09,1.09,0,0,0,.31-1.46c-.65.23-1.3.48-1.94.74a1.13,1.13,0,0,0,1.63.72Z"/><path class="cls-14" d="M108.46,183.21c-.1.42.47,1.07,1,1.15s.74-.22.83-.73a1.71,1.71,0,0,0-.08-1c-.54.09-1.07.2-1.6.3A.78.78,0,0,0,108.46,183.21Z"/><path class="cls-14" d="M121.28,196.57a1.44,1.44,0,0,1,1.22-1,1.35,1.35,0,0,0,.7-1.41,1.78,1.78,0,0,0-1.64-.8c-.39.1-.93.18-.91.69a2.05,2.05,0,0,1-.73,1.56.68.68,0,0,0,.07,1.09C120.39,197,121.13,197,121.28,196.57Z"/><path class="cls-14" d="M122.37,200.15a.51.51,0,0,0,.29.49.83.83,0,0,0,.74-.21,1.16,1.16,0,0,0,.2-.58.77.77,0,0,0,0-.94c-.43-.66-.89-.9-1.26-.69a1.41,1.41,0,0,0-.37,1.64A.7.7,0,0,0,122.37,200.15Z"/><path class="cls-14" d="M120.42,189a.89.89,0,0,0-.22-.9.84.84,0,0,0-.08-.44,1.46,1.46,0,0,0-1.73-.44,1.28,1.28,0,0,0-.42,1.6,1.11,1.11,0,0,0,.86.51,1,1,0,0,0,.66.45A.83.83,0,0,0,120.42,189Z"/><path class="cls-14" d="M101.33,189.29a.78.78,0,0,0,.92-.63,1.25,1.25,0,0,0,0-.43.7.7,0,0,0,.08.2,1.41,1.41,0,0,0,1.46.17,1.2,1.2,0,0,0,.08-1.26.89.89,0,0,0-1.28-.23,1.1,1.1,0,0,0-.38,1,1.05,1.05,0,0,0-.69-.79.94.94,0,0,0-1.16.62A1.37,1.37,0,0,0,101.33,189.29Z"/><path class="cls-14" d="M119.07,193.91c.1-.08.24-.52.07-.67s-.53.1-.66.22a.36.36,0,0,0,0,.45A.61.61,0,0,0,119.07,193.91Z"/><path class="cls-14" d="M124.61,188c.4-.36.61-.75.26-1.19a.76.76,0,0,0-.67-.18.93.93,0,0,0-.51.63C123.65,187.88,124.16,187.93,124.61,188Z"/><path class="cls-14" d="M118,192a.55.55,0,0,0,.47-.3.52.52,0,0,0-.26-.46c-.15-.05-.62,0-.64.23A.61.61,0,0,0,118,192Z"/><path class="cls-14" d="M102.87,197.31c.11-.07.19-.57.07-.66s-.53.09-.66.21,0,.42,0,.45A.64.64,0,0,0,102.87,197.31Z"/><path class="cls-14" d="M148.52,228.76c.16-.08.42-.17.35-.45a.31.31,0,0,0-.41-.23c-.16,0-.55.23-.49.47S148.44,228.81,148.52,228.76Z"/><path class="cls-14" d="M149,244.37c-.19.11-.1.53,0,.7a.35.35,0,0,0,.43.13.59.59,0,0,0,.21-.52C149.54,244.56,149.18,244.27,149,244.37Z"/><path class="cls-14" d="M147.64,232.71a.78.78,0,0,0,1-.35c.18-.4,0-.62-.85-1A.76.76,0,0,0,147.64,232.71Z"/><path class="cls-14" d="M150.29,247.69c.45-.13.66-.46.42-.85s-.42-.94-.92-.78-.38.87-.38,1.2S149.86,247.81,150.29,247.69Z"/><path class="cls-14" d="M148.36,251.25c-.13,0-.45.37-.3.62s.55.16.66.08a.56.56,0,0,0,.23-.49,1.72,1.72,0,0,0,2,.69,1.65,1.65,0,0,0,.82-1.13c.24-.19.42-.43.37-.65a.9.9,0,0,0-.68-.62,1.71,1.71,0,0,0-1.8-.24l-.07,0a1.07,1.07,0,0,0-.7-.94c-.33-.09-1,1.26-.79,1.6.09.19.39.21.7.12a1.24,1.24,0,0,0,0,.85,1.42,1.42,0,0,0,.08.18A.52.52,0,0,0,148.36,251.25Z"/><path class="cls-14" d="M145.09,233c.19-.67-.23-.89-.44-.93s-.45-.4-.22-.44.42-.28.34-.87a.9.9,0,0,0-1-.92,1.15,1.15,0,0,0-.41.08,1.29,1.29,0,0,0-.39-.69,1.22,1.22,0,0,0-1.21.95,2,2,0,0,0,.88.5,1.22,1.22,0,0,0-.1.53c0,.73.43.84.4,1.31s.22.64.7.8S144.9,233.67,145.09,233Z"/><path class="cls-14" d="M143,239.27c0-.08.07-.17.1-.26l-.88-1-.36.05c-.06.39-.61.95-.22,1.33S142.55,239.3,143,239.27Z"/><path class="cls-14" d="M143.22,233.63c-.11-.09-.38,0-.68.07.1.27.12.53.26.62a.52.52,0,0,0,.51-.14A.59.59,0,0,0,143.22,233.63Z"/><path class="cls-14" d="M128.7,184.16a1.87,1.87,0,0,0-2.24-.51,1.56,1.56,0,0,0-.34,2.27,1.4,1.4,0,0,0,2,.53A1.77,1.77,0,0,0,128.7,184.16Z"/><path class="cls-14" d="M129.74,192.93c.18-.21.4-.47.33-.73a1,1,0,0,0-1.21-.22c-.32.25-.21.52-.05.78S129.48,193.24,129.74,192.93Z"/><path class="cls-14" d="M152.17,241.39a1.51,1.51,0,0,0,1-1.69,1.55,1.55,0,0,0-1.87-.86,1.08,1.08,0,0,0-.62,1.38C150.88,240.88,151.68,241.52,152.17,241.39Z"/><path class="cls-14" d="M129.43,190c.34-.13.5-1.05.22-1.24a1,1,0,0,0-.87-.07.67.67,0,0,0-.32,1A.73.73,0,0,0,129.43,190Z"/><path class="cls-14" d="M122.66,182.35v0c-.59-.07-1.18-.13-1.78-.17a.47.47,0,0,0,.1.33,11.66,11.66,0,0,0,1.1.73c.13,1.05.62,1.72,1.26,1.65h0a.92.92,0,0,0,.65.6.68.68,0,0,0,.93-.55.84.84,0,0,0-.52-1,1.51,1.51,0,0,0,.16-.73.76.76,0,0,0-.36-.67c-.41-.06-.81-.11-1.22-.15Z"/><path class="cls-14" d="M124.89,192a14.43,14.43,0,0,0,1.52,1,.77.77,0,0,0,1.08-.33.8.8,0,0,0-.24-1.1,2.35,2.35,0,0,1-.54-.55,1.25,1.25,0,0,0-1.55-.55C124.55,190.68,124.38,191.17,124.89,192Z"/><path class="cls-14" d="M116.89,182a1.11,1.11,0,0,0-.27.65.71.71,0,0,0,.4.55c.53.15.84-.17,1-.7a3.28,3.28,0,0,0-.4-.49Z"/><path class="cls-14" d="M126.52,189.59c.21-.14.44-.24.52-.5s-.26-.52-.62-.45a1.34,1.34,0,0,0-.84.61.41.41,0,0,0,.25.59A.87.87,0,0,0,126.52,189.59Z"/><path class="cls-14" d="M133.64,210.18c.19-.11.1-.53,0-.7a.37.37,0,0,0-.44-.12.57.57,0,0,0-.2.52C133.08,210,133.44,210.28,133.64,210.18Z"/><path class="cls-14" d="M116.36,201.44a1.31,1.31,0,0,0,.37-.33,1.45,1.45,0,0,0,.62-.42,1,1,0,0,0-.38-1.37,1.19,1.19,0,0,0-.16-.08l0-.1a1.56,1.56,0,0,0-2.18-.51,1.33,1.33,0,0,0-.36,2C114.78,201.58,115.6,201.9,116.36,201.44Z"/><path class="cls-14" d="M114.74,195.83a1.83,1.83,0,0,0,1.16.18l.08,0a.74.74,0,0,0,.26.4.77.77,0,0,0,1.1-.12,2.22,2.22,0,0,1,.07-1.47s0,0,0-.06c.32-.3.71-.5.77-1a2.57,2.57,0,0,0-1.41-2.77,2.08,2.08,0,0,0-2,0c-.64.35-.43,1.27-.9,1.86a2.7,2.7,0,0,0-.22.33.88.88,0,0,0-1.4.07.58.58,0,0,0-.17-.35c-.35-.27-1.2.34-1.41.63a1,1,0,0,0,.14,1.12h0a.77.77,0,0,0-.62.6.93.93,0,0,0,.67,1.13.76.76,0,0,0,.46-.08.49.49,0,0,0,.23.62c.33.21.69.34,1,0a1,1,0,0,0-.29-1.22.6.6,0,0,0-.46.11.61.61,0,0,0,0-.12,1,1,0,0,0-.6-.95,1.86,1.86,0,0,0,.76-.41,1,1,0,0,0,.19-.5,1.15,1.15,0,0,0,.43.69.65.65,0,0,0,.75-.05A2.44,2.44,0,0,0,114.74,195.83Z"/><path class="cls-14" d="M119,199.17a1.44,1.44,0,0,0,.54-.56l.06,0a.66.66,0,0,0,.09-.92,2.11,2.11,0,0,0-.29-.76,1.57,1.57,0,0,0-2-.38,1.57,1.57,0,0,0,1.64,2.66Z"/><path class="cls-14" d="M111,200.82c0-.19,1-.17,1.37-.81a.93.93,0,0,0,1-.26,1,1,0,0,0-.25-1.3.74.74,0,0,0-.77-.06,1.49,1.49,0,0,0-1.78-.85,3.13,3.13,0,0,1-1.34-.28v0a.9.9,0,0,0-1-.32,1.89,1.89,0,0,0-1.69.17.81.81,0,0,0-1.1.32c-.34.45-.34.9,0,1.1a.9.9,0,0,0,.35.11,1.39,1.39,0,0,0,.79,1.35c.57.21,1.28-.07,1.59.2s-.57.07.13,1.22S111.07,202.43,111,200.82Z"/><path class="cls-14" d="M107.6,203.87a1.24,1.24,0,0,0,.19-.58,1,1,0,0,0,.14.71.81.81,0,1,0,1.27-1,.81.81,0,0,0-1.08-.32.86.86,0,0,0-.33.61,1,1,0,0,0-.32-.95,1.62,1.62,0,0,0-1.32-.14.91.91,0,0,0-.83.15c-.24.18-.07.76.24,1a.36.36,0,0,0,.17.07,1.86,1.86,0,0,0,.57.78A1,1,0,0,0,107.6,203.87Z"/><path class="cls-14" d="M121.7,203.91a1.77,1.77,0,0,0,.61-2.18,1.72,1.72,0,0,0-2.15-.69,2.36,2.36,0,0,0-.58,2.47A1.64,1.64,0,0,0,121.7,203.91Z"/><path class="cls-14" d="M92.73,189.38l-.27.18h.06A.41.41,0,0,0,92.73,189.38Z"/><path class="cls-14" d="M156.7,238.92c0-.15-.35-.51-.53-.45s-.28.52-.22.66a.65.65,0,0,0,.5.31C156.6,239.42,156.73,239.07,156.7,238.92Z"/><path class="cls-14" d="M99.33,202c.18.41.57.45,1,.4s.88-.08,1.32-.15,1-.11,1.2-.68a.65.65,0,0,1,.39-.31,3,3,0,0,0,.83-.36.61.61,0,0,0,.11.27c.11.11.59.26.7.08a.56.56,0,0,0-.15-.59,1.5,1.5,0,0,0-.36-.15,1.77,1.77,0,0,0-.11-1c-.14-.46-.47-.75-.93-.58a2.17,2.17,0,0,1-1.31,0,1.65,1.65,0,0,0-1.29.2s0,0-.06-.07a.67.67,0,0,0-1.07.09.84.84,0,0,0,.11,1.2.81.81,0,0,0,.21.1c-.06.18-.13.34-.15.39C99.2,201.23,99.18,201.61,99.33,202Z"/><path class="cls-14" d="M134.1,244.57A1.59,1.59,0,0,0,134,244c-.06-.08-.46-.17-.6,0s.12.51.24.63S133.93,244.59,134.1,244.57Z"/><path class="cls-14" d="M133.25,252a.76.76,0,0,0,1,.37.64.64,0,0,0,.28-.86c-.14-.36-.61-.63-.9-.46A.79.79,0,0,0,133.25,252Z"/><path class="cls-14" d="M132.15,240.92a1.64,1.64,0,0,0,.57,1.15,1.23,1.23,0,0,0,1.5-.38.91.91,0,0,0,.09-.17h0a1.21,1.21,0,0,0,.66-1.67c-.53-1.13-.93-1.14-2.1-.86a1.39,1.39,0,0,0-.81,1.85S132.14,240.89,132.15,240.92Z"/><path class="cls-14" d="M123,207.16a.74.74,0,0,0,.13-.3,1.06,1.06,0,0,0,.21-.11.93.93,0,0,0,.3-1,1.09,1.09,0,0,0,1.39-.3,1.22,1.22,0,0,0,.56-.15,1.5,1.5,0,0,0,.27-1.66,1.1,1.1,0,0,0-1.28-.39l-.28.19a1.52,1.52,0,0,0-1.08.48,1.2,1.2,0,0,0-.15,1.35.87.87,0,0,0-.67.11.82.82,0,0,0-.75.31,1.16,1.16,0,0,0,0,1.54A1,1,0,0,0,123,207.16Z"/><path class="cls-14" d="M132.87,234.17h0a.72.72,0,0,0,.61.06,1.93,1.93,0,0,0,.9-1.65,8,8,0,0,0,1.57-.18c.84-.3,1.42-1,1-1.89a1.55,1.55,0,0,0-1.14-.94,1,1,0,0,0-1.08-.4c-.82.33-1.22.89-1,1.4a.94.94,0,0,0,.31.36.43.43,0,0,1-.45.39c-.83,0-.5-.73-1.66-.6s-1.73,1.21-1.21,1.85,1.22.46,1.3.64S132.22,234.26,132.87,234.17Z"/><path class="cls-14" d="M130.34,220.21a1.52,1.52,0,0,0,.89,1.45l.15.06a1.47,1.47,0,0,0-.93.54c-.31.44-.11,1.06.51,1.52a1.22,1.22,0,0,0,1.54,0,1,1,0,0,0,.1-.18.94.94,0,0,0,1,.5c.39-.13.82-.86.69-1.17a1.22,1.22,0,0,0-1.33-.58.77.77,0,0,0-.27.19,1.1,1.1,0,0,0-.34-.65.66.66,0,0,0-.22-.12,1.54,1.54,0,0,0,.63-.37,2.72,2.72,0,0,0,.79-1.7,1.24,1.24,0,0,1,.3-.63,1.12,1.12,0,0,0-.09-1.86A.58.58,0,0,0,134,217a1,1,0,0,0-.42-1.18,1,1,0,0,0-1.42.1.84.84,0,0,0,.27,1.19h0a1.59,1.59,0,0,0-.54.66,1.6,1.6,0,0,1-.75.91A1.76,1.76,0,0,0,130.34,220.21Z"/><path class="cls-14" d="M125,195.71a.81.81,0,0,0,.17.24.72.72,0,0,0,.68,0,.93.93,0,0,0,.39-.69.75.75,0,0,0-.15-.28.9.9,0,0,0-.19-.66c-.52-.77-1-.95-1.58-.59a1.43,1.43,0,0,0-.27,1.63A1.27,1.27,0,0,0,125,195.71Z"/><path class="cls-14" d="M129.71,217.74a1.28,1.28,0,0,1-.09.22l0,0a1,1,0,0,0-1.28.21.73.73,0,0,0-.11.37.17.17,0,0,0-.12,0,.27.27,0,0,0-.09.36.26.26,0,0,0,.27.07.93.93,0,0,0,.34.49.89.89,0,0,0,1.15-.16.69.69,0,0,0,.85-.3c.12-.23-.24-.7-.42-1C130.14,217.84,129.94,217.83,129.71,217.74Z"/><path class="cls-14" d="M134.89,208.49a.8.8,0,0,0-.1-1.11.77.77,0,0,0-1.18.08.93.93,0,0,0,.1,1.31A.86.86,0,0,0,134.89,208.49Z"/><path class="cls-14" d="M136.12,244.83c-.13-.09-.49-.11-.58,0a.56.56,0,0,0,.07.57c.11.1.54.21.7.08S136.24,244.92,136.12,244.83Z"/><path class="cls-14" d="M134.44,245.1a2.44,2.44,0,0,0-.34.72.84.84,0,0,0,1.2.25c.33-.24.22-.52.06-.78A.56.56,0,0,0,134.44,245.1Z"/><path class="cls-14" d="M132.72,207.78a.92.92,0,0,0,.23-1.2,1,1,0,0,0-1.22-.23.77.77,0,0,0-.28,1.07A.94.94,0,0,0,132.72,207.78Z"/><path class="cls-14" d="M133,253a1.37,1.37,0,0,0-.95-.39c-.74.15-.57.83-.67,1.43a3.1,3.1,0,0,0,.82.31,1.79,1.79,0,0,0,.13,1.22,1,1,0,0,0,1.46.27,1.08,1.08,0,0,0,.38-1.71,1.48,1.48,0,0,0-1-.68A.65.65,0,0,0,133,253Z"/><path class="cls-14" d="M130.07,202.8a.4.4,0,0,0,.21.34c.28.13,1,.36,1.2,0s-.06-.7-.25-.93a.79.79,0,0,0-.11-.59.86.86,0,0,0-1.25-.35,1,1,0,0,0-.28,1.2A.89.89,0,0,0,130.07,202.8Z"/><path class="cls-14" d="M129.28,196.05a1.55,1.55,0,0,0,.5-1.73c-.24-.37-1.22-.38-1.79,0a1,1,0,0,0-.2,1.32A1.19,1.19,0,0,0,129.28,196.05Z"/><path class="cls-14" d="M141.59,236.9c.39-.05.51-.42.39-.78s-.29-.63-.72-.53a.91.91,0,0,0-.56,1.13A2.71,2.71,0,0,0,141.59,236.9Z"/><path class="cls-14" d="M146.39,249.31a1.37,1.37,0,0,0,.69-1.14,1.41,1.41,0,0,0,.82-1.51c-.15-.43-1.35-.79-1.9-.56a1,1,0,0,0-.47.59,1.27,1.27,0,0,0-1,.13,1.45,1.45,0,0,0-.42,1.91A1.58,1.58,0,0,0,146.39,249.31Z"/><path class="cls-14" d="M152.94,254.19a1.92,1.92,0,0,0-.31.23,1.05,1.05,0,0,0-.06-.24,1.18,1.18,0,0,0-1.51-.59c-.59.2-.81.58-.64,1.1a1.72,1.72,0,0,0,.72.91.56.56,0,0,0-.42.06.8.8,0,0,0-.23,1.09.6.6,0,0,0,1,.16,2.09,2.09,0,0,0,.34-.78,1.23,1.23,0,0,0-.35-.39.89.89,0,0,0,.6,0,.9.9,0,0,0,.47-.52,1.5,1.5,0,0,0,.65.27l.57-.74a.59.59,0,0,0-.13-.29A1.63,1.63,0,0,0,152.94,254.19Z"/><path class="cls-14" d="M149.38,258.17c-.6.39-.8,1-.49,1.42a1.28,1.28,0,0,0,.32.29c.55-.53,1.08-1.08,1.6-1.64A1.05,1.05,0,0,0,149.38,258.17Z"/><path class="cls-14" d="M154.48,252.15a.46.46,0,0,0,.3-.55.5.5,0,1,0-.93.35A.53.53,0,0,0,154.48,252.15Z"/><path class="cls-14" d="M155.83,246.79a.78.78,0,0,0,.31-.89c-.13-.91-.47-1.17-1.38-1-.69.14-1.38.26-2.06.38-.33-1.23-.47-1.3-1.45-.78-.1.66.23,1,.88,1.1.09,1.6,1,1.94,2.38,1a2.09,2.09,0,0,1,.29.16C155.15,247.14,155.49,247,155.83,246.79Z"/><path class="cls-14" d="M143.88,245.65c.46-.42.15-1.39-.42-2.05a1.56,1.56,0,0,0-2,.06,1.62,1.62,0,0,0,.5,2.16A1.59,1.59,0,0,0,143.88,245.65Z"/><path class="cls-14" d="M146.89,252.2a2.25,2.25,0,0,0,1-1.64,1.22,1.22,0,0,0-1.68-.66c-.57.2-.74.75-.47,1.53C145.93,252.06,146.42,252.38,146.89,252.2Z"/><path class="cls-14" d="M146.87,256.6c0,.12.29.23.56.27l.06,0a.66.66,0,0,0,.91-.17c.07-.1.12-.2.18-.3l0-.05a4.31,4.31,0,0,0,.75-2.34,1.49,1.49,0,0,0-.12-.44,1.09,1.09,0,0,0-2-.1,6.8,6.8,0,0,0-.73,1.65,1.39,1.39,0,0,0,.29,1.17A.67.67,0,0,0,146.87,256.6Z"/><path class="cls-15" d="M119.27,182c-.58,0-1.17,0-1.75,0v91.11A45.56,45.56,0,0,0,119.27,182Z"/><rect class="cls-16" x="38.22" y="73.31" width="17.12" height="17.12"/><rect class="cls-8" x="76.57" y="30.51" width="17.12" height="17.12"/><rect class="cls-8" x="76.57" y="73.31" width="17.12" height="17.12"/><rect class="cls-16" x="38.22" y="116.11" width="17.12" height="17.12"/><rect class="cls-17" x="76.57" y="116.11" width="17.12" height="17.12"/><rect class="cls-7" x="219.15" y="145.27" width="256.88" height="199.34"/><circle class="cls-18" cx="286.84" cy="296.46" r="15.97"/><circle class="cls-5" cx="286.84" cy="296.46" r="6.62"/><circle class="cls-18" cx="286.84" cy="193.42" r="15.97"/><circle class="cls-5" cx="286.84" cy="193.42" r="6.62"/><rect class="cls-5" x="319.35" y="185.64" width="102.59" height="16.06" rx="8.03"/><rect class="cls-5" x="319.35" y="234.01" width="102.59" height="16.06" rx="8.03"/><rect class="cls-5" x="319.35" y="289.05" width="102.59" height="16.06" rx="8.03"/><path class="cls-5" d="M286.84,231.66a13,13,0,1,1-13,13,13,13,0,0,1,13-13m0-3a16,16,0,1,0,16,16,16,16,0,0,0-16-16Z"/><path class="cls-5" d="M246.32,118v42.53H203.78V118h42.54m3-3H200.78v48.53h48.54V115Z"/><rect class="cls-8" x="200.78" y="51.11" width="48.53" height="48.53"/><polygon class="cls-5" points="221.71 88.42 209.83 76.54 213.36 73.01 221.71 81.35 240.16 62.9 243.7 66.43 221.71 88.42"/></g></svg>
\ No newline at end of file
diff --git a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.tsx b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.tsx
index 8edeab15d6a091..6c6ab3930d7abe 100644
--- a/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/endpoint_hosts/view/index.tsx
@@ -401,7 +401,7 @@ export const HostList = () => {
             <p>
               <FormattedMessage
                 id="xpack.securitySolution.hostList.pageSubTitle"
-                defaultMessage="Hosts running the Elastic Endpoint"
+                defaultMessage="Hosts running Elastic Endpoint Security"
               />
             </p>
           </EuiText>
diff --git a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_details.tsx b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_details.tsx
index 2a4f839a4af1f0..b5861b68a0756c 100644
--- a/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_details.tsx
+++ b/x-pack/plugins/security_solution/public/management/pages/policy/view/policy_details.tsx
@@ -168,7 +168,7 @@ export const PolicyDetails = React.memo(() => {
           defaultMessage="Back to policy list"
         />
       </EuiButtonEmpty>
-      <PageViewHeaderTitle>{policyItem.name}</PageViewHeaderTitle>
+      <PageViewHeaderTitle className="eui-textTruncate">{policyItem.name}</PageViewHeaderTitle>
     </div>
   );
 
diff --git a/x-pack/plugins/security_solution/public/overview/components/endpoint_notice/index.tsx b/x-pack/plugins/security_solution/public/overview/components/endpoint_notice/index.tsx
index 3758bd10bfc8fc..7170412cb55ad2 100644
--- a/x-pack/plugins/security_solution/public/overview/components/endpoint_notice/index.tsx
+++ b/x-pack/plugins/security_solution/public/overview/components/endpoint_notice/index.tsx
@@ -42,7 +42,7 @@ export const EndpointNotice = memo<{ onDismiss: () => void }>(({ onDismiss }) =>
         <p>
           <FormattedMessage
             id="xpack.securitySolution.overview.endpointNotice.message"
-            defaultMessage="Elastic Endpoint Security gives you the power to keep your endpoints safe from attack, as well as unparalleled visibility into any threat in your environment."
+            defaultMessage="Protect your hosts with threat prevention, detection, and deep security data visibility."
           />
         </p>
         {/* eslint-disable-next-line @elastic/eui/href-or-on-click*/}
diff --git a/x-pack/plugins/security_solution/public/shared_imports.ts b/x-pack/plugins/security_solution/public/shared_imports.ts
index 472006a9e55b15..93edc484c3569a 100644
--- a/x-pack/plugins/security_solution/public/shared_imports.ts
+++ b/x-pack/plugins/security_solution/public/shared_imports.ts
@@ -4,6 +4,8 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
+export * from '../common/shared_imports';
+
 export {
   getUseField,
   getFieldValidityAndErrorMessage,
@@ -23,3 +25,23 @@ export {
 export { Field, SelectField } from '../../../../src/plugins/es_ui_shared/static/forms/components';
 export { fieldValidators } from '../../../../src/plugins/es_ui_shared/static/forms/helpers';
 export { ERROR_CODE } from '../../../../src/plugins/es_ui_shared/static/forms/helpers/field_validators/types';
+
+export {
+  useIsMounted,
+  useApi,
+  useExceptionList,
+  usePersistExceptionItem,
+  usePersistExceptionList,
+  useFindLists,
+  useCreateListIndex,
+  useReadListIndex,
+  useReadListPrivileges,
+  addExceptionListItem,
+  updateExceptionListItem,
+  fetchExceptionListById,
+  addExceptionList,
+  ExceptionIdentifiers,
+  ExceptionList,
+  Pagination,
+  UseExceptionListSuccess,
+} from '../../lists/public';
diff --git a/x-pack/plugins/security_solution/public/types.ts b/x-pack/plugins/security_solution/public/types.ts
index f9c773a2fa1ab8..3913b96b3e11a1 100644
--- a/x-pack/plugins/security_solution/public/types.ts
+++ b/x-pack/plugins/security_solution/public/types.ts
@@ -14,6 +14,7 @@ import { UiActionsStart } from '../../../../src/plugins/ui_actions/public';
 import { UsageCollectionSetup } from '../../../../src/plugins/usage_collection/public';
 import { Storage } from '../../../../src/plugins/kibana_utils/public';
 import { IngestManagerStart } from '../../ingest_manager/public';
+import { PluginStart as ListsPluginStart } from '../../lists/public';
 import {
   TriggersAndActionsUIPublicPluginSetup as TriggersActionsSetup,
   TriggersAndActionsUIPublicPluginStart as TriggersActionsStart,
@@ -33,6 +34,7 @@ export interface StartPlugins {
   embeddable: EmbeddableStart;
   inspector: InspectorStart;
   ingestManager?: IngestManagerStart;
+  lists?: ListsPluginStart;
   newsfeed?: NewsfeedStart;
   triggers_actions_ui: TriggersActionsStart;
   uiActions: UiActionsStart;
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/index.ts b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/index.ts
index 4b2eb3ea1ddb01..7915f1a8cbf509 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/index.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/index.ts
@@ -37,6 +37,16 @@ const HOST_STATUS_MAPPING = new Map<AgentStatus, HostStatus>([
   ['offline', HostStatus.OFFLINE],
 ]);
 
+/**
+ * 00000000-0000-0000-0000-000000000000 is initial Elastic Agent id sent by Endpoint before policy is configured
+ * 11111111-1111-1111-1111-111111111111 is Elastic Agent id sent by Endpoint when policy does not contain an id
+ */
+
+const IGNORED_ELASTIC_AGENT_IDS = [
+  '00000000-0000-0000-0000-000000000000',
+  '11111111-1111-1111-1111-111111111111',
+];
+
 const getLogger = (endpointAppContext: EndpointAppContext): Logger => {
   return endpointAppContext.logFactory.get('metadata');
 };
@@ -97,7 +107,7 @@ export function registerEndpointRoutes(router: IRouter, endpointAppContext: Endp
           endpointAppContext,
           metadataIndexPattern,
           {
-            unenrolledAgentIds,
+            unenrolledAgentIds: unenrolledAgentIds.concat(IGNORED_ELASTIC_AGENT_IDS),
           }
         );
 
diff --git a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/metadata.test.ts b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/metadata.test.ts
index 81027b42eb64fb..321eb0195aac39 100644
--- a/x-pack/plugins/security_solution/server/endpoint/routes/metadata/metadata.test.ts
+++ b/x-pack/plugins/security_solution/server/endpoint/routes/metadata/metadata.test.ts
@@ -138,7 +138,16 @@ describe('test endpoint route', () => {
 
     expect(mockScopedClient.callAsCurrentUser).toHaveBeenCalledTimes(1);
     expect(mockScopedClient.callAsCurrentUser.mock.calls[0][1]?.body?.query).toEqual({
-      match_all: {},
+      bool: {
+        must_not: {
+          terms: {
+            'elastic.agent.id': [
+              '00000000-0000-0000-0000-000000000000',
+              '11111111-1111-1111-1111-111111111111',
+            ],
+          },
+        },
+      },
     });
     expect(routeConfig.options).toEqual({ authRequired: true, tags: ['access:securitySolution'] });
     expect(mockResponse.ok).toBeCalled();
@@ -184,11 +193,22 @@ describe('test endpoint route', () => {
     expect(mockScopedClient.callAsCurrentUser.mock.calls[0][1]?.body?.query).toEqual({
       bool: {
         must: [
+          {
+            bool: {
+              must_not: {
+                terms: {
+                  'elastic.agent.id': [
+                    '00000000-0000-0000-0000-000000000000',
+                    '11111111-1111-1111-1111-111111111111',
+                  ],
+                },
+              },
+            },
+          },
           {
             bool: {
               must_not: {
                 bool: {
-                  minimum_should_match: 1,
                   should: [
                     {
                       match: {
@@ -196,6 +216,7 @@ describe('test endpoint route', () => {
                       },
                     },
                   ],
+                  minimum_should_match: 1,
                 },
               },
             },
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/403_response_to_a_post.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/apm_403_response_to_a_post.json
similarity index 92%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/403_response_to_a_post.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/apm_403_response_to_a_post.json
index 73005db600ca0b..9139ca82cc7d8b 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/403_response_to_a_post.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/apm_403_response_to_a_post.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "A POST request to web application returned a 403 response, which indicates the web application declined to process the request because the action requested was not allowed",
   "false_positives": [
     "Security scans and tests may result in these errors. Misconfigured or buggy applications may produce large numbers of these errors. If the source is unexpected, the user unauthorized, or the request unusual, these may indicate suspicious or malicious activity."
@@ -7,6 +10,7 @@
     "apm-*-transaction*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Web Application Suspicious Activity: POST Request Declined",
   "query": "http.response.status_code:403 and http.request.method:post",
   "references": [
@@ -20,5 +24,5 @@
     "Elastic"
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/405_response_method_not_allowed.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/apm_405_response_method_not_allowed.json
similarity index 91%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/405_response_method_not_allowed.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/apm_405_response_method_not_allowed.json
index de080ff342448d..2eb7d711e5fb83 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/405_response_method_not_allowed.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/apm_405_response_method_not_allowed.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "A request to web application returned a 405 response which indicates the web application declined to process the request because the HTTP method is not allowed for the resource",
   "false_positives": [
     "Security scans and tests may result in these errors. Misconfigured or buggy applications may produce large numbers of these errors. If the source is unexpected, the user unauthorized, or the request unusual, these may indicate suspicious or malicious activity."
@@ -7,6 +10,7 @@
     "apm-*-transaction*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Web Application Suspicious Activity: Unauthorized Method",
   "query": "http.response.status_code:405",
   "references": [
@@ -20,5 +24,5 @@
     "Elastic"
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/null_user_agent.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/apm_null_user_agent.json
similarity index 94%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/null_user_agent.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/apm_null_user_agent.json
index 489077c9a55169..e78395be8fb1b0 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/null_user_agent.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/apm_null_user_agent.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "A request to a web application server contained no identifying user agent string.",
   "false_positives": [
     "Some normal applications and scripts may contain no user agent. Most legitimate web requests from the Internet contain a user agent string. Requests from web browsers almost always contain a user agent string. If the source is unexpected, the user unauthorized, or the request unusual, these may indicate suspicious or malicious activity."
@@ -25,6 +28,7 @@
     "apm-*-transaction*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Web Application Suspicious Activity: No User Agent",
   "query": "url.path:*",
   "references": [
@@ -38,5 +42,5 @@
     "Elastic"
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/sqlmap_user_agent.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/apm_sqlmap_user_agent.json
similarity index 92%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/sqlmap_user_agent.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/apm_sqlmap_user_agent.json
index 3ad82d14be7a76..aaaab6b5c6031f 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/sqlmap_user_agent.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/apm_sqlmap_user_agent.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "This is an example of how to detect an unwanted web client user agent. This search matches the user agent for sqlmap 1.3.11, which is a popular FOSS tool for testing web applications for SQL injection vulnerabilities.",
   "false_positives": [
     "This rule does not indicate that a SQL injection attack occurred, only that the `sqlmap` tool was used. Security scans and tests may result in these errors. If the source is not an authorized security tester, this is generally suspicious or malicious activity."
@@ -7,6 +10,7 @@
     "apm-*-transaction*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Web Application Suspicious Activity: sqlmap User Agent",
   "query": "user_agent.original:\"sqlmap/1.3.11#stable (http://sqlmap.org)\"",
   "references": [
@@ -20,5 +24,5 @@
     "Elastic"
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/collection_cloudtrail_logging_created.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/collection_cloudtrail_logging_created.json
new file mode 100644
index 00000000000000..4437612a5056b0
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/collection_cloudtrail_logging_created.json
@@ -0,0 +1,48 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies the creation of an AWS log trail that specifies the settings for delivery of log data.",
+  "false_positives": [
+    "Trail creations may be made by a system or network administrator. Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. Trail creations from unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS CloudTrail Log Created",
+  "query": "event.action:CreateTrail and event.dataset:aws.cloudtrail and event.provider:cloudtrail.amazonaws.com and event.outcome:success",
+  "references": [
+    "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_CreateTrail.html",
+    "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudtrail/create-trail.html"
+  ],
+  "risk_score": 21,
+  "rule_id": "594e0cbf-86cc-45aa-9ff7-ff27db27d3ed",
+  "severity": "low",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0009",
+        "name": "Collection",
+        "reference": "https://attack.mitre.org/tactics/TA0009/"
+      },
+      "technique": [
+        {
+          "id": "T1530",
+          "name": "Data from Cloud Storage Object",
+          "reference": "https://attack.mitre.org/techniques/T1530/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_certutil_network_connection.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_certutil_network_connection.json
similarity index 77%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_certutil_network_connection.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_certutil_network_connection.json
index 82db7de3d3130e..4132d03c278545 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_certutil_network_connection.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_certutil_network_connection.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies certutil.exe making a network connection. Adversaries could abuse certutil.exe to download a certificate, or malware, from a remote URL.",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Network Connection via Certutil",
-  "query": "process.name:certutil.exe and event.action:\"Network connection detected (rule: NetworkConnect)\" and not destination.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16)",
+  "query": "event.category:network and event.type:connection and process.name:certutil.exe and not destination.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16)",
   "risk_score": 21,
   "rule_id": "3838e0e3-1850-4850-a411-2e8c5ba40ba8",
   "severity": "low",
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_dns_directly_to_the_internet.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_dns_directly_to_the_internet.json
similarity index 78%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_dns_directly_to_the_internet.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_dns_directly_to_the_internet.json
index 1ffabbc876e2ef..79ec202c41ffb6 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_dns_directly_to_the_internet.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_dns_directly_to_the_internet.json
@@ -1,14 +1,19 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "This rule detects when an internal network client sends DNS traffic directly to the Internet. This is atypical behavior for a managed network, and can be indicative of malware, exfiltration, command and control, or, simply, misconfiguration. This DNS activity also impacts your organization's ability to provide enterprise monitoring and logging of DNS, and opens your network to a variety of abuses and malicious communications.",
   "false_positives": [
     "Exclude DNS servers from this rule as this is expected behavior. Endpoints usually query local DNS servers defined in their DHCP scopes, but this may be overridden if a user configures their endpoint to use a remote DNS server. This is uncommon in managed enterprise networks because it could break intranet name resolution when split horizon DNS is utilized. Some consumer VPN services and browser plug-ins may send DNS traffic to remote Internet destinations. In that case, such devices or networks can be excluded from this rule when this is expected behavior."
   ],
   "index": [
-    "filebeat-*"
+    "filebeat-*",
+    "packetbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "DNS Activity to the Internet",
-  "query": "destination.port:53 and source.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) and not destination.ip:(10.0.0.0/8 or 127.0.0.0/8 or 169.254.169.254/32 or 172.16.0.0/12 or 192.168.0.0/16 or 224.0.0.251 or 224.0.0.252 or 255.255.255.255 or \"::1\" or \"ff02::fb\")",
+  "query": "event.category:(network or network_traffic) and (event.type:connection or type:dns) and (destination.port:53 or event.dataset:zeek.dns) and source.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) and not destination.ip:(10.0.0.0/8 or 127.0.0.0/8 or 169.254.169.254/32 or 172.16.0.0/12 or 192.168.0.0/16 or 224.0.0.251 or 224.0.0.252 or 255.255.255.255 or \"::1\" or \"ff02::fb\")",
   "references": [
     "https://www.us-cert.gov/ncas/alerts/TA15-240A",
     "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-81-2.pdf"
@@ -38,5 +43,5 @@
     }
   ],
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_ftp_file_transfer_protocol_activity_to_the_internet.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_ftp_file_transfer_protocol_activity_to_the_internet.json
similarity index 83%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_ftp_file_transfer_protocol_activity_to_the_internet.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_ftp_file_transfer_protocol_activity_to_the_internet.json
index 0649d408a5c221..9a009ffd3fd219 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_ftp_file_transfer_protocol_activity_to_the_internet.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_ftp_file_transfer_protocol_activity_to_the_internet.json
@@ -1,14 +1,19 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "This rule detects events that may indicate the use of FTP network connections to the Internet. The File Transfer Protocol (FTP) has been around in its current form since the 1980s. It can be a common and efficient procedure on your network to send and receive files. Because of this, adversaries will also often use this protocol to exfiltrate data from your network or download new tools. Additionally, FTP is a plain-text protocol which, if intercepted, may expose usernames and passwords. FTP activity involving servers subject to regulations or compliance standards may be unauthorized.",
   "false_positives": [
     "FTP servers should be excluded from this rule as this is expected behavior. Some business workflows may use FTP for data exchange. These workflows often have expected characteristics such as users, sources, and destinations. FTP activity involving an unusual source or destination may be more suspicious. FTP activity involving a production server that has no known associated FTP workflow or business requirement is often suspicious."
   ],
   "index": [
-    "filebeat-*"
+    "filebeat-*",
+    "packetbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "FTP (File Transfer Protocol) Activity to the Internet",
-  "query": "network.transport:tcp and destination.port:(20 or 21) and source.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) and not destination.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\")",
+  "query": "event.category:(network or network_traffic) and network.transport:tcp and (destination.port:(20 or 21) or event.dataset:zeek.ftp) and source.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) and not destination.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\")",
   "risk_score": 21,
   "rule_id": "87ec6396-9ac4-4706-bcf0-2ebb22002f43",
   "severity": "low",
@@ -49,5 +54,5 @@
     }
   ],
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_irc_internet_relay_chat_protocol_activity_to_the_internet.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_irc_internet_relay_chat_protocol_activity_to_the_internet.json
similarity index 83%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_irc_internet_relay_chat_protocol_activity_to_the_internet.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_irc_internet_relay_chat_protocol_activity_to_the_internet.json
index bdabfa4d5f38fc..af30861d85e04e 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_irc_internet_relay_chat_protocol_activity_to_the_internet.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_irc_internet_relay_chat_protocol_activity_to_the_internet.json
@@ -1,14 +1,19 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "This rule detects events that use common ports for Internet Relay Chat (IRC) to the Internet. IRC is a common protocol that can be used for chat and file transfers. This protocol is also a good candidate for remote control of malware and data transfers to and from a network.",
   "false_positives": [
     "IRC activity may be normal behavior for developers and engineers but is unusual for non-engineering end users. IRC activity involving an unusual source or destination may be more suspicious. IRC activity involving a production server is often suspicious. Because these ports are in the ephemeral range, this rule may false under certain conditions, such as when a NAT-ed web server replies to a client which has used a port in the range by coincidence. In this case, these servers can be excluded. Some legacy applications may use these ports, but this is very uncommon and usually only appears in local traffic using private IPs, which does not match this rule's conditions."
   ],
   "index": [
-    "filebeat-*"
+    "filebeat-*",
+    "packetbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "IRC (Internet Relay Chat) Protocol Activity to the Internet",
-  "query": "network.transport:tcp and destination.port:(6667 or 6697) and source.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) and not destination.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\")",
+  "query": "event.category:(network or network_traffic) and network.transport:tcp and (destination.port:(6667 or 6697) or event.dataset:zeek.irc) and source.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) and not destination.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\")",
   "risk_score": 47,
   "rule_id": "c6474c34-4953-447a-903e-9fcb7b6661aa",
   "severity": "medium",
@@ -49,5 +54,5 @@
     }
   ],
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_nat_traversal_port_activity.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_nat_traversal_port_activity.json
similarity index 87%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_nat_traversal_port_activity.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_nat_traversal_port_activity.json
index 63bdd2b83e3bc9..e42bf4029eb018 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_nat_traversal_port_activity.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_nat_traversal_port_activity.json
@@ -1,14 +1,19 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "This rule detects events that could be describing IPSEC NAT Traversal traffic. IPSEC is a VPN technology that allows one system to talk to another using encrypted tunnels. NAT Traversal enables these tunnels to communicate over the Internet where one of the sides is behind a NAT router gateway. This may be common on your network, but this technique is also used by threat actors to avoid detection.",
   "false_positives": [
     "Some networks may utilize these protocols but usage that is unfamiliar to local network administrators can be unexpected and suspicious. Because this port is in the ephemeral range, this rule may false under certain conditions, such as when an application server with a public IP address replies to a client which has used a UDP port in the range by coincidence. This is uncommon but such servers can be excluded."
   ],
   "index": [
-    "filebeat-*"
+    "filebeat-*",
+    "packetbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "IPSEC NAT Traversal Port Activity",
-  "query": "network.transport:udp and destination.port:4500",
+  "query": "event.category:(network or network_traffic) and network.transport:udp and destination.port:4500",
   "risk_score": 21,
   "rule_id": "a9cb3641-ff4b-4cdc-a063-b4b8d02a67c7",
   "severity": "low",
@@ -34,5 +39,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_port_26_activity.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_port_26_activity.json
similarity index 85%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_port_26_activity.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_port_26_activity.json
index df809d22253529..ed20554ae8c40c 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_port_26_activity.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_port_26_activity.json
@@ -1,14 +1,19 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "This rule detects events that may indicate use of SMTP on TCP port 26. This port is commonly used by several popular mail transfer agents to deconflict with the default SMTP port 25. This port has also been used by a malware family called BadPatch for command and control of Windows systems.",
   "false_positives": [
     "Servers that process email traffic may cause false positives and should be excluded from this rule as this is expected behavior."
   ],
   "index": [
-    "filebeat-*"
+    "filebeat-*",
+    "packetbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "SMTP on Port 26/TCP",
-  "query": "network.transport:tcp and destination.port:26",
+  "query": "event.category:(network or network_traffic) and network.transport:tcp and (destination.port:26 or (event.dataset:zeek.smtp and destination.port:26))",
   "references": [
     "https://unit42.paloaltonetworks.com/unit42-badpatch/",
     "https://isc.sans.edu/forums/diary/Next+up+whats+up+with+TCP+port+26/25564/"
@@ -53,5 +58,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_port_8000_activity_to_the_internet.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_port_8000_activity_to_the_internet.json
similarity index 79%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_port_8000_activity_to_the_internet.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_port_8000_activity_to_the_internet.json
index 11b711d8f74647..319f95ed88e08b 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_port_8000_activity_to_the_internet.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_port_8000_activity_to_the_internet.json
@@ -1,14 +1,19 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "TCP Port 8000 is commonly used for development environments of web server software. It generally should not be exposed directly to the Internet. If you are running software like this on the Internet, you should consider placing it behind a reverse proxy.",
   "false_positives": [
     "Because this port is in the ephemeral range, this rule may false under certain conditions, such as when a NATed web server replies to a client which has used a port in the range by coincidence. In this case, such servers can be excluded. Some applications may use this port but this is very uncommon and usually appears in local traffic using private IPs, which this rule does not match. Some cloud environments, particularly development environments, may use this port when VPNs or direct connects are not in use and cloud instances are accessed across the Internet."
   ],
   "index": [
-    "filebeat-*"
+    "filebeat-*",
+    "packetbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "TCP Port 8000 Activity to the Internet",
-  "query": "network.transport:tcp and destination.port:8000 and source.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) and not destination.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\")",
+  "query": "event.category:(network or network_traffic) and network.transport:tcp and destination.port:8000 and source.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) and not destination.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\")",
   "risk_score": 21,
   "rule_id": "08d5d7e2-740f-44d8-aeda-e41f4263efaf",
   "severity": "low",
@@ -34,5 +39,5 @@
     }
   ],
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_pptp_point_to_point_tunneling_protocol_activity.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_pptp_point_to_point_tunneling_protocol_activity.json
similarity index 85%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_pptp_point_to_point_tunneling_protocol_activity.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_pptp_point_to_point_tunneling_protocol_activity.json
index 87d37b77f53b47..bd478f2b23fc03 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_pptp_point_to_point_tunneling_protocol_activity.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_pptp_point_to_point_tunneling_protocol_activity.json
@@ -1,14 +1,19 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "This rule detects events that may indicate use of a PPTP VPN connection. Some threat actors use these types of connections to tunnel their traffic while avoiding detection.",
   "false_positives": [
     "Some networks may utilize PPTP protocols but this is uncommon as more modern VPN technologies are available. Usage that is unfamiliar to local network administrators can be unexpected and suspicious. Torrenting applications may use this port. Because this port is in the ephemeral range, this rule may false under certain conditions, such as when an application server replies to a client that used this port by coincidence. This is uncommon but such servers can be excluded."
   ],
   "index": [
-    "filebeat-*"
+    "filebeat-*",
+    "packetbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "PPTP (Point to Point Tunneling Protocol) Activity",
-  "query": "network.transport:tcp and destination.port:1723",
+  "query": "event.category:(network or network_traffic) and network.transport:tcp and destination.port:1723",
   "risk_score": 21,
   "rule_id": "d2053495-8fe7-4168-b3df-dad844046be3",
   "severity": "low",
@@ -34,5 +39,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_proxy_port_activity_to_the_internet.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_proxy_port_activity_to_the_internet.json
similarity index 53%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_proxy_port_activity_to_the_internet.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_proxy_port_activity_to_the_internet.json
index 35ba1ca8062962..ee025053006115 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_proxy_port_activity_to_the_internet.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_proxy_port_activity_to_the_internet.json
@@ -1,14 +1,19 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "This rule detects events that may describe network events of proxy use to the Internet. It includes popular HTTP proxy ports and SOCKS proxy ports. Typically, environments will use an internal IP address for a proxy server. It can also be used to circumvent network controls and detection mechanisms.",
   "false_positives": [
-    "Some proxied applications may use these ports but this usually occurs in local traffic using private IPs which this rule does not match. Proxies are widely used as a security technology but in enterprise environments this is usually local traffic which this rule does not match. Internet proxy services using these ports can be white-listed if desired. Some screen recording applications may use these ports. Proxy port activity involving an unusual source or destination may be more suspicious. Some cloud environments may use this port when VPNs or direct connects are not in use and cloud instances are accessed across the Internet. Because these ports are in the ephemeral range, this rule may false under certain conditions such as when a NATed web server replies to a client which has used a port in the range by coincidence. In this case, such servers can be excluded if desired."
+    "Some proxied applications may use these ports but this usually occurs in local traffic using private IPs which this rule does not match. Proxies are widely used as a security technology but in enterprise environments this is usually local traffic which this rule does not match. If desired, internet proxy services using these ports can be added to allowlists. Some screen recording applications may use these ports. Proxy port activity involving an unusual source or destination may be more suspicious. Some cloud environments may use this port when VPNs or direct connects are not in use and cloud instances are accessed across the Internet. Because these ports are in the ephemeral range, this rule may false under certain conditions such as when a NATed web server replies to a client which has used a port in the range by coincidence. In this case, such servers can be excluded if desired."
   ],
   "index": [
-    "filebeat-*"
+    "filebeat-*",
+    "packetbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Proxy Port Activity to the Internet",
-  "query": "network.transport:tcp and destination.port:(1080 or 3128 or 8080) and source.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) and not destination.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\")",
+  "query": "event.category:(network or network_traffic) and network.transport:tcp and (destination.port:(1080 or 3128 or 8080) or event.dataset:zeek.socks) and source.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) and not destination.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\")",
   "risk_score": 47,
   "rule_id": "ad0e5e75-dd89-4875-8d0a-dfdc1828b5f3",
   "severity": "medium",
@@ -34,5 +39,5 @@
     }
   ],
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_rdp_remote_desktop_protocol_from_the_internet.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_rdp_remote_desktop_protocol_from_the_internet.json
similarity index 85%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_rdp_remote_desktop_protocol_from_the_internet.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_rdp_remote_desktop_protocol_from_the_internet.json
index 7b0c9b2927cabc..87544647b17e13 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_rdp_remote_desktop_protocol_from_the_internet.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_rdp_remote_desktop_protocol_from_the_internet.json
@@ -1,14 +1,19 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "This rule detects network events that may indicate the use of RDP traffic from the Internet. RDP is commonly used by system administrators to remotely control a system for maintenance or to use shared resources. It should almost never be directly exposed to the Internet, as it is frequently targeted and exploited by threat actors as an initial access or back-door vector.",
   "false_positives": [
     "Some network security policies allow RDP directly from the Internet but usage that is unfamiliar to server or network owners can be unexpected and suspicious. RDP services may be exposed directly to the Internet in some networks such as cloud environments. In such cases, only RDP gateways, bastions or jump servers may be expected expose RDP directly to the Internet and can be exempted from this rule. RDP may be required by some work-flows such as remote access and support for specialized software products and servers. Such work-flows are usually known and not unexpected."
   ],
   "index": [
-    "filebeat-*"
+    "filebeat-*",
+    "packetbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "RDP (Remote Desktop Protocol) from the Internet",
-  "query": "network.transport:tcp and destination.port:3389 and not source.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) and destination.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\")",
+  "query": "event.category:(network or network_traffic) and network.transport:tcp and (destination.port:3389 or event.dataset:zeek.rdp) and not source.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) and destination.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\")",
   "risk_score": 47,
   "rule_id": "8c1bdde8-4204-45c0-9e0c-c85ca3902488",
   "severity": "medium",
@@ -64,5 +69,5 @@
     }
   ],
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_smtp_to_the_internet.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_smtp_to_the_internet.json
similarity index 79%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_smtp_to_the_internet.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_smtp_to_the_internet.json
index c05efa1c0e26bb..3a082c29a4cf1d 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_smtp_to_the_internet.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_smtp_to_the_internet.json
@@ -1,14 +1,19 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "This rule detects events that may describe SMTP traffic from internal hosts to a host across the Internet. In an enterprise network, there is typically a dedicated internal host that performs this function. It is also frequently abused by threat actors for command and control, or data exfiltration.",
   "false_positives": [
     "NATed servers that process email traffic may false and should be excluded from this rule as this is expected behavior for them. Consumer and personal devices may send email traffic to remote Internet destinations. In this case, such devices or networks can be excluded from this rule if this is expected behavior."
   ],
   "index": [
-    "filebeat-*"
+    "filebeat-*",
+    "packetbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "SMTP to the Internet",
-  "query": "network.transport:tcp and destination.port:(25 or 465 or 587) and source.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) and not destination.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\")",
+  "query": "event.category:(network or network_traffic) and network.transport:tcp and (destination.port:(25 or 465 or 587) or event.dataset:zeek.smtp) and source.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) and not destination.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\")",
   "risk_score": 21,
   "rule_id": "67a9beba-830d-4035-bfe8-40b7e28f8ac4",
   "severity": "low",
@@ -49,5 +54,5 @@
     }
   ],
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_sql_server_port_activity_to_the_internet.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_sql_server_port_activity_to_the_internet.json
similarity index 75%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_sql_server_port_activity_to_the_internet.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_sql_server_port_activity_to_the_internet.json
index 5ed7ca41120158..95ac4d88368007 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_sql_server_port_activity_to_the_internet.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_sql_server_port_activity_to_the_internet.json
@@ -1,14 +1,19 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "This rule detects events that may describe database traffic (MS SQL, Oracle, MySQL, and Postgresql) across the Internet. Databases should almost never be directly exposed to the Internet, as they are frequently targeted by threat actors to gain initial access to network resources.",
   "false_positives": [
     "Because these ports are in the ephemeral range, this rule may false under certain conditions such as when a NATed web server replies to a client which has used a port in the range by coincidence. In this case, such servers can be excluded if desired. Some cloud environments may use this port when VPNs or direct connects are not in use and database instances are accessed directly across the Internet."
   ],
   "index": [
-    "filebeat-*"
+    "filebeat-*",
+    "packetbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "SQL Traffic to the Internet",
-  "query": "network.transport:tcp and destination.port:(1433 or 1521 or 3336 or 5432) and source.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) and not destination.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\")",
+  "query": "event.category:(network or network_traffic) and network.transport:tcp and (destination.port:(1433 or 1521 or 3306 or 5432) or event.dataset:zeek.mysql) and source.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) and not destination.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\")",
   "risk_score": 47,
   "rule_id": "139c7458-566a-410c-a5cd-f80238d6a5cd",
   "severity": "medium",
@@ -34,5 +39,5 @@
     }
   ],
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_ssh_secure_shell_from_the_internet.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_ssh_secure_shell_from_the_internet.json
similarity index 85%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_ssh_secure_shell_from_the_internet.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_ssh_secure_shell_from_the_internet.json
index 2bd9a3f63ee8ce..fe5608459ffce7 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_ssh_secure_shell_from_the_internet.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_ssh_secure_shell_from_the_internet.json
@@ -1,14 +1,19 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "This rule detects network events that may indicate the use of SSH traffic from the Internet. SSH is commonly used by system administrators to remotely control a system using the command line shell. If it is exposed to the Internet, it should be done with strong security controls as it is frequently targeted and exploited by threat actors as an initial access or back-door vector.",
   "false_positives": [
     "Some network security policies allow SSH directly from the Internet but usage that is unfamiliar to server or network owners can be unexpected and suspicious. SSH services may be exposed directly to the Internet in some networks such as cloud environments. In such cases, only SSH gateways, bastions or jump servers may be expected expose SSH directly to the Internet and can be exempted from this rule. SSH may be required by some work-flows such as remote access and support for specialized software products and servers. Such work-flows are usually known and not unexpected."
   ],
   "index": [
-    "filebeat-*"
+    "filebeat-*",
+    "packetbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "SSH (Secure Shell) from the Internet",
-  "query": "network.transport:tcp and destination.port:22 and not source.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\") and destination.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16)",
+  "query": "event.category:(network or network_traffic) and network.transport:tcp and (destination.port:22 or event.dataset:zeek.ssh) and not source.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\") and destination.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16)",
   "risk_score": 47,
   "rule_id": "ea0784f0-a4d7-4fea-ae86-4baaf27a6f17",
   "severity": "medium",
@@ -64,5 +69,5 @@
     }
   ],
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_ssh_secure_shell_to_the_internet.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_ssh_secure_shell_to_the_internet.json
similarity index 80%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_ssh_secure_shell_to_the_internet.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_ssh_secure_shell_to_the_internet.json
index 6512a1627db89a..9ecfe39a793032 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_ssh_secure_shell_to_the_internet.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_ssh_secure_shell_to_the_internet.json
@@ -1,14 +1,19 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "This rule detects network events that may indicate the use of SSH traffic from the Internet. SSH is commonly used by system administrators to remotely control a system using the command line shell. If it is exposed to the Internet, it should be done with strong security controls as it is frequently targeted and exploited by threat actors as an initial access or back-door vector.",
   "false_positives": [
     "SSH connections may be made directly to Internet destinations in order to access Linux cloud server instances but such connections are usually made only by engineers. In such cases, only SSH gateways, bastions or jump servers may be expected Internet destinations and can be exempted from this rule. SSH may be required by some work-flows such as remote access and support for specialized software products and servers. Such work-flows are usually known and not unexpected. Usage that is unfamiliar to server or network owners can be unexpected and suspicious."
   ],
   "index": [
-    "filebeat-*"
+    "filebeat-*",
+    "packetbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "SSH (Secure Shell) to the Internet",
-  "query": "network.transport:tcp and destination.port:22 and source.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) and not destination.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\")",
+  "query": "event.category:(network or network_traffic) and network.transport:tcp and (destination.port:22 or event.dataset:zeek.ssh) and source.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) and not destination.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\")",
   "risk_score": 21,
   "rule_id": "6f1500bc-62d7-4eb9-8601-7485e87da2f4",
   "severity": "low",
@@ -34,5 +39,5 @@
     }
   ],
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_telnet_port_activity.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_telnet_port_activity.json
similarity index 91%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_telnet_port_activity.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_telnet_port_activity.json
index af60c991ceea2c..561a100afa44ac 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_telnet_port_activity.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_telnet_port_activity.json
@@ -1,14 +1,19 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "This rule detects network events that may indicate the use of Telnet traffic. Telnet is commonly used by system administrators to remotely control older or embed ed systems using the command line shell. It should almost never be directly exposed to the Internet, as it is frequently targeted and exploited by threat actors as an initial access or back-door vector. As a plain-text protocol, it may also expose usernames and passwords to anyone capable of observing the traffic.",
   "false_positives": [
     "IoT (Internet of Things) devices and networks may use telnet and can be excluded if desired. Some business work-flows may use Telnet for administration of older devices. These often have a predictable behavior. Telnet activity involving an unusual source or destination may be more suspicious. Telnet activity involving a production server that has no known associated Telnet work-flow or business requirement is often suspicious."
   ],
   "index": [
-    "filebeat-*"
+    "filebeat-*",
+    "packetbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Telnet Port Activity",
-  "query": "network.transport:tcp and destination.port:23",
+  "query": "event.category:(network or network_traffic) and network.transport:tcp and destination.port:23",
   "risk_score": 47,
   "rule_id": "34fde489-94b0-4500-a76f-b8a157cf9269",
   "severity": "medium",
@@ -64,5 +69,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_tor_activity_to_the_internet.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_tor_activity_to_the_internet.json
similarity index 82%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_tor_activity_to_the_internet.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_tor_activity_to_the_internet.json
index ff2ead0eaaf496..b278c36d01c1b7 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_tor_activity_to_the_internet.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_tor_activity_to_the_internet.json
@@ -1,14 +1,19 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "This rule detects network events that may indicate the use of Tor traffic to the Internet. Tor is a network protocol that sends traffic through a series of encrypted tunnels used to conceal a user's location and usage. Tor may be used by threat actors as an alternate communication pathway to conceal the actor's identity and avoid detection.",
   "false_positives": [
     "Tor client activity is uncommon in managed enterprise networks but may be common in unmanaged or public networks where few security policies apply. Because these ports are in the ephemeral range, this rule may false under certain conditions such as when a NATed web server replies to a client which has used one of these ports by coincidence. In this case, such servers can be excluded if desired."
   ],
   "index": [
-    "filebeat-*"
+    "filebeat-*",
+    "packetbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Tor Activity to the Internet",
-  "query": "network.transport:tcp and destination.port:(9001 or 9030) and source.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) and not destination.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\")",
+  "query": "event.category:(network or network_traffic) and network.transport:tcp and destination.port:(9001 or 9030) and source.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) and not destination.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\")",
   "risk_score": 47,
   "rule_id": "7d2c38d7-ede7-4bdf-b140-445906e6c540",
   "severity": "medium",
@@ -49,5 +54,5 @@
     }
   ],
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_vnc_virtual_network_computing_from_the_internet.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_vnc_virtual_network_computing_from_the_internet.json
similarity index 82%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_vnc_virtual_network_computing_from_the_internet.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_vnc_virtual_network_computing_from_the_internet.json
index 7fac7938579ca5..2e039544cfd99a 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_vnc_virtual_network_computing_from_the_internet.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_vnc_virtual_network_computing_from_the_internet.json
@@ -1,14 +1,19 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "This rule detects network events that may indicate the use of VNC traffic from the Internet. VNC is commonly used by system administrators to remotely control a system for maintenance or to use shared resources. It should almost never be directly exposed to the Internet, as it is frequently targeted and exploited by threat actors as an initial access or back-door vector.",
   "false_positives": [
     "VNC connections may be received directly to Linux cloud server instances but such connections are usually made only by engineers. VNC is less common than SSH or RDP but may be required by some work-flows such as remote access and support for specialized software products or servers. Such work-flows are usually known and not unexpected. Usage that is unfamiliar to server or network owners can be unexpected and suspicious."
   ],
   "index": [
-    "filebeat-*"
+    "filebeat-*",
+    "packetbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "VNC (Virtual Network Computing) from the Internet",
-  "query": "network.transport:tcp and destination.port >= 5800 and destination.port <= 5810 and not source.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\") and destination.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16)",
+  "query": "event.category:(network or network_traffic) and network.transport:tcp and destination.port >= 5800 and destination.port <= 5810 and not source.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\") and destination.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16)",
   "risk_score": 73,
   "rule_id": "5700cb81-df44-46aa-a5d7-337798f53eb8",
   "severity": "high",
@@ -49,5 +54,5 @@
     }
   ],
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_vnc_virtual_network_computing_to_the_internet.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_vnc_virtual_network_computing_to_the_internet.json
similarity index 78%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_vnc_virtual_network_computing_to_the_internet.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_vnc_virtual_network_computing_to_the_internet.json
index 0a620d355b9aee..e4282539c5a9df 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_vnc_virtual_network_computing_to_the_internet.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/command_and_control_vnc_virtual_network_computing_to_the_internet.json
@@ -1,14 +1,19 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "This rule detects network events that may indicate the use of VNC traffic to the Internet. VNC is commonly used by system administrators to remotely control a system for maintenance or to use shared resources. It should almost never be directly exposed to the Internet, as it is frequently targeted and exploited by threat actors as an initial access or back-door vector.",
   "false_positives": [
     "VNC connections may be made directly to Linux cloud server instances but such connections are usually made only by engineers. VNC is less common than SSH or RDP but may be required by some work flows such as remote access and support for specialized software products or servers. Such work-flows are usually known and not unexpected. Usage that is unfamiliar to server or network owners can be unexpected and suspicious."
   ],
   "index": [
-    "filebeat-*"
+    "filebeat-*",
+    "packetbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "VNC (Virtual Network Computing) to the Internet",
-  "query": "network.transport:tcp and destination.port >= 5800 and destination.port <= 5810 and source.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) and not destination.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\")",
+  "query": "event.category:(network or network_traffic) and network.transport:tcp and destination.port >= 5800 and destination.port <= 5810 and source.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) and not destination.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\")",
   "risk_score": 47,
   "rule_id": "3ad49c61-7adc-42c1-b788-732eda2f5abf",
   "severity": "medium",
@@ -34,5 +39,5 @@
     }
   ],
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_attempted_bypass_of_okta_mfa.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_attempted_bypass_of_okta_mfa.json
new file mode 100644
index 00000000000000..e3e4b7b54c3b29
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_attempted_bypass_of_okta_mfa.json
@@ -0,0 +1,43 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "An adversary may attempt to bypass the Okta multi-factor authentication (MFA) policies configured for an organization in order to obtain unauthorized access to an application. This rule detects when an Okta MFA bypass attempt occurs.",
+  "index": [
+    "filebeat-*"
+  ],
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "Attempted Bypass of Okta MFA",
+  "query": "event.module:okta and event.dataset:okta.system and event.action:user.mfa.attempt_bypass",
+  "references": [
+    "https://developer.okta.com/docs/reference/api/system-log/",
+    "https://developer.okta.com/docs/reference/api/event-types/"
+  ],
+  "risk_score": 73,
+  "rule_id": "3805c3dc-f82c-4f8d-891e-63c24d3102b0",
+  "severity": "high",
+  "tags": [
+    "Elastic",
+    "Okta"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0006",
+        "name": "Credential Access",
+        "reference": "https://attack.mitre.org/tactics/TA0006/"
+      },
+      "technique": [
+        {
+          "id": "T1111",
+          "name": "Two-Factor Authentication Interception",
+          "reference": "https://attack.mitre.org/techniques/T1111/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_credential_dumping_msbuild.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_credential_dumping_msbuild.json
similarity index 78%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_credential_dumping_msbuild.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_credential_dumping_msbuild.json
index 4ff78914385543..a2936f3f09519b 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_credential_dumping_msbuild.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_credential_dumping_msbuild.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "An instance of MSBuild, the Microsoft Build Engine, loaded DLLs (dynamically linked libraries) responsible for Windows credential management. This technique is sometimes used for credential dumping.",
   "false_positives": [
     "The Build Engine is commonly used by Windows developers but use by non-engineers is unusual."
@@ -7,8 +10,9 @@
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Microsoft Build Engine Loading Windows Credential Libraries",
-  "query": "(winlog.event_data.OriginalFileName: (vaultcli.dll or SAMLib.DLL) or dll.name: (vaultcli.dll or SAMLib.DLL)) and process.name: MSBuild.exe and event.action: \"Image loaded (rule: ImageLoad)\"",
+  "query": "event.category:process and event.type:change and (winlog.event_data.OriginalFileName:(vaultcli.dll or SAMLib.DLL) or dll.name:(vaultcli.dll or SAMLib.DLL)) and process.name: MSBuild.exe",
   "risk_score": 73,
   "rule_id": "9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae5",
   "severity": "high",
@@ -34,5 +38,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_iam_user_addition_to_group.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_iam_user_addition_to_group.json
new file mode 100644
index 00000000000000..1e268d2f6bf06f
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_iam_user_addition_to_group.json
@@ -0,0 +1,62 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies the addition of a user to a specified group in AWS Identity and Access Management (IAM).",
+  "false_positives": [
+    "Adding users to a specified group may be done by a system or network administrator. Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. User additions from unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS IAM User Addition to Group",
+  "query": "event.action:AddUserToGroup and event.dataset:aws.cloudtrail and event.provider:iam.amazonaws.com and event.outcome:success",
+  "references": [
+    "https://docs.aws.amazon.com/IAM/latest/APIReference/API_AddUserToGroup.html"
+  ],
+  "risk_score": 21,
+  "rule_id": "333de828-8190-4cf5-8d7c-7575846f6fe0",
+  "severity": "low",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0006",
+        "name": "Credential Access",
+        "reference": "https://attack.mitre.org/tactics/TA0006/"
+      },
+      "technique": [
+        {
+          "id": "T1098",
+          "name": "Account Manipulation",
+          "reference": "https://attack.mitre.org/techniques/T1098/"
+        }
+      ]
+    },
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0003",
+        "name": "Persistence",
+        "reference": "https://attack.mitre.org/tactics/TA0003/"
+      },
+      "technique": [
+        {
+          "id": "T1098",
+          "name": "Account Manipulation",
+          "reference": "https://attack.mitre.org/techniques/T1098/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_secretsmanager_getsecretvalue.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_secretsmanager_getsecretvalue.json
new file mode 100644
index 00000000000000..740805f71a3cde
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_secretsmanager_getsecretvalue.json
@@ -0,0 +1,49 @@
+{
+  "author": [
+    "Nick Jones",
+    "Elastic"
+  ],
+  "description": "An adversary may attempt to access the secrets in secrets manager to steal certificates, credentials, or other sensitive material",
+  "false_positives": [
+    "Verify whether the user identity, user agent, and/or hostname should be using GetSecretString API for the specified SecretId. If known behavior is causing false positives, it can be exempted from the rule."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS Access Secret in Secrets Manager",
+  "query": "event.dataset:aws.cloudtrail and event.provider:secretsmanager.amazonaws.com and event.action:GetSecretValue",
+  "references": [
+    "https://docs.aws.amazon.com/secretsmanager/latest/apireference/API_GetSecretValue.html",
+    "http://detectioninthe.cloud/credential_access/access_secret_in_secrets_manager/"
+  ],
+  "risk_score": 21,
+  "rule_id": "a00681e3-9ed6-447c-ab2c-be648821c622",
+  "severity": "low",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0006",
+        "name": "Credential Access",
+        "reference": "https://attack.mitre.org/tactics/TA0006/"
+      },
+      "technique": [
+        {
+          "id": "T1528",
+          "name": "Steal Application Access Token",
+          "reference": "https://attack.mitre.org/techniques/T1528/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_tcpdump_activity.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_tcpdump_activity.json
similarity index 89%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_tcpdump_activity.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_tcpdump_activity.json
index b372645cc492ac..9abbe3de148ddb 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_tcpdump_activity.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/credential_access_tcpdump_activity.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "The Tcpdump program ran on a Linux host. Tcpdump is a network monitoring or packet sniffing tool that can be used to capture insecure credentials or data in motion. Sniffing can also be used to discover details of network services as a prelude to lateral movement or defense evasion.",
   "false_positives": [
     "Some normal use of this command may originate from server or network administrators engaged in network troubleshooting."
@@ -7,8 +10,9 @@
     "auditbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Network Sniffing via Tcpdump",
-  "query": "process.name:tcpdump and event.action:executed",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:tcpdump",
   "risk_score": 21,
   "rule_id": "7a137d76-ce3d-48e2-947d-2747796a78c0",
   "severity": "low",
@@ -49,5 +53,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_adding_the_hidden_file_attribute_with_via_attribexe.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_adding_the_hidden_file_attribute_with_via_attribexe.json
similarity index 85%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_adding_the_hidden_file_attribute_with_via_attribexe.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_adding_the_hidden_file_attribute_with_via_attribexe.json
index b61a6236db5651..861821d24b73ce 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_adding_the_hidden_file_attribute_with_via_attribexe.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_adding_the_hidden_file_attribute_with_via_attribexe.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Adversaries can add the 'hidden' attribute to files to hide them from the user in an attempt to evade detection.",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Adding Hidden File Attribute via Attrib",
-  "query": "event.action:\"Process Create (rule: ProcessCreate)\" and process.name:attrib.exe and process.args:+h",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:attrib.exe and process.args:+h",
   "risk_score": 21,
   "rule_id": "4630d948-40d4-4cef-ac69-4002e29bc3db",
   "severity": "low",
@@ -46,5 +50,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_attempt_to_disable_iptables_or_firewall.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_attempt_to_disable_iptables_or_firewall.json
similarity index 65%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_attempt_to_disable_iptables_or_firewall.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_attempt_to_disable_iptables_or_firewall.json
index 77d0ddc22ff405..431d133845f0e7 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_attempt_to_disable_iptables_or_firewall.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_attempt_to_disable_iptables_or_firewall.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Adversaries may attempt to disable the iptables or firewall service in an attempt to affect how a host is allowed to receive or send network traffic.",
   "index": [
     "auditbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Attempt to Disable IPTables or Firewall",
-  "query": "event.action:(executed or process_started) and (process.name:service and process.args:stop or process.name:chkconfig and process.args:off) and process.args:(ip6tables or iptables) or process.name:systemctl and process.args:(firewalld and (disable or stop or kill))",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:ufw and process.args:(allow or disable or reset) or  (((process.name:service and process.args:stop) or (process.name:chkconfig and process.args:off) or (process.name:systemctl and process.args:(disable or stop or kill))) and process.args:(firewalld or ip6tables or iptables))",
   "risk_score": 47,
   "rule_id": "125417b8-d3df-479f-8418-12d7e034fee3",
   "severity": "medium",
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_attempt_to_disable_syslog_service.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_attempt_to_disable_syslog_service.json
similarity index 68%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_attempt_to_disable_syslog_service.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_attempt_to_disable_syslog_service.json
index d4584035d53b4d..13dd405c793265 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_attempt_to_disable_syslog_service.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_attempt_to_disable_syslog_service.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Adversaries may attempt to disable the syslog service in an attempt to an attempt to disrupt event logging and evade detection by security controls.",
   "index": [
     "auditbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Attempt to Disable Syslog Service",
-  "query": "event.action:(executed or process_started) and ((process.name:service and process.args:stop) or (process.name:chkconfig and process.args:off) or (process.name:systemctl and process.args:(disable or stop or kill))) and process.args:(syslog or rsyslog or \"syslog-ng\")",
+  "query": "event.category:process and event.type:(start or process_started) and ((process.name:service and process.args:stop) or (process.name:chkconfig and process.args:off) or (process.name:systemctl and process.args:(disable or stop or kill))) and process.args:(syslog or rsyslog or \"syslog-ng\")",
   "risk_score": 47,
   "rule_id": "2f8a1226-5720-437d-9c20-e0029deb6194",
   "severity": "medium",
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_base16_or_base32_encoding_or_decoding_activity.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_base16_or_base32_encoding_or_decoding_activity.json
similarity index 86%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_base16_or_base32_encoding_or_decoding_activity.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_base16_or_base32_encoding_or_decoding_activity.json
index 9518138ad6799f..67fb0b2e6755ac 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_base16_or_base32_encoding_or_decoding_activity.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_base16_or_base32_encoding_or_decoding_activity.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Adversaries may encode/decode data in an attempt to evade detection by host- or network-based security controls.",
   "false_positives": [
     "Automated tools such as Jenkins may encode or decode files as part of their normal behavior. These events can be filtered by the process executable or username values."
@@ -7,8 +10,9 @@
     "auditbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Base16 or Base32 Encoding/Decoding Activity",
-  "query": "event.action:(executed or process_started) and process.name:(base16 or base32 or base32plain or base32hex)",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:(base16 or base32 or base32plain or base32hex)",
   "risk_score": 21,
   "rule_id": "debff20a-46bc-4a4d-bae5-5cdd14222795",
   "severity": "low",
@@ -49,5 +53,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_base64_encoding_or_decoding_activity.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_base64_encoding_or_decoding_activity.json
similarity index 85%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_base64_encoding_or_decoding_activity.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_base64_encoding_or_decoding_activity.json
index 37f3e3eaccd903..f60dede360b4b7 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_base64_encoding_or_decoding_activity.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_base64_encoding_or_decoding_activity.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Adversaries may encode/decode data in an attempt to evade detection by host- or network-based security controls.",
   "false_positives": [
     "Automated tools such as Jenkins may encode or decode files as part of their normal behavior. These events can be filtered by the process executable or username values."
@@ -7,8 +10,9 @@
     "auditbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Base64 Encoding/Decoding Activity",
-  "query": "event.action:(executed or process_started) and process.name:(base64 or base64plain or base64url or base64mime or base64pem)",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:(base64 or base64plain or base64url or base64mime or base64pem)",
   "risk_score": 21,
   "rule_id": "97f22dab-84e8-409d-955e-dacd1d31670b",
   "severity": "low",
@@ -49,5 +53,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_clearing_windows_event_logs.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_clearing_windows_event_logs.json
similarity index 75%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_clearing_windows_event_logs.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_clearing_windows_event_logs.json
index d5e60ce3c10d98..7c6ede8df73466 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_clearing_windows_event_logs.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_clearing_windows_event_logs.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies attempts to clear Windows event log stores. This is often done by attackers in an attempt to evade detection or destroy forensic evidence on a system.",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Clearing Windows Event Logs",
-  "query": "event.action:\"Process Create (rule: ProcessCreate)\" and process.name:wevtutil.exe and process.args:cl or process.name:powershell.exe and process.args:Clear-EventLog",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:wevtutil.exe and process.args:cl or process.name:powershell.exe and process.args:Clear-EventLog",
   "risk_score": 21,
   "rule_id": "d331bbe2-6db4-4941-80a5-8270db72eb61",
   "severity": "low",
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_cloudtrail_logging_deleted.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_cloudtrail_logging_deleted.json
new file mode 100644
index 00000000000000..2a74b8fecd809b
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_cloudtrail_logging_deleted.json
@@ -0,0 +1,48 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies the deletion of an AWS log trail. An adversary may delete trails in an attempt to evade defenses.",
+  "false_positives": [
+    "Trail deletions may be made by a system or network administrator. Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. Trail deletions from unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS CloudTrail Log Deleted",
+  "query": "event.action:DeleteTrail and event.dataset:aws.cloudtrail and event.provider:cloudtrail.amazonaws.com and event.outcome:success",
+  "references": [
+    "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_DeleteTrail.html",
+    "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudtrail/delete-trail.html"
+  ],
+  "risk_score": 47,
+  "rule_id": "7024e2a0-315d-4334-bb1a-441c593e16ab",
+  "severity": "medium",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0005",
+        "name": "Defense Evasion",
+        "reference": "https://attack.mitre.org/tactics/TA0005/"
+      },
+      "technique": [
+        {
+          "id": "T1089",
+          "name": "Disabling Security Tools",
+          "reference": "https://attack.mitre.org/techniques/T1089/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_cloudtrail_logging_suspended.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_cloudtrail_logging_suspended.json
new file mode 100644
index 00000000000000..5d6c1a93bab1df
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_cloudtrail_logging_suspended.json
@@ -0,0 +1,48 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies suspending the recording of AWS API calls and log file delivery for the specified trail. An adversary may suspend trails in an attempt to evade defenses.",
+  "false_positives": [
+    "Suspending the recording of a trail may be done by a system or network administrator. Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. Trail suspensions from unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS CloudTrail Log Suspended",
+  "query": "event.action:StopLogging and event.dataset:aws.cloudtrail and event.provider:cloudtrail.amazonaws.com and event.outcome:success",
+  "references": [
+    "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_StopLogging.html",
+    "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudtrail/stop-logging.html"
+  ],
+  "risk_score": 47,
+  "rule_id": "1aa8fa52-44a7-4dae-b058-f3333b91c8d7",
+  "severity": "medium",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0005",
+        "name": "Defense Evasion",
+        "reference": "https://attack.mitre.org/tactics/TA0005/"
+      },
+      "technique": [
+        {
+          "id": "T1089",
+          "name": "Disabling Security Tools",
+          "reference": "https://attack.mitre.org/techniques/T1089/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_cloudwatch_alarm_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_cloudwatch_alarm_deletion.json
new file mode 100644
index 00000000000000..9ac45ba8728099
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_cloudwatch_alarm_deletion.json
@@ -0,0 +1,48 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies the deletion of an AWS CloudWatch alarm. An adversary may delete alarms in an attempt to evade defenses.",
+  "false_positives": [
+    "Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. Alarm deletions from unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS CloudWatch Alarm Deletion",
+  "query": "event.action:DeleteAlarms and event.dataset:aws.cloudtrail and event.provider:monitoring.amazonaws.com and event.outcome:success",
+  "references": [
+    "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudwatch/delete-alarms.html",
+    "https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_DeleteAlarms.html"
+  ],
+  "risk_score": 47,
+  "rule_id": "f772ec8a-e182-483c-91d2-72058f76a44c",
+  "severity": "medium",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0005",
+        "name": "Defense Evasion",
+        "reference": "https://attack.mitre.org/tactics/TA0005/"
+      },
+      "technique": [
+        {
+          "id": "T1089",
+          "name": "Disabling Security Tools",
+          "reference": "https://attack.mitre.org/techniques/T1089/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_config_service_rule_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_config_service_rule_deletion.json
new file mode 100644
index 00000000000000..9ef37bd4e44e12
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_config_service_rule_deletion.json
@@ -0,0 +1,48 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies attempts to delete an AWS Config Service rule. An adversary may tamper with Config rules in order to reduce visibiltiy into the security posture of an account and / or its workload instances.",
+  "false_positives": [
+    "Privileged IAM users with security responsibilities may be expected to make changes to the Config rules in order to align with local security policies and requirements. Automation, orchestration, and security tools may also make changes to the Config service, where they are used to automate setup or configuration of AWS accounts. Other kinds of user or service contexts do not commonly make changes to this service."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS Config Service Tampering",
+  "query": "event.dataset: aws.cloudtrail and event.action: DeleteConfigRule and event.provider: config.amazonaws.com",
+  "references": [
+    "https://docs.aws.amazon.com/config/latest/developerguide/how-does-config-work.html",
+    "https://docs.aws.amazon.com/config/latest/APIReference/API_Operations.html"
+  ],
+  "risk_score": 47,
+  "rule_id": "7024e2a0-315d-4334-bb1a-552d604f27bc",
+  "severity": "medium",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0005",
+        "name": "Defense Evasion",
+        "reference": "https://attack.mitre.org/tactics/TA0005/"
+      },
+      "technique": [
+        {
+          "id": "T1089",
+          "name": "Disabling Security Tools",
+          "reference": "https://attack.mitre.org/techniques/T1089/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_configuration_recorder_stopped.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_configuration_recorder_stopped.json
new file mode 100644
index 00000000000000..0aed7aa5ad0ca1
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_configuration_recorder_stopped.json
@@ -0,0 +1,48 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies an AWS configuration change to stop recording a designated set of resources.",
+  "false_positives": [
+    "Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. Recording changes from unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS Configuration Recorder Stopped",
+  "query": "event.action:StopConfigurationRecorder and event.dataset:aws.cloudtrail and event.provider:config.amazonaws.com and event.outcome:success",
+  "references": [
+    "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/configservice/stop-configuration-recorder.html",
+    "https://docs.aws.amazon.com/config/latest/APIReference/API_StopConfigurationRecorder.html"
+  ],
+  "risk_score": 73,
+  "rule_id": "fbd44836-0d69-4004-a0b4-03c20370c435",
+  "severity": "high",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0005",
+        "name": "Defense Evasion",
+        "reference": "https://attack.mitre.org/tactics/TA0005/"
+      },
+      "technique": [
+        {
+          "id": "T1089",
+          "name": "Disabling Security Tools",
+          "reference": "https://attack.mitre.org/techniques/T1089/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_cve_2020_0601.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_cve_2020_0601.json
similarity index 93%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_cve_2020_0601.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_cve_2020_0601.json
index b42427a912cbb2..2abad3c255f154 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_cve_2020_0601.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_cve_2020_0601.json
@@ -1,9 +1,13 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source.",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601 - CurveBall)",
   "query": "event.provider:\"Microsoft-Windows-Audit-CVE\" and message:\"[CVE-2020-0601]\"",
   "risk_score": 21,
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_delete_volume_usn_journal_with_fsutil.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_delete_volume_usn_journal_with_fsutil.json
similarity index 79%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_delete_volume_usn_journal_with_fsutil.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_delete_volume_usn_journal_with_fsutil.json
index 6f65a871fce77b..ba9f43651e32fe 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_delete_volume_usn_journal_with_fsutil.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_delete_volume_usn_journal_with_fsutil.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies use of the fsutil.exe to delete the volume USNJRNL. This technique is used by attackers to eliminate evidence of files created during post-exploitation activities.",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Delete Volume USN Journal with Fsutil",
-  "query": "event.action:\"Process Create (rule: ProcessCreate)\" and process.name:fsutil.exe and process.args:(deletejournal and usn)",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:fsutil.exe and process.args:(deletejournal and usn)",
   "risk_score": 21,
   "rule_id": "f675872f-6d85-40a3-b502-c0d2ef101e92",
   "severity": "low",
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_deleting_backup_catalogs_with_wbadmin.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_deleting_backup_catalogs_with_wbadmin.json
similarity index 78%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_deleting_backup_catalogs_with_wbadmin.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_deleting_backup_catalogs_with_wbadmin.json
index 97029cebd665a0..79c2d4c25b7d59 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_deleting_backup_catalogs_with_wbadmin.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_deleting_backup_catalogs_with_wbadmin.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies use of the wbadmin.exe to delete the backup catalog. Ransomware and other malware may do this to prevent system recovery.",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Deleting Backup Catalogs with Wbadmin",
-  "query": "event.action:\"Process Create (rule: ProcessCreate)\" and process.name:wbadmin.exe and process.args:(catalog and delete)",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:wbadmin.exe and process.args:(catalog and delete)",
   "risk_score": 21,
   "rule_id": "581add16-df76-42bb-af8e-c979bfb39a59",
   "severity": "low",
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_deletion_of_bash_command_line_history.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_deletion_of_bash_command_line_history.json
new file mode 100644
index 00000000000000..b9727e18dddcfc
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_deletion_of_bash_command_line_history.json
@@ -0,0 +1,39 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Adversaries may attempt to clear the bash command line history in an attempt to evade detection or forensic investigations.",
+  "index": [
+    "auditbeat-*"
+  ],
+  "language": "lucene",
+  "license": "Elastic License",
+  "name": "Deletion of Bash Command Line History",
+  "query": "event.category:process AND event.type:(start or process_started) AND process.name:rm AND process.args:/\\/(home\\/.{1,255}|root)\\/\\.bash_history/",
+  "risk_score": 47,
+  "rule_id": "7bcbb3ac-e533-41ad-a612-d6c3bf666aba",
+  "severity": "medium",
+  "tags": [
+    "Elastic",
+    "Linux"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0005",
+        "name": "Defense Evasion",
+        "reference": "https://attack.mitre.org/tactics/TA0005/"
+      },
+      "technique": [
+        {
+          "id": "T1146",
+          "name": "Clear Command History",
+          "reference": "https://attack.mitre.org/techniques/T1146/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_disable_selinux_attempt.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_disable_selinux_attempt.json
similarity index 82%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_disable_selinux_attempt.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_disable_selinux_attempt.json
index d33331cd4f8d4c..e8f5f1a8de1c59 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_disable_selinux_attempt.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_disable_selinux_attempt.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies potential attempts to disable Security-Enhanced Linux (SELinux), which is a Linux kernel security feature to support access control policies. Adversaries may disable security tools to avoid possible detection of their tools and activities.",
   "index": [
     "auditbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Potential Disabling of SELinux",
-  "query": "event.action:executed and process.name:setenforce and process.args:0",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:setenforce and process.args:0",
   "risk_score": 47,
   "rule_id": "eb9eb8ba-a983-41d9-9c93-a1c05112ca5e",
   "severity": "medium",
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_disable_windows_firewall_rules_with_netsh.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_disable_windows_firewall_rules_with_netsh.json
similarity index 76%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_disable_windows_firewall_rules_with_netsh.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_disable_windows_firewall_rules_with_netsh.json
index 03af66f2cffb23..2b45f059ec8d90 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_disable_windows_firewall_rules_with_netsh.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_disable_windows_firewall_rules_with_netsh.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies use of the netsh.exe to disable or weaken the local firewall. Attackers will use this command line tool to disable the firewall during troubleshooting or to enable network mobility.",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Disable Windows Firewall Rules via Netsh",
-  "query": "event.action:\"Process Create (rule: ProcessCreate)\" and process.name:netsh.exe and process.args:(disable and firewall and set) or process.args:(advfirewall and off and state)",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:netsh.exe and process.args:(disable and firewall and set) or process.args:(advfirewall and off and state)",
   "risk_score": 47,
   "rule_id": "4b438734-3793-4fda-bd42-ceeada0be8f9",
   "severity": "medium",
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_ec2_flow_log_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_ec2_flow_log_deletion.json
new file mode 100644
index 00000000000000..b1f6c42f6f61a2
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_ec2_flow_log_deletion.json
@@ -0,0 +1,48 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies the deletion of one or more flow logs in AWS Elastic Compute Cloud (EC2). An adversary may delete flow logs in an attempt to evade defenses.",
+  "false_positives": [
+    "Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. Flow log deletions from unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS EC2 Flow Log Deletion",
+  "query": "event.action:DeleteFlowLogs and event.dataset:aws.cloudtrail and event.provider:ec2.amazonaws.com and event.outcome:success",
+  "references": [
+    "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/delete-flow-logs.html",
+    "https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteFlowLogs.html"
+  ],
+  "risk_score": 73,
+  "rule_id": "9395fd2c-9947-4472-86ef-4aceb2f7e872",
+  "severity": "high",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0005",
+        "name": "Defense Evasion",
+        "reference": "https://attack.mitre.org/tactics/TA0005/"
+      },
+      "technique": [
+        {
+          "id": "T1089",
+          "name": "Disabling Security Tools",
+          "reference": "https://attack.mitre.org/techniques/T1089/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_ec2_network_acl_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_ec2_network_acl_deletion.json
new file mode 100644
index 00000000000000..7dc4e33afcd36b
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_ec2_network_acl_deletion.json
@@ -0,0 +1,50 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies the deletion of an Amazon Elastic Compute Cloud (EC2) network access control list (ACL) or one of its ingress/egress entries.",
+  "false_positives": [
+    "Network ACL's may be deleted by a network administrator. Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. Network ACL deletions from unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS EC2 Network Access Control List Deletion",
+  "query": "event.action:(DeleteNetworkAcl or DeleteNetworkAclEntry) and event.dataset:aws.cloudtrail and event.provider:ec2.amazonaws.com and event.outcome:success",
+  "references": [
+    "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/delete-network-acl.html",
+    "https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteNetworkAcl.html",
+    "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/delete-network-acl-entry.html",
+    "https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DeleteNetworkAclEntry.html"
+  ],
+  "risk_score": 47,
+  "rule_id": "8623535c-1e17-44e1-aa97-7a0699c3037d",
+  "severity": "medium",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0005",
+        "name": "Defense Evasion",
+        "reference": "https://attack.mitre.org/tactics/TA0005/"
+      },
+      "technique": [
+        {
+          "id": "T1089",
+          "name": "Disabling Security Tools",
+          "reference": "https://attack.mitre.org/techniques/T1089/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_encoding_or_decoding_files_via_certutil.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_encoding_or_decoding_files_via_certutil.json
similarity index 79%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_encoding_or_decoding_files_via_certutil.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_encoding_or_decoding_files_via_certutil.json
index aaca5242e717b8..056de9e5c003e4 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_encoding_or_decoding_files_via_certutil.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_encoding_or_decoding_files_via_certutil.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies the use of certutil.exe to encode or decode data. CertUtil is a native Windows component which is part of Certificate Services. CertUtil is often abused by attackers to encode or decode base64 data for stealthier command and control or exfiltration.",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Encoding or Decoding Files via CertUtil",
-  "query": "event.action:\"Process Create (rule: ProcessCreate)\" and process.name:certutil.exe and process.args:(-decode or -encode or /decode or /encode)",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:certutil.exe and process.args:(-decode or -encode or /decode or /encode)",
   "risk_score": 47,
   "rule_id": "fd70c98a-c410-42dc-a2e3-761c71848acf",
   "severity": "medium",
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_msbuild_started_by_office_app.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_execution_msbuild_started_by_office_app.json
similarity index 83%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_msbuild_started_by_office_app.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_execution_msbuild_started_by_office_app.json
index 78f34c15bbd314..814caee4e888a5 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_msbuild_started_by_office_app.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_execution_msbuild_started_by_office_app.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "An instance of MSBuild, the Microsoft Build Engine, was started by Excel or Word. This is unusual behavior for the Build Engine and could have been caused by an Excel or Word document executing a malicious script payload.",
   "false_positives": [
     "The Build Engine is commonly used by Windows developers but use by non-engineers is unusual. It is quite unusual for this program to be started by an Office application like Word or Excel."
@@ -7,8 +10,9 @@
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Microsoft Build Engine Started by an Office Application",
-  "query": "process.name:MSBuild.exe and process.parent.name:(eqnedt32.exe or excel.exe or fltldr.exe or msaccess.exe or mspub.exe or outlook.exe or powerpnt.exe or winword.exe) and event.action: \"Process Create (rule: ProcessCreate)\"",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:MSBuild.exe and process.parent.name:(eqnedt32.exe or excel.exe or fltldr.exe or msaccess.exe or mspub.exe or outlook.exe or powerpnt.exe or winword.exe)",
   "references": [
     "https://blog.talosintelligence.com/2020/02/building-bypass-with-msbuild.html"
   ],
@@ -52,5 +56,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_msbuild_started_by_script.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_execution_msbuild_started_by_script.json
similarity index 84%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_msbuild_started_by_script.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_execution_msbuild_started_by_script.json
index 3952a4680a5233..6426f8722df3d1 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_msbuild_started_by_script.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_execution_msbuild_started_by_script.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "An instance of MSBuild, the Microsoft Build Engine, was started by a script or the Windows command interpreter. This behavior is unusual and is sometimes used by malicious payloads.",
   "false_positives": [
     "The Build Engine is commonly used by Windows developers but use by non-engineers is unusual."
@@ -7,8 +10,9 @@
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Microsoft Build Engine Started by a Script Process",
-  "query": "process.name:MSBuild.exe and process.parent.name:(cmd.exe or powershell.exe or cscript.exe or wscript.exe) and event.action:\"Process Create (rule: ProcessCreate)\"",
+  "query": "event.category:process and event.type: start and process.name:MSBuild.exe and process.parent.name:(cmd.exe or powershell.exe or cscript.exe or wscript.exe)",
   "risk_score": 21,
   "rule_id": "9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae2",
   "severity": "low",
@@ -49,5 +53,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_msbuild_started_by_system_process.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_execution_msbuild_started_by_system_process.json
similarity index 85%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_msbuild_started_by_system_process.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_execution_msbuild_started_by_system_process.json
index a2e29c3900144e..b27dfced0f4f6a 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_msbuild_started_by_system_process.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_execution_msbuild_started_by_system_process.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "An instance of MSBuild, the Microsoft Build Engine, was started by Explorer or the WMI (Windows Management Instrumentation) subsystem. This behavior is unusual and is sometimes used by malicious payloads.",
   "false_positives": [
     "The Build Engine is commonly used by Windows developers but use by non-engineers is unusual."
@@ -7,8 +10,9 @@
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Microsoft Build Engine Started by a System Process",
-  "query": "process.name:MSBuild.exe and process.parent.name:(explorer.exe or wmiprvse.exe) and event.action:\"Process Create (rule: ProcessCreate)\"",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:MSBuild.exe and process.parent.name:(explorer.exe or wmiprvse.exe)",
   "risk_score": 47,
   "rule_id": "9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae3",
   "severity": "medium",
@@ -49,5 +53,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_msbuild_started_renamed.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_execution_msbuild_started_renamed.json
similarity index 77%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_msbuild_started_renamed.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_execution_msbuild_started_renamed.json
index 1e63b259a86ec7..d7da758e57c6db 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_msbuild_started_renamed.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_execution_msbuild_started_renamed.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "An instance of MSBuild, the Microsoft Build Engine, was started after being renamed. This is uncommon behavior and may indicate an attempt to run unnoticed or undetected.",
   "false_positives": [
     "The Build Engine is commonly used by Windows developers but use by non-engineers is unusual."
@@ -7,8 +10,9 @@
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Microsoft Build Engine Using an Alternate Name",
-  "query": "(pe.original_file_name:MSBuild.exe or winlog.event_data.OriginalFileName: MSBuild.exe) and not process.name: MSBuild.exe and event.action: \"Process Create (rule: ProcessCreate)\"",
+  "query": "event.category:process and event.type:(start or process_started) and (pe.original_file_name:MSBuild.exe or winlog.event_data.OriginalFileName:MSBuild.exe) and not process.name: MSBuild.exe",
   "risk_score": 21,
   "rule_id": "9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae4",
   "severity": "low",
@@ -34,5 +38,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_msbuild_started_unusal_process.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_execution_msbuild_started_unusal_process.json
similarity index 82%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_msbuild_started_unusal_process.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_execution_msbuild_started_unusal_process.json
index 117d5982421a45..30d482e9b95696 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_msbuild_started_unusal_process.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_execution_msbuild_started_unusal_process.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "An instance of MSBuild, the Microsoft Build Engine, started a PowerShell script or the Visual C# Command Line Compiler. This technique is sometimes used to deploy a malicious payload using the Build Engine.",
   "false_positives": [
     "The Build Engine is commonly used by Windows developers but use by non-engineers is unusual. If a build system triggers this rule it can be exempted by process, user or host name."
@@ -7,8 +10,9 @@
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Microsoft Build Engine Started an Unusual Process",
-  "query": "process.parent.name:MSBuild.exe and process.name:(csc.exe or iexplore.exe or powershell.exe)",
+  "query": "event.category:process and event.type:(start or process_started) and process.parent.name:MSBuild.exe and process.name:(csc.exe or iexplore.exe or powershell.exe)",
   "references": [
     "https://blog.talosintelligence.com/2020/02/building-bypass-with-msbuild.html"
   ],
@@ -37,5 +41,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_via_trusted_developer_utilities.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_execution_via_trusted_developer_utilities.json
similarity index 94%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_via_trusted_developer_utilities.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_execution_via_trusted_developer_utilities.json
index 202bfc6b46afca..480169e5ed991b 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_via_trusted_developer_utilities.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_execution_via_trusted_developer_utilities.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies possibly suspicious activity using trusted Windows developer activity.",
   "false_positives": [
     "These programs may be used by Windows developers but use by non-engineers is unusual."
@@ -7,6 +10,7 @@
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Trusted Developer Application Usage",
   "query": "event.code:1 and process.name:(MSBuild.exe or msxsl.exe)",
   "risk_score": 21,
@@ -49,5 +53,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_file_deletion_via_shred.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_file_deletion_via_shred.json
similarity index 79%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_file_deletion_via_shred.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_file_deletion_via_shred.json
index 4fd72a212f0ba2..4aad56abd0534c 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_file_deletion_via_shred.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_file_deletion_via_shred.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Malware or other files dropped or created on a system by an adversary may leave traces behind as to what was done within a network and how. Adversaries may remove these files over the course of an intrusion to keep their footprint low or remove them at the end as part of the post-intrusion cleanup process.",
   "index": [
     "auditbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "File Deletion via Shred",
-  "query": "event.action:(executed or process_started) and process.name:shred and process.args:(\"-u\" or \"--remove\" or \"-z\" or \"--zero\")",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:shred and process.args:(\"-u\" or \"--remove\" or \"-z\" or \"--zero\")",
   "risk_score": 21,
   "rule_id": "a1329140-8de3-4445-9f87-908fb6d824f4",
   "severity": "low",
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_file_mod_writable_dir.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_file_mod_writable_dir.json
similarity index 78%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_file_mod_writable_dir.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_file_mod_writable_dir.json
index 66c5848b17707d..c630ad1eecec09 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_file_mod_writable_dir.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_file_mod_writable_dir.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies file permission modifications in common writable directories by a non-root user. Adversaries often drop files or payloads into a writable directory and change permissions prior to execution.",
   "false_positives": [
     "Certain programs or applications may modify files or change ownership in writable directories. These can be exempted by username."
@@ -7,8 +10,9 @@
     "auditbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "File Permission Modification in Writable Directory",
-  "query": "event.action:executed and process.name:(chmod or chown or chattr or chgrp) and process.working_directory:(/tmp or /var/tmp or /dev/shm) and not user.name:root",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:(chmod or chown or chattr or chgrp) and process.working_directory:(/tmp or /var/tmp or /dev/shm) and not user.name:root",
   "risk_score": 21,
   "rule_id": "9f9a2a82-93a8-4b1a-8778-1780895626d4",
   "severity": "low",
@@ -34,5 +38,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_guardduty_detector_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_guardduty_detector_deletion.json
new file mode 100644
index 00000000000000..c456396c85cd87
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_guardduty_detector_deletion.json
@@ -0,0 +1,48 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies the deletion of an Amazon GuardDuty detector. Upon deletion, GuardDuty stops monitoring the environment and all existing findings are lost.",
+  "false_positives": [
+    "The GuardDuty detector may be deleted by a system or network administrator. Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. Detector deletions from unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS GuardDuty Detector Deletion",
+  "query": "event.action:DeleteDetector and event.dataset:aws.cloudtrail and event.provider:guardduty.amazonaws.com and event.outcome:success",
+  "references": [
+    "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/guardduty/delete-detector.html",
+    "https://docs.aws.amazon.com/guardduty/latest/APIReference/API_DeleteDetector.html"
+  ],
+  "risk_score": 73,
+  "rule_id": "523116c0-d89d-4d7c-82c2-39e6845a78ef",
+  "severity": "high",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0005",
+        "name": "Defense Evasion",
+        "reference": "https://attack.mitre.org/tactics/TA0005/"
+      },
+      "technique": [
+        {
+          "id": "T1089",
+          "name": "Disabling Security Tools",
+          "reference": "https://attack.mitre.org/techniques/T1089/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_hex_encoding_or_decoding_activity.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_hex_encoding_or_decoding_activity.json
similarity index 87%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_hex_encoding_or_decoding_activity.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_hex_encoding_or_decoding_activity.json
index a67d310d2ad816..3c1ea7ee229c99 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_hex_encoding_or_decoding_activity.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_hex_encoding_or_decoding_activity.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Adversaries may encode/decode data in an attempt to evade detection by host- or network-based security controls.",
   "false_positives": [
     "Automated tools such as Jenkins may encode or decode files as part of their normal behavior. These events can be filtered by the process executable or username values."
@@ -7,8 +10,9 @@
     "auditbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Hex Encoding/Decoding Activity",
-  "query": "event.action:(executed or process_started) and process.name:(hex or xxd)",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:(hexdump or od or xxd)",
   "risk_score": 21,
   "rule_id": "a9198571-b135-4a76-b055-e3e5a476fd83",
   "severity": "low",
@@ -49,5 +53,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_hidden_file_dir_tmp.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_hidden_file_dir_tmp.json
new file mode 100644
index 00000000000000..7202d9be3b8c38
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_hidden_file_dir_tmp.json
@@ -0,0 +1,58 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Users can mark specific files as hidden simply by putting a \".\" as the first character in the file or folder name. Adversaries can use this to their advantage to hide files and folders on the system for persistence and defense evasion. This rule looks for hidden files or folders in common writable directories.",
+  "false_positives": [
+    "Certain tools may create hidden temporary files or directories upon installation or as part of their normal behavior. These events can be filtered by the process arguments, username, or process name values."
+  ],
+  "index": [
+    "auditbeat-*"
+  ],
+  "language": "lucene",
+  "license": "Elastic License",
+  "max_signals": 33,
+  "name": "Creation of Hidden Files and Directories",
+  "query": "event.category:process AND event.type:(start or process_started) AND process.working_directory:(\"/tmp\" or \"/var/tmp\" or \"/dev/shm\") AND process.args:/\\.[a-zA-Z0-9_\\-][a-zA-Z0-9_\\-\\.]{1,254}/ AND NOT process.name:(ls or find)",
+  "risk_score": 47,
+  "rule_id": "b9666521-4742-49ce-9ddc-b8e84c35acae",
+  "severity": "medium",
+  "tags": [
+    "Elastic",
+    "Linux"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0005",
+        "name": "Defense Evasion",
+        "reference": "https://attack.mitre.org/tactics/TA0005/"
+      },
+      "technique": [
+        {
+          "id": "T1158",
+          "name": "Hidden Files and Directories",
+          "reference": "https://attack.mitre.org/techniques/T1158/"
+        }
+      ]
+    },
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0003",
+        "name": "Persistence",
+        "reference": "https://attack.mitre.org/tactics/TA0003/"
+      },
+      "technique": [
+        {
+          "id": "T1158",
+          "name": "Hidden Files and Directories",
+          "reference": "https://attack.mitre.org/techniques/T1158/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_injection_msbuild.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_injection_msbuild.json
similarity index 94%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_injection_msbuild.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_injection_msbuild.json
index 32a8f50c4b9110..9abce01769e921 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_injection_msbuild.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_injection_msbuild.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "An instance of MSBuild, the Microsoft Build Engine, created a thread in another process. This technique is sometimes used to evade detection or elevate privileges.",
   "false_positives": [
     "The Build Engine is commonly used by Windows developers but use by non-engineers is unusual."
@@ -7,6 +10,7 @@
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Process Injection by the Microsoft Build Engine",
   "query": "process.name:MSBuild.exe and event.action:\"CreateRemoteThread detected (rule: CreateRemoteThread)\"",
   "risk_score": 21,
@@ -49,5 +53,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_kernel_module_removal.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_kernel_module_removal.json
similarity index 86%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_kernel_module_removal.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_kernel_module_removal.json
index bb88a2acad53de..f055ee44efb395 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_kernel_module_removal.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_kernel_module_removal.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Kernel modules are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This rule identifies attempts to remove a kernel module.",
   "false_positives": [
     "There is usually no reason to remove modules, but some buggy modules require it. These can be exempted by username. Note that some Linux distributions are not built to support the removal of modules at all."
@@ -7,8 +10,9 @@
     "auditbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Kernel Module Removal",
-  "query": "event.action:executed and process.args:(rmmod and sudo or modprobe and sudo and (\"--remove\" or \"-r\"))",
+  "query": "event.category:process and event.type:(start or process_started) and process.args:((rmmod and sudo) or (modprobe and sudo and (\"--remove\" or \"-r\")))",
   "references": [
     "http://man7.org/linux/man-pages/man8/modprobe.8.html"
   ],
@@ -52,5 +56,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_misc_lolbin_connecting_to_the_internet.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_misc_lolbin_connecting_to_the_internet.json
similarity index 80%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_misc_lolbin_connecting_to_the_internet.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_misc_lolbin_connecting_to_the_internet.json
index 361a3e99b4dbd0..afa1467b15074b 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_misc_lolbin_connecting_to_the_internet.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_misc_lolbin_connecting_to_the_internet.json
@@ -1,11 +1,15 @@
 {
-  "description": "Binaries signed with trusted digital certificates can execute on Windows systems protected by digital signature validation. Adversaries may use these binaries to 'live off the land' and execute malicious files that could bypass application whitelisting and signature validation.",
+  "author": [
+    "Elastic"
+  ],
+  "description": "Binaries signed with trusted digital certificates can execute on Windows systems protected by digital signature validation. Adversaries may use these binaries to 'live off the land' and execute malicious files that could bypass application allowlists and signature validation.",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Network Connection via Signed Binary",
-  "query": "process.name:(expand.exe or extrac.exe or ieexec.exe or makecab.exe) and event.action:\"Network connection detected (rule: NetworkConnect)\" and not destination.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16)",
+  "query": "event.category:network and event.type:connection and process.name:(expand.exe or extrac.exe or ieexec.exe or makecab.exe) and not destination.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16)",
   "risk_score": 21,
   "rule_id": "63e65ec3-43b1-45b0-8f2d-45b34291dc44",
   "severity": "low",
@@ -46,5 +50,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_modification_of_boot_config.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_modification_of_boot_config.json
similarity index 74%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_modification_of_boot_config.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_modification_of_boot_config.json
index 66195acafa5cb6..801b60a2572e23 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_modification_of_boot_config.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_modification_of_boot_config.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies use of bcdedit.exe to delete boot configuration data. This tactic is sometimes used as by malware or an attacker as a destructive technique.",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Modification of Boot Configuration",
-  "query": "event.action:\"Process Create (rule: ProcessCreate)\" and process.name:bcdedit.exe and process.args:(/set and (bootstatuspolicy and ignoreallfailures or no and recoveryenabled))",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:bcdedit.exe and process.args:(/set and (bootstatuspolicy and ignoreallfailures or no and recoveryenabled))",
   "risk_score": 21,
   "rule_id": "69c251fb-a5d6-4035-b5ec-40438bd829ff",
   "severity": "low",
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_s3_bucket_configuration_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_s3_bucket_configuration_deletion.json
new file mode 100644
index 00000000000000..77f9e0f4a313cb
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_s3_bucket_configuration_deletion.json
@@ -0,0 +1,51 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies the deletion of various Amazon Simple Storage Service (S3) bucket configuration components.",
+  "false_positives": [
+    "Bucket components may be deleted by a system or network administrator. Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. Bucket component deletions from unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS S3 Bucket Configuration Deletion",
+  "query": "event.action:(DeleteBucketPolicy or DeleteBucketReplication or DeleteBucketCors or DeleteBucketEncryption or DeleteBucketLifecycle) and event.dataset:aws.cloudtrail and event.provider:s3.amazonaws.com and event.outcome:success",
+  "references": [
+    "https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketPolicy.html",
+    "https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketReplication.html",
+    "https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketCors.html",
+    "https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketEncryption.html",
+    "https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucketLifecycle.html"
+  ],
+  "risk_score": 21,
+  "rule_id": "227dc608-e558-43d9-b521-150772250bae",
+  "severity": "low",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0005",
+        "name": "Defense Evasion",
+        "reference": "https://attack.mitre.org/tactics/TA0005/"
+      },
+      "technique": [
+        {
+          "id": "T1070",
+          "name": "Indicator Removal on Host",
+          "reference": "https://attack.mitre.org/techniques/T1070/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_defense_evasion_via_filter_manager.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_via_filter_manager.json
similarity index 91%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_defense_evasion_via_filter_manager.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_via_filter_manager.json
index ba684c4d721eec..24d1899fe55934 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_defense_evasion_via_filter_manager.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_via_filter_manager.json
@@ -1,9 +1,13 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "The Filter Manager Control Program (fltMC.exe) binary may be abused by adversaries to unload a filter driver and evade defenses.",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Potential Evasion via Filter Manager",
   "query": "event.code:1 and process.name:fltMC.exe",
   "risk_score": 21,
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_volume_shadow_copy_deletion_via_vssadmin.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_volume_shadow_copy_deletion_via_vssadmin.json
similarity index 78%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_volume_shadow_copy_deletion_via_vssadmin.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_volume_shadow_copy_deletion_via_vssadmin.json
index 700fd5215133d5..3166cc23ae7261 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_volume_shadow_copy_deletion_via_vssadmin.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_volume_shadow_copy_deletion_via_vssadmin.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies use of vssadmin.exe for shadow copy deletion on endpoints. This commonly occurs in tandem with ransomware or other destructive attacks.",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Volume Shadow Copy Deletion via VssAdmin",
-  "query": "event.action:\"Process Create (rule: ProcessCreate)\" and process.name:vssadmin.exe and process.args:(delete and shadows)",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:vssadmin.exe and process.args:(delete and shadows)",
   "risk_score": 73,
   "rule_id": "b5ea4bfe-a1b2-421f-9d47-22a75a6f2921",
   "severity": "high",
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_volume_shadow_copy_deletion_via_wmic.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_volume_shadow_copy_deletion_via_wmic.json
similarity index 78%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_volume_shadow_copy_deletion_via_wmic.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_volume_shadow_copy_deletion_via_wmic.json
index 59222be6c598ac..730879684a8113 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_volume_shadow_copy_deletion_via_wmic.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_volume_shadow_copy_deletion_via_wmic.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies use of wmic.exe for shadow copy deletion on endpoints. This commonly occurs in tandem with ransomware or other destructive attacks.",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Volume Shadow Copy Deletion via WMIC",
-  "query": "event.action:\"Process Create (rule: ProcessCreate)\" and process.name:WMIC.exe and process.args:(delete and shadowcopy)",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:WMIC.exe and process.args:(delete and shadowcopy)",
   "risk_score": 73,
   "rule_id": "dc9c1f74-dac3-48e3-b47f-eb79db358f57",
   "severity": "high",
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_waf_acl_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_waf_acl_deletion.json
new file mode 100644
index 00000000000000..708f931a5f8ab6
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_waf_acl_deletion.json
@@ -0,0 +1,48 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies the deletion of a specified AWS Web Application Firewall (WAF) access control list.",
+  "false_positives": [
+    "Firewall ACL's may be deleted by a system or network administrator. Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. Web ACL deletions from unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS WAF Access Control List Deletion",
+  "query": "event.action:DeleteWebACL and event.dataset:aws.cloudtrail and event.outcome:success",
+  "references": [
+    "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/waf-regional/delete-web-acl.html",
+    "https://docs.aws.amazon.com/waf/latest/APIReference/API_wafRegional_DeleteWebACL.html"
+  ],
+  "risk_score": 47,
+  "rule_id": "91d04cd4-47a9-4334-ab14-084abe274d49",
+  "severity": "medium",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0005",
+        "name": "Defense Evasion",
+        "reference": "https://attack.mitre.org/tactics/TA0005/"
+      },
+      "technique": [
+        {
+          "id": "T1089",
+          "name": "Disabling Security Tools",
+          "reference": "https://attack.mitre.org/techniques/T1089/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_waf_rule_or_rule_group_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_waf_rule_or_rule_group_deletion.json
new file mode 100644
index 00000000000000..37dae51ec3125f
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/defense_evasion_waf_rule_or_rule_group_deletion.json
@@ -0,0 +1,48 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies the deletion of a specified AWS Web Application Firewall (WAF) rule or rule group.",
+  "false_positives": [
+    "WAF rules or rule groups may be deleted by a system or network administrator. Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. Rule deletions from unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS WAF Rule or Rule Group Deletion",
+  "query": "event.module:aws and event.dataset:aws.cloudtrail and event.action:(DeleteRule or DeleteRuleGroup) and event.outcome:success",
+  "references": [
+    "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/waf/delete-rule-group.html",
+    "https://docs.aws.amazon.com/waf/latest/APIReference/API_waf_DeleteRuleGroup.html"
+  ],
+  "risk_score": 47,
+  "rule_id": "5beaebc1-cc13-4bfc-9949-776f9e0dc318",
+  "severity": "medium",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0005",
+        "name": "Defense Evasion",
+        "reference": "https://attack.mitre.org/tactics/TA0005/"
+      },
+      "technique": [
+        {
+          "id": "T1089",
+          "name": "Disabling Security Tools",
+          "reference": "https://attack.mitre.org/techniques/T1089/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_kernel_module_enumeration.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/discovery_kernel_module_enumeration.json
similarity index 83%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_kernel_module_enumeration.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/discovery_kernel_module_enumeration.json
index 85564506bcff98..14472f02280a34 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_kernel_module_enumeration.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/discovery_kernel_module_enumeration.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Loadable Kernel Modules (or LKMs) are pieces of code that can be loaded and unloaded into the kernel upon demand. They extend the functionality of the kernel without the need to reboot the system. This identifies attempts to enumerate information about a kernel module.",
   "false_positives": [
     "Security tools and device drivers may run these programs in order to enumerate kernel modules. Use of these programs by ordinary users is uncommon. These can be exempted by process name or username."
@@ -7,8 +10,9 @@
     "auditbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Enumeration of Kernel Modules",
-  "query": "event.action:executed and process.args:(kmod and list and sudo or sudo and (depmod or lsmod or modinfo))",
+  "query": "event.category:process and event.type:(start or process_started) and process.args:(kmod and list and sudo or sudo and (depmod or lsmod or modinfo))",
   "risk_score": 47,
   "rule_id": "2d8043ed-5bda-4caf-801c-c1feb7410504",
   "severity": "medium",
@@ -34,5 +38,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_net_command_system_account.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/discovery_net_command_system_account.json
similarity index 77%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_net_command_system_account.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/discovery_net_command_system_account.json
index b2770ac2383fdf..a2fe82c43b15ab 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_net_command_system_account.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/discovery_net_command_system_account.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies the SYSTEM account using the Net utility. The Net utility is a component of the Windows operating system. It is used in command line operations for control of users, groups, services, and network connections.",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Net command via SYSTEM account",
-  "query": "(process.name:net.exe or process.name:net1.exe and not process.parent.name:net.exe) and user.name:SYSTEM and event.action:\"Process Create (rule: ProcessCreate)\"",
+  "query": "event.category:process and event.type:(start or process_started) and (process.name:net.exe or process.name:net1.exe and not process.parent.name:net.exe) and user.name:SYSTEM",
   "risk_score": 21,
   "rule_id": "2856446a-34e6-435b-9fb5-f8f040bfa7ed",
   "severity": "low",
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_process_discovery_via_tasklist_command.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/discovery_process_discovery_via_tasklist_command.json
similarity index 93%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_process_discovery_via_tasklist_command.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/discovery_process_discovery_via_tasklist_command.json
index 489c8a47561b54..e9a495c752f95f 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_process_discovery_via_tasklist_command.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/discovery_process_discovery_via_tasklist_command.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Adversaries may attempt to get information about running processes on a system.",
   "false_positives": [
     "Administrators may use the tasklist command to display a list of currently running processes. By itself, it does not indicate malicious activity. After obtaining a foothold, it's possible adversaries may use discovery commands like tasklist to get information about running processes."
@@ -7,6 +10,7 @@
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Process Discovery via Tasklist",
   "query": "event.code:1 and process.name:tasklist.exe",
   "risk_score": 21,
@@ -34,5 +38,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_virtual_machine_fingerprinting.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/discovery_virtual_machine_fingerprinting.json
similarity index 75%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_virtual_machine_fingerprinting.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/discovery_virtual_machine_fingerprinting.json
index 28c4b6d6ee0e57..94f09f73b454ee 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_virtual_machine_fingerprinting.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/discovery_virtual_machine_fingerprinting.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "An adversary may attempt to get detailed information about the operating system and hardware. This rule identifies common locations used to discover virtual machine hardware by a non-root user. This technique has been used by the Pupy RAT and other malware.",
   "false_positives": [
     "Certain tools or automated software may enumerate hardware information. These tools can be exempted via user name or process arguments to eliminate potential noise."
@@ -7,8 +10,9 @@
     "auditbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Virtual Machine Fingerprinting",
-  "query": "event.action:executed and process.args:(\"/sys/class/dmi/id/bios_version\" or \"/sys/class/dmi/id/product_name\" or \"/sys/class/dmi/id/chassis_vendor\" or \"/proc/scsi/scsi\" or \"/proc/ide/hd0/model\") and not user.name:root",
+  "query": "event.category:process and event.type:(start or process_started) and process.args:(\"/sys/class/dmi/id/bios_version\" or \"/sys/class/dmi/id/product_name\" or \"/sys/class/dmi/id/chassis_vendor\" or \"/proc/scsi/scsi\" or \"/proc/ide/hd0/model\") and not user.name:root",
   "risk_score": 73,
   "rule_id": "5b03c9fb-9945-4d2f-9568-fd690fee3fba",
   "severity": "high",
@@ -34,5 +38,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_whoami_command_activity.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/discovery_whoami_command_activity.json
similarity index 93%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_whoami_command_activity.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/discovery_whoami_command_activity.json
index c01396dd51527e..6511ff6e19d808 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_whoami_command_activity.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/discovery_whoami_command_activity.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies use of whoami.exe which displays user, group, and privileges information for the user who is currently logged on to the local system.",
   "false_positives": [
     "Some normal use of this program, at varying levels of frequency, may originate from scripts, automation tools and frameworks. Usage by non-engineers and ordinary users is unusual."
@@ -7,6 +10,7 @@
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Whoami Process Activity",
   "query": "process.name:whoami.exe and event.code:1",
   "risk_score": 21,
@@ -34,5 +38,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_whoami_commmand.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/discovery_whoami_commmand.json
similarity index 84%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_whoami_commmand.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/discovery_whoami_commmand.json
index e96c8dc3887e0c..a7833c4a017511 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_whoami_commmand.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/discovery_whoami_commmand.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "The whoami application was executed on a Linux host. This is often used by tools and persistence mechanisms to test for privileged access.",
   "false_positives": [
     "Security testing tools and frameworks may run this command. Some normal use of this command may originate from automation tools and frameworks."
@@ -7,8 +10,9 @@
     "auditbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "User Discovery via Whoami",
-  "query": "process.name:whoami and event.action:executed",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:whoami",
   "risk_score": 21,
   "rule_id": "120559c6-5e24-49f4-9e30-8ffe697df6b9",
   "severity": "low",
@@ -34,5 +38,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint.json
new file mode 100644
index 00000000000000..6d2f198c9b9432
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint.json
@@ -0,0 +1,60 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Generates a detection alert each time an Elastic Endpoint alert is received. Enabling this rule allows you to immediately begin investigating your Elastic Endpoint alerts.",
+  "enabled": true,
+  "from": "now-10m",
+  "index": [
+    "logs-endpoint.alerts-*"
+  ],
+  "language": "kuery",
+  "license": "Elastic License",
+  "max_signals": 10000,
+  "name": "Elastic Endpoint",
+  "query": "event.kind:alert and event.module:(endpoint and not endgame)",
+  "risk_score": 47,
+  "risk_score_mapping": [
+    {
+      "field": "event.risk_score",
+      "operator": "equals",
+      "value": ""
+    }
+  ],
+  "rule_id": "9a1a2dae-0b5f-4c3d-8305-a268d404c306",
+  "rule_name_override": "message",
+  "severity": "medium",
+  "severity_mapping": [
+    {
+      "field": "event.severity",
+      "operator": "equals",
+      "severity": "low",
+      "value": "21"
+    },
+    {
+      "field": "event.severity",
+      "operator": "equals",
+      "severity": "medium",
+      "value": "47"
+    },
+    {
+      "field": "event.severity",
+      "operator": "equals",
+      "severity": "high",
+      "value": "73"
+    },
+    {
+      "field": "event.severity",
+      "operator": "equals",
+      "severity": "critical",
+      "value": "99"
+    }
+  ],
+  "tags": [
+    "Elastic",
+    "Endpoint"
+  ],
+  "timestamp_override": "event.ingested",
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_adversary_behavior_detected.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_adversary_behavior_detected.json
similarity index 90%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_adversary_behavior_detected.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_adversary_behavior_detected.json
index ca97e9901975f8..5075630e24f298 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_adversary_behavior_detected.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_adversary_behavior_detected.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Elastic Endpoint detected an Adversary Behavior. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.",
   "from": "now-15m",
   "index": [
@@ -6,6 +9,7 @@
   ],
   "interval": "10m",
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Adversary Behavior - Detected - Elastic Endpoint",
   "query": "event.kind:alert and event.module:endgame and (event.action:rules_engine_event or endgame.event_subtype_full:rules_engine_event)",
   "risk_score": 47,
@@ -16,5 +20,5 @@
     "Endpoint"
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_dumping_detected.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_cred_dumping_detected.json
similarity index 90%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_dumping_detected.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_cred_dumping_detected.json
index 18472abbd70d77..4bf9ba8ec36e1b 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_dumping_detected.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_cred_dumping_detected.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Elastic Endpoint detected Credential Dumping. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.",
   "from": "now-15m",
   "index": [
@@ -6,6 +9,7 @@
   ],
   "interval": "10m",
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Credential Dumping - Detected - Elastic Endpoint",
   "query": "event.kind:alert and event.module:endgame and endgame.metadata.type:detection and (event.action:cred_theft_event or endgame.event_subtype_full:cred_theft_event)",
   "risk_score": 73,
@@ -16,5 +20,5 @@
     "Endpoint"
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_dumping_prevented.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_cred_dumping_prevented.json
similarity index 90%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_dumping_prevented.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_cred_dumping_prevented.json
index 11b9fa93f5f179..bed473b12b0463 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_dumping_prevented.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_cred_dumping_prevented.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Elastic Endpoint prevented Credential Dumping. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.",
   "from": "now-15m",
   "index": [
@@ -6,6 +9,7 @@
   ],
   "interval": "10m",
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Credential Dumping - Prevented - Elastic Endpoint",
   "query": "event.kind:alert and event.module:endgame and endgame.metadata.type:prevention and (event.action:cred_theft_event or endgame.event_subtype_full:cred_theft_event)",
   "risk_score": 47,
@@ -16,5 +20,5 @@
     "Endpoint"
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_manipulation_detected.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_cred_manipulation_detected.json
similarity index 90%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_manipulation_detected.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_cred_manipulation_detected.json
index ae4b59d101a3af..02ba20bb59aec4 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_manipulation_detected.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_cred_manipulation_detected.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Elastic Endpoint detected Credential Manipulation. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.",
   "from": "now-15m",
   "index": [
@@ -6,6 +9,7 @@
   ],
   "interval": "10m",
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Credential Manipulation - Detected - Elastic Endpoint",
   "query": "event.kind:alert and event.module:endgame and endgame.metadata.type:detection and (event.action:token_manipulation_event or endgame.event_subtype_full:token_manipulation_event)",
   "risk_score": 73,
@@ -16,5 +20,5 @@
     "Endpoint"
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_manipulation_prevented.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_cred_manipulation_prevented.json
similarity index 90%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_manipulation_prevented.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_cred_manipulation_prevented.json
index 2db3fbbde75473..128f8d5639d5d2 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_cred_manipulation_prevented.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_cred_manipulation_prevented.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Elastic Endpoint prevented Credential Manipulation. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.",
   "from": "now-15m",
   "index": [
@@ -6,6 +9,7 @@
   ],
   "interval": "10m",
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Credential Manipulation - Prevented - Elastic Endpoint",
   "query": "event.kind:alert and event.module:endgame and endgame.metadata.type:prevention and (event.action:token_manipulation_event or endgame.event_subtype_full:token_manipulation_event)",
   "risk_score": 47,
@@ -16,5 +20,5 @@
     "Endpoint"
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_exploit_detected.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_exploit_detected.json
similarity index 90%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_exploit_detected.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_exploit_detected.json
index a57d56cec9bcdb..a11b839792b79c 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_exploit_detected.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_exploit_detected.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Elastic Endpoint detected an Exploit. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.",
   "from": "now-15m",
   "index": [
@@ -6,6 +9,7 @@
   ],
   "interval": "10m",
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Exploit - Detected - Elastic Endpoint",
   "query": "event.kind:alert and event.module:endgame and endgame.metadata.type:detection and (event.action:exploit_event or endgame.event_subtype_full:exploit_event)",
   "risk_score": 73,
@@ -16,5 +20,5 @@
     "Endpoint"
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_exploit_prevented.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_exploit_prevented.json
similarity index 90%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_exploit_prevented.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_exploit_prevented.json
index f8f1b774a191ac..2deb7bce3b203a 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_exploit_prevented.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_exploit_prevented.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Elastic Endpoint prevented an Exploit. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.",
   "from": "now-15m",
   "index": [
@@ -6,6 +9,7 @@
   ],
   "interval": "10m",
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Exploit - Prevented - Elastic Endpoint",
   "query": "event.kind:alert and event.module:endgame and endgame.metadata.type:prevention and (event.action:exploit_event or endgame.event_subtype_full:exploit_event)",
   "risk_score": 47,
@@ -16,5 +20,5 @@
     "Endpoint"
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_malware_detected.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_malware_detected.json
similarity index 90%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_malware_detected.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_malware_detected.json
index 4024a50c3a0fea..d1389b21f2d7ed 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_malware_detected.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_malware_detected.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Elastic Endpoint detected Malware. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.",
   "from": "now-15m",
   "index": [
@@ -6,6 +9,7 @@
   ],
   "interval": "10m",
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Malware - Detected - Elastic Endpoint",
   "query": "event.kind:alert and event.module:endgame and endgame.metadata.type:detection and (event.action:file_classification_event or endgame.event_subtype_full:file_classification_event)",
   "risk_score": 99,
@@ -16,5 +20,5 @@
     "Endpoint"
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_malware_prevented.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_malware_prevented.json
similarity index 90%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_malware_prevented.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_malware_prevented.json
index b21bd00229c04c..b83bc259175c67 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_malware_prevented.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_malware_prevented.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Elastic Endpoint prevented Malware. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.",
   "from": "now-15m",
   "index": [
@@ -6,6 +9,7 @@
   ],
   "interval": "10m",
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Malware - Prevented - Elastic Endpoint",
   "query": "event.kind:alert and event.module:endgame and endgame.metadata.type:prevention and (event.action:file_classification_event or endgame.event_subtype_full:file_classification_event)",
   "risk_score": 73,
@@ -16,5 +20,5 @@
     "Endpoint"
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_permission_theft_detected.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_permission_theft_detected.json
similarity index 90%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_permission_theft_detected.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_permission_theft_detected.json
index 1aba34f7b15c00..b81b9c67644c6e 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_permission_theft_detected.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_permission_theft_detected.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Elastic Endpoint detected Permission Theft. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.",
   "from": "now-15m",
   "index": [
@@ -6,6 +9,7 @@
   ],
   "interval": "10m",
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Permission Theft - Detected - Elastic Endpoint",
   "query": "event.kind:alert and event.module:endgame and endgame.metadata.type:detection and (event.action:token_protection_event or endgame.event_subtype_full:token_protection_event)",
   "risk_score": 73,
@@ -16,5 +20,5 @@
     "Endpoint"
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_permission_theft_prevented.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_permission_theft_prevented.json
similarity index 90%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_permission_theft_prevented.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_permission_theft_prevented.json
index b383349b5e2042..b69598cffc2306 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_permission_theft_prevented.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_permission_theft_prevented.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Elastic Endpoint prevented Permission Theft. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.",
   "from": "now-15m",
   "index": [
@@ -6,6 +9,7 @@
   ],
   "interval": "10m",
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Permission Theft - Prevented - Elastic Endpoint",
   "query": "event.kind:alert and event.module:endgame and endgame.metadata.type:prevention and (event.action:token_protection_event or endgame.event_subtype_full:token_protection_event)",
   "risk_score": 47,
@@ -16,5 +20,5 @@
     "Endpoint"
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_process_injection_detected.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_process_injection_detected.json
similarity index 90%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_process_injection_detected.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_process_injection_detected.json
index d7f5b24548344e..8299e11392398f 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_process_injection_detected.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_process_injection_detected.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Elastic Endpoint detected Process Injection. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.",
   "from": "now-15m",
   "index": [
@@ -6,6 +9,7 @@
   ],
   "interval": "10m",
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Process Injection - Detected - Elastic Endpoint",
   "query": "event.kind:alert and event.module:endgame and endgame.metadata.type:detection and (event.action:kernel_shellcode_event or endgame.event_subtype_full:kernel_shellcode_event)",
   "risk_score": 73,
@@ -16,5 +20,5 @@
     "Endpoint"
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_process_injection_prevented.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_process_injection_prevented.json
similarity index 90%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_process_injection_prevented.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_process_injection_prevented.json
index a2595dee2f724c..237558ae372a87 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_process_injection_prevented.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_process_injection_prevented.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Elastic Endpoint prevented Process Injection. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.",
   "from": "now-15m",
   "index": [
@@ -6,6 +9,7 @@
   ],
   "interval": "10m",
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Process Injection - Prevented - Elastic Endpoint",
   "query": "event.kind:alert and event.module:endgame and endgame.metadata.type:prevention and (event.action:kernel_shellcode_event or endgame.event_subtype_full:kernel_shellcode_event)",
   "risk_score": 47,
@@ -16,5 +20,5 @@
     "Endpoint"
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_ransomware_detected.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_ransomware_detected.json
similarity index 90%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_ransomware_detected.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_ransomware_detected.json
index 9dd62717958e1b..4ead850c60e8fc 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_ransomware_detected.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_ransomware_detected.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Elastic Endpoint detected Ransomware. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.",
   "from": "now-15m",
   "index": [
@@ -6,6 +9,7 @@
   ],
   "interval": "10m",
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Ransomware - Detected - Elastic Endpoint",
   "query": "event.kind:alert and event.module:endgame and endgame.metadata.type:detection and (event.action:ransomware_event or endgame.event_subtype_full:ransomware_event)",
   "risk_score": 99,
@@ -16,5 +20,5 @@
     "Endpoint"
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_ransomware_prevented.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_ransomware_prevented.json
similarity index 90%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_ransomware_prevented.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_ransomware_prevented.json
index cfa9ff6cca2ee6..25d167afa204ca 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/elastic_endpoint_security_ransomware_prevented.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/endpoint_ransomware_prevented.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Elastic Endpoint prevented Ransomware. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.",
   "from": "now-15m",
   "index": [
@@ -6,6 +9,7 @@
   ],
   "interval": "10m",
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Ransomware - Prevented - Elastic Endpoint",
   "query": "event.kind:alert and event.module:endgame and endgame.metadata.type:prevention and (event.action:ransomware_event or endgame.event_subtype_full:ransomware_event)",
   "risk_score": 73,
@@ -16,5 +20,5 @@
     "Endpoint"
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_suspicious_ms_office_child_process.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_suspicious_ms_office_child_process.json
deleted file mode 100644
index e234688a432e22..00000000000000
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_suspicious_ms_office_child_process.json
+++ /dev/null
@@ -1,35 +0,0 @@
-{
-  "description": "Identifies suspicious child processes of frequently targeted Microsoft Office applications (Word, PowerPoint, Excel). These child processes are often launched during exploitation of Office applications or from documents with malicious macros.",
-  "index": [
-    "winlogbeat-*"
-  ],
-  "language": "kuery",
-  "name": "Suspicious MS Office Child Process",
-  "query": "event.action:\"Process Create (rule: ProcessCreate)\" and process.parent.name:(eqnedt32.exe or excel.exe or fltldr.exe or msaccess.exe or mspub.exe or powerpnt.exe or winword.exe) and process.name:(Microsoft.Workflow.Compiler.exe or arp.exe or atbroker.exe or bginfo.exe or bitsadmin.exe or cdb.exe or certutil.exe or cmd.exe or cmstp.exe or cscript.exe or csi.exe or dnx.exe or dsget.exe or dsquery.exe or forfiles.exe or fsi.exe or ftp.exe or gpresult.exe or hostname.exe or ieexec.exe or iexpress.exe or installutil.exe or ipconfig.exe or mshta.exe or msxsl.exe or nbtstat.exe or net.exe or net1.exe or netsh.exe or netstat.exe or nltest.exe or odbcconf.exe or ping.exe or powershell.exe or pwsh.exe or qprocess.exe or quser.exe or qwinsta.exe or rcsi.exe or reg.exe or regasm.exe or regsvcs.exe or regsvr32.exe or sc.exe or schtasks.exe or systeminfo.exe or tasklist.exe or tracert.exe or whoami.exe or wmic.exe or wscript.exe or xwizard.exe)",
-  "risk_score": 21,
-  "rule_id": "a624863f-a70d-417f-a7d2-7a404638d47f",
-  "severity": "low",
-  "tags": [
-    "Elastic",
-    "Windows"
-  ],
-  "threat": [
-    {
-      "framework": "MITRE ATT&CK",
-      "tactic": {
-        "id": "TA0002",
-        "name": "Execution",
-        "reference": "https://attack.mitre.org/tactics/TA0002/"
-      },
-      "technique": [
-        {
-          "id": "T1193",
-          "name": "Spearphishing Attachment",
-          "reference": "https://attack.mitre.org/techniques/T1193/"
-        }
-      ]
-    }
-  ],
-  "type": "query",
-  "version": 2
-}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_suspicious_ms_outlook_child_process.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_suspicious_ms_outlook_child_process.json
deleted file mode 100644
index dcc5e5a095f12f..00000000000000
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_suspicious_ms_outlook_child_process.json
+++ /dev/null
@@ -1,35 +0,0 @@
-{
-  "description": "Identifies suspicious child processes of Microsoft Outlook. These child processes are often associated with spear phishing activity.",
-  "index": [
-    "winlogbeat-*"
-  ],
-  "language": "kuery",
-  "name": "Suspicious MS Outlook Child Process",
-  "query": "event.action:\"Process Create (rule: ProcessCreate)\" and process.parent.name:outlook.exe and process.name:(Microsoft.Workflow.Compiler.exe or arp.exe or atbroker.exe or bginfo.exe or bitsadmin.exe or cdb.exe or certutil.exe or cmd.exe or cmstp.exe or cscript.exe or csi.exe or dnx.exe or dsget.exe or dsquery.exe or forfiles.exe or fsi.exe or ftp.exe or gpresult.exe or hostname.exe or ieexec.exe or iexpress.exe or installutil.exe or ipconfig.exe or mshta.exe or msxsl.exe or nbtstat.exe or net.exe or net1.exe or netsh.exe or netstat.exe or nltest.exe or odbcconf.exe or ping.exe or powershell.exe or pwsh.exe or qprocess.exe or quser.exe or qwinsta.exe or rcsi.exe or reg.exe or regasm.exe or regsvcs.exe or regsvr32.exe or sc.exe or schtasks.exe or systeminfo.exe or tasklist.exe or tracert.exe or whoami.exe or wmic.exe or wscript.exe or xwizard.exe)",
-  "risk_score": 21,
-  "rule_id": "32f4675e-6c49-4ace-80f9-97c9259dca2e",
-  "severity": "low",
-  "tags": [
-    "Elastic",
-    "Windows"
-  ],
-  "threat": [
-    {
-      "framework": "MITRE ATT&CK",
-      "tactic": {
-        "id": "TA0002",
-        "name": "Execution",
-        "reference": "https://attack.mitre.org/tactics/TA0002/"
-      },
-      "technique": [
-        {
-          "id": "T1193",
-          "name": "Spearphishing Attachment",
-          "reference": "https://attack.mitre.org/techniques/T1193/"
-        }
-      ]
-    }
-  ],
-  "type": "query",
-  "version": 2
-}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_unusual_parentchild_relationship.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_unusual_parentchild_relationship.json
deleted file mode 100644
index ea87ce1aea81dc..00000000000000
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_unusual_parentchild_relationship.json
+++ /dev/null
@@ -1,35 +0,0 @@
-{
-  "description": "Identifies Windows programs run from unexpected parent processes. This could indicate masquerading or other strange activity on a system.",
-  "index": [
-    "winlogbeat-*"
-  ],
-  "language": "kuery",
-  "name": "Unusual Parent-Child Relationship",
-  "query": "event.action:\"Process Create (rule: ProcessCreate)\" and process.parent.executable:* and (process.name:smss.exe and not process.parent.name:(System or smss.exe) or process.name:csrss.exe and not process.parent.name:(smss.exe or svchost.exe) or process.name:wininit.exe and not process.parent.name:smss.exe or process.name:winlogon.exe and not process.parent.name:smss.exe or process.name:lsass.exe and not process.parent.name:wininit.exe or process.name:LogonUI.exe and not process.parent.name:(wininit.exe or winlogon.exe) or process.name:services.exe and not process.parent.name:wininit.exe or process.name:svchost.exe and not process.parent.name:(MsMpEng.exe or services.exe) or process.name:spoolsv.exe and not process.parent.name:services.exe or process.name:taskhost.exe and not process.parent.name:(services.exe or svchost.exe) or process.name:taskhostw.exe and not process.parent.name:(services.exe or svchost.exe) or process.name:userinit.exe and not process.parent.name:(dwm.exe or winlogon.exe))",
-  "risk_score": 47,
-  "rule_id": "35df0dd8-092d-4a83-88c1-5151a804f31b",
-  "severity": "medium",
-  "tags": [
-    "Elastic",
-    "Windows"
-  ],
-  "threat": [
-    {
-      "framework": "MITRE ATT&CK",
-      "tactic": {
-        "id": "TA0004",
-        "name": "Privilege Escalation",
-        "reference": "https://attack.mitre.org/tactics/TA0004/"
-      },
-      "technique": [
-        {
-          "id": "T1093",
-          "name": "Process Hollowing",
-          "reference": "https://attack.mitre.org/techniques/T1093/"
-        }
-      ]
-    }
-  ],
-  "type": "query",
-  "version": 2
-}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_command_prompt_connecting_to_the_internet.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_command_prompt_connecting_to_the_internet.json
similarity index 85%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_command_prompt_connecting_to_the_internet.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_command_prompt_connecting_to_the_internet.json
index 51fceacddb3c94..97197be498a8df 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_command_prompt_connecting_to_the_internet.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_command_prompt_connecting_to_the_internet.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies cmd.exe making a network connection. Adversaries could abuse cmd.exe to download or execute malware from a remote URL.",
   "false_positives": [
     "Administrators may use the command prompt for regular administrative tasks. It's important to baseline your environment for network connections being made from the command prompt to determine any abnormal use of this tool."
@@ -7,8 +10,9 @@
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Command Prompt Network Connection",
-  "query": "process.name:cmd.exe and event.action:\"Network connection detected (rule: NetworkConnect)\" and not destination.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16)",
+  "query": "event.category:network and event.type:connection and process.name:cmd.exe and not destination.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16)",
   "risk_score": 21,
   "rule_id": "89f9a4b0-9f8f-4ee0-8823-c4751a6d6696",
   "severity": "low",
@@ -49,5 +53,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_command_shell_started_by_powershell.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_command_shell_started_by_powershell.json
similarity index 83%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_command_shell_started_by_powershell.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_command_shell_started_by_powershell.json
index 8e88549a44ada9..832ca1e1e7d399 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_command_shell_started_by_powershell.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_command_shell_started_by_powershell.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies a suspicious parent child process relationship with cmd.exe descending from PowerShell.exe.",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "PowerShell spawning Cmd",
-  "query": "process.parent.name:powershell.exe and process.name:cmd.exe",
+  "query": "event.category:process and event.type:(start or process_started) and process.parent.name:powershell.exe and process.name:cmd.exe",
   "risk_score": 21,
   "rule_id": "0f616aee-8161-4120-857e-742366f5eeb3",
   "severity": "low",
@@ -46,5 +50,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_command_shell_started_by_svchost.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_command_shell_started_by_svchost.json
similarity index 77%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_command_shell_started_by_svchost.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_command_shell_started_by_svchost.json
index f36f853a8e7605..e92ee45c0f3b63 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_command_shell_started_by_svchost.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_command_shell_started_by_svchost.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies a suspicious parent child process relationship with cmd.exe descending from svchost.exe",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Svchost spawning Cmd",
-  "query": "process.parent.name:svchost.exe and process.name:cmd.exe",
+  "query": "event.category:process and event.type:(start or process_started) and process.parent.name:svchost.exe and process.name:cmd.exe",
   "risk_score": 21,
   "rule_id": "fd7a6052-58fa-4397-93c3-4795249ccfa2",
   "severity": "low",
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_html_help_executable_program_connecting_to_the_internet.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_html_help_executable_program_connecting_to_the_internet.json
similarity index 84%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_html_help_executable_program_connecting_to_the_internet.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_html_help_executable_program_connecting_to_the_internet.json
index 906995b3b66623..c75f77301e531e 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_html_help_executable_program_connecting_to_the_internet.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_html_help_executable_program_connecting_to_the_internet.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Compiled HTML files (.chm) are commonly distributed as part of the Microsoft HTML Help system. Adversaries may conceal malicious code in a CHM file and deliver it to a victim for execution. CHM content is loaded by the HTML Help executable program (hh.exe).",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Network Connection via Compiled HTML File",
-  "query": "process.name:hh.exe and event.action:\"Network connection detected (rule: NetworkConnect)\" and not destination.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16)",
+  "query": "event.category:network and event.type:connection and process.name:hh.exe and not destination.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16)",
   "risk_score": 21,
   "rule_id": "b29ee2be-bf99-446c-ab1a-2dc0183394b8",
   "severity": "low",
@@ -46,5 +50,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_local_service_commands.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_local_service_commands.json
similarity index 78%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_local_service_commands.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_local_service_commands.json
index e842b732254ca7..9b50d99761ad27 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_local_service_commands.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_local_service_commands.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies use of sc.exe to create, modify, or start services on remote hosts. This could be indicative of adversary lateral movement but will be noisy if commonly done by admins.",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Local Service Commands",
-  "query": "event.action:\"Process Create (rule: ProcessCreate)\" and process.name:sc.exe and process.args:(config or create or failure or start)",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:sc.exe and process.args:(config or create or failure or start)",
   "risk_score": 21,
   "rule_id": "e8571d5f-bea1-46c2-9f56-998de2d3ed95",
   "severity": "low",
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_msbuild_making_network_connections.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_msbuild_making_network_connections.json
similarity index 80%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_msbuild_making_network_connections.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_msbuild_making_network_connections.json
index f3d75c7fead8b7..192e35df1da3f2 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_msbuild_making_network_connections.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_msbuild_making_network_connections.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies MsBuild.exe making outbound network connections. This may indicate adversarial activity as MsBuild is often leveraged by adversaries to execute code and evade detection.",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "MsBuild Making Network Connections",
-  "query": "event.action:\"Network connection detected (rule: NetworkConnect)\" and process.name:MSBuild.exe and not destination.ip:(127.0.0.1 or \"::1\")",
+  "query": "event.category:network and event.type:connection and process.name:MSBuild.exe and not destination.ip:(127.0.0.1 or \"::1\")",
   "risk_score": 47,
   "rule_id": "0e79980b-4250-4a50-a509-69294c14e84b",
   "severity": "medium",
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_mshta_making_network_connections.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_mshta_making_network_connections.json
similarity index 84%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_mshta_making_network_connections.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_mshta_making_network_connections.json
index eb2dd0eeff6ea9..cb098086e33249 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_mshta_making_network_connections.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_mshta_making_network_connections.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies mshta.exe making a network connection. This may indicate adversarial activity as mshta.exe is often leveraged by adversaries to execute malicious scripts and evade detection.",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Network Connection via Mshta",
-  "query": "event.action:\"Network connection detected (rule: NetworkConnect)\" and process.name:mshta.exe",
+  "query": "event.category:network and event.type:connection and process.name:mshta.exe",
   "references": [
     "https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html"
   ],
@@ -34,5 +38,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_msxsl_network.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_msxsl_network.json
similarity index 78%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_msxsl_network.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_msxsl_network.json
index 735ae0b2d6a7b1..9f1d2fc62fadff 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_msxsl_network.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_msxsl_network.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies msxsl.exe making a network connection. This may indicate adversarial activity as msxsl.exe is often leveraged by adversaries to execute malicious scripts and evade detection.",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Network Connection via MsXsl",
-  "query": "process.name:msxsl.exe and event.action:\"Network connection detected (rule: NetworkConnect)\" and not destination.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16)",
+  "query": "event.category:network and event.type:connection and process.name:msxsl.exe and not destination.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16)",
   "risk_score": 21,
   "rule_id": "b86afe07-0d98-4738-b15d-8d7465f95ff5",
   "severity": "low",
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_perl_tty_shell.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_perl_tty_shell.json
similarity index 74%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_perl_tty_shell.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_perl_tty_shell.json
index 2f003f8ec9d038..db96fe1bc1b50a 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_perl_tty_shell.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_perl_tty_shell.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies when a terminal (tty) is spawned via Perl. Attackers may upgrade a simple reverse shell to a fully interactive tty after obtaining initial access to a host.",
   "index": [
     "auditbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Interactive Terminal Spawned via Perl",
-  "query": "event.action:executed and process.name:perl and process.args:(\"exec \\\"/bin/sh\\\";\" or \"exec \\\"/bin/dash\\\";\" or \"exec \\\"/bin/bash\\\";\")",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:perl and process.args:(\"exec \\\"/bin/sh\\\";\" or \"exec \\\"/bin/dash\\\";\" or \"exec \\\"/bin/bash\\\";\")",
   "risk_score": 73,
   "rule_id": "05e5a668-7b51-4a67-93ab-e9af405c9ef3",
   "severity": "high",
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_psexec_lateral_movement_command.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_psexec_lateral_movement_command.json
similarity index 89%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_psexec_lateral_movement_command.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_psexec_lateral_movement_command.json
index 2abf38eb1b0ef5..a5ac6cffd23763 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_psexec_lateral_movement_command.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_psexec_lateral_movement_command.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies use of the SysInternals tool PsExec.exe making a network connection. This could be an indication of lateral movement.",
   "false_positives": [
     "PsExec is a dual-use tool that can be used for benign or malicious activity. It's important to baseline your environment to determine the amount of noise to expect from this tool."
@@ -7,8 +10,9 @@
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "PsExec Network Connection",
-  "query": "process.name:PsExec.exe and event.action:\"Network connection detected (rule: NetworkConnect)\"",
+  "query": "event.category:network and event.type:connection and process.name:PsExec.exe",
   "risk_score": 21,
   "rule_id": "55d551c6-333b-4665-ab7e-5d14a59715ce",
   "severity": "low",
@@ -49,5 +53,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_python_tty_shell.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_python_tty_shell.json
similarity index 71%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_python_tty_shell.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_python_tty_shell.json
index 42e014e919cad5..59be6da19e93fd 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_python_tty_shell.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_python_tty_shell.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies when a terminal (tty) is spawned via Python. Attackers may upgrade a simple reverse shell to a fully interactive tty after obtaining initial access to a host.",
   "index": [
     "auditbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Interactive Terminal Spawned via Python",
-  "query": "event.action:executed and process.name:python and process.args:(\"import pty; pty.spawn(\\\"/bin/sh\\\")\" or \"import pty; pty.spawn(\\\"/bin/dash\\\")\" or \"import pty; pty.spawn(\\\"/bin/bash\\\")\")",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:python and process.args:(\"import pty; pty.spawn(\\\"/bin/sh\\\")\" or \"import pty; pty.spawn(\\\"/bin/dash\\\")\" or \"import pty; pty.spawn(\\\"/bin/bash\\\")\")",
   "risk_score": 73,
   "rule_id": "d76b02ef-fc95-4001-9297-01cb7412232f",
   "severity": "high",
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_register_server_program_connecting_to_the_internet.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_register_server_program_connecting_to_the_internet.json
similarity index 77%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_register_server_program_connecting_to_the_internet.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_register_server_program_connecting_to_the_internet.json
index f6fc38f963640d..262313782fe332 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_register_server_program_connecting_to_the_internet.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_register_server_program_connecting_to_the_internet.json
@@ -1,5 +1,8 @@
 {
-  "description": "Identifies the native Windows tools regsvr32.exe and regsvr64.exe making a network connection. This may be indicative of an attacker bypassing whitelisting or running arbitrary scripts via a signed Microsoft binary.",
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies the native Windows tools regsvr32.exe and regsvr64.exe making a network connection. This may be indicative of an attacker bypassing allowlists or running arbitrary scripts via a signed Microsoft binary.",
   "false_positives": [
     "Security testing may produce events like this. Activity of this kind performed by non-engineers and ordinary users is unusual."
   ],
@@ -7,8 +10,9 @@
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Network Connection via Regsvr",
-  "query": "process.name:(regsvr32.exe or regsvr64.exe) and event.action:\"Network connection detected (rule: NetworkConnect)\" and not destination.ip:(10.0.0.0/8 or 169.254.169.254 or 172.16.0.0/12 or 192.168.0.0/16)",
+  "query": "event.category:network and event.type:connection and process.name:(regsvr32.exe or regsvr64.exe) and not destination.ip:(10.0.0.0/8 or 169.254.169.254 or 172.16.0.0/12 or 192.168.0.0/16)",
   "risk_score": 21,
   "rule_id": "fb02b8d3-71ee-4af1-bacd-215d23f17efa",
   "severity": "low",
@@ -49,5 +53,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_windows_script_executing_powershell.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_script_executing_powershell.json
similarity index 78%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_windows_script_executing_powershell.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_script_executing_powershell.json
index 27411e35ee8284..6f9170f476d90d 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_windows_script_executing_powershell.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_script_executing_powershell.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies a PowerShell process launched by either cscript.exe or wscript.exe. Observing Windows scripting processes executing a PowerShell script, may be indicative of malicious activity.",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Windows Script Executing PowerShell",
-  "query": "event.action:\"Process Create (rule: ProcessCreate)\" and process.parent.name:(cscript.exe or wscript.exe) and process.name:powershell.exe",
+  "query": "event.category:process and event.type:(start or process_started) and process.parent.name:(cscript.exe or wscript.exe) and process.name:powershell.exe",
   "risk_score": 21,
   "rule_id": "f545ff26-3c94-4fd0-bd33-3c7f95a3a0fc",
   "severity": "low",
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_suspicious_ms_office_child_process.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_suspicious_ms_office_child_process.json
new file mode 100644
index 00000000000000..1b5fd4e1f502d3
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_suspicious_ms_office_child_process.json
@@ -0,0 +1,39 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies suspicious child processes of frequently targeted Microsoft Office applications (Word, PowerPoint, Excel). These child processes are often launched during exploitation of Office applications or from documents with malicious macros.",
+  "index": [
+    "winlogbeat-*"
+  ],
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "Suspicious MS Office Child Process",
+  "query": "event.category:process and event.type:(start or process_started) and process.parent.name:(eqnedt32.exe or excel.exe or fltldr.exe or msaccess.exe or mspub.exe or powerpnt.exe or winword.exe) and process.name:(Microsoft.Workflow.Compiler.exe or arp.exe or atbroker.exe or bginfo.exe or bitsadmin.exe or cdb.exe or certutil.exe or cmd.exe or cmstp.exe or cscript.exe or csi.exe or dnx.exe or dsget.exe or dsquery.exe or forfiles.exe or fsi.exe or ftp.exe or gpresult.exe or hostname.exe or ieexec.exe or iexpress.exe or installutil.exe or ipconfig.exe or mshta.exe or msxsl.exe or nbtstat.exe or net.exe or net1.exe or netsh.exe or netstat.exe or nltest.exe or odbcconf.exe or ping.exe or powershell.exe or pwsh.exe or qprocess.exe or quser.exe or qwinsta.exe or rcsi.exe or reg.exe or regasm.exe or regsvcs.exe or regsvr32.exe or sc.exe or schtasks.exe or systeminfo.exe or tasklist.exe or tracert.exe or whoami.exe or wmic.exe or wscript.exe or xwizard.exe)",
+  "risk_score": 21,
+  "rule_id": "a624863f-a70d-417f-a7d2-7a404638d47f",
+  "severity": "low",
+  "tags": [
+    "Elastic",
+    "Windows"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0002",
+        "name": "Execution",
+        "reference": "https://attack.mitre.org/tactics/TA0002/"
+      },
+      "technique": [
+        {
+          "id": "T1193",
+          "name": "Spearphishing Attachment",
+          "reference": "https://attack.mitre.org/techniques/T1193/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 3
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_suspicious_ms_outlook_child_process.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_suspicious_ms_outlook_child_process.json
new file mode 100644
index 00000000000000..f874b7e3f8e80c
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_suspicious_ms_outlook_child_process.json
@@ -0,0 +1,39 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies suspicious child processes of Microsoft Outlook. These child processes are often associated with spear phishing activity.",
+  "index": [
+    "winlogbeat-*"
+  ],
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "Suspicious MS Outlook Child Process",
+  "query": "event.category:process and event.type:(start or process_started) and process.parent.name:outlook.exe and process.name:(Microsoft.Workflow.Compiler.exe or arp.exe or atbroker.exe or  bginfo.exe or bitsadmin.exe or cdb.exe or certutil.exe or cmd.exe or cmstp.exe or cscript.exe or csi.exe or dnx.exe or dsget.exe or dsquery.exe or forfiles.exe or fsi.exe or ftp.exe or gpresult.exe or hostname.exe or ieexec.exe or iexpress.exe or installutil.exe or ipconfig.exe or mshta.exe or msxsl.exe or nbtstat.exe or net.exe or net1.exe or netsh.exe or netstat.exe or nltest.exe or odbcconf.exe or ping.exe or powershell.exe or pwsh.exe or qprocess.exe or quser.exe or qwinsta.exe or rcsi.exe or reg.exe or regasm.exe or regsvcs.exe or regsvr32.exe or sc.exe or schtasks.exe or systeminfo.exe or tasklist.exe or tracert.exe or whoami.exe or wmic.exe or wscript.exe or xwizard.exe)",
+  "risk_score": 21,
+  "rule_id": "32f4675e-6c49-4ace-80f9-97c9259dca2e",
+  "severity": "low",
+  "tags": [
+    "Elastic",
+    "Windows"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0002",
+        "name": "Execution",
+        "reference": "https://attack.mitre.org/tactics/TA0002/"
+      },
+      "technique": [
+        {
+          "id": "T1193",
+          "name": "Spearphishing Attachment",
+          "reference": "https://attack.mitre.org/techniques/T1193/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 3
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_suspicious_pdf_reader.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_suspicious_pdf_reader.json
new file mode 100644
index 00000000000000..35206d130ea5fc
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_suspicious_pdf_reader.json
@@ -0,0 +1,39 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies suspicious child processes of PDF reader applications. These child processes are often launched via exploitation of PDF applications or social engineering.",
+  "index": [
+    "winlogbeat-*"
+  ],
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "Suspicious PDF Reader Child Process",
+  "query": "event.category:process and event.type:(start or process_started) and process.parent.name:(AcroRd32.exe or Acrobat.exe or FoxitPhantomPDF.exe or FoxitReader.exe) and process.name:(arp.exe or dsquery.exe or dsget.exe or gpresult.exe or hostname.exe or ipconfig.exe or nbtstat.exe or net.exe or net1.exe or netsh.exe or netstat.exe or nltest.exe or ping.exe or qprocess.exe or quser.exe or qwinsta.exe or reg.exe or sc.exe or systeminfo.exe or tasklist.exe or tracert.exe or whoami.exe or bginfo.exe or cdb.exe or cmstp.exe or csi.exe or dnx.exe or fsi.exe or ieexec.exe or iexpress.exe or installutil.exe or Microsoft.Workflow.Compiler.exe or msbuild.exe or mshta.exe or msxsl.exe or odbcconf.exe or rcsi.exe or regsvr32.exe or xwizard.exe or atbroker.exe or forfiles.exe or schtasks.exe or regasm.exe or regsvcs.exe or cmd.exe or cscript.exe or powershell.exe or pwsh.exe or wmic.exe or wscript.exe or bitsadmin.exe or certutil.exe or ftp.exe)",
+  "risk_score": 21,
+  "rule_id": "53a26770-9cbd-40c5-8b57-61d01a325e14",
+  "severity": "low",
+  "tags": [
+    "Elastic",
+    "Windows"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0002",
+        "name": "Execution",
+        "reference": "https://attack.mitre.org/tactics/TA0002/"
+      },
+      "technique": [
+        {
+          "id": "T1204",
+          "name": "User Execution",
+          "reference": "https://attack.mitre.org/techniques/T1204/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 2
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_unusual_network_connection_via_rundll32.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_unusual_network_connection_via_rundll32.json
similarity index 76%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_unusual_network_connection_via_rundll32.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_unusual_network_connection_via_rundll32.json
index c2be97f110a384..43f1f8a5c9c616 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_unusual_network_connection_via_rundll32.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_unusual_network_connection_via_rundll32.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies unusual instances of rundll32.exe making outbound network connections. This may indicate adversarial activity and may identify malicious DLLs.",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Unusual Network Connection via RunDLL32",
-  "query": "process.name:rundll32.exe and event.action:\"Network connection detected (rule: NetworkConnect)\" and not destination.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or 127.0.0.0/8)",
+  "query": "event.category:network and event.type:connection and process.name:rundll32.exe and not destination.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or 127.0.0.0/8)",
   "risk_score": 21,
   "rule_id": "52aaab7b-b51c-441a-89ce-4387b3aea886",
   "severity": "low",
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_unusual_process_network_connection.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_unusual_process_network_connection.json
similarity index 72%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_unusual_process_network_connection.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_unusual_process_network_connection.json
index 481768e76ee372..b49d1b358cb8d3 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_unusual_process_network_connection.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_unusual_process_network_connection.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies network activity from unexpected system applications. This may indicate adversarial activity as these applications are often leveraged by adversaries to execute code and evade detection.",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Unusual Process Network Connection",
-  "query": "event.action:\"Network connection detected (rule: NetworkConnect)\" and process.name:(Microsoft.Workflow.Compiler.exe or bginfo.exe or cdb.exe or cmstp.exe or csi.exe or dnx.exe or fsi.exe or ieexec.exe or iexpress.exe or odbcconf.exe or rcsi.exe or xwizard.exe)",
+  "query": "event.category:network and event.type:connection and process.name:(Microsoft.Workflow.Compiler.exe or bginfo.exe or cdb.exe or cmstp.exe or csi.exe or dnx.exe or fsi.exe or ieexec.exe or iexpress.exe or odbcconf.exe or rcsi.exe or xwizard.exe)",
   "risk_score": 21,
   "rule_id": "610949a1-312f-4e04-bb55-3a79b8c95267",
   "severity": "low",
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_via_compiled_html_file.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_via_compiled_html_file.json
similarity index 95%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_via_compiled_html_file.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_via_compiled_html_file.json
index 07c87531c4a4aa..f59b41c31b1241 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_via_compiled_html_file.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_via_compiled_html_file.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Compiled HTML files (.chm) are commonly distributed as part of the Microsoft HTML Help system. Adversaries may conceal malicious code in a CHM file and deliver it to a victim for execution. CHM content is loaded by the HTML Help executable program (hh.exe).",
   "false_positives": [
     "The HTML Help executable program (hh.exe) runs whenever a user clicks a compiled help (.chm) file or menu item that opens the help file inside the Help Viewer. This is not always malicious, but adversaries may abuse this technology to conceal malicious code."
@@ -7,6 +10,7 @@
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Process Activity via Compiled HTML File",
   "query": "event.code:1 and process.name:hh.exe",
   "risk_score": 21,
@@ -49,5 +53,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_via_net_com_assemblies.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_via_net_com_assemblies.json
similarity index 86%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_via_net_com_assemblies.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_via_net_com_assemblies.json
index fb59cff68410e7..2c141da80e797f 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_execution_via_net_com_assemblies.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_via_net_com_assemblies.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "RegSvcs.exe and RegAsm.exe are Windows command line utilities that are used to register .NET Component Object Model (COM) assemblies. Adversaries can use RegSvcs.exe and RegAsm.exe to proxy execution of code through a trusted Windows utility.",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Execution via Regsvcs/Regasm",
-  "query": "process.name:(RegAsm.exe or RegSvcs.exe) and event.action:\"Process Create (rule: ProcessCreate)\"",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:(RegAsm.exe or RegSvcs.exe)",
   "risk_score": 21,
   "rule_id": "47f09343-8d1f-4bb5-8bb0-00c9d18f5010",
   "severity": "low",
@@ -46,5 +50,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_via_system_manager.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_via_system_manager.json
new file mode 100644
index 00000000000000..90338f44607257
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/execution_via_system_manager.json
@@ -0,0 +1,62 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies the execution of commands and scripts via System Manager. Execution methods such as RunShellScript, RunPowerShellScript, and alike can be abused by an authenticated attacker to install a backdoor or to interact with a compromised instance via reverse-shell using system only commands.",
+  "false_positives": [
+    "Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. Suspicious commands from unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS Execution via System Manager",
+  "query": "event.module:aws and event.dataset:aws.cloudtrail and event.provider:ssm.amazonaws.com and event.action:SendCommand and event.outcome:success",
+  "references": [
+    "https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-plugins.html"
+  ],
+  "risk_score": 21,
+  "rule_id": "37b211e8-4e2f-440f-86d8-06cc8f158cfa",
+  "severity": "low",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0002",
+        "name": "Execution",
+        "reference": "https://attack.mitre.org/tactics/TA0002/"
+      },
+      "technique": [
+        {
+          "id": "T1064",
+          "name": "Scripting",
+          "reference": "https://attack.mitre.org/techniques/T1064/"
+        }
+      ]
+    },
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0002",
+        "name": "Execution",
+        "reference": "https://attack.mitre.org/tactics/TA0002/"
+      },
+      "technique": [
+        {
+          "id": "T1086",
+          "name": "PowerShell",
+          "reference": "https://attack.mitre.org/techniques/T1086/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/exfiltration_ec2_snapshot_change_activity.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/exfiltration_ec2_snapshot_change_activity.json
new file mode 100644
index 00000000000000..04cc697cf36f99
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/exfiltration_ec2_snapshot_change_activity.json
@@ -0,0 +1,48 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "An attempt was made to modify AWS EC2 snapshot attributes. Snapshots are sometimes shared by threat actors in order to exfiltrate bulk data from an EC2 fleet. If the permissions were modified, verify the snapshot was not shared with an unauthorized or unexpected AWS account.",
+  "false_positives": [
+    "IAM users may occasionally share EC2 snapshots with another AWS account belonging to the same organization. If known behavior is causing false positives, it can be exempted from the rule."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS EC2 Snapshot Activity",
+  "query": "event.module:aws and event.dataset:aws.cloudtrail and event.provider:ec2.amazonaws.com and event.action:ModifySnapshotAttribute",
+  "references": [
+    "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/modify-snapshot-attribute.html",
+    "https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifySnapshotAttribute.html"
+  ],
+  "risk_score": 47,
+  "rule_id": "98fd7407-0bd5-5817-cda0-3fcc33113a56",
+  "severity": "medium",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0010",
+        "name": "Exfiltration",
+        "reference": "https://attack.mitre.org/tactics/TA0010/"
+      },
+      "technique": [
+        {
+          "id": "T1537",
+          "name": "Transfer Data to Cloud Account",
+          "reference": "https://attack.mitre.org/techniques/T1537/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/external_alerts.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/external_alerts.json
new file mode 100644
index 00000000000000..c8ebb2ed0e5d7d
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/external_alerts.json
@@ -0,0 +1,54 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Generates a detection alert for each external alert written to the configured securitySolution:defaultIndex. Enabling this rule allows you to immediately begin investigating external alerts in the app.",
+  "language": "kuery",
+  "license": "Elastic License",
+  "max_signals": 10000,
+  "name": "External Alerts",
+  "query": "event.kind:alert and not event.module:(endgame or endpoint)",
+  "risk_score": 47,
+  "risk_score_mapping": [
+    {
+      "field": "event.risk_score",
+      "operator": "equals",
+      "value": ""
+    }
+  ],
+  "rule_id": "eb079c62-4481-4d6e-9643-3ca499df7aaa",
+  "rule_name_override": "message",
+  "severity": "medium",
+  "severity_mapping": [
+    {
+      "field": "event.severity",
+      "operator": "equals",
+      "severity": "low",
+      "value": "21"
+    },
+    {
+      "field": "event.severity",
+      "operator": "equals",
+      "severity": "medium",
+      "value": "47"
+    },
+    {
+      "field": "event.severity",
+      "operator": "equals",
+      "severity": "high",
+      "value": "73"
+    },
+    {
+      "field": "event.severity",
+      "operator": "equals",
+      "severity": "critical",
+      "value": "99"
+    }
+  ],
+  "tags": [
+    "Elastic"
+  ],
+  "timestamp_override": "event.ingested",
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_attempt_to_revoke_okta_api_token.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_attempt_to_revoke_okta_api_token.json
new file mode 100644
index 00000000000000..0f4ded9fcfe87c
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_attempt_to_revoke_okta_api_token.json
@@ -0,0 +1,46 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies attempts to revoke an Okta API token. An adversary may attempt to revoke or delete an Okta API token to disrupt an organization's business operations.",
+  "false_positives": [
+    "If the behavior of revoking Okta API tokens is expected, consider adding exceptions to this rule to filter false positives."
+  ],
+  "index": [
+    "filebeat-*"
+  ],
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "Attempt to Revoke Okta API Token",
+  "query": "event.module:okta and event.dataset:okta.system and event.action:system.api_token.revoke",
+  "references": [
+    "https://developer.okta.com/docs/reference/api/system-log/",
+    "https://developer.okta.com/docs/reference/api/event-types/"
+  ],
+  "risk_score": 21,
+  "rule_id": "676cff2b-450b-4cf1-8ed2-c0c58a4a2dd7",
+  "severity": "low",
+  "tags": [
+    "Elastic",
+    "Okta"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0040",
+        "name": "Impact",
+        "reference": "https://attack.mitre.org/tactics/TA0040/"
+      },
+      "technique": [
+        {
+          "id": "T1531",
+          "name": "Account Access Removal",
+          "reference": "https://attack.mitre.org/techniques/T1531/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_cloudtrail_logging_updated.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_cloudtrail_logging_updated.json
new file mode 100644
index 00000000000000..d969ef21027f06
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_cloudtrail_logging_updated.json
@@ -0,0 +1,63 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies an update to an AWS log trail setting that specifies the delivery of log files.",
+  "false_positives": [
+    "Trail updates may be made by a system or network administrator. Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. Trail updates from unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS CloudTrail Log Updated",
+  "query": "event.action:UpdateTrail and event.dataset:aws.cloudtrail and event.provider:cloudtrail.amazonaws.com and event.outcome:success",
+  "references": [
+    "https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_UpdateTrail.html",
+    "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/cloudtrail/update-trail.html"
+  ],
+  "risk_score": 21,
+  "rule_id": "3e002465-876f-4f04-b016-84ef48ce7e5d",
+  "severity": "low",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0040",
+        "name": "Impact",
+        "reference": "https://attack.mitre.org/tactics/TA0040/"
+      },
+      "technique": [
+        {
+          "id": "T1492",
+          "name": "Stored Data Manipulation",
+          "reference": "https://attack.mitre.org/techniques/T1492/"
+        }
+      ]
+    },
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0009",
+        "name": "Collection",
+        "reference": "https://attack.mitre.org/tactics/TA0009/"
+      },
+      "technique": [
+        {
+          "id": "T1530",
+          "name": "Data from Cloud Storage Object",
+          "reference": "https://attack.mitre.org/techniques/T1530/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_cloudwatch_log_group_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_cloudwatch_log_group_deletion.json
new file mode 100644
index 00000000000000..d33593d4a44b28
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_cloudwatch_log_group_deletion.json
@@ -0,0 +1,63 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies the deletion of a specified AWS CloudWatch log group. When a log group is deleted, all the archived log events associated with the log group are also permanently deleted.",
+  "false_positives": [
+    "Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. Log group deletions from unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS CloudWatch Log Group Deletion",
+  "query": "event.action:DeleteLogGroup and event.dataset:aws.cloudtrail and event.provider:logs.amazonaws.com and event.outcome:success",
+  "references": [
+    "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/logs/delete-log-group.html",
+    "https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteLogGroup.html"
+  ],
+  "risk_score": 47,
+  "rule_id": "68a7a5a5-a2fc-4a76-ba9f-26849de881b4",
+  "severity": "medium",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0040",
+        "name": "Impact",
+        "reference": "https://attack.mitre.org/tactics/TA0040/"
+      },
+      "technique": [
+        {
+          "id": "T1485",
+          "name": "Data Destruction",
+          "reference": "https://attack.mitre.org/techniques/T1485/"
+        }
+      ]
+    },
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0005",
+        "name": "Defense Evasion",
+        "reference": "https://attack.mitre.org/tactics/TA0005/"
+      },
+      "technique": [
+        {
+          "id": "T1089",
+          "name": "Disabling Security Tools",
+          "reference": "https://attack.mitre.org/techniques/T1089/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_cloudwatch_log_stream_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_cloudwatch_log_stream_deletion.json
new file mode 100644
index 00000000000000..a1108dd07abdd6
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_cloudwatch_log_stream_deletion.json
@@ -0,0 +1,63 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies the deletion of an AWS CloudWatch log stream, which permanently deletes all associated archived log events with the stream.",
+  "false_positives": [
+    "A log stream may be deleted by a system administrator. Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. Log stream deletions from unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS CloudWatch Log Stream Deletion",
+  "query": "event.action:DeleteLogStream and event.dataset:aws.cloudtrail and event.provider:logs.amazonaws.com and event.outcome:success",
+  "references": [
+    "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/logs/delete-log-stream.html",
+    "https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_DeleteLogStream.html"
+  ],
+  "risk_score": 47,
+  "rule_id": "d624f0ae-3dd1-4856-9aad-ccfe4d4bfa17",
+  "severity": "medium",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0040",
+        "name": "Impact",
+        "reference": "https://attack.mitre.org/tactics/TA0040/"
+      },
+      "technique": [
+        {
+          "id": "T1485",
+          "name": "Data Destruction",
+          "reference": "https://attack.mitre.org/techniques/T1485/"
+        }
+      ]
+    },
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0005",
+        "name": "Defense Evasion",
+        "reference": "https://attack.mitre.org/tactics/TA0005/"
+      },
+      "technique": [
+        {
+          "id": "T1089",
+          "name": "Disabling Security Tools",
+          "reference": "https://attack.mitre.org/techniques/T1089/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_ec2_disable_ebs_encryption.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_ec2_disable_ebs_encryption.json
new file mode 100644
index 00000000000000..4681b475d92e7c
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_ec2_disable_ebs_encryption.json
@@ -0,0 +1,49 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies disabling of Amazon Elastic Block Store (EBS) encryption by default in the current region. Disabling encryption by default does not change the encryption status of your existing volumes.",
+  "false_positives": [
+    "Disabling encryption may be done by a system or network administrator. Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. Disabling encryption by unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS EC2 Encryption Disabled",
+  "query": "event.action:DisableEbsEncryptionByDefault and event.dataset:aws.cloudtrail and event.provider:ec2.amazonaws.com and event.outcome:success",
+  "references": [
+    "https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSEncryption.html",
+    "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/disable-ebs-encryption-by-default.html",
+    "https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DisableEbsEncryptionByDefault.html"
+  ],
+  "risk_score": 47,
+  "rule_id": "bb9b13b2-1700-48a8-a750-b43b0a72ab69",
+  "severity": "medium",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0040",
+        "name": "Impact",
+        "reference": "https://attack.mitre.org/tactics/TA0040/"
+      },
+      "technique": [
+        {
+          "id": "T1492",
+          "name": "Stored Data Manipulation",
+          "reference": "https://attack.mitre.org/techniques/T1492/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_iam_deactivate_mfa_device.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_iam_deactivate_mfa_device.json
new file mode 100644
index 00000000000000..f873e3483a34f7
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_iam_deactivate_mfa_device.json
@@ -0,0 +1,48 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies the deactivation of a specified multi-factor authentication (MFA) device and removes it from association with the user name for which it was originally enabled. In AWS Identity and Access Management (IAM), a device must be deactivated before it can be deleted.",
+  "false_positives": [
+    "A MFA device may be deactivated by a system or network administrator. Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. MFA device deactivations from unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS IAM Deactivation of MFA Device",
+  "query": "event.action:DeactivateMFADevice and event.dataset:aws.cloudtrail and event.provider:iam.amazonaws.com and event.outcome:success",
+  "references": [
+    "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/deactivate-mfa-device.html",
+    "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeactivateMFADevice.html"
+  ],
+  "risk_score": 47,
+  "rule_id": "d8fc1cca-93ed-43c1-bbb6-c0dd3eff2958",
+  "severity": "medium",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0040",
+        "name": "Impact",
+        "reference": "https://attack.mitre.org/tactics/TA0040/"
+      },
+      "technique": [
+        {
+          "id": "T1531",
+          "name": "Account Access Removal",
+          "reference": "https://attack.mitre.org/techniques/T1531/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_iam_group_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_iam_group_deletion.json
new file mode 100644
index 00000000000000..23364c8b3aa289
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_iam_group_deletion.json
@@ -0,0 +1,48 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies the deletion of a specified AWS Identity and Access Management (IAM) resource group. Deleting a resource group does not delete resources that are members of the group; it only deletes the group structure.",
+  "false_positives": [
+    "A resource group may be deleted by a system administrator. Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. Resource group deletions from unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS IAM Group Deletion",
+  "query": "event.action:DeleteGroup and event.dataset:aws.cloudtrail and event.provider:iam.amazonaws.com and event.outcome:success",
+  "references": [
+    "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/delete-group.html",
+    "https://docs.aws.amazon.com/IAM/latest/APIReference/API_DeleteGroup.html"
+  ],
+  "risk_score": 21,
+  "rule_id": "867616ec-41e5-4edc-ada2-ab13ab45de8a",
+  "severity": "low",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0040",
+        "name": "Impact",
+        "reference": "https://attack.mitre.org/tactics/TA0040/"
+      },
+      "technique": [
+        {
+          "id": "T1531",
+          "name": "Account Access Removal",
+          "reference": "https://attack.mitre.org/techniques/T1531/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_possible_okta_dos_attack.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_possible_okta_dos_attack.json
new file mode 100644
index 00000000000000..8c76f182442a50
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_possible_okta_dos_attack.json
@@ -0,0 +1,48 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "An adversary may attempt to disrupt an organization's business operations by performing a denial of service (DoS) attack against its Okta infrastructure.",
+  "index": [
+    "filebeat-*"
+  ],
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "Possible Okta DoS Attack",
+  "query": "event.module:okta and event.dataset:okta.system and event.action:(application.integration.rate_limit_exceeded or system.org.rate_limit.warning or system.org.rate_limit.violation or core.concurrency.org.limit.violation)",
+  "references": [
+    "https://developer.okta.com/docs/reference/api/system-log/",
+    "https://developer.okta.com/docs/reference/api/event-types/"
+  ],
+  "risk_score": 47,
+  "rule_id": "e6e3ecff-03dd-48ec-acbd-54a04de10c68",
+  "severity": "medium",
+  "tags": [
+    "Elastic",
+    "Okta"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0040",
+        "name": "Impact",
+        "reference": "https://attack.mitre.org/tactics/TA0040/"
+      },
+      "technique": [
+        {
+          "id": "T1498",
+          "name": "Network Denial of Service",
+          "reference": "https://attack.mitre.org/techniques/T1498/"
+        },
+        {
+          "id": "T1499",
+          "name": "Endpoint Denial of Service",
+          "reference": "https://attack.mitre.org/techniques/T1499/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_rds_cluster_deletion.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_rds_cluster_deletion.json
new file mode 100644
index 00000000000000..88ec942b0e5e5a
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_rds_cluster_deletion.json
@@ -0,0 +1,50 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies the deletion of an Amazon Relational Database Service (RDS) Aurora database cluster or global database cluster.",
+  "false_positives": [
+    "Clusters may be deleted by a system administrator. Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. Cluster deletions from unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS RDS Cluster Deletion",
+  "query": "event.action:(DeleteDBCluster or DeleteGlobalCluster) and event.dataset:aws.cloudtrail and event.provider:rds.amazonaws.com and event.outcome:success",
+  "references": [
+    "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/rds/delete-db-cluster.html",
+    "https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteDBCluster.html",
+    "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/rds/delete-global-cluster.html",
+    "https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_DeleteGlobalCluster.html"
+  ],
+  "risk_score": 47,
+  "rule_id": "9055ece6-2689-4224-a0e0-b04881e1f8ad",
+  "severity": "medium",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0040",
+        "name": "Impact",
+        "reference": "https://attack.mitre.org/tactics/TA0040/"
+      },
+      "technique": [
+        {
+          "id": "T1485",
+          "name": "Data Destruction",
+          "reference": "https://attack.mitre.org/techniques/T1485/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_rds_instance_cluster_stoppage.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_rds_instance_cluster_stoppage.json
new file mode 100644
index 00000000000000..2c25781e24d195
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/impact_rds_instance_cluster_stoppage.json
@@ -0,0 +1,50 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies that an Amazon Relational Database Service (RDS) cluster or instance has been stopped.",
+  "false_positives": [
+    "Valid clusters or instances may be stopped by a system administrator. Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. Cluster or instance stoppages from unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS RDS Instance/Cluster Stoppage",
+  "query": "event.action:(StopDBCluster or StopDBInstance) and event.dataset:aws.cloudtrail and event.provider:rds.amazonaws.com and event.outcome:success",
+  "references": [
+    "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/rds/stop-db-cluster.html",
+    "https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_StopDBCluster.html",
+    "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/rds/stop-db-instance.html",
+    "https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_StopDBInstance.html"
+  ],
+  "risk_score": 47,
+  "rule_id": "ecf2b32c-e221-4bd4-aa3b-c7d59b3bc01d",
+  "severity": "medium",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0040",
+        "name": "Impact",
+        "reference": "https://attack.mitre.org/tactics/TA0040/"
+      },
+      "technique": [
+        {
+          "id": "T1489",
+          "name": "Service Stop",
+          "reference": "https://attack.mitre.org/techniques/T1489/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/index.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/index.ts
index 0a2317898e8a35..880caca03cb7de 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/index.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/index.ts
@@ -4,154 +4,208 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-// Auto generated file from scripts/regen_prepackage_rules_index.sh
-// Do not hand edit. Run that script to regenerate package information instead
+// Auto generated file from either:
+// - scripts/regen_prepackage_rules_index.sh
+// - detection-rules repo using CLI command build-release
+// Do not hand edit. Run script/command to regenerate package information instead
+
+import rule1 from './apm_403_response_to_a_post.json';
+import rule2 from './apm_405_response_method_not_allowed.json';
+import rule3 from './apm_null_user_agent.json';
+import rule4 from './apm_sqlmap_user_agent.json';
+import rule5 from './command_and_control_dns_directly_to_the_internet.json';
+import rule6 from './command_and_control_ftp_file_transfer_protocol_activity_to_the_internet.json';
+import rule7 from './command_and_control_irc_internet_relay_chat_protocol_activity_to_the_internet.json';
+import rule8 from './command_and_control_nat_traversal_port_activity.json';
+import rule9 from './command_and_control_port_26_activity.json';
+import rule10 from './command_and_control_port_8000_activity_to_the_internet.json';
+import rule11 from './command_and_control_pptp_point_to_point_tunneling_protocol_activity.json';
+import rule12 from './command_and_control_proxy_port_activity_to_the_internet.json';
+import rule13 from './command_and_control_rdp_remote_desktop_protocol_from_the_internet.json';
+import rule14 from './command_and_control_smtp_to_the_internet.json';
+import rule15 from './command_and_control_sql_server_port_activity_to_the_internet.json';
+import rule16 from './command_and_control_ssh_secure_shell_from_the_internet.json';
+import rule17 from './command_and_control_ssh_secure_shell_to_the_internet.json';
+import rule18 from './command_and_control_telnet_port_activity.json';
+import rule19 from './command_and_control_tor_activity_to_the_internet.json';
+import rule20 from './command_and_control_vnc_virtual_network_computing_from_the_internet.json';
+import rule21 from './command_and_control_vnc_virtual_network_computing_to_the_internet.json';
+import rule22 from './credential_access_tcpdump_activity.json';
+import rule23 from './defense_evasion_adding_the_hidden_file_attribute_with_via_attribexe.json';
+import rule24 from './defense_evasion_clearing_windows_event_logs.json';
+import rule25 from './defense_evasion_delete_volume_usn_journal_with_fsutil.json';
+import rule26 from './defense_evasion_deleting_backup_catalogs_with_wbadmin.json';
+import rule27 from './defense_evasion_disable_windows_firewall_rules_with_netsh.json';
+import rule28 from './defense_evasion_encoding_or_decoding_files_via_certutil.json';
+import rule29 from './defense_evasion_execution_via_trusted_developer_utilities.json';
+import rule30 from './defense_evasion_misc_lolbin_connecting_to_the_internet.json';
+import rule31 from './defense_evasion_via_filter_manager.json';
+import rule32 from './defense_evasion_volume_shadow_copy_deletion_via_vssadmin.json';
+import rule33 from './defense_evasion_volume_shadow_copy_deletion_via_wmic.json';
+import rule34 from './discovery_process_discovery_via_tasklist_command.json';
+import rule35 from './discovery_whoami_command_activity.json';
+import rule36 from './discovery_whoami_commmand.json';
+import rule37 from './endpoint_adversary_behavior_detected.json';
+import rule38 from './endpoint_cred_dumping_detected.json';
+import rule39 from './endpoint_cred_dumping_prevented.json';
+import rule40 from './endpoint_cred_manipulation_detected.json';
+import rule41 from './endpoint_cred_manipulation_prevented.json';
+import rule42 from './endpoint_exploit_detected.json';
+import rule43 from './endpoint_exploit_prevented.json';
+import rule44 from './endpoint_malware_detected.json';
+import rule45 from './endpoint_malware_prevented.json';
+import rule46 from './endpoint_permission_theft_detected.json';
+import rule47 from './endpoint_permission_theft_prevented.json';
+import rule48 from './endpoint_process_injection_detected.json';
+import rule49 from './endpoint_process_injection_prevented.json';
+import rule50 from './endpoint_ransomware_detected.json';
+import rule51 from './endpoint_ransomware_prevented.json';
+import rule52 from './execution_command_prompt_connecting_to_the_internet.json';
+import rule53 from './execution_command_shell_started_by_powershell.json';
+import rule54 from './execution_command_shell_started_by_svchost.json';
+import rule55 from './execution_html_help_executable_program_connecting_to_the_internet.json';
+import rule56 from './execution_local_service_commands.json';
+import rule57 from './execution_msbuild_making_network_connections.json';
+import rule58 from './execution_mshta_making_network_connections.json';
+import rule59 from './execution_psexec_lateral_movement_command.json';
+import rule60 from './execution_register_server_program_connecting_to_the_internet.json';
+import rule61 from './execution_script_executing_powershell.json';
+import rule62 from './execution_suspicious_ms_office_child_process.json';
+import rule63 from './execution_suspicious_ms_outlook_child_process.json';
+import rule64 from './execution_unusual_network_connection_via_rundll32.json';
+import rule65 from './execution_unusual_process_network_connection.json';
+import rule66 from './execution_via_compiled_html_file.json';
+import rule67 from './initial_access_rdp_remote_desktop_protocol_to_the_internet.json';
+import rule68 from './initial_access_rpc_remote_procedure_call_from_the_internet.json';
+import rule69 from './initial_access_rpc_remote_procedure_call_to_the_internet.json';
+import rule70 from './initial_access_smb_windows_file_sharing_activity_to_the_internet.json';
+import rule71 from './lateral_movement_direct_outbound_smb_connection.json';
+import rule72 from './linux_hping_activity.json';
+import rule73 from './linux_iodine_activity.json';
+import rule74 from './linux_mknod_activity.json';
+import rule75 from './linux_netcat_network_connection.json';
+import rule76 from './linux_nmap_activity.json';
+import rule77 from './linux_nping_activity.json';
+import rule78 from './linux_process_started_in_temp_directory.json';
+import rule79 from './linux_socat_activity.json';
+import rule80 from './linux_strace_activity.json';
+import rule81 from './persistence_adobe_hijack_persistence.json';
+import rule82 from './persistence_kernel_module_activity.json';
+import rule83 from './persistence_local_scheduled_task_commands.json';
+import rule84 from './persistence_priv_escalation_via_accessibility_features.json';
+import rule85 from './persistence_shell_activity_by_web_server.json';
+import rule86 from './persistence_system_shells_via_services.json';
+import rule87 from './persistence_user_account_creation.json';
+import rule88 from './persistence_via_application_shimming.json';
+import rule89 from './privilege_escalation_unusual_parentchild_relationship.json';
+import rule90 from './defense_evasion_modification_of_boot_config.json';
+import rule91 from './privilege_escalation_uac_bypass_event_viewer.json';
+import rule92 from './discovery_net_command_system_account.json';
+import rule93 from './execution_msxsl_network.json';
+import rule94 from './command_and_control_certutil_network_connection.json';
+import rule95 from './defense_evasion_cve_2020_0601.json';
+import rule96 from './credential_access_credential_dumping_msbuild.json';
+import rule97 from './defense_evasion_execution_msbuild_started_by_office_app.json';
+import rule98 from './defense_evasion_execution_msbuild_started_by_script.json';
+import rule99 from './defense_evasion_execution_msbuild_started_by_system_process.json';
+import rule100 from './defense_evasion_execution_msbuild_started_renamed.json';
+import rule101 from './defense_evasion_execution_msbuild_started_unusal_process.json';
+import rule102 from './defense_evasion_injection_msbuild.json';
+import rule103 from './execution_via_net_com_assemblies.json';
+import rule104 from './ml_linux_anomalous_network_activity.json';
+import rule105 from './ml_linux_anomalous_network_port_activity.json';
+import rule106 from './ml_linux_anomalous_network_service.json';
+import rule107 from './ml_linux_anomalous_network_url_activity.json';
+import rule108 from './ml_linux_anomalous_process_all_hosts.json';
+import rule109 from './ml_linux_anomalous_user_name.json';
+import rule110 from './ml_packetbeat_dns_tunneling.json';
+import rule111 from './ml_packetbeat_rare_dns_question.json';
+import rule112 from './ml_packetbeat_rare_server_domain.json';
+import rule113 from './ml_packetbeat_rare_urls.json';
+import rule114 from './ml_packetbeat_rare_user_agent.json';
+import rule115 from './ml_rare_process_by_host_linux.json';
+import rule116 from './ml_rare_process_by_host_windows.json';
+import rule117 from './ml_suspicious_login_activity.json';
+import rule118 from './ml_windows_anomalous_network_activity.json';
+import rule119 from './ml_windows_anomalous_path_activity.json';
+import rule120 from './ml_windows_anomalous_process_all_hosts.json';
+import rule121 from './ml_windows_anomalous_process_creation.json';
+import rule122 from './ml_windows_anomalous_script.json';
+import rule123 from './ml_windows_anomalous_service.json';
+import rule124 from './ml_windows_anomalous_user_name.json';
+import rule125 from './ml_windows_rare_user_runas_event.json';
+import rule126 from './ml_windows_rare_user_type10_remote_login.json';
+import rule127 from './execution_suspicious_pdf_reader.json';
+import rule128 from './privilege_escalation_sudoers_file_mod.json';
+import rule129 from './execution_python_tty_shell.json';
+import rule130 from './execution_perl_tty_shell.json';
+import rule131 from './defense_evasion_base16_or_base32_encoding_or_decoding_activity.json';
+import rule132 from './defense_evasion_base64_encoding_or_decoding_activity.json';
+import rule133 from './defense_evasion_hex_encoding_or_decoding_activity.json';
+import rule134 from './defense_evasion_file_mod_writable_dir.json';
+import rule135 from './defense_evasion_disable_selinux_attempt.json';
+import rule136 from './discovery_kernel_module_enumeration.json';
+import rule137 from './lateral_movement_telnet_network_activity_external.json';
+import rule138 from './lateral_movement_telnet_network_activity_internal.json';
+import rule139 from './privilege_escalation_setgid_bit_set_via_chmod.json';
+import rule140 from './privilege_escalation_setuid_bit_set_via_chmod.json';
+import rule141 from './defense_evasion_attempt_to_disable_iptables_or_firewall.json';
+import rule142 from './defense_evasion_kernel_module_removal.json';
+import rule143 from './defense_evasion_attempt_to_disable_syslog_service.json';
+import rule144 from './defense_evasion_file_deletion_via_shred.json';
+import rule145 from './discovery_virtual_machine_fingerprinting.json';
+import rule146 from './defense_evasion_hidden_file_dir_tmp.json';
+import rule147 from './defense_evasion_deletion_of_bash_command_line_history.json';
+import rule148 from './impact_cloudwatch_log_group_deletion.json';
+import rule149 from './impact_cloudwatch_log_stream_deletion.json';
+import rule150 from './impact_rds_instance_cluster_stoppage.json';
+import rule151 from './persistence_attempt_to_deactivate_mfa_for_okta_user_account.json';
+import rule152 from './persistence_rds_cluster_creation.json';
+import rule153 from './credential_access_attempted_bypass_of_okta_mfa.json';
+import rule154 from './defense_evasion_waf_acl_deletion.json';
+import rule155 from './impact_attempt_to_revoke_okta_api_token.json';
+import rule156 from './impact_iam_group_deletion.json';
+import rule157 from './impact_possible_okta_dos_attack.json';
+import rule158 from './impact_rds_cluster_deletion.json';
+import rule159 from './initial_access_suspicious_activity_reported_by_okta_user.json';
+import rule160 from './okta_attempt_to_deactivate_okta_mfa_rule.json';
+import rule161 from './okta_attempt_to_modify_okta_mfa_rule.json';
+import rule162 from './okta_attempt_to_modify_okta_network_zone.json';
+import rule163 from './okta_attempt_to_modify_okta_policy.json';
+import rule164 from './okta_threat_detected_by_okta_threatinsight.json';
+import rule165 from './persistence_administrator_privileges_assigned_to_okta_group.json';
+import rule166 from './persistence_attempt_to_create_okta_api_token.json';
+import rule167 from './persistence_attempt_to_deactivate_okta_policy.json';
+import rule168 from './persistence_attempt_to_reset_mfa_factors_for_okta_user_account.json';
+import rule169 from './defense_evasion_cloudtrail_logging_deleted.json';
+import rule170 from './defense_evasion_ec2_network_acl_deletion.json';
+import rule171 from './impact_iam_deactivate_mfa_device.json';
+import rule172 from './defense_evasion_s3_bucket_configuration_deletion.json';
+import rule173 from './defense_evasion_guardduty_detector_deletion.json';
+import rule174 from './okta_attempt_to_delete_okta_policy.json';
+import rule175 from './credential_access_iam_user_addition_to_group.json';
+import rule176 from './persistence_ec2_network_acl_creation.json';
+import rule177 from './impact_ec2_disable_ebs_encryption.json';
+import rule178 from './persistence_iam_group_creation.json';
+import rule179 from './defense_evasion_waf_rule_or_rule_group_deletion.json';
+import rule180 from './collection_cloudtrail_logging_created.json';
+import rule181 from './defense_evasion_cloudtrail_logging_suspended.json';
+import rule182 from './impact_cloudtrail_logging_updated.json';
+import rule183 from './initial_access_console_login_root.json';
+import rule184 from './defense_evasion_cloudwatch_alarm_deletion.json';
+import rule185 from './defense_evasion_ec2_flow_log_deletion.json';
+import rule186 from './defense_evasion_configuration_recorder_stopped.json';
+import rule187 from './exfiltration_ec2_snapshot_change_activity.json';
+import rule188 from './defense_evasion_config_service_rule_deletion.json';
+import rule189 from './okta_attempt_to_modify_or_delete_application_sign_on_policy.json';
+import rule190 from './initial_access_password_recovery.json';
+import rule191 from './credential_access_secretsmanager_getsecretvalue.json';
+import rule192 from './execution_via_system_manager.json';
+import rule193 from './privilege_escalation_root_login_without_mfa.json';
+import rule194 from './privilege_escalation_updateassumerolepolicy.json';
+import rule195 from './elastic_endpoint.json';
+import rule196 from './external_alerts.json';
 
-import rule1 from './403_response_to_a_post.json';
-import rule2 from './405_response_method_not_allowed.json';
-import rule3 from './elastic_endpoint_security_adversary_behavior_detected.json';
-import rule4 from './elastic_endpoint_security_cred_dumping_detected.json';
-import rule5 from './elastic_endpoint_security_cred_dumping_prevented.json';
-import rule6 from './elastic_endpoint_security_cred_manipulation_detected.json';
-import rule7 from './elastic_endpoint_security_cred_manipulation_prevented.json';
-import rule8 from './elastic_endpoint_security_exploit_detected.json';
-import rule9 from './elastic_endpoint_security_exploit_prevented.json';
-import rule10 from './elastic_endpoint_security_malware_detected.json';
-import rule11 from './elastic_endpoint_security_malware_prevented.json';
-import rule12 from './elastic_endpoint_security_permission_theft_detected.json';
-import rule13 from './elastic_endpoint_security_permission_theft_prevented.json';
-import rule14 from './elastic_endpoint_security_process_injection_detected.json';
-import rule15 from './elastic_endpoint_security_process_injection_prevented.json';
-import rule16 from './elastic_endpoint_security_ransomware_detected.json';
-import rule17 from './elastic_endpoint_security_ransomware_prevented.json';
-import rule18 from './eql_adding_the_hidden_file_attribute_with_via_attribexe.json';
-import rule19 from './eql_adobe_hijack_persistence.json';
-import rule20 from './eql_clearing_windows_event_logs.json';
-import rule21 from './eql_delete_volume_usn_journal_with_fsutil.json';
-import rule22 from './eql_deleting_backup_catalogs_with_wbadmin.json';
-import rule23 from './eql_direct_outbound_smb_connection.json';
-import rule24 from './eql_disable_windows_firewall_rules_with_netsh.json';
-import rule25 from './eql_encoding_or_decoding_files_via_certutil.json';
-import rule26 from './eql_local_scheduled_task_commands.json';
-import rule27 from './eql_local_service_commands.json';
-import rule28 from './eql_msbuild_making_network_connections.json';
-import rule29 from './eql_mshta_making_network_connections.json';
-import rule30 from './eql_psexec_lateral_movement_command.json';
-import rule31 from './eql_suspicious_ms_office_child_process.json';
-import rule32 from './eql_suspicious_ms_outlook_child_process.json';
-import rule33 from './eql_system_shells_via_services.json';
-import rule34 from './eql_unusual_network_connection_via_rundll32.json';
-import rule35 from './eql_unusual_parentchild_relationship.json';
-import rule36 from './eql_unusual_process_network_connection.json';
-import rule37 from './eql_user_account_creation.json';
-import rule38 from './eql_volume_shadow_copy_deletion_via_vssadmin.json';
-import rule39 from './eql_volume_shadow_copy_deletion_via_wmic.json';
-import rule40 from './eql_windows_script_executing_powershell.json';
-import rule41 from './linux_anomalous_network_activity.json';
-import rule42 from './linux_anomalous_network_port_activity.json';
-import rule43 from './linux_anomalous_network_service.json';
-import rule44 from './linux_anomalous_network_url_activity.json';
-import rule45 from './linux_anomalous_process_all_hosts.json';
-import rule46 from './linux_anomalous_user_name.json';
-import rule47 from './linux_attempt_to_disable_iptables_or_firewall.json';
-import rule48 from './linux_attempt_to_disable_syslog_service.json';
-import rule49 from './linux_base16_or_base32_encoding_or_decoding_activity.json';
-import rule50 from './linux_base64_encoding_or_decoding_activity.json';
-import rule51 from './linux_disable_selinux_attempt.json';
-import rule52 from './linux_file_deletion_via_shred.json';
-import rule53 from './linux_file_mod_writable_dir.json';
-import rule54 from './linux_hex_encoding_or_decoding_activity.json';
-import rule55 from './linux_hping_activity.json';
-import rule56 from './linux_iodine_activity.json';
-import rule57 from './linux_kernel_module_activity.json';
-import rule58 from './linux_kernel_module_enumeration.json';
-import rule59 from './linux_kernel_module_removal.json';
-import rule60 from './linux_mknod_activity.json';
-import rule61 from './linux_netcat_network_connection.json';
-import rule62 from './linux_nmap_activity.json';
-import rule63 from './linux_nping_activity.json';
-import rule64 from './linux_perl_tty_shell.json';
-import rule65 from './linux_process_started_in_temp_directory.json';
-import rule66 from './linux_python_tty_shell.json';
-import rule67 from './linux_setgid_bit_set_via_chmod.json';
-import rule68 from './linux_setuid_bit_set_via_chmod.json';
-import rule69 from './linux_shell_activity_by_web_server.json';
-import rule70 from './linux_socat_activity.json';
-import rule71 from './linux_strace_activity.json';
-import rule72 from './linux_sudoers_file_mod.json';
-import rule73 from './linux_tcpdump_activity.json';
-import rule74 from './linux_telnet_network_activity_external.json';
-import rule75 from './linux_telnet_network_activity_internal.json';
-import rule76 from './linux_virtual_machine_fingerprinting.json';
-import rule77 from './linux_whoami_commmand.json';
-import rule78 from './network_dns_directly_to_the_internet.json';
-import rule79 from './network_ftp_file_transfer_protocol_activity_to_the_internet.json';
-import rule80 from './network_irc_internet_relay_chat_protocol_activity_to_the_internet.json';
-import rule81 from './network_nat_traversal_port_activity.json';
-import rule82 from './network_port_26_activity.json';
-import rule83 from './network_port_8000_activity_to_the_internet.json';
-import rule84 from './network_pptp_point_to_point_tunneling_protocol_activity.json';
-import rule85 from './network_proxy_port_activity_to_the_internet.json';
-import rule86 from './network_rdp_remote_desktop_protocol_from_the_internet.json';
-import rule87 from './network_rdp_remote_desktop_protocol_to_the_internet.json';
-import rule88 from './network_rpc_remote_procedure_call_from_the_internet.json';
-import rule89 from './network_rpc_remote_procedure_call_to_the_internet.json';
-import rule90 from './network_smb_windows_file_sharing_activity_to_the_internet.json';
-import rule91 from './network_smtp_to_the_internet.json';
-import rule92 from './network_sql_server_port_activity_to_the_internet.json';
-import rule93 from './network_ssh_secure_shell_from_the_internet.json';
-import rule94 from './network_ssh_secure_shell_to_the_internet.json';
-import rule95 from './network_telnet_port_activity.json';
-import rule96 from './network_tor_activity_to_the_internet.json';
-import rule97 from './network_vnc_virtual_network_computing_from_the_internet.json';
-import rule98 from './network_vnc_virtual_network_computing_to_the_internet.json';
-import rule99 from './null_user_agent.json';
-import rule100 from './packetbeat_dns_tunneling.json';
-import rule101 from './packetbeat_rare_dns_question.json';
-import rule102 from './packetbeat_rare_server_domain.json';
-import rule103 from './packetbeat_rare_urls.json';
-import rule104 from './packetbeat_rare_user_agent.json';
-import rule105 from './rare_process_by_host_linux.json';
-import rule106 from './rare_process_by_host_windows.json';
-import rule107 from './sqlmap_user_agent.json';
-import rule108 from './suspicious_login_activity.json';
-import rule109 from './windows_anomalous_network_activity.json';
-import rule110 from './windows_anomalous_path_activity.json';
-import rule111 from './windows_anomalous_process_all_hosts.json';
-import rule112 from './windows_anomalous_process_creation.json';
-import rule113 from './windows_anomalous_script.json';
-import rule114 from './windows_anomalous_service.json';
-import rule115 from './windows_anomalous_user_name.json';
-import rule116 from './windows_certutil_network_connection.json';
-import rule117 from './windows_command_prompt_connecting_to_the_internet.json';
-import rule118 from './windows_command_shell_started_by_powershell.json';
-import rule119 from './windows_command_shell_started_by_svchost.json';
-import rule120 from './windows_credential_dumping_msbuild.json';
-import rule121 from './windows_cve_2020_0601.json';
-import rule122 from './windows_defense_evasion_via_filter_manager.json';
-import rule123 from './windows_execution_msbuild_started_by_office_app.json';
-import rule124 from './windows_execution_msbuild_started_by_script.json';
-import rule125 from './windows_execution_msbuild_started_by_system_process.json';
-import rule126 from './windows_execution_msbuild_started_renamed.json';
-import rule127 from './windows_execution_msbuild_started_unusal_process.json';
-import rule128 from './windows_execution_via_compiled_html_file.json';
-import rule129 from './windows_execution_via_net_com_assemblies.json';
-import rule130 from './windows_execution_via_trusted_developer_utilities.json';
-import rule131 from './windows_html_help_executable_program_connecting_to_the_internet.json';
-import rule132 from './windows_injection_msbuild.json';
-import rule133 from './windows_misc_lolbin_connecting_to_the_internet.json';
-import rule134 from './windows_modification_of_boot_config.json';
-import rule135 from './windows_msxsl_network.json';
-import rule136 from './windows_net_command_system_account.json';
-import rule137 from './windows_persistence_via_application_shimming.json';
-import rule138 from './windows_priv_escalation_via_accessibility_features.json';
-import rule139 from './windows_process_discovery_via_tasklist_command.json';
-import rule140 from './windows_rare_user_runas_event.json';
-import rule141 from './windows_rare_user_type10_remote_login.json';
-import rule142 from './windows_register_server_program_connecting_to_the_internet.json';
-import rule143 from './windows_suspicious_pdf_reader.json';
-import rule144 from './windows_uac_bypass_event_viewer.json';
-import rule145 from './windows_whoami_command_activity.json';
 export const rawRules = [
   rule1,
   rule2,
@@ -298,4 +352,55 @@ export const rawRules = [
   rule143,
   rule144,
   rule145,
+  rule146,
+  rule147,
+  rule148,
+  rule149,
+  rule150,
+  rule151,
+  rule152,
+  rule153,
+  rule154,
+  rule155,
+  rule156,
+  rule157,
+  rule158,
+  rule159,
+  rule160,
+  rule161,
+  rule162,
+  rule163,
+  rule164,
+  rule165,
+  rule166,
+  rule167,
+  rule168,
+  rule169,
+  rule170,
+  rule171,
+  rule172,
+  rule173,
+  rule174,
+  rule175,
+  rule176,
+  rule177,
+  rule178,
+  rule179,
+  rule180,
+  rule181,
+  rule182,
+  rule183,
+  rule184,
+  rule185,
+  rule186,
+  rule187,
+  rule188,
+  rule189,
+  rule190,
+  rule191,
+  rule192,
+  rule193,
+  rule194,
+  rule195,
+  rule196,
 ];
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_console_login_root.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_console_login_root.json
new file mode 100644
index 00000000000000..0f761f0d2a5f57
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_console_login_root.json
@@ -0,0 +1,62 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies a successful login to the AWS Management Console by the Root user.",
+  "false_positives": [
+    "It's strongly recommended that the root user is not used for everyday tasks, including the administrative ones. Verify whether the IP address, location, and/or hostname should be logging in as root in your environment. Unfamiliar root logins should be investigated immediately. If known behavior is causing false positives, it can be exempted from the rule."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS Management Console Root Login",
+  "query": "event.action:ConsoleLogin and event.module:aws and event.dataset:aws.cloudtrail and event.provider:signin.amazonaws.com and aws.cloudtrail.user_identity.type:Root and event.outcome:success",
+  "references": [
+    "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html"
+  ],
+  "risk_score": 73,
+  "rule_id": "e2a67480-3b79-403d-96e3-fdd2992c50ef",
+  "severity": "high",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0001",
+        "name": "Initial Access",
+        "reference": "https://attack.mitre.org/tactics/TA0001/"
+      },
+      "technique": [
+        {
+          "id": "T1078",
+          "name": "Valid Accounts",
+          "reference": "https://attack.mitre.org/techniques/T1078/"
+        }
+      ]
+    },
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0003",
+        "name": "Persistence",
+        "reference": "https://attack.mitre.org/tactics/TA0003/"
+      },
+      "technique": [
+        {
+          "id": "T1078",
+          "name": "Valid Accounts",
+          "reference": "https://attack.mitre.org/techniques/T1078/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_password_recovery.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_password_recovery.json
new file mode 100644
index 00000000000000..1042ce19a14c7d
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_password_recovery.json
@@ -0,0 +1,47 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies AWS IAM password recovery requests. An adversary may attempt to gain unauthorized AWS access by abusing password recovery mechanisms.",
+  "false_positives": [
+    "Verify whether the user identity, user agent, and/or hostname should be requesting changes in your environment. Password reset attempts from unfamiliar users should be investigated. If known behavior is causing false positives, it can be exempted from the rule."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS IAM Password Recovery Requested",
+  "query": "event.action:PasswordRecoveryRequested and event.provider:signin.amazonaws.com and event.outcome:success",
+  "references": [
+    "https://www.cadosecurity.com/2020/06/11/an-ongoing-aws-phishing-campaign/"
+  ],
+  "risk_score": 21,
+  "rule_id": "69c420e8-6c9e-4d28-86c0-8a2be2d1e78c",
+  "severity": "low",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0001",
+        "name": "Initial Access",
+        "reference": "https://attack.mitre.org/tactics/TA0001/"
+      },
+      "technique": [
+        {
+          "id": "T1078",
+          "name": "Valid Accounts",
+          "reference": "https://attack.mitre.org/techniques/T1078/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_rdp_remote_desktop_protocol_to_the_internet.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_rdp_remote_desktop_protocol_to_the_internet.json
similarity index 83%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_rdp_remote_desktop_protocol_to_the_internet.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_rdp_remote_desktop_protocol_to_the_internet.json
index 17d00ebff4603f..2d5f96492cc363 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_rdp_remote_desktop_protocol_to_the_internet.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_rdp_remote_desktop_protocol_to_the_internet.json
@@ -1,14 +1,19 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "This rule detects network events that may indicate the use of RDP traffic to the Internet. RDP is commonly used by system administrators to remotely control a system for maintenance or to use shared resources. It should almost never be directly exposed to the Internet, as it is frequently targeted and exploited by threat actors as an initial access or back-door vector.",
   "false_positives": [
     "RDP connections may be made directly to Internet destinations in order to access Windows cloud server instances but such connections are usually made only by engineers. In such cases, only RDP gateways, bastions or jump servers may be expected Internet destinations and can be exempted from this rule. RDP may be required by some work-flows such as remote access and support for specialized software products and servers. Such work-flows are usually known and not unexpected. Usage that is unfamiliar to server or network owners can be unexpected and suspicious."
   ],
   "index": [
-    "filebeat-*"
+    "filebeat-*",
+    "packetbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "RDP (Remote Desktop Protocol) to the Internet",
-  "query": "network.transport:tcp and destination.port:3389 and source.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) and not destination.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\")",
+  "query": "event.category:(network or network_traffic) and network.transport:tcp and (destination.port:3389 or event.dataset:zeek.rdp) and source.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) and not destination.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\")",
   "risk_score": 21,
   "rule_id": "e56993d2-759c-4120-984c-9ec9bb940fd5",
   "severity": "low",
@@ -49,5 +54,5 @@
     }
   ],
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_rpc_remote_procedure_call_from_the_internet.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_rpc_remote_procedure_call_from_the_internet.json
similarity index 71%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_rpc_remote_procedure_call_from_the_internet.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_rpc_remote_procedure_call_from_the_internet.json
index 719d0e39e94cdc..d28e52c163d3c2 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_rpc_remote_procedure_call_from_the_internet.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_rpc_remote_procedure_call_from_the_internet.json
@@ -1,11 +1,16 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "This rule detects network events that may indicate the use of RPC traffic from the Internet. RPC is commonly used by system administrators to remotely control a system for maintenance or to use shared resources. It should almost never be directly exposed to the Internet, as it is frequently targeted and exploited by threat actors as an initial access or back-door vector.",
   "index": [
-    "filebeat-*"
+    "filebeat-*",
+    "packetbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "RPC (Remote Procedure Call) from the Internet",
-  "query": "network.transport:tcp and destination.port:135 and not source.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\") and destination.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16)",
+  "query": "event.category:(network or network_traffic) and network.transport:tcp and (destination.port:135 or event.dataset:zeek.dce_rpc) and not source.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\") and destination.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16)",
   "risk_score": 73,
   "rule_id": "143cb236-0956-4f42-a706-814bcaa0cf5a",
   "severity": "high",
@@ -31,5 +36,5 @@
     }
   ],
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_rpc_remote_procedure_call_to_the_internet.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_rpc_remote_procedure_call_to_the_internet.json
similarity index 71%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_rpc_remote_procedure_call_to_the_internet.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_rpc_remote_procedure_call_to_the_internet.json
index a7791047cab26f..01c661af5609d0 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_rpc_remote_procedure_call_to_the_internet.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_rpc_remote_procedure_call_to_the_internet.json
@@ -1,11 +1,16 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "This rule detects network events that may indicate the use of RPC traffic to the Internet. RPC is commonly used by system administrators to remotely control a system for maintenance or to use shared resources. It should almost never be directly exposed to the Internet, as it is frequently targeted and exploited by threat actors as an initial access or back-door vector.",
   "index": [
-    "filebeat-*"
+    "filebeat-*",
+    "packetbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "RPC (Remote Procedure Call) to the Internet",
-  "query": "network.transport:tcp and destination.port:135 and source.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) and not destination.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\")",
+  "query": "event.category:(network or network_traffic) and network.transport:tcp and (destination.port:135 or event.dataset:zeek.dce_rpc) and source.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) and not destination.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\")",
   "risk_score": 73,
   "rule_id": "32923416-763a-4531-bb35-f33b9232ecdb",
   "severity": "high",
@@ -31,5 +36,5 @@
     }
   ],
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_smb_windows_file_sharing_activity_to_the_internet.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_smb_windows_file_sharing_activity_to_the_internet.json
similarity index 78%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_smb_windows_file_sharing_activity_to_the_internet.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_smb_windows_file_sharing_activity_to_the_internet.json
index eca200e318c42e..7ef56023eba55e 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/network_smb_windows_file_sharing_activity_to_the_internet.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_smb_windows_file_sharing_activity_to_the_internet.json
@@ -1,11 +1,16 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "This rule detects network events that may indicate the use of Windows file sharing (also called SMB or CIFS) traffic to the Internet. SMB is commonly used within networks to share files, printers, and other system resources amongst trusted systems. It should almost never be directly exposed to the Internet, as it is frequently targeted and exploited by threat actors as an initial access or back-door vector or for data exfiltration.",
   "index": [
-    "filebeat-*"
+    "filebeat-*",
+    "packetbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "SMB (Windows File Sharing) Activity to the Internet",
-  "query": "network.transport:tcp and destination.port:(139 or 445) and source.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) and not destination.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\")",
+  "query": "event.category:(network or network_traffic) and network.transport:tcp and (destination.port:(139 or 445) or event.dataset:zeek.smb) and source.ip:(10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) and not destination.ip:(10.0.0.0/8 or 127.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"::1\")",
   "risk_score": 73,
   "rule_id": "c82b2bd8-d701-420c-ba43-f11a155b681a",
   "severity": "high",
@@ -46,5 +51,5 @@
     }
   ],
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_suspicious_activity_reported_by_okta_user.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_suspicious_activity_reported_by_okta_user.json
new file mode 100644
index 00000000000000..5fa8a655c08bf9
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/initial_access_suspicious_activity_reported_by_okta_user.json
@@ -0,0 +1,91 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "This rule detects when a user reports suspicious activity for their Okta account. These events should be investigated, as they can help security teams identify when an adversary is attempting to gain access to their network.",
+  "false_positives": [
+    "A user may report suspicious activity on their Okta account in error."
+  ],
+  "index": [
+    "filebeat-*"
+  ],
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "Suspicious Activity Reported by Okta User",
+  "query": "event.module:okta and event.dataset:okta.system and event.action:user.account.report_suspicious_activity_by_enduser",
+  "references": [
+    "https://developer.okta.com/docs/reference/api/system-log/",
+    "https://developer.okta.com/docs/reference/api/event-types/"
+  ],
+  "risk_score": 47,
+  "rule_id": "f994964f-6fce-4d75-8e79-e16ccc412588",
+  "severity": "medium",
+  "tags": [
+    "Elastic",
+    "Okta"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0001",
+        "name": "Initial Access",
+        "reference": "https://attack.mitre.org/tactics/TA0001/"
+      },
+      "technique": [
+        {
+          "id": "T1078",
+          "name": "Valid Accounts",
+          "reference": "https://attack.mitre.org/techniques/T1078/"
+        }
+      ]
+    },
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0003",
+        "name": "Persistence",
+        "reference": "https://attack.mitre.org/tactics/TA0003/"
+      },
+      "technique": [
+        {
+          "id": "T1078",
+          "name": "Valid Accounts",
+          "reference": "https://attack.mitre.org/techniques/T1078/"
+        }
+      ]
+    },
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0004",
+        "name": "Privilege Escalation",
+        "reference": "https://attack.mitre.org/tactics/TA0004/"
+      },
+      "technique": [
+        {
+          "id": "T1078",
+          "name": "Valid Accounts",
+          "reference": "https://attack.mitre.org/techniques/T1078/"
+        }
+      ]
+    },
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0005",
+        "name": "Defense Evasion",
+        "reference": "https://attack.mitre.org/tactics/TA0005/"
+      },
+      "technique": [
+        {
+          "id": "T1078",
+          "name": "Valid Accounts",
+          "reference": "https://attack.mitre.org/techniques/T1078/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_direct_outbound_smb_connection.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/lateral_movement_direct_outbound_smb_connection.json
similarity index 82%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_direct_outbound_smb_connection.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/lateral_movement_direct_outbound_smb_connection.json
index 8bbdc72573e0dc..b4850e77ae7190 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_direct_outbound_smb_connection.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/lateral_movement_direct_outbound_smb_connection.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies unexpected processes making network connections over port 445. Windows File Sharing is typically implemented over Server Message Block (SMB), which communicates between hosts using port 445. When legitimate, these network connections are established by the kernel. Processes making 445/tcp connections may be port scanners, exploits, or suspicious user-level processes moving laterally.",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Direct Outbound SMB Connection",
-  "query": "event.action:\"Network connection detected (rule: NetworkConnect)\" and destination.port:445 and not process.pid:4 and not destination.ip:(127.0.0.1 or \"::1\")",
+  "query": "event.category:network and event.type:connection and destination.port:445 and not process.pid:4 and not destination.ip:(127.0.0.1 or \"::1\")",
   "risk_score": 47,
   "rule_id": "c82c7d8f-fb9e-4874-a4bd-fd9e3f9becf1",
   "severity": "medium",
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_telnet_network_activity_external.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/lateral_movement_telnet_network_activity_external.json
similarity index 80%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_telnet_network_activity_external.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/lateral_movement_telnet_network_activity_external.json
index 9f6b80b8bf1efe..27e5da09452e7f 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_telnet_network_activity_external.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/lateral_movement_telnet_network_activity_external.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Telnet provides a command line interface for communication with a remote device or server. This rule identifies Telnet network connections to publicly routable IP addresses.",
   "false_positives": [
     "Telnet can be used for both benign or malicious purposes. Telnet is included by default in some Linux distributions, so its presence is not inherently suspicious. The use of Telnet to manage devices remotely has declined in recent years in favor of more secure protocols such as SSH. Telnet usage by non-automated tools or frameworks may be suspicious."
@@ -7,8 +10,9 @@
     "auditbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Connection to External Network via Telnet",
-  "query": "event.action:(\"connected-to\" or \"network_flow\") and process.name:telnet and not destination.ip:(127.0.0.0/8 or 10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"FE80::/10\" or \"::1/128\")",
+  "query": "event.category:network and event.type:(connection or start) and process.name:telnet and not destination.ip:(127.0.0.0/8 or 10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"FE80::/10\" or \"::1/128\")",
   "risk_score": 47,
   "rule_id": "e19e64ee-130e-4c07-961f-8a339f0b8362",
   "severity": "medium",
@@ -34,5 +38,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_telnet_network_activity_internal.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/lateral_movement_telnet_network_activity_internal.json
similarity index 80%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_telnet_network_activity_internal.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/lateral_movement_telnet_network_activity_internal.json
index a2e94f1d2d0158..0273800c18d52d 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_telnet_network_activity_internal.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/lateral_movement_telnet_network_activity_internal.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Telnet provides a command line interface for communication with a remote device or server. This rule identifies Telnet network connections to non-publicly routable IP addresses.",
   "false_positives": [
     "Telnet can be used for both benign or malicious purposes. Telnet is included by default in some Linux distributions, so its presence is not inherently suspicious. The use of Telnet to manage devices remotely has declined in recent years in favor of more secure protocols such as SSH. Telnet usage by non-automated tools or frameworks may be suspicious."
@@ -7,8 +10,9 @@
     "auditbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Connection to Internal Network via Telnet",
-  "query": "event.action:(\"connected-to\" or \"network_flow\") and process.name:telnet and destination.ip:((10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"FE80::/10\") and not (127.0.0.0/8 or \"::1/128\"))",
+  "query": "event.category:network and event.type:(connection or start) and process.name:telnet and destination.ip:((10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16 or \"FE80::/10\") and not (127.0.0.0/8 or \"::1/128\"))",
   "risk_score": 47,
   "rule_id": "1b21abcc-4d9f-4b08-a7f5-316f5f94b973",
   "severity": "medium",
@@ -34,5 +38,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_hping_activity.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_hping_activity.json
index bd954683723f4e..a842d8ef952ffd 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_hping_activity.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_hping_activity.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Hping ran on a Linux host. Hping is a FOSS command-line packet analyzer and has the ability to construct network packets for a wide variety of network security testing applications, including scanning and firewall auditing.",
   "false_positives": [
     "Normal use of hping is uncommon apart from security testing and research. Use by non-security engineers is very uncommon."
@@ -7,8 +10,9 @@
     "auditbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Hping Process Activity",
-  "query": "process.name:(hping or hping2 or hping3) and event.action:executed",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:(hping or hping2 or hping3)",
   "references": [
     "https://en.wikipedia.org/wiki/Hping"
   ],
@@ -20,5 +24,5 @@
     "Linux"
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_iodine_activity.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_iodine_activity.json
index 63b0155bbd82c3..c1ce773c2aa44b 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_iodine_activity.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_iodine_activity.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Iodine is a tool for tunneling Internet protocol version 4 (IPV4) traffic over the DNS protocol to circumvent firewalls, network security groups, and network access lists while evading detection.",
   "false_positives": [
     "Normal use of Iodine is uncommon apart from security testing and research. Use by non-security engineers is very uncommon."
@@ -7,8 +10,9 @@
     "auditbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Potential DNS Tunneling via Iodine",
-  "query": "process.name:(iodine or iodined) and event.action:executed",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:(iodine or iodined)",
   "references": [
     "https://code.kryo.se/iodine/"
   ],
@@ -20,5 +24,5 @@
     "Linux"
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_mknod_activity.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_mknod_activity.json
index 21208ade670eeb..98b262edfe6f6d 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_mknod_activity.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_mknod_activity.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "The Linux mknod program is sometimes used in the command payload of a remote command injection (RCI) and other exploits. It is used to export a command shell when the traditional version of netcat is not available to the payload.",
   "false_positives": [
     "Mknod is a Linux system program. Some normal use of this program, at varying levels of frequency, may originate from scripts, automation tools, and frameworks. Usage by web servers is more likely to be suspicious."
@@ -7,8 +10,9 @@
     "auditbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Mknod Process Activity",
-  "query": "process.name:mknod and event.action:executed",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:mknod",
   "references": [
     "https://pen-testing.sans.org/blog/2013/05/06/netcat-without-e-no-problem"
   ],
@@ -20,5 +24,5 @@
     "Linux"
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_netcat_network_connection.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_netcat_network_connection.json
index caacef3b33deb7..30d34f245c6d2f 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_netcat_network_connection.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_netcat_network_connection.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "A netcat process is engaging in network activity on a Linux host. Netcat is often used as a persistence mechanism by exporting a reverse shell or by serving a shell on a listening port. Netcat is also sometimes used for data exfiltration.",
   "false_positives": [
     "Netcat is a dual-use tool that can be used for benign or malicious activity. Netcat is included in some Linux distributions so its presence is not necessarily suspicious. Some normal use of this program, while uncommon, may originate from scripts, automation tools, and frameworks."
@@ -7,8 +10,9 @@
     "auditbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Netcat Network Activity",
-  "query": "process.name:(nc or ncat or netcat or netcat.openbsd or netcat.traditional) and event.action:(bound-socket or connected-to or socket_opened)",
+  "query": "event.category:network and event.type:(access or connection or start) and process.name:(nc or ncat or netcat or netcat.openbsd or netcat.traditional)",
   "references": [
     "http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet",
     "https://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf",
@@ -22,5 +26,5 @@
     "Linux"
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_nmap_activity.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_nmap_activity.json
index 99324460cc00a8..57f5fe57b0e0b1 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_nmap_activity.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_nmap_activity.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Nmap was executed on a Linux host. Nmap is a FOSS tool for network scanning and security testing. It can map and discover networks, and identify listening services and operating systems. It is sometimes used to gather information in support of exploitation, execution or lateral movement.",
   "false_positives": [
     "Security testing tools and frameworks may run `Nmap` in the course of security auditing. Some normal use of this command may originate from security engineers and network or server administrators. Use of nmap by ordinary users is uncommon."
@@ -7,8 +10,9 @@
     "auditbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Nmap Process Activity",
-  "query": "process.name:nmap",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:nmap",
   "references": [
     "https://en.wikipedia.org/wiki/Nmap"
   ],
@@ -20,5 +24,5 @@
     "Linux"
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_nping_activity.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_nping_activity.json
index b4d44c65cd89cd..086492edeb8ad2 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_nping_activity.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_nping_activity.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Nping ran on a Linux host. Nping is part of the Nmap tool suite and has the ability to construct raw packets for a wide variety of security testing applications, including denial of service testing.",
   "false_positives": [
     "Some normal use of this command may originate from security engineers and network or server administrators, but this is usually not routine or unannounced. Use of `Nping` by non-engineers or ordinary users is uncommon."
@@ -7,8 +10,9 @@
     "auditbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Nping Process Activity",
-  "query": "process.name:nping and event.action:executed",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:nping",
   "references": [
     "https://en.wikipedia.org/wiki/Nmap"
   ],
@@ -20,5 +24,5 @@
     "Linux"
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_process_started_in_temp_directory.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_process_started_in_temp_directory.json
index c20a41ac91d02c..09680fcf8e996d 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_process_started_in_temp_directory.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_process_started_in_temp_directory.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies processes running in a temporary folder. This is sometimes done by adversaries to hide malware.",
   "false_positives": [
     "Build systems, like Jenkins, may start processes in the `/tmp` directory. These can be exempted by name or by username."
@@ -7,8 +10,9 @@
     "auditbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Unusual Process Execution - Temp",
-  "query": "process.working_directory:/tmp and event.action:executed",
+  "query": "event.category:process and event.type:(start or process_started) and process.working_directory:/tmp",
   "risk_score": 47,
   "rule_id": "df959768-b0c9-4d45-988c-5606a2be8e5a",
   "severity": "medium",
@@ -17,5 +21,5 @@
     "Linux"
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_socat_activity.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_socat_activity.json
index b0f9a19bfacaaf..057d8ba9859a86 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_socat_activity.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_socat_activity.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "A Socat process is running on a Linux host. Socat is often used as a persistence mechanism by exporting a reverse shell, or by serving a shell on a listening port. Socat is also sometimes used for lateral movement.",
   "false_positives": [
     "Socat is a dual-use tool that can be used for benign or malicious activity. Some normal use of this program, at varying levels of frequency, may originate from scripts, automation tools, and frameworks. Usage by web servers is more likely to be suspicious."
@@ -7,8 +10,9 @@
     "auditbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Socat Process Activity",
-  "query": "process.name:socat and not process.args:-V and event.action:executed",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:socat and not process.args:-V",
   "references": [
     "https://blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys/#method-2-using-socat"
   ],
@@ -20,5 +24,5 @@
     "Linux"
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_strace_activity.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_strace_activity.json
index 9e449ebfdfd813..3dd18c8242a5e2 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_strace_activity.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_strace_activity.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Strace runs in a privileged context and can be used to escape restrictive environments by instantiating a shell in order to elevate privileges or move laterally.",
   "false_positives": [
     "Strace is a dual-use tool that can be used for benign or malicious activity. Some normal use of this command may originate from developers or SREs engaged in debugging or system call tracing."
@@ -7,8 +10,9 @@
     "auditbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Strace Process Activity",
-  "query": "process.name:strace and event.action:executed",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:strace",
   "references": [
     "https://en.wikipedia.org/wiki/Strace"
   ],
@@ -20,5 +24,5 @@
     "Linux"
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_anomalous_network_activity.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_linux_anomalous_network_activity.json
similarity index 93%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_anomalous_network_activity.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_linux_anomalous_network_activity.json
index d910f83b0c8bd6..3ef426af909ff2 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_anomalous_network_activity.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_linux_anomalous_network_activity.json
@@ -1,16 +1,20 @@
 {
   "anomaly_threshold": 50,
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies Linux processes that do not usually use the network but have unexpected network activity, which can indicate command-and-control, lateral movement, persistence, or data exfiltration activity. A process with unusual network activity can denote process exploitation or injection, where the process is used to run persistence mechanisms that allow a malicious actor remote access or control of the host, data exfiltration, and execution of unauthorized network applications.",
   "false_positives": [
     "A newly installed program or one that rarely uses the network could trigger this signal."
   ],
   "from": "now-45m",
   "interval": "15m",
+  "license": "Elastic License",
   "machine_learning_job_id": "linux_anomalous_network_activity_ecs",
   "name": "Unusual Linux Network Activity",
   "note": "### Investigating Unusual Network Activity ###\nSignals from this rule indicate the presence of network activity from a Linux process for which network activity is rare and unusual.  Here are some possible avenues of investigation:\n- Consider the IP addresses and ports. Are these used by normal but infrequent network workflows? Are they expected or unexpected? \n- If the destination IP address is remote or external, does it associate with an expected domain, organization or geography? Note: avoid interacting directly with suspected malicious IP addresses.\n- Consider the user as identified by the username field. Is this network activity part of an expected workflow for the user who ran the program?\n- Examine the history of execution. If this process manifested only very recently, it might be part of a new software package. If it has a consistent cadence - for example if it runs monthly or quarterly - it might be part of a monthly or quarterly business or maintenance process.\n- Examine the process arguments, title and working directory. These may provide indications as to the source of the program or the nature of the tasks it is performing.",
   "references": [
-    "https://www.elastic.co/guide/en/siem/guide/current/prebuilt-ml-jobs.html"
+    "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
   "risk_score": 21,
   "rule_id": "52afbdc5-db15-485e-bc24-f5707f820c4b",
@@ -21,5 +25,5 @@
     "ML"
   ],
   "type": "machine_learning",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_anomalous_network_port_activity.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_linux_anomalous_network_port_activity.json
similarity index 83%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_anomalous_network_port_activity.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_linux_anomalous_network_port_activity.json
index aa0d1cb125aedd..add1c2941970e0 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_anomalous_network_port_activity.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_linux_anomalous_network_port_activity.json
@@ -1,15 +1,19 @@
 {
   "anomaly_threshold": 50,
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies unusual destination port activity that can indicate command-and-control, persistence mechanism, or data exfiltration activity. Rarely used destination port activity is generally unusual in Linux fleets, and can indicate unauthorized access or threat actor activity.",
   "false_positives": [
     "A newly installed program or one that rarely uses the network could trigger this signal."
   ],
   "from": "now-45m",
   "interval": "15m",
+  "license": "Elastic License",
   "machine_learning_job_id": "linux_anomalous_network_port_activity_ecs",
   "name": "Unusual Linux Network Port Activity",
   "references": [
-    "https://www.elastic.co/guide/en/siem/guide/current/prebuilt-ml-jobs.html"
+    "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
   "risk_score": 21,
   "rule_id": "3c7e32e6-6104-46d9-a06e-da0f8b5795a0",
@@ -20,5 +24,5 @@
     "ML"
   ],
   "type": "machine_learning",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_anomalous_network_service.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_linux_anomalous_network_service.json
similarity index 81%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_anomalous_network_service.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_linux_anomalous_network_service.json
index 5d137b81d13141..af5b331f4cb04d 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_anomalous_network_service.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_linux_anomalous_network_service.json
@@ -1,15 +1,19 @@
 {
   "anomaly_threshold": 50,
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies unusual listening ports on Linux instances that can indicate execution of unauthorized services, backdoors, or persistence mechanisms.",
   "false_positives": [
     "A newly installed program or one that rarely uses the network could trigger this signal."
   ],
   "from": "now-45m",
   "interval": "15m",
+  "license": "Elastic License",
   "machine_learning_job_id": "linux_anomalous_network_service",
   "name": "Unusual Linux Network Service",
   "references": [
-    "https://www.elastic.co/guide/en/siem/guide/current/prebuilt-ml-jobs.html"
+    "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
   "risk_score": 21,
   "rule_id": "52afbdc5-db15-596e-bc35-f5707f820c4b",
@@ -20,5 +24,5 @@
     "ML"
   ],
   "type": "machine_learning",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_anomalous_network_url_activity.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_linux_anomalous_network_url_activity.json
similarity index 88%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_anomalous_network_url_activity.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_linux_anomalous_network_url_activity.json
index 3732e575a2e41a..89a6955fd1781f 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_anomalous_network_url_activity.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_linux_anomalous_network_url_activity.json
@@ -1,15 +1,19 @@
 {
   "anomaly_threshold": 50,
+  "author": [
+    "Elastic"
+  ],
   "description": "A machine learning job detected an unusual web URL request from a Linux host, which can indicate malware delivery and execution. Wget and cURL are commonly used by Linux programs to download code and data. Most of the time, their usage is entirely normal. Generally, because they use a list of URLs, they repeatedly download from the same locations. However, Wget and cURL are sometimes used to deliver Linux exploit payloads, and threat actors use these tools to download additional software and code. For these reasons, unusual URLs can indicate unauthorized downloads or threat activity.",
   "false_positives": [
     "A new and unusual program or artifact download in the course of software upgrades, debugging, or troubleshooting could trigger this signal."
   ],
   "from": "now-45m",
   "interval": "15m",
+  "license": "Elastic License",
   "machine_learning_job_id": "linux_anomalous_network_url_activity_ecs",
   "name": "Unusual Linux Web Activity",
   "references": [
-    "https://www.elastic.co/guide/en/siem/guide/current/prebuilt-ml-jobs.html"
+    "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
   "risk_score": 21,
   "rule_id": "52afbdc5-db15-485e-bc35-f5707f820c4c",
@@ -20,5 +24,5 @@
     "ML"
   ],
   "type": "machine_learning",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_anomalous_process_all_hosts.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_linux_anomalous_process_all_hosts.json
similarity index 91%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_anomalous_process_all_hosts.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_linux_anomalous_process_all_hosts.json
index 259f0147953add..6e73e4dd6dc94f 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_anomalous_process_all_hosts.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_linux_anomalous_process_all_hosts.json
@@ -1,16 +1,20 @@
 {
   "anomaly_threshold": 50,
+  "author": [
+    "Elastic"
+  ],
   "description": "Searches for rare processes running on multiple Linux hosts in an entire fleet or network. This reduces the detection of false positives since automated maintenance processes usually only run occasionally on a single machine but are common to all or many hosts in a fleet.",
   "false_positives": [
     "A newly installed program or one that runs rarely as part of a monthly or quarterly workflow could trigger this signal."
   ],
   "from": "now-45m",
   "interval": "15m",
+  "license": "Elastic License",
   "machine_learning_job_id": "linux_anomalous_process_all_hosts_ecs",
   "name": "Anomalous Process For a Linux Population",
   "note": "### Investigating an Unusual Linux Process ###\nSignals from this rule indicate the presence of a Linux process that is rare and unusual for all of the monitored Linux hosts for which Auditbeat data is available. Here are some possible avenues of investigation:\n- Consider the user as identified by the username field. Is this program part of an expected workflow for the user who ran this program on this host?\n- Examine the history of execution. If this process manifested only very recently, it might be part of a new software package. If it has a consistent cadence - for example if it runs monthly or quarterly - it might be part of a monthly or quarterly business process.\n- Examine the process arguments, title and working directory. These may provide indications as to the source of the program or the nature of the tasks it is performing.",
   "references": [
-    "https://www.elastic.co/guide/en/siem/guide/current/prebuilt-ml-jobs.html"
+    "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
   "risk_score": 21,
   "rule_id": "647fc812-7996-4795-8869-9c4ea595fe88",
@@ -21,5 +25,5 @@
     "ML"
   ],
   "type": "machine_learning",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_anomalous_user_name.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_linux_anomalous_user_name.json
similarity index 93%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_anomalous_user_name.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_linux_anomalous_user_name.json
index 2e7bd0d1d99d7f..c910fb552f9669 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_anomalous_user_name.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_linux_anomalous_user_name.json
@@ -1,16 +1,20 @@
 {
   "anomaly_threshold": 50,
+  "author": [
+    "Elastic"
+  ],
   "description": "A machine learning job detected activity for a username that is not normally active, which can indicate unauthorized changes, activity by unauthorized users, lateral movement, or compromised credentials. In many organizations, new usernames are not often created apart from specific types of system activities, such as creating new accounts for new employees. These user accounts quickly become active and routine. Events from rarely used usernames can point to suspicious activity. Additionally, automated Linux fleets tend to see activity from rarely used usernames only when personnel log in to make authorized or unauthorized changes, or threat actors have acquired credentials and log in for malicious purposes. Unusual usernames can also indicate pivoting, where compromised credentials are used to try and move laterally from one host to another.",
   "false_positives": [
     "Uncommon user activity can be due to an engineer logging onto a server instance in order to perform manual troubleshooting or reconfiguration."
   ],
   "from": "now-45m",
   "interval": "15m",
+  "license": "Elastic License",
   "machine_learning_job_id": "linux_anomalous_user_name_ecs",
   "name": "Unusual Linux Username",
   "note": "### Investigating an Unusual Linux User ###\nSignals from this rule indicate activity for a Linux user name that is rare and unusual. Here are some possible avenues of investigation:\n- Consider the user as identified by the username field. Is this program part of an expected workflow for the user who ran this program on this host? Could this be related to troubleshooting or debugging activity by a developer or site reliability engineer?\n- Examine the history of user activity. If this user manifested only very recently, it might be a service account for a new software package. If it has a consistent cadence - for example if it runs monthly or quarterly - it might be part of a monthly or quarterly business process.\n- Examine the process arguments, title and working directory. These may provide indications as to the source of the program or the nature of the tasks that the user is performing.",
   "references": [
-    "https://www.elastic.co/guide/en/siem/guide/current/prebuilt-ml-jobs.html"
+    "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
   "risk_score": 21,
   "rule_id": "b347b919-665f-4aac-b9e8-68369bf2340c",
@@ -21,5 +25,5 @@
     "ML"
   ],
   "type": "machine_learning",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/packetbeat_dns_tunneling.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_packetbeat_dns_tunneling.json
similarity index 85%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/packetbeat_dns_tunneling.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_packetbeat_dns_tunneling.json
index c5cf6385afaf01..b78c4d3459b851 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/packetbeat_dns_tunneling.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_packetbeat_dns_tunneling.json
@@ -1,15 +1,19 @@
 {
   "anomaly_threshold": 50,
+  "author": [
+    "Elastic"
+  ],
   "description": "A machine learning job detected unusually large numbers of DNS queries for a single top-level DNS domain, which is often used for DNS tunneling. DNS tunneling can be used for command-and-control, persistence, or data exfiltration activity. For example, dnscat tends to generate many DNS questions for a top-level domain as it uses the DNS protocol to tunnel data.",
   "false_positives": [
     "DNS domains that use large numbers of child domains, such as software or content distribution networks, can trigger this signal and such parent domains can be excluded."
   ],
   "from": "now-45m",
   "interval": "15m",
+  "license": "Elastic License",
   "machine_learning_job_id": "packetbeat_dns_tunneling",
   "name": "DNS Tunneling",
   "references": [
-    "https://www.elastic.co/guide/en/siem/guide/current/prebuilt-ml-jobs.html"
+    "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
   "risk_score": 21,
   "rule_id": "91f02f01-969f-4167-8f66-07827ac3bdd9",
@@ -20,5 +24,5 @@
     "Packetbeat"
   ],
   "type": "machine_learning",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/packetbeat_rare_dns_question.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_packetbeat_rare_dns_question.json
similarity index 89%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/packetbeat_rare_dns_question.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_packetbeat_rare_dns_question.json
index 4623639b6e8b77..970962dd75eed6 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/packetbeat_rare_dns_question.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_packetbeat_rare_dns_question.json
@@ -1,15 +1,19 @@
 {
   "anomaly_threshold": 50,
+  "author": [
+    "Elastic"
+  ],
   "description": "A machine learning job detected a rare and unusual DNS query that indicate network activity with unusual DNS domains. This can be due to initial access, persistence, command-and-control, or exfiltration activity. For example, when a user clicks on a link in a phishing email or opens a malicious document, a request may be sent to download and run a payload from an uncommon domain. When malware is already running, it may send requests to an uncommon DNS domain the malware uses for command-and-control communication.",
   "false_positives": [
     "A newly installed program or one that runs rarely as part of a monthly or quarterly workflow could trigger this signal. Network activity that occurs rarely, in small quantities, can trigger this signal. Possible examples are browsing technical support or vendor networks sparsely. A user who visits a new or unique web destination may trigger this signal."
   ],
   "from": "now-45m",
   "interval": "15m",
+  "license": "Elastic License",
   "machine_learning_job_id": "packetbeat_rare_dns_question",
   "name": "Unusual DNS Activity",
   "references": [
-    "https://www.elastic.co/guide/en/siem/guide/current/prebuilt-ml-jobs.html"
+    "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
   "risk_score": 21,
   "rule_id": "746edc4c-c54c-49c6-97a1-651223819448",
@@ -20,5 +24,5 @@
     "Packetbeat"
   ],
   "type": "machine_learning",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/packetbeat_rare_server_domain.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_packetbeat_rare_server_domain.json
similarity index 89%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/packetbeat_rare_server_domain.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_packetbeat_rare_server_domain.json
index dd14191d30df24..f9465a329e9735 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/packetbeat_rare_server_domain.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_packetbeat_rare_server_domain.json
@@ -1,15 +1,19 @@
 {
   "anomaly_threshold": 50,
+  "author": [
+    "Elastic"
+  ],
   "description": "A machine learning job detected an unusual network destination domain name. This can be due to initial access, persistence, command-and-control, or exfiltration activity. For example, when a user clicks on a link in a phishing email or opens a malicious document, a request may be sent to download and run a payload from an uncommon web server name. When malware is already running, it may send requests to an uncommon DNS domain the malware uses for command-and-control communication.",
   "false_positives": [
     "Web activity that occurs rarely in small quantities can trigger this signal. Possible examples are browsing technical support or vendor URLs that are used very sparsely. A user who visits a new and unique web destination may trigger this signal when the activity is sparse. Web applications that generate URLs unique to a transaction may trigger this when they are used sparsely. Web domains can be excluded in cases such as these."
   ],
   "from": "now-45m",
   "interval": "15m",
+  "license": "Elastic License",
   "machine_learning_job_id": "packetbeat_rare_server_domain",
   "name": "Unusual Network Destination Domain Name",
   "references": [
-    "https://www.elastic.co/guide/en/siem/guide/current/prebuilt-ml-jobs.html"
+    "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
   "risk_score": 21,
   "rule_id": "17e68559-b274-4948-ad0b-f8415bb31126",
@@ -20,5 +24,5 @@
     "Packetbeat"
   ],
   "type": "machine_learning",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/packetbeat_rare_urls.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_packetbeat_rare_urls.json
similarity index 91%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/packetbeat_rare_urls.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_packetbeat_rare_urls.json
index 386e00054c2ccd..e22f9975b54e44 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/packetbeat_rare_urls.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_packetbeat_rare_urls.json
@@ -1,15 +1,19 @@
 {
   "anomaly_threshold": 50,
+  "author": [
+    "Elastic"
+  ],
   "description": "A machine learning job detected a rare and unusual URL that indicates unusual web browsing activity. This can be due to initial access, persistence, command-and-control, or exfiltration activity. For example, in a strategic web compromise or watering hole attack, when a trusted website is compromised to target a particular sector or organization, targeted users may receive emails with uncommon URLs for trusted websites. These URLs can be used to download and run a payload. When malware is already running, it may send requests to uncommon URLs on trusted websites the malware uses for command-and-control communication. When rare URLs are observed being requested for a local web server by a remote source, these can be due to web scanning, enumeration or attack traffic, or they can be due to bots and web scrapers which are part of common Internet background traffic.",
   "false_positives": [
     "Web activity that occurs rarely in small quantities can trigger this signal. Possible examples are browsing technical support or vendor URLs that are used very sparsely. A user who visits a new and unique web destination may trigger this signal when the activity is sparse. Web applications that generate URLs unique to a transaction may trigger this when they are used sparsely. Web domains can be excluded in cases such as these."
   ],
   "from": "now-45m",
   "interval": "15m",
+  "license": "Elastic License",
   "machine_learning_job_id": "packetbeat_rare_urls",
   "name": "Unusual Web Request",
   "references": [
-    "https://www.elastic.co/guide/en/siem/guide/current/prebuilt-ml-jobs.html"
+    "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
   "risk_score": 21,
   "rule_id": "91f02f01-969f-4167-8f55-07827ac3acc9",
@@ -20,5 +24,5 @@
     "Packetbeat"
   ],
   "type": "machine_learning",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/packetbeat_rare_user_agent.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_packetbeat_rare_user_agent.json
similarity index 90%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/packetbeat_rare_user_agent.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_packetbeat_rare_user_agent.json
index a68c43b2283038..2ce6f44d90593c 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/packetbeat_rare_user_agent.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_packetbeat_rare_user_agent.json
@@ -1,15 +1,19 @@
 {
   "anomaly_threshold": 50,
+  "author": [
+    "Elastic"
+  ],
   "description": "A machine learning job detected a rare and unusual user agent indicating web browsing activity by an unusual process other than a web browser. This can be due to persistence, command-and-control, or exfiltration activity. Uncommon user agents coming from remote sources to local destinations are often the result of scanners, bots, and web scrapers, which are part of common Internet background traffic. Much of this is noise, but more targeted attacks on websites using tools like Burp or SQLmap can sometimes be discovered by spotting uncommon user agents. Uncommon user agents in traffic from local sources to remote destinations can be any number of things, including harmless programs like weather monitoring or stock-trading programs. However, uncommon user agents from local sources can also be due to malware or scanning activity.",
   "false_positives": [
     "Web activity that is uncommon, like security scans, may trigger this signal and may need to be excluded. A new or rarely used program that calls web services may trigger this signal."
   ],
   "from": "now-45m",
   "interval": "15m",
+  "license": "Elastic License",
   "machine_learning_job_id": "packetbeat_rare_user_agent",
   "name": "Unusual Web User Agent",
   "references": [
-    "https://www.elastic.co/guide/en/siem/guide/current/prebuilt-ml-jobs.html"
+    "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
   "risk_score": 21,
   "rule_id": "91f02f01-969f-4167-8d77-07827ac4cee0",
@@ -20,5 +24,5 @@
     "Packetbeat"
   ],
   "type": "machine_learning",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/rare_process_by_host_linux.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_rare_process_by_host_linux.json
similarity index 91%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/rare_process_by_host_linux.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_rare_process_by_host_linux.json
index 9d9fb5e4a0a8d4..c62666134c84e3 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/rare_process_by_host_linux.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_rare_process_by_host_linux.json
@@ -1,16 +1,20 @@
 {
   "anomaly_threshold": 50,
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies rare processes that do not usually run on individual hosts, which can indicate execution of unauthorized services, malware, or persistence mechanisms. Processes are considered rare when they only run occasionally as compared with other processes running on the host.",
   "false_positives": [
     "A newly installed program or one that runs rarely as part of a monthly or quarterly workflow could trigger this signal."
   ],
   "from": "now-45m",
   "interval": "15m",
+  "license": "Elastic License",
   "machine_learning_job_id": "rare_process_by_host_linux_ecs",
   "name": "Unusual Process For a Linux Host",
   "note": "### Investigating an Unusual Linux Process ###\nSignals from this rule indicate the presence of a Linux process that is rare and unusual for the host it ran on. Here are some possible avenues of investigation:\n- Consider the user as identified by the username field. Is this program part of an expected workflow for the user who ran this program on this host?\n- Examine the history of execution. If this process manifested only very recently, it might be part of a new software package. If it has a consistent cadence - for example if it runs monthly or quarterly - it might be part of a monthly or quarterly business process.\n- Examine the process arguments, title and working directory. These may provide indications as to the source of the program or the nature of the tasks it is performing.",
   "references": [
-    "https://www.elastic.co/guide/en/siem/guide/current/prebuilt-ml-jobs.html"
+    "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
   "risk_score": 21,
   "rule_id": "46f804f5-b289-43d6-a881-9387cf594f75",
@@ -21,5 +25,5 @@
     "ML"
   ],
   "type": "machine_learning",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/rare_process_by_host_windows.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_rare_process_by_host_windows.json
similarity index 93%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/rare_process_by_host_windows.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_rare_process_by_host_windows.json
index 0c1d097a73dc24..5d86637553eab8 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/rare_process_by_host_windows.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_rare_process_by_host_windows.json
@@ -1,16 +1,20 @@
 {
   "anomaly_threshold": 50,
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies rare processes that do not usually run on individual hosts, which can indicate execution of unauthorized services, malware, or persistence mechanisms. Processes are considered rare when they only run occasionally as compared with other processes running on the host.",
   "false_positives": [
     "A newly installed program or one that runs rarely as part of a monthly or quarterly workflow could trigger this signal."
   ],
   "from": "now-45m",
   "interval": "15m",
+  "license": "Elastic License",
   "machine_learning_job_id": "rare_process_by_host_windows_ecs",
   "name": "Unusual Process For a Windows Host",
   "note": "### Investigating an Unusual Windows Process ###\nSignals from this rule indicate the presence of a Windows process that is rare and unusual for the host it ran on. Here are some possible avenues of investigation:\n- Consider the user as identified by the username field. Is this program part of an expected workflow for the user who ran this program on this host?\n- Examine the history of execution. If this process manifested only very recently, it might be part of a new software package. If it has a consistent cadence - for example if it runs monthly or quarterly - it might be part of a monthly or quarterly business process.\n- Examine the process metadata like the values of the Company, Description and Product fields which may indicate whether the program is associated with an expected software vendor or package. \n- Examine arguments and working directory. These may provide indications as to the source of the program or the nature of the tasks it is performing.\n- Consider the same for the parent process. If the parent process is a legitimate system utility or service, this could be related to software updates or system management. If the parent process is something user-facing like an Office application, this process could be more suspicious.\n- If you have file hash values in the event data, and you suspect malware, you can optionally run a search for the file hash to see if the file is identified as malware by anti-malware tools. ",
   "references": [
-    "https://www.elastic.co/guide/en/siem/guide/current/prebuilt-ml-jobs.html"
+    "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
   "risk_score": 21,
   "rule_id": "6d448b96-c922-4adb-b51c-b767f1ea5b76",
@@ -21,5 +25,5 @@
     "Windows"
   ],
   "type": "machine_learning",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/suspicious_login_activity.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_suspicious_login_activity.json
similarity index 80%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/suspicious_login_activity.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_suspicious_login_activity.json
index b3c3f2d76a8c9d..93413f8d0a8a86 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/suspicious_login_activity.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_suspicious_login_activity.json
@@ -1,15 +1,19 @@
 {
   "anomaly_threshold": 50,
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies an unusually high number of authentication attempts.",
   "false_positives": [
     "Security audits may trigger this signal. Conditions that generate bursts of failed logins, such as misconfigured applications or account lockouts could trigger this signal."
   ],
   "from": "now-45m",
   "interval": "15m",
+  "license": "Elastic License",
   "machine_learning_job_id": "suspicious_login_activity_ecs",
   "name": "Unusual Login Activity",
   "references": [
-    "https://www.elastic.co/guide/en/siem/guide/current/prebuilt-ml-jobs.html"
+    "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
   "risk_score": 21,
   "rule_id": "4330272b-9724-4bc6-a3ca-f1532b81e5c2",
@@ -20,5 +24,5 @@
     "ML"
   ],
   "type": "machine_learning",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_anomalous_network_activity.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_network_activity.json
similarity index 94%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_anomalous_network_activity.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_network_activity.json
index 0a85fee3de4365..a24e1c1c9eb0bb 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_anomalous_network_activity.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_network_activity.json
@@ -1,16 +1,20 @@
 {
   "anomaly_threshold": 50,
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies Windows processes that do not usually use the network but have unexpected network activity, which can indicate command-and-control, lateral movement, persistence, or data exfiltration activity. A process with unusual network activity can denote process exploitation or injection, where the process is used to run persistence mechanisms that allow a malicious actor remote access or control of the host, data exfiltration, and execution of unauthorized network applications.",
   "false_positives": [
     "A newly installed program or one that rarely uses the network could trigger this signal."
   ],
   "from": "now-45m",
   "interval": "15m",
+  "license": "Elastic License",
   "machine_learning_job_id": "windows_anomalous_network_activity_ecs",
   "name": "Unusual Windows Network Activity",
   "note": "### Investigating Unusual Network Activity ###\nSignals from this rule indicate the presence of network activity from a Windows process for which network activity is very unusual.  Here are some possible avenues of investigation:\n- Consider the IP addresses, protocol and ports. Are these used by normal but infrequent network workflows? Are they expected or unexpected? \n- If the destination IP address is remote or external, does it associate with an expected domain, organization or geography? Note: avoid interacting directly with suspected malicious IP addresses.\n- Consider the user as identified by the username field. Is this network activity part of an expected workflow for the user who ran the program?\n- Examine the history of execution. If this process manifested only very recently, it might be part of a new software package. If it has a consistent cadence - for example if it runs monthly or quarterly - it might be part of a monthly or quarterly business process.\n- Examine the process arguments, title and working directory. These may provide indications as to the source of the program or the nature of the tasks it is performing.\n- Consider the same for the parent process. If the parent process is a legitimate system utility or service, this could be related to software updates or system management. If the parent process is something user-facing like an Office application, this process could be more suspicious.\n- If you have file hash values in the event data, and you suspect malware, you can optionally run a search for the file hash to see if the file is identified as malware by anti-malware tools.",
   "references": [
-    "https://www.elastic.co/guide/en/siem/guide/current/prebuilt-ml-jobs.html"
+    "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
   "risk_score": 21,
   "rule_id": "ba342eb2-583c-439f-b04d-1fdd7c1417cc",
@@ -21,5 +25,5 @@
     "Windows"
   ],
   "type": "machine_learning",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_anomalous_path_activity.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_path_activity.json
similarity index 88%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_anomalous_path_activity.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_path_activity.json
index 2652915d21d85d..9be69a6bfdcbed 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_anomalous_path_activity.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_path_activity.json
@@ -1,15 +1,19 @@
 {
   "anomaly_threshold": 50,
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies processes started from atypical folders in the file system, which might indicate malware execution or persistence mechanisms. In corporate Windows environments, software installation is centrally managed and it is unusual for programs to be executed from user or temporary directories. Processes executed from these locations can denote that a user downloaded software directly from the Internet or a malicious script or macro executed malware.",
   "false_positives": [
     "A new and unusual program or artifact download in the course of software upgrades, debugging, or troubleshooting could trigger this signal. Users downloading and running programs from unusual locations, such as temporary directories, browser caches, or profile paths could trigger this signal."
   ],
   "from": "now-45m",
   "interval": "15m",
+  "license": "Elastic License",
   "machine_learning_job_id": "windows_anomalous_path_activity_ecs",
   "name": "Unusual Windows Path Activity",
   "references": [
-    "https://www.elastic.co/guide/en/siem/guide/current/prebuilt-ml-jobs.html"
+    "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
   "risk_score": 21,
   "rule_id": "445a342e-03fb-42d0-8656-0367eb2dead5",
@@ -20,5 +24,5 @@
     "Windows"
   ],
   "type": "machine_learning",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_anomalous_process_all_hosts.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_process_all_hosts.json
similarity index 93%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_anomalous_process_all_hosts.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_process_all_hosts.json
index 4e70426a4faf84..79792d2fd328b4 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_anomalous_process_all_hosts.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_process_all_hosts.json
@@ -1,16 +1,20 @@
 {
   "anomaly_threshold": 50,
+  "author": [
+    "Elastic"
+  ],
   "description": "Searches for rare processes running on multiple hosts in an entire fleet or network. This reduces the detection of false positives since automated maintenance processes usually only run occasionally on a single machine but are common to all or many hosts in a fleet.",
   "false_positives": [
     "A newly installed program or one that runs rarely as part of a monthly or quarterly workflow could trigger this signal."
   ],
   "from": "now-45m",
   "interval": "15m",
+  "license": "Elastic License",
   "machine_learning_job_id": "windows_anomalous_process_all_hosts_ecs",
   "name": "Anomalous Process For a Windows Population",
   "note": "### Investigating an Unusual Windows Process ###\nSignals from this rule indicate the presence of a Windows process that is rare and unusual for all of the Windows hosts for which Winlogbeat data is available. Here are some possible avenues of investigation:\n- Consider the user as identified by the username field. Is this program part of an expected workflow for the user who ran this program on this host?\n- Examine the history of execution. If this process manifested only very recently, it might be part of a new software package. If it has a consistent cadence - for example if it runs monthly or quarterly - it might be part of a monthly or quarterly business process.\n- Examine the process metadata like the values of the Company, Description and Product fields which may indicate whether the program is associated with an expected software vendor or package. \n- Examine arguments and working directory. These may provide indications as to the source of the program or the nature of the tasks it is performing.\n- Consider the same for the parent process. If the parent process is a legitimate system utility or service, this could be related to software updates or system management. If the parent process is something user-facing like an Office application, this process could be more suspicious.\n- If you have file hash values in the event data, and you suspect malware, you can optionally run a search for the file hash to see if the file is identified as malware by anti-malware tools. ",
   "references": [
-    "https://www.elastic.co/guide/en/siem/guide/current/prebuilt-ml-jobs.html"
+    "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
   "risk_score": 21,
   "rule_id": "6e40d56f-5c0e-4ac6-aece-bee96645b172",
@@ -21,5 +25,5 @@
     "Windows"
   ],
   "type": "machine_learning",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_anomalous_process_creation.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_process_creation.json
similarity index 89%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_anomalous_process_creation.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_process_creation.json
index 4742fd951f471f..c031e7177abe6e 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_anomalous_process_creation.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_process_creation.json
@@ -1,15 +1,19 @@
 {
   "anomaly_threshold": 50,
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies unusual parent-child process relationships that can indicate malware execution or persistence mechanisms. Malicious scripts often call on other applications and processes as part of their exploit payload. For example, when a malicious Office document runs scripts as part of an exploit payload, Excel or Word may start a script interpreter process, which, in turn, runs a script that downloads and executes malware. Another common scenario is Outlook running an unusual process when malware is downloaded in an email. Monitoring and identifying anomalous process relationships is a method of detecting new and emerging malware that is not yet recognized by anti-virus scanners.",
   "false_positives": [
     "Users running scripts in the course of technical support operations of software upgrades could trigger this signal. A newly installed program or one that runs rarely as part of a monthly or quarterly workflow could trigger this signal."
   ],
   "from": "now-45m",
   "interval": "15m",
+  "license": "Elastic License",
   "machine_learning_job_id": "windows_anomalous_process_creation",
   "name": "Anomalous Windows Process Creation",
   "references": [
-    "https://www.elastic.co/guide/en/siem/guide/current/prebuilt-ml-jobs.html"
+    "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
   "risk_score": 21,
   "rule_id": "0b29cab4-dbbd-4a3f-9e8e-1287c7c11ae5",
@@ -20,5 +24,5 @@
     "Windows"
   ],
   "type": "machine_learning",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_anomalous_script.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_script.json
similarity index 83%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_anomalous_script.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_script.json
index bc38877a00ad07..7d05a0286ea97f 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_anomalous_script.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_script.json
@@ -1,15 +1,19 @@
 {
   "anomaly_threshold": 50,
+  "author": [
+    "Elastic"
+  ],
   "description": "A machine learning job detected a PowerShell script with unusual data characteristics, such as obfuscation, that may be a characteristic of malicious PowerShell script text blocks.",
   "false_positives": [
     "Certain kinds of security testing may trigger this signal. PowerShell scripts that use high levels of obfuscation or have unusual script block payloads may trigger this signal."
   ],
   "from": "now-45m",
   "interval": "15m",
+  "license": "Elastic License",
   "machine_learning_job_id": "windows_anomalous_script",
   "name": "Suspicious Powershell Script",
   "references": [
-    "https://www.elastic.co/guide/en/siem/guide/current/prebuilt-ml-jobs.html"
+    "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
   "risk_score": 21,
   "rule_id": "1781d055-5c66-4adf-9d60-fc0fa58337b6",
@@ -20,5 +24,5 @@
     "Windows"
   ],
   "type": "machine_learning",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_anomalous_service.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_service.json
similarity index 85%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_anomalous_service.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_service.json
index 92c4b22823120f..7870f75b3d075e 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_anomalous_service.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_service.json
@@ -1,15 +1,19 @@
 {
   "anomaly_threshold": 50,
+  "author": [
+    "Elastic"
+  ],
   "description": "A machine learning job detected an unusual Windows service, This can indicate execution of unauthorized services, malware, or persistence mechanisms. In corporate Windows environments, hosts do not generally run many rare or unique services. This job helps detect malware and persistence mechanisms that have been installed and run as a service.",
   "false_positives": [
     "A newly installed program or one that runs rarely as part of a monthly or quarterly workflow could trigger this signal."
   ],
   "from": "now-45m",
   "interval": "15m",
+  "license": "Elastic License",
   "machine_learning_job_id": "windows_anomalous_service",
   "name": "Unusual Windows Service",
   "references": [
-    "https://www.elastic.co/guide/en/siem/guide/current/prebuilt-ml-jobs.html"
+    "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
   "risk_score": 21,
   "rule_id": "1781d055-5c66-4adf-9c71-fc0fa58338c7",
@@ -20,5 +24,5 @@
     "Windows"
   ],
   "type": "machine_learning",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_anomalous_user_name.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_user_name.json
similarity index 94%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_anomalous_user_name.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_user_name.json
index 9ad05eda8f518f..42e6740beaa0cb 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_anomalous_user_name.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_anomalous_user_name.json
@@ -1,16 +1,20 @@
 {
   "anomaly_threshold": 50,
+  "author": [
+    "Elastic"
+  ],
   "description": "A machine learning job detected activity for a username that is not normally active, which can indicate unauthorized changes, activity by unauthorized users, lateral movement, or compromised credentials. In many organizations, new usernames are not often created apart from specific types of system activities, such as creating new accounts for new employees. These user accounts quickly become active and routine. Events from rarely used usernames can point to suspicious activity. Additionally, automated Linux fleets tend to see activity from rarely used usernames only when personnel log in to make authorized or unauthorized changes, or threat actors have acquired credentials and log in for malicious purposes. Unusual usernames can also indicate pivoting, where compromised credentials are used to try and move laterally from one host to another.",
   "false_positives": [
     "Uncommon user activity can be due to an administrator or help desk technician logging onto a workstation or server in order to perform manual troubleshooting or reconfiguration."
   ],
   "from": "now-45m",
   "interval": "15m",
+  "license": "Elastic License",
   "machine_learning_job_id": "windows_anomalous_user_name_ecs",
   "name": "Unusual Windows Username",
   "note": "### Investigating an Unusual Windows User ###\nSignals from this rule indicate activity for a Windows user name that is rare and unusual. Here are some possible avenues of investigation:\n- Consider the user as identified by the username field. Is this program part of an expected workflow for the user who ran this program on this host? Could this be related to occasional troubleshooting or support activity?\n- Examine the history of user activity. If this user manifested only very recently, it might be a service account for a new software package. If it has a consistent cadence - for example if it runs monthly or quarterly - it might be part of a monthly or quarterly business process.\n- Examine the process arguments, title and working directory. These may provide indications as to the source of the program or the nature of the tasks that the user is performing.\n- Consider the same for the parent process. If the parent process is a legitimate system utility or service, this could be related to software updates or system management. If the parent process is something user-facing like an Office application, this process could be more suspicious.",
   "references": [
-    "https://www.elastic.co/guide/en/siem/guide/current/prebuilt-ml-jobs.html"
+    "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
   "risk_score": 21,
   "rule_id": "1781d055-5c66-4adf-9c59-fc0fa58336a5",
@@ -21,5 +25,5 @@
     "Windows"
   ],
   "type": "machine_learning",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_rare_user_runas_event.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_rare_user_runas_event.json
similarity index 85%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_rare_user_runas_event.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_rare_user_runas_event.json
index a227b36064a9d5..1af765f568bb1d 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_rare_user_runas_event.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_rare_user_runas_event.json
@@ -1,15 +1,19 @@
 {
   "anomaly_threshold": 50,
+  "author": [
+    "Elastic"
+  ],
   "description": "A machine learning job detected an unusual user context switch, using the runas command or similar techniques, which can indicate account takeover or privilege escalation using compromised accounts. Privilege elevation using tools like runas are more commonly used by domain and network administrators than by regular Windows users.",
   "false_positives": [
     "Uncommon user privilege elevation activity can be due to an administrator, help desk technician, or a user performing manual troubleshooting or reconfiguration."
   ],
   "from": "now-45m",
   "interval": "15m",
+  "license": "Elastic License",
   "machine_learning_job_id": "windows_rare_user_runas_event",
   "name": "Unusual Windows User Privilege Elevation Activity",
   "references": [
-    "https://www.elastic.co/guide/en/siem/guide/current/prebuilt-ml-jobs.html"
+    "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
   "risk_score": 21,
   "rule_id": "1781d055-5c66-4adf-9d82-fc0fa58449c8",
@@ -20,5 +24,5 @@
     "Windows"
   ],
   "type": "machine_learning",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_rare_user_type10_remote_login.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_rare_user_type10_remote_login.json
similarity index 90%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_rare_user_type10_remote_login.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_rare_user_type10_remote_login.json
index 15241d7869c00c..2043af2b8dcb4e 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_rare_user_type10_remote_login.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/ml_windows_rare_user_type10_remote_login.json
@@ -1,16 +1,20 @@
 {
   "anomaly_threshold": 50,
+  "author": [
+    "Elastic"
+  ],
   "description": "A machine learning job detected an unusual remote desktop protocol (RDP) username, which can indicate account takeover or credentialed persistence using compromised accounts. RDP attacks, such as BlueKeep, also tend to use unusual usernames.",
   "false_positives": [
     "Uncommon username activity can be due to an engineer logging onto a server instance in order to perform manual troubleshooting or reconfiguration."
   ],
   "from": "now-45m",
   "interval": "15m",
+  "license": "Elastic License",
   "machine_learning_job_id": "windows_rare_user_type10_remote_login",
   "name": "Unusual Windows Remote User",
   "note": "### Investigating an Unusual Windows User ###\nSignals from this rule indicate activity for a rare and unusual Windows RDP (remote desktop) user. Here are some possible avenues of investigation:\n- Consider the user as identified by the username field. Is the user part of a group who normally logs into Windows hosts using RDP (remote desktop protocol)? Is this logon activity part of an expected workflow for the user? \n- Consider the source of the login. If the source is remote, could this be related to occasional troubleshooting or support activity by a vendor or an employee working remotely?",
   "references": [
-    "https://www.elastic.co/guide/en/siem/guide/current/prebuilt-ml-jobs.html"
+    "https://www.elastic.co/guide/en/security/current/prebuilt-ml-jobs.html"
   ],
   "risk_score": 21,
   "rule_id": "1781d055-5c66-4adf-9e93-fc0fa69550c9",
@@ -21,5 +25,5 @@
     "Windows"
   ],
   "type": "machine_learning",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/notice.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/notice.ts
index a597220db752fe..cad41391e2b424 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/notice.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/notice.ts
@@ -1,14 +1,18 @@
 /* eslint-disable @kbn/eslint/require-license-header */
 
 /* @notice
+ * Detection Rules
+ * Copyright 2020 Elasticsearch B.V.
+ *
+ * ---
  * This product bundles rules based on https://github.com/BlueTeamLabs/sentinel-attack
  * which is available under a "MIT" license. The files based on this license are:
  *
- * - windows_defense_evasion_via_filter_manager.json
- * - windows_process_discovery_via_tasklist_command.json
- * - windows_priv_escalation_via_accessibility_features.json
- * - windows_persistence_via_application_shimming.json
- * - windows_execution_via_trusted_developer_utilities.json
+ * - defense_evasion_via_filter_manager
+ * - discovery_process_discovery_via_tasklist_command
+ * - persistence_priv_escalation_via_accessibility_features
+ * - persistence_via_application_shimming
+ * - defense_evasion_execution_via_trusted_developer_utilities
  *
  * MIT License
  *
@@ -31,4 +35,32 @@
  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
  * SOFTWARE.
+ *
+ * ---
+ * This product bundles rules based on https://github.com/FSecureLABS/leonidas
+ * which is available under a "MIT" license. The files based on this license are:
+ *
+ * - credential_access_secretsmanager_getsecretvalue.toml
+ *
+ * MIT License
+ *
+ * Copyright (c) 2020 F-Secure LABS
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
  */
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_deactivate_okta_mfa_rule.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_deactivate_okta_mfa_rule.json
new file mode 100644
index 00000000000000..737044d5a9bdcd
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_deactivate_okta_mfa_rule.json
@@ -0,0 +1,29 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "An adversary may attempt to deactivate an Okta multi-factor authentication (MFA) rule in order to remove or weaken an organization's security controls.",
+  "false_positives": [
+    "Consider adding exceptions to this rule to filter false positives if Okta MFA rules are regularly deactivated in your organization."
+  ],
+  "index": [
+    "filebeat-*"
+  ],
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "Attempt to Deactivate Okta MFA Rule",
+  "query": "event.module:okta and event.dataset:okta.system and event.action:policy.rule.deactivate",
+  "references": [
+    "https://developer.okta.com/docs/reference/api/system-log/",
+    "https://developer.okta.com/docs/reference/api/event-types/"
+  ],
+  "risk_score": 21,
+  "rule_id": "cc92c835-da92-45c9-9f29-b4992ad621a0",
+  "severity": "low",
+  "tags": [
+    "Elastic",
+    "Okta"
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_delete_okta_policy.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_delete_okta_policy.json
new file mode 100644
index 00000000000000..ea8ba7223095f6
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_delete_okta_policy.json
@@ -0,0 +1,29 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "An adversary may attempt to delete an Okta policy in order to weaken an organization's security controls. For example, an adversary may attempt to delete an Okta multi-factor authentication (MFA) policy in order to weaken the authentication requirements for user accounts.",
+  "false_positives": [
+    "Consider adding exceptions to this rule to filter false positives if Okta policies are regularly deleted in your organization."
+  ],
+  "index": [
+    "filebeat-*"
+  ],
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "Attempt to Delete Okta Policy",
+  "query": "event.module:okta and event.dataset:okta.system and event.action:policy.lifecycle.delete",
+  "references": [
+    "https://developer.okta.com/docs/reference/api/system-log/",
+    "https://developer.okta.com/docs/reference/api/event-types/"
+  ],
+  "risk_score": 21,
+  "rule_id": "b4bb1440-0fcb-4ed1-87e5-b06d58efc5e9",
+  "severity": "low",
+  "tags": [
+    "Elastic",
+    "Okta"
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_okta_mfa_rule.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_okta_mfa_rule.json
new file mode 100644
index 00000000000000..dfe16f56da0e2c
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_okta_mfa_rule.json
@@ -0,0 +1,29 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "An adversary may attempt to modify an Okta multi-factor authentication (MFA) rule in order to remove or weaken an organization's security controls.",
+  "false_positives": [
+    "Consider adding exceptions to this rule to filter false positives if Okta MFA rules are regularly modified in your organization."
+  ],
+  "index": [
+    "filebeat-*"
+  ],
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "Attempt to Modify Okta MFA Rule",
+  "query": "event.module:okta and event.dataset:okta.system and event.action:(policy.rule.update or policy.rule.delete)",
+  "references": [
+    "https://developer.okta.com/docs/reference/api/system-log/",
+    "https://developer.okta.com/docs/reference/api/event-types/"
+  ],
+  "risk_score": 21,
+  "rule_id": "000047bb-b27a-47ec-8b62-ef1a5d2c9e19",
+  "severity": "low",
+  "tags": [
+    "Elastic",
+    "Okta"
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_okta_network_zone.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_okta_network_zone.json
new file mode 100644
index 00000000000000..61c45f8e7d85e2
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_okta_network_zone.json
@@ -0,0 +1,29 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Okta network zones can be configured to limit or restrict access to a network based on IP addresses or geolocations. An adversary may attempt to modify, delete, or deactivate an Okta network zone in order to remove or weaken an organization's security controls.",
+  "false_positives": [
+    "Consider adding exceptions to this rule to filter false positives if Oyour organization's Okta network zones are regularly modified."
+  ],
+  "index": [
+    "filebeat-*"
+  ],
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "Attempt to Modify Okta Network Zone",
+  "query": "event.module:okta and event.dataset:okta.system and event.action:(zone.update or zone.deactivate or zone.delete or network_zone.rule.disabled or zone.remove_blacklist)",
+  "references": [
+    "https://developer.okta.com/docs/reference/api/system-log/",
+    "https://developer.okta.com/docs/reference/api/event-types/"
+  ],
+  "risk_score": 47,
+  "rule_id": "e48236ca-b67a-4b4e-840c-fdc7782bc0c3",
+  "severity": "medium",
+  "tags": [
+    "Elastic",
+    "Okta"
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_okta_policy.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_okta_policy.json
new file mode 100644
index 00000000000000..a864b900a5998b
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_okta_policy.json
@@ -0,0 +1,29 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "An adversary may attempt to modify an Okta policy in order to weaken an organization's security controls. For example, an adversary may attempt to modify an Okta multi-factor authentication (MFA) policy in order to weaken the authentication requirements for user accounts.",
+  "false_positives": [
+    "Consider adding exceptions to this rule to filter false positives if Okta policies are regularly modified in your organization."
+  ],
+  "index": [
+    "filebeat-*"
+  ],
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "Attempt to Modify Okta Policy",
+  "query": "event.module:okta and event.dataset:okta.system and event.action:policy.lifecycle.update",
+  "references": [
+    "https://developer.okta.com/docs/reference/api/system-log/",
+    "https://developer.okta.com/docs/reference/api/event-types/"
+  ],
+  "risk_score": 21,
+  "rule_id": "6731fbf2-8f28-49ed-9ab9-9a918ceb5a45",
+  "severity": "low",
+  "tags": [
+    "Elastic",
+    "Okta"
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_or_delete_application_sign_on_policy.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_or_delete_application_sign_on_policy.json
new file mode 100644
index 00000000000000..ff7546ac2f1a6f
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_attempt_to_modify_or_delete_application_sign_on_policy.json
@@ -0,0 +1,29 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "An adversary may attempt to modify or delete the sign on policy for an Okta application in order to remove or weaken an organization's security controls.",
+  "false_positives": [
+    "Consider adding exceptions to this rule to filter false positives if sign on policies for Okta applications are regularly modified or deleted in your organization."
+  ],
+  "index": [
+    "filebeat-*"
+  ],
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "Modification or Removal of an Okta Application Sign-On Policy",
+  "query": "event.module:okta and event.dataset:okta.system and event.action:(application.policy.sign_on.update or application.policy.sign_on.rule.delete)",
+  "references": [
+    "https://developer.okta.com/docs/reference/api/system-log/",
+    "https://developer.okta.com/docs/reference/api/event-types/"
+  ],
+  "risk_score": 47,
+  "rule_id": "cd16fb10-0261-46e8-9932-a0336278cdbe",
+  "severity": "medium",
+  "tags": [
+    "Elastic",
+    "Okta"
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_threat_detected_by_okta_threatinsight.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_threat_detected_by_okta_threatinsight.json
new file mode 100644
index 00000000000000..7a1b6e3d82d7c8
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/okta_threat_detected_by_okta_threatinsight.json
@@ -0,0 +1,26 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "This rule detects when Okta ThreatInsight identifies a request from a malicious IP address. Investigating requests from IP addresses identified as malicious by Okta ThreatInsight can help security teams monitor for and respond to credential based attacks against their organization, such as brute force and password spraying attacks.",
+  "index": [
+    "filebeat-*"
+  ],
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "Threat Detected by Okta ThreatInsight",
+  "query": "event.module:okta and event.dataset:okta.system and event.action:security.threat.detected",
+  "references": [
+    "https://developer.okta.com/docs/reference/api/system-log/",
+    "https://developer.okta.com/docs/reference/api/event-types/"
+  ],
+  "risk_score": 47,
+  "rule_id": "6885d2ae-e008-4762-b98a-e8e1cd3a81e9",
+  "severity": "medium",
+  "tags": [
+    "Elastic",
+    "Okta"
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_administrator_privileges_assigned_to_okta_group.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_administrator_privileges_assigned_to_okta_group.json
new file mode 100644
index 00000000000000..70e7eb1706e1bf
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_administrator_privileges_assigned_to_okta_group.json
@@ -0,0 +1,46 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "An adversary may attempt to assign administrator privileges to an Okta group in order to assign additional permissions to compromised user accounts.",
+  "false_positives": [
+    "Consider adding exceptions to this rule to filter false positives if administrator privileges are regularly assigned to Okta groups in your organization."
+  ],
+  "index": [
+    "filebeat-*"
+  ],
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "Administrator Privileges Assigned to Okta Group",
+  "query": "event.module:okta and event.dataset:okta.system and event.action:group.privilege.grant",
+  "references": [
+    "https://developer.okta.com/docs/reference/api/system-log/",
+    "https://developer.okta.com/docs/reference/api/event-types/"
+  ],
+  "risk_score": 21,
+  "rule_id": "b8075894-0b62-46e5-977c-31275da34419",
+  "severity": "low",
+  "tags": [
+    "Elastic",
+    "Okta"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0003",
+        "name": "Persistence",
+        "reference": "https://attack.mitre.org/tactics/TA0003/"
+      },
+      "technique": [
+        {
+          "id": "T1098",
+          "name": "Account Manipulation",
+          "reference": "https://attack.mitre.org/techniques/T1098/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_adobe_hijack_persistence.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_adobe_hijack_persistence.json
similarity index 68%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_adobe_hijack_persistence.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_adobe_hijack_persistence.json
index 8d455f501d2b22..c5d8e50d3dba76 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_adobe_hijack_persistence.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_adobe_hijack_persistence.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Detects writing executable files that will be automatically launched by Adobe on launch.",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Adobe Hijack Persistence",
-  "query": "file.path:(\"C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroCEF\\RdrCEF.exe\" or \"C:\\Program Files\\Adobe\\Acrobat Reader DC\\Reader\\AcroCEF\\RdrCEF.exe\") and event.action:\"File created (rule: FileCreate)\" and not process.name:msiexec.exe",
+  "query": "event.category:file and event.type:creation and file.path:(\"C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroCEF\\RdrCEF.exe\" or \"C:\\Program Files\\Adobe\\Acrobat Reader DC\\Reader\\AcroCEF\\RdrCEF.exe\") and not process.name:msiexec.exe",
   "risk_score": 21,
   "rule_id": "2bf78aa2-9c56-48de-b139-f169bf99cf86",
   "severity": "low",
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_attempt_to_create_okta_api_token.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_attempt_to_create_okta_api_token.json
new file mode 100644
index 00000000000000..453580d580344a
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_attempt_to_create_okta_api_token.json
@@ -0,0 +1,46 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "An adversary may create an Okta API token to maintain access to an organization's network while they work to achieve their objectives. An attacker may abuse an API token to execute techniques such as creating user accounts or disabling security rules or policies.",
+  "false_positives": [
+    "If the behavior of creating Okta API tokens is expected, consider adding exceptions to this rule to filter false positives."
+  ],
+  "index": [
+    "filebeat-*"
+  ],
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "Attempt to Create Okta API Token",
+  "query": "event.module:okta and event.dataset:okta.system and event.action:system.api_token.create",
+  "references": [
+    "https://developer.okta.com/docs/reference/api/system-log/",
+    "https://developer.okta.com/docs/reference/api/event-types/"
+  ],
+  "risk_score": 21,
+  "rule_id": "96b9f4ea-0e8c-435b-8d53-2096e75fcac5",
+  "severity": "low",
+  "tags": [
+    "Elastic",
+    "Okta"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0003",
+        "name": "Persistence",
+        "reference": "https://attack.mitre.org/tactics/TA0003/"
+      },
+      "technique": [
+        {
+          "id": "T1136",
+          "name": "Create Account",
+          "reference": "https://attack.mitre.org/techniques/T1136/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_attempt_to_deactivate_mfa_for_okta_user_account.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_attempt_to_deactivate_mfa_for_okta_user_account.json
new file mode 100644
index 00000000000000..e5648285c52897
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_attempt_to_deactivate_mfa_for_okta_user_account.json
@@ -0,0 +1,46 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "An adversary may deactivate multi-factor authentication (MFA) for an Okta user account in order to weaken the authentication requirements for the account.",
+  "false_positives": [
+    "If the behavior of deactivating MFA for Okta user accounts is expected, consider adding exceptions to this rule to filter false positives."
+  ],
+  "index": [
+    "filebeat-*"
+  ],
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "Attempt to Deactivate MFA for Okta User Account",
+  "query": "event.module:okta and event.dataset:okta.system and event.action:user.mfa.factor.deactivate",
+  "references": [
+    "https://developer.okta.com/docs/reference/api/system-log/",
+    "https://developer.okta.com/docs/reference/api/event-types/"
+  ],
+  "risk_score": 21,
+  "rule_id": "cd89602e-9db0-48e3-9391-ae3bf241acd8",
+  "severity": "low",
+  "tags": [
+    "Elastic",
+    "Okta"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0003",
+        "name": "Persistence",
+        "reference": "https://attack.mitre.org/tactics/TA0003/"
+      },
+      "technique": [
+        {
+          "id": "T1098",
+          "name": "Account Manipulation",
+          "reference": "https://attack.mitre.org/techniques/T1098/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_attempt_to_deactivate_okta_policy.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_attempt_to_deactivate_okta_policy.json
new file mode 100644
index 00000000000000..53da2590427387
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_attempt_to_deactivate_okta_policy.json
@@ -0,0 +1,46 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "An adversary may attempt to deactivate an Okta policy in order to weaken an organization's security controls. For example, an adversary may attempt to deactivate an Okta multi-factor authentication (MFA) policy in order to weaken the authentication requirements for user accounts.",
+  "false_positives": [
+    "If the behavior of deactivating Okta policies is expected, consider adding exceptions to this rule to filter false positives."
+  ],
+  "index": [
+    "filebeat-*"
+  ],
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "Attempt to Deactivate Okta Policy",
+  "query": "event.module:okta and event.dataset:okta.system and event.action:policy.lifecycle.deactivate",
+  "references": [
+    "https://developer.okta.com/docs/reference/api/system-log/",
+    "https://developer.okta.com/docs/reference/api/event-types/"
+  ],
+  "risk_score": 21,
+  "rule_id": "b719a170-3bdb-4141-b0e3-13e3cf627bfe",
+  "severity": "low",
+  "tags": [
+    "Elastic",
+    "Okta"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0003",
+        "name": "Persistence",
+        "reference": "https://attack.mitre.org/tactics/TA0003/"
+      },
+      "technique": [
+        {
+          "id": "T1098",
+          "name": "Account Manipulation",
+          "reference": "https://attack.mitre.org/techniques/T1098/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_attempt_to_reset_mfa_factors_for_okta_user_account.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_attempt_to_reset_mfa_factors_for_okta_user_account.json
new file mode 100644
index 00000000000000..f662c0c0b8eb62
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_attempt_to_reset_mfa_factors_for_okta_user_account.json
@@ -0,0 +1,46 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "An adversary may attempt to remove the multi-factor authentication (MFA) factors registered on an Okta user's account in order to register new MFA factors and abuse the account to blend in with normal activity in the victim's environment.",
+  "false_positives": [
+    "Consider adding exceptions to this rule to filter false positives if the MFA factors for Okta user accounts are regularly reset in your organization."
+  ],
+  "index": [
+    "filebeat-*"
+  ],
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "Attempt to Reset MFA Factors for Okta User Account",
+  "query": "event.module:okta and event.dataset:okta.system and event.action:user.mfa.factor.reset_all",
+  "references": [
+    "https://developer.okta.com/docs/reference/api/system-log/",
+    "https://developer.okta.com/docs/reference/api/event-types/"
+  ],
+  "risk_score": 21,
+  "rule_id": "729aa18d-06a6-41c7-b175-b65b739b1181",
+  "severity": "low",
+  "tags": [
+    "Elastic",
+    "Okta"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0003",
+        "name": "Persistence",
+        "reference": "https://attack.mitre.org/tactics/TA0003/"
+      },
+      "technique": [
+        {
+          "id": "T1098",
+          "name": "Account Manipulation",
+          "reference": "https://attack.mitre.org/techniques/T1098/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_ec2_network_acl_creation.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_ec2_network_acl_creation.json
new file mode 100644
index 00000000000000..911536d2567f42
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_ec2_network_acl_creation.json
@@ -0,0 +1,50 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies the creation of an AWS Elastic Compute Cloud (EC2) network access control list (ACL) or an entry in a network ACL with a specified rule number.",
+  "false_positives": [
+    "Network ACL's may be created by a network administrator. Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. Network ACL creations from unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS EC2 Network Access Control List Creation",
+  "query": "event.action:(CreateNetworkAcl or CreateNetworkAclEntry) and event.dataset:aws.cloudtrail and event.provider:ec2.amazonaws.com and event.outcome:success",
+  "references": [
+    "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/create-network-acl.html",
+    "https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkAcl.html",
+    "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/create-network-acl-entry.html",
+    "https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateNetworkAclEntry.html"
+  ],
+  "risk_score": 21,
+  "rule_id": "39144f38-5284-4f8e-a2ae-e3fd628d90b0",
+  "severity": "low",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0003",
+        "name": "Persistence",
+        "reference": "https://attack.mitre.org/tactics/TA0003/"
+      },
+      "technique": [
+        {
+          "id": "T1108",
+          "name": "Redundant Access",
+          "reference": "https://attack.mitre.org/techniques/T1108/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_iam_group_creation.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_iam_group_creation.json
new file mode 100644
index 00000000000000..7c1c4d02737a6a
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_iam_group_creation.json
@@ -0,0 +1,48 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies the creation of a group in AWS Identity and Access Management (IAM). Groups specify permissions for multiple users. Any user in a group automatically has the permissions that are assigned to the group.",
+  "false_positives": [
+    "A group may be created by a system or network administrator. Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. Group creations from unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS IAM Group Creation",
+  "query": "event.action:CreateGroup and event.dataset:aws.cloudtrail and event.provider:iam.amazonaws.com and event.outcome:success",
+  "references": [
+    "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/iam/create-group.html",
+    "https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateGroup.html"
+  ],
+  "risk_score": 21,
+  "rule_id": "169f3a93-efc7-4df2-94d6-0d9438c310d1",
+  "severity": "low",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0003",
+        "name": "Persistence",
+        "reference": "https://attack.mitre.org/tactics/TA0003/"
+      },
+      "technique": [
+        {
+          "id": "T1108",
+          "name": "Redundant Access",
+          "reference": "https://attack.mitre.org/techniques/T1108/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_kernel_module_activity.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_kernel_module_activity.json
similarity index 79%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_kernel_module_activity.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_kernel_module_activity.json
index 95fe337fbfd1b8..48ed65caceda77 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_kernel_module_activity.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_kernel_module_activity.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies loadable kernel module errors, which are often indicative of potential persistence attempts.",
   "false_positives": [
     "Security tools and device drivers may run these programs in order to load legitimate kernel modules. Use of these programs by ordinary users is uncommon."
@@ -7,8 +10,9 @@
     "auditbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Persistence via Kernel Module Modification",
-  "query": "process.name:(insmod or kmod or modprobe or rmod) and event.action:executed",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:(insmod or kmod or modprobe or rmod)",
   "references": [
     "https://www.hackers-arise.com/single-post/2017/11/03/Linux-for-Hackers-Part-10-Loadable-Kernel-Modules-LKM"
   ],
@@ -25,7 +29,7 @@
       "tactic": {
         "id": "TA0003",
         "name": "Persistence",
-        "reference": "https://attack.mitre.org/techniques/TA0003/"
+        "reference": "https://attack.mitre.org/tactics/TA0003/"
       },
       "technique": [
         {
@@ -37,5 +41,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_local_scheduled_task_commands.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_local_scheduled_task_commands.json
similarity index 76%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_local_scheduled_task_commands.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_local_scheduled_task_commands.json
index 7b674c270f884d..b99690f78b2b4a 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_local_scheduled_task_commands.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_local_scheduled_task_commands.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "A scheduled task can be used by an adversary to establish persistence, move laterally, and/or escalate privileges.",
   "false_positives": [
     "Legitimate scheduled tasks may be created during installation of new software."
@@ -7,8 +10,9 @@
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Local Scheduled Task Commands",
-  "query": "event.action:\"Process Create (rule: ProcessCreate)\" and process.name:schtasks.exe and process.args:(-change or -create or -run or -s or /S or /change or /create or /run)",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:schtasks.exe and process.args:(-change or -create or -run or -s or /S or /change or /create or /run)",
   "risk_score": 21,
   "rule_id": "afcce5ad-65de-4ed2-8516-5e093d3ac99a",
   "severity": "low",
@@ -34,5 +38,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_priv_escalation_via_accessibility_features.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_priv_escalation_via_accessibility_features.json
similarity index 95%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_priv_escalation_via_accessibility_features.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_priv_escalation_via_accessibility_features.json
index 59ae2f6ad3bb85..b96d14881ae3d4 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_priv_escalation_via_accessibility_features.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_priv_escalation_via_accessibility_features.json
@@ -1,9 +1,13 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Windows contains accessibility features that may be launched with a key combination before a user has logged in. An adversary can modify the way these programs are launched to get a command prompt or backdoor without logging in to the system.",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Potential Modification of Accessibility Binaries",
   "query": "event.code:1 and process.parent.name:winlogon.exe and process.name:(atbroker.exe or displayswitch.exe or magnify.exe or narrator.exe or osk.exe or sethc.exe or utilman.exe)",
   "risk_score": 21,
@@ -46,5 +50,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_rds_cluster_creation.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_rds_cluster_creation.json
new file mode 100644
index 00000000000000..c6e23acab0fb5f
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_rds_cluster_creation.json
@@ -0,0 +1,65 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies the creation of a new Amazon Relational Database Service (RDS) Aurora DB cluster or global database spread across multiple regions.",
+  "false_positives": [
+    "Valid clusters may be created by a system or network administrator. Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. Cluster creations from unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS RDS Cluster Creation",
+  "query": "event.action:(CreateDBCluster or CreateGlobalCluster) and event.dataset:aws.cloudtrail and event.provider:rds.amazonaws.com and event.outcome:success",
+  "references": [
+    "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/rds/create-db-cluster.html",
+    "https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateDBCluster.html",
+    "https://awscli.amazonaws.com/v2/documentation/api/latest/reference/rds/create-global-cluster.html",
+    "https://docs.aws.amazon.com/AmazonRDS/latest/APIReference/API_CreateGlobalCluster.html"
+  ],
+  "risk_score": 21,
+  "rule_id": "e14c5fd7-fdd7-49c2-9e5b-ec49d817bc8d",
+  "severity": "low",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0003",
+        "name": "Persistence",
+        "reference": "https://attack.mitre.org/tactics/TA0003/"
+      },
+      "technique": [
+        {
+          "id": "T1108",
+          "name": "Redundant Access",
+          "reference": "https://attack.mitre.org/techniques/T1108/"
+        }
+      ]
+    },
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0005",
+        "name": "Defense Evasion",
+        "reference": "https://attack.mitre.org/tactics/TA0005/"
+      },
+      "technique": [
+        {
+          "id": "T1108",
+          "name": "Redundant Access",
+          "reference": "https://attack.mitre.org/techniques/T1108/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_shell_activity_by_web_server.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_shell_activity_by_web_server.json
similarity index 75%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_shell_activity_by_web_server.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_shell_activity_by_web_server.json
index 4d6000bda3b015..24ea80e10f5e30 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_shell_activity_by_web_server.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_shell_activity_by_web_server.json
@@ -1,4 +1,7 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies suspicious commands executed via a web server, which may suggest a vulnerability and remote shell access.",
   "false_positives": [
     "Network monitoring or management products may have a web server component that runs shell commands as part of normal behavior."
@@ -7,8 +10,9 @@
     "auditbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Potential Shell via Web Server",
-  "query": "process.name:(bash or dash) and user.name:(apache or nginx or www or \"www-data\") and event.action:executed",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:(bash or dash) and user.name:(apache or nginx or www or \"www-data\")",
   "references": [
     "https://pentestlab.blog/tag/web-shell/"
   ],
@@ -25,7 +29,7 @@
       "tactic": {
         "id": "TA0003",
         "name": "Persistence",
-        "reference": "https://attack.mitre.org/techniques/TA0003/"
+        "reference": "https://attack.mitre.org/tactics/TA0003/"
       },
       "technique": [
         {
@@ -37,5 +41,5 @@
     }
   ],
   "type": "query",
-  "version": 3
+  "version": 4
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_system_shells_via_services.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_system_shells_via_services.json
similarity index 78%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_system_shells_via_services.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_system_shells_via_services.json
index 504c41f05871a4..c3684006a49e52 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_system_shells_via_services.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_system_shells_via_services.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Windows services typically run as SYSTEM and can be used as a privilege escalation opportunity. Malware or penetration testers may run a shell as a service to gain SYSTEM permissions.",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "System Shells via Services",
-  "query": "event.action:\"Process Create (rule: ProcessCreate)\" and process.parent.name:services.exe and process.name:(cmd.exe or powershell.exe)",
+  "query": "event.category:process and event.type:(start or process_started) and process.parent.name:services.exe and process.name:(cmd.exe or powershell.exe)",
   "risk_score": 47,
   "rule_id": "0022d47d-39c7-4f69-a232-4fe9dc7a3acd",
   "severity": "medium",
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_user_account_creation.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_user_account_creation.json
similarity index 74%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_user_account_creation.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_user_account_creation.json
index 247a1cde22596c..5704f6d14bfecf 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/eql_user_account_creation.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_user_account_creation.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies attempts to create new local users. This is sometimes done by attackers to increase access to a system or domain.",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "User Account Creation",
-  "query": "event.action:\"Process Create (rule: ProcessCreate)\" and process.name:(net.exe or net1.exe) and not process.parent.name:net.exe and process.args:(user and (/ad or /add))",
+  "query": "event.category:process and event.type:(start or process_started) and process.name:(net.exe or net1.exe) and not process.parent.name:net.exe and process.args:(user and (/ad or /add))",
   "risk_score": 21,
   "rule_id": "1aa9181a-492b-4c01-8b16-fa0735786b2b",
   "severity": "low",
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_persistence_via_application_shimming.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_via_application_shimming.json
similarity index 94%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_persistence_via_application_shimming.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_via_application_shimming.json
index 5b77fdb01a6058..a5a9676053c2dc 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_persistence_via_application_shimming.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/persistence_via_application_shimming.json
@@ -1,9 +1,13 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "The Application Shim was created to allow for backward compatibility of software as the operating system codebase changes over time. This Windows functionality has been abused by attackers to stealthily gain persistence and arbitrary code execution in legitimate Windows processes.",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Potential Application Shimming via Sdbinst",
   "query": "event.code:1 and process.name:sdbinst.exe",
   "risk_score": 21,
@@ -46,5 +50,5 @@
     }
   ],
   "type": "query",
-  "version": 2
+  "version": 3
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_root_login_without_mfa.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_root_login_without_mfa.json
new file mode 100644
index 00000000000000..6db9e04edc0cb5
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_root_login_without_mfa.json
@@ -0,0 +1,47 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies attempts to login to AWS as the root user without using multi-factor authentication (MFA). Amazon AWS best practices indicate that the root user should be protected by MFA.",
+  "false_positives": [
+    "Some organizations allow login with the root user without MFA, however this is not considered best practice by AWS and increases the risk of compromised credentials."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS Root Login Without MFA",
+  "query": "event.module:aws and event.dataset:aws.cloudtrail and event.provider:signin.amazonaws.com and event.action:ConsoleLogin and aws.cloudtrail.user_identity.type:Root and aws.cloudtrail.console_login.additional_eventdata.mfa_used:false and event.outcome:success",
+  "references": [
+    "https://docs.aws.amazon.com/IAM/latest/UserGuide/id_root-user.html"
+  ],
+  "risk_score": 21,
+  "rule_id": "bc0c6f0d-dab0-47a3-b135-0925f0a333bc",
+  "severity": "low",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0004",
+        "name": "Privilege Escalation",
+        "reference": "https://attack.mitre.org/tactics/TA0004/"
+      },
+      "technique": [
+        {
+          "id": "T1078",
+          "name": "Valid Accounts",
+          "reference": "https://attack.mitre.org/techniques/T1078/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_setgid_bit_set_via_chmod.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_setgid_bit_set_via_chmod.json
similarity index 86%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_setgid_bit_set_via_chmod.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_setgid_bit_set_via_chmod.json
index c1043303485960..3738c04346e6ec 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_setgid_bit_set_via_chmod.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_setgid_bit_set_via_chmod.json
@@ -1,12 +1,16 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "An adversary may add the setgid bit to a file or directory in order to run a file with the privileges of the owning group. An adversary can take advantage of this to either do a shell escape or exploit a vulnerability in an application with the setgid bit to get code running in a different user\u2019s context. Additionally, adversaries can use this mechanism on their own malware to make sure they're able to execute in elevated contexts in the future.",
   "index": [
     "auditbeat-*"
   ],
   "language": "lucene",
+  "license": "Elastic License",
   "max_signals": 33,
   "name": "Setgid Bit Set via chmod",
-  "query": "event.action:(executed OR process_started) AND process.name:chmod AND process.args:(g+s OR /2[0-9]{3}/) AND NOT user.name:root",
+  "query": "event.category:process AND event.type:(start or process_started) AND process.name:chmod AND process.args:(g+s OR /2[0-9]{3}/) AND NOT user.name:root",
   "risk_score": 21,
   "rule_id": "3a86e085-094c-412d-97ff-2439731e59cb",
   "severity": "low",
@@ -47,5 +51,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_setuid_bit_set_via_chmod.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_setuid_bit_set_via_chmod.json
similarity index 86%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_setuid_bit_set_via_chmod.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_setuid_bit_set_via_chmod.json
index 72b62b67aa2d4d..58dcd2d671f523 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_setuid_bit_set_via_chmod.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_setuid_bit_set_via_chmod.json
@@ -1,12 +1,16 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "An adversary may add the setuid bit to a file or directory in order to run a file with the privileges of the owning user. An adversary can take advantage of this to either do a shell escape or exploit a vulnerability in an application with the setuid bit to get code running in a different user\u2019s context. Additionally, adversaries can use this mechanism on their own malware to make sure they're able to execute in elevated contexts in the future.",
   "index": [
     "auditbeat-*"
   ],
   "language": "lucene",
+  "license": "Elastic License",
   "max_signals": 33,
   "name": "Setuid Bit Set via chmod",
-  "query": "event.action:(executed OR process_started) AND process.name:chmod AND process.args:(u+s OR /4[0-9]{3}/) AND NOT user.name:root",
+  "query": "event.category:process AND event.type:(start or process_started) AND process.name:chmod AND process.args:(u+s OR /4[0-9]{3}/) AND NOT user.name:root",
   "risk_score": 21,
   "rule_id": "8a1b0278-0f9a-487d-96bd-d4833298e87a",
   "severity": "low",
@@ -47,5 +51,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_sudoers_file_mod.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_sudoers_file_mod.json
similarity index 84%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_sudoers_file_mod.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_sudoers_file_mod.json
index 3cb9259e92132b..9850d4d908b69b 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/linux_sudoers_file_mod.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_sudoers_file_mod.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "A sudoers file specifies the commands that users or groups can run and from which terminals. Adversaries can take advantage of these configurations to execute commands as other users or spawn processes with higher privileges.",
   "index": [
     "auditbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Sudoers File Modification",
-  "query": "event.module:file_integrity and event.action:updated and file.path:/etc/sudoers",
+  "query": "event.category:file and event.type:change and file.path:/etc/sudoers",
   "risk_score": 21,
   "rule_id": "931e25a5-0f5e-4ae0-ba0d-9e94eff7e3a4",
   "severity": "low",
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_uac_bypass_event_viewer.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_uac_bypass_event_viewer.json
similarity index 73%
rename from x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_uac_bypass_event_viewer.json
rename to x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_uac_bypass_event_viewer.json
index 1fb44f0c842def..d8b59804fecdf4 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_uac_bypass_event_viewer.json
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_uac_bypass_event_viewer.json
@@ -1,11 +1,15 @@
 {
+  "author": [
+    "Elastic"
+  ],
   "description": "Identifies User Account Control (UAC) bypass via eventvwr.exe. Attackers bypass UAC to stealthily execute code with elevated permissions.",
   "index": [
     "winlogbeat-*"
   ],
   "language": "kuery",
+  "license": "Elastic License",
   "name": "Bypass UAC via Event Viewer",
-  "query": "process.parent.name:eventvwr.exe and event.action:\"Process Create (rule: ProcessCreate)\" and not process.executable:(\"C:\\Windows\\SysWOW64\\mmc.exe\" or \"C:\\Windows\\System32\\mmc.exe\")",
+  "query": "event.category:process and event.type:(start or process_started) and process.parent.name:eventvwr.exe and not process.executable:(\"C:\\Windows\\SysWOW64\\mmc.exe\" or \"C:\\Windows\\System32\\mmc.exe\")",
   "risk_score": 21,
   "rule_id": "31b4c719-f2b4-41f6-a9bd-fce93c2eaf62",
   "severity": "low",
@@ -31,5 +35,5 @@
     }
   ],
   "type": "query",
-  "version": 1
+  "version": 2
 }
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_unusual_parentchild_relationship.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_unusual_parentchild_relationship.json
new file mode 100644
index 00000000000000..bc80953d0aa619
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_unusual_parentchild_relationship.json
@@ -0,0 +1,39 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies Windows programs run from unexpected parent processes. This could indicate masquerading or other strange activity on a system.",
+  "index": [
+    "winlogbeat-*"
+  ],
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "Unusual Parent-Child Relationship",
+  "query": "event.category:process and event.type:(start or process_started) and process.parent.executable:* and (process.name:smss.exe and not process.parent.name:(System or smss.exe) or process.name:csrss.exe and not process.parent.name:(smss.exe or svchost.exe) or process.name:wininit.exe and not process.parent.name:smss.exe or process.name:winlogon.exe and not process.parent.name:smss.exe or process.name:lsass.exe and not process.parent.name:wininit.exe or process.name:LogonUI.exe and not process.parent.name:(wininit.exe or winlogon.exe) or process.name:services.exe and not process.parent.name:wininit.exe or process.name:svchost.exe and not process.parent.name:(MsMpEng.exe or services.exe) or process.name:spoolsv.exe and not process.parent.name:services.exe or process.name:taskhost.exe and not process.parent.name:(services.exe or svchost.exe) or process.name:taskhostw.exe and not process.parent.name:(services.exe or svchost.exe) or process.name:userinit.exe and not process.parent.name:(dwm.exe or winlogon.exe))",
+  "risk_score": 47,
+  "rule_id": "35df0dd8-092d-4a83-88c1-5151a804f31b",
+  "severity": "medium",
+  "tags": [
+    "Elastic",
+    "Windows"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0004",
+        "name": "Privilege Escalation",
+        "reference": "https://attack.mitre.org/tactics/TA0004/"
+      },
+      "technique": [
+        {
+          "id": "T1093",
+          "name": "Process Hollowing",
+          "reference": "https://attack.mitre.org/techniques/T1093/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 3
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_updateassumerolepolicy.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_updateassumerolepolicy.json
new file mode 100644
index 00000000000000..623f90716b2b68
--- /dev/null
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/privilege_escalation_updateassumerolepolicy.json
@@ -0,0 +1,47 @@
+{
+  "author": [
+    "Elastic"
+  ],
+  "description": "Identifies attempts to modify an AWS IAM Assume Role Policy. An adversary may attempt to modify the AssumeRolePolicy of a misconfigured role in order to gain the privileges of that role.",
+  "false_positives": [
+    "Verify whether the user identity, user agent, and/or hostname should be making changes in your environment. Policy updates from unfamiliar users or hosts should be investigated. If known behavior is causing false positives, it can be exempted from the rule."
+  ],
+  "from": "now-60m",
+  "index": [
+    "filebeat-*"
+  ],
+  "interval": "10m",
+  "language": "kuery",
+  "license": "Elastic License",
+  "name": "AWS IAM Assume Role Policy Update",
+  "query": "event.module:aws and event.dataset:aws.cloudtrail and event.provider:iam.amazonaws.com and event.action:UpdateAssumeRolePolicy and event.outcome:success",
+  "references": [
+    "https://labs.bishopfox.com/tech-blog/5-privesc-attack-vectors-in-aws"
+  ],
+  "risk_score": 21,
+  "rule_id": "a60326d7-dca7-4fb7-93eb-1ca03a1febbd",
+  "severity": "low",
+  "tags": [
+    "AWS",
+    "Elastic"
+  ],
+  "threat": [
+    {
+      "framework": "MITRE ATT&CK",
+      "tactic": {
+        "id": "TA0004",
+        "name": "Privilege Escalation",
+        "reference": "https://attack.mitre.org/tactics/TA0004/"
+      },
+      "technique": [
+        {
+          "id": "T1078",
+          "name": "Valid Accounts",
+          "reference": "https://attack.mitre.org/techniques/T1078/"
+        }
+      ]
+    }
+  ],
+  "type": "query",
+  "version": 1
+}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_suspicious_pdf_reader.json b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_suspicious_pdf_reader.json
deleted file mode 100644
index 6c2b167a76ee48..00000000000000
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules/windows_suspicious_pdf_reader.json
+++ /dev/null
@@ -1,35 +0,0 @@
-{
-  "description": "Identifies suspicious child processes of PDF reader applications. These child processes are often launched via exploitation of PDF applications or social engineering.",
-  "index": [
-    "winlogbeat-*"
-  ],
-  "language": "kuery",
-  "name": "Suspicious PDF Reader Child Process",
-  "query": "event.action:\"Process Create (rule: ProcessCreate)\" and process.parent.name:(AcroRd32.exe or Acrobat.exe or FoxitPhantomPDF.exe or FoxitReader.exe) and process.name:(arp.exe or dsquery.exe or dsget.exe or gpresult.exe or hostname.exe or ipconfig.exe or nbtstat.exe or net.exe or net1.exe or netsh.exe or netstat.exe or nltest.exe or ping.exe or qprocess.exe or quser.exe or qwinsta.exe or reg.exe or sc.exe or systeminfo.exe or tasklist.exe or tracert.exe or whoami.exe or bginfo.exe or cdb.exe or cmstp.exe or csi.exe or dnx.exe or fsi.exe or ieexec.exe or iexpress.exe or installutil.exe or Microsoft.Workflow.Compiler.exe or msbuild.exe or mshta.exe or msxsl.exe or odbcconf.exe or rcsi.exe or regsvr32.exe or xwizard.exe or atbroker.exe or forfiles.exe or schtasks.exe or regasm.exe or regsvcs.exe or cmd.exe or cscript.exe or powershell.exe or pwsh.exe or wmic.exe or wscript.exe or bitsadmin.exe or certutil.exe or ftp.exe)",
-  "risk_score": 21,
-  "rule_id": "53a26770-9cbd-40c5-8b57-61d01a325e14",
-  "severity": "low",
-  "tags": [
-    "Elastic",
-    "Windows"
-  ],
-  "threat": [
-    {
-      "framework": "MITRE ATT&CK",
-      "tactic": {
-        "id": "TA0002",
-        "name": "Execution",
-        "reference": "https://attack.mitre.org/tactics/TA0002/"
-      },
-      "technique": [
-        {
-          "id": "T1204",
-          "name": "User Execution",
-          "reference": "https://attack.mitre.org/techniques/T1204/"
-        }
-      ]
-    }
-  ],
-  "type": "query",
-  "version": 1
-}
diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts
index 4a6dd04656d8ee..0cc3ca092a4dcd 100644
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts
@@ -9,7 +9,7 @@ import sinon from 'sinon';
 
 import { alertsMock, AlertServicesMock } from '../../../../../alerts/server/mocks';
 import { listMock } from '../../../../../lists/server/mocks';
-import { EntriesArray } from '../../../../common/detection_engine/lists_common_deps';
+import { EntriesArray } from '../../../../common/shared_imports';
 import { buildRuleMessageFactory } from './rule_messages';
 import { ExceptionListClient } from '../../../../../lists/server';
 import { getListArrayMock } from '../../../../common/detection_engine/schemas/types/lists.mock';
diff --git a/x-pack/plugins/spaces/common/model/types.ts b/x-pack/plugins/spaces/common/model/types.ts
index 58c36da33dbd73..30004c739ee7a5 100644
--- a/x-pack/plugins/spaces/common/model/types.ts
+++ b/x-pack/plugins/spaces/common/model/types.ts
@@ -4,4 +4,4 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-export type GetSpacePurpose = 'any' | 'copySavedObjectsIntoSpace';
+export type GetSpacePurpose = 'any' | 'copySavedObjectsIntoSpace' | 'findSavedObjects';
diff --git a/x-pack/plugins/spaces/server/lib/spaces_client/__snapshots__/spaces_client.test.ts.snap b/x-pack/plugins/spaces/server/lib/spaces_client/__snapshots__/spaces_client.test.ts.snap
index a0fa3a2c75eab8..c2df94a0a2936e 100644
--- a/x-pack/plugins/spaces/server/lib/spaces_client/__snapshots__/spaces_client.test.ts.snap
+++ b/x-pack/plugins/spaces/server/lib/spaces_client/__snapshots__/spaces_client.test.ts.snap
@@ -26,6 +26,8 @@ exports[`#getAll useRbacForRequest is true with purpose='any' throws Boom.forbid
 
 exports[`#getAll useRbacForRequest is true with purpose='copySavedObjectsIntoSpace' throws Boom.forbidden when user isn't authorized for any spaces 1`] = `"Forbidden"`;
 
+exports[`#getAll useRbacForRequest is true with purpose='findSavedObjects' throws Boom.forbidden when user isn't authorized for any spaces 1`] = `"Forbidden"`;
+
 exports[`#getAll useRbacForRequest is true with purpose='undefined' throws Boom.forbidden when user isn't authorized for any spaces 1`] = `"Forbidden"`;
 
 exports[`#update useRbacForRequest is true throws Boom.forbidden when user isn't authorized at space 1`] = `"Unauthorized to update spaces"`;
diff --git a/x-pack/plugins/spaces/server/lib/spaces_client/spaces_client.test.ts b/x-pack/plugins/spaces/server/lib/spaces_client/spaces_client.test.ts
index fc2110f15f39d1..61b1985c5a0b9f 100644
--- a/x-pack/plugins/spaces/server/lib/spaces_client/spaces_client.test.ts
+++ b/x-pack/plugins/spaces/server/lib/spaces_client/spaces_client.test.ts
@@ -228,15 +228,20 @@ describe('#getAll', () => {
           mockAuthorization.actions.login,
       },
       {
-        purpose: 'any',
+        purpose: 'any' as GetSpacePurpose,
         expectedPrivilege: (mockAuthorization: SecurityPluginSetup['authz']) =>
           mockAuthorization.actions.login,
       },
       {
-        purpose: 'copySavedObjectsIntoSpace',
+        purpose: 'copySavedObjectsIntoSpace' as GetSpacePurpose,
         expectedPrivilege: (mockAuthorization: SecurityPluginSetup['authz']) =>
           mockAuthorization.actions.ui.get('savedObjectsManagement', 'copyIntoSpace'),
       },
+      {
+        purpose: 'findSavedObjects' as GetSpacePurpose,
+        expectedPrivilege: (mockAuthorization: SecurityPluginSetup['authz']) =>
+          mockAuthorization.actions.savedObject.get('config', 'find'),
+      },
     ].forEach((scenario) => {
       describe(`with purpose='${scenario.purpose}'`, () => {
         test(`throws Boom.forbidden when user isn't authorized for any spaces`, async () => {
@@ -276,9 +281,7 @@ describe('#getAll', () => {
             mockInternalRepository,
             request
           );
-          await expect(
-            client.getAll(scenario.purpose as GetSpacePurpose)
-          ).rejects.toThrowErrorMatchingSnapshot();
+          await expect(client.getAll(scenario.purpose)).rejects.toThrowErrorMatchingSnapshot();
 
           expect(mockInternalRepository.find).toHaveBeenCalledWith({
             type: 'space',
@@ -290,7 +293,7 @@ describe('#getAll', () => {
           expect(mockAuthorization.checkPrivilegesWithRequest).toHaveBeenCalledWith(request);
           expect(mockCheckPrivilegesAtSpaces).toHaveBeenCalledWith(
             savedObjects.map((savedObject) => savedObject.id),
-            privilege
+            [privilege]
           );
           expect(mockAuditLogger.spacesAuthorizationFailure).toHaveBeenCalledWith(
             username,
@@ -336,7 +339,7 @@ describe('#getAll', () => {
             mockInternalRepository,
             request
           );
-          const actualSpaces = await client.getAll(scenario.purpose as GetSpacePurpose);
+          const actualSpaces = await client.getAll(scenario.purpose);
 
           expect(actualSpaces).toEqual([expectedSpaces[0]]);
           expect(mockInternalRepository.find).toHaveBeenCalledWith({
@@ -349,7 +352,7 @@ describe('#getAll', () => {
           expect(mockAuthorization.checkPrivilegesWithRequest).toHaveBeenCalledWith(request);
           expect(mockCheckPrivilegesAtSpaces).toHaveBeenCalledWith(
             savedObjects.map((savedObject) => savedObject.id),
-            privilege
+            [privilege]
           );
           expect(mockAuditLogger.spacesAuthorizationFailure).toHaveBeenCalledTimes(0);
           expect(mockAuditLogger.spacesAuthorizationSuccess).toHaveBeenCalledWith(
diff --git a/x-pack/plugins/spaces/server/lib/spaces_client/spaces_client.ts b/x-pack/plugins/spaces/server/lib/spaces_client/spaces_client.ts
index 25fc3ad97c0d93..b4b0057a2f5a5c 100644
--- a/x-pack/plugins/spaces/server/lib/spaces_client/spaces_client.ts
+++ b/x-pack/plugins/spaces/server/lib/spaces_client/spaces_client.ts
@@ -13,15 +13,23 @@ import { SpacesAuditLogger } from '../audit_logger';
 import { ConfigType } from '../../config';
 import { GetSpacePurpose } from '../../../common/model/types';
 
-const SUPPORTED_GET_SPACE_PURPOSES: GetSpacePurpose[] = ['any', 'copySavedObjectsIntoSpace'];
+const SUPPORTED_GET_SPACE_PURPOSES: GetSpacePurpose[] = [
+  'any',
+  'copySavedObjectsIntoSpace',
+  'findSavedObjects',
+];
 
 const PURPOSE_PRIVILEGE_MAP: Record<
   GetSpacePurpose,
-  (authorization: SecurityPluginSetup['authz']) => string
+  (authorization: SecurityPluginSetup['authz']) => string[]
 > = {
-  any: (authorization) => authorization.actions.login,
-  copySavedObjectsIntoSpace: (authorization) =>
+  any: (authorization) => [authorization.actions.login],
+  copySavedObjectsIntoSpace: (authorization) => [
     authorization.actions.ui.get('savedObjectsManagement', 'copyIntoSpace'),
+  ],
+  findSavedObjects: (authorization) => {
+    return [authorization.actions.savedObject.get('config', 'find')];
+  },
 };
 
 export class SpacesClient {
@@ -86,7 +94,7 @@ export class SpacesClient {
 
       if (authorized.length === 0) {
         this.debugLogger(
-          `SpacesClient.getAll(), using RBAC. returning 403/Forbidden. Not authorized for any spaces.`
+          `SpacesClient.getAll(), using RBAC. returning 403/Forbidden. Not authorized for any spaces for ${purpose} purpose.`
         );
         this.auditLogger.spacesAuthorizationFailure(username, 'getAll');
         throw Boom.forbidden();
diff --git a/x-pack/plugins/spaces/server/saved_objects/spaces_saved_objects_client.test.ts b/x-pack/plugins/spaces/server/saved_objects/spaces_saved_objects_client.test.ts
index 190429d2dacd4d..4d0d75cd4595c2 100644
--- a/x-pack/plugins/spaces/server/saved_objects/spaces_saved_objects_client.test.ts
+++ b/x-pack/plugins/spaces/server/saved_objects/spaces_saved_objects_client.test.ts
@@ -9,6 +9,7 @@ import { SpacesSavedObjectsClient } from './spaces_saved_objects_client';
 import { spacesServiceMock } from '../spaces_service/spaces_service.mock';
 import { savedObjectsClientMock } from '../../../../../src/core/server/mocks';
 import { SavedObjectTypeRegistry } from 'src/core/server';
+import { SpacesClient } from '../lib/spaces_client';
 
 const typeRegistry = new SavedObjectTypeRegistry();
 typeRegistry.registerType({
@@ -48,6 +49,7 @@ const createMockResponse = () => ({
   timeFieldName: '@timestamp',
   notExpandable: true,
   references: [],
+  score: 0,
 });
 
 const ERROR_NAMESPACE_SPECIFIED = 'Spaces currently determines the namespaces';
@@ -68,7 +70,7 @@ const ERROR_NAMESPACE_SPECIFIED = 'Spaces currently determines the namespaces';
         spacesService,
         typeRegistry,
       });
-      return { client, baseClient };
+      return { client, baseClient, spacesService };
     };
 
     describe('#get', () => {
@@ -127,14 +129,6 @@ const ERROR_NAMESPACE_SPECIFIED = 'Spaces currently determines the namespaces';
     });
 
     describe('#find', () => {
-      test(`throws error if options.namespace is specified`, async () => {
-        const { client } = await createSpacesSavedObjectsClient();
-
-        await expect(client.find({ type: 'foo', namespace: 'bar' })).rejects.toThrow(
-          ERROR_NAMESPACE_SPECIFIED
-        );
-      });
-
       test(`passes options.type to baseClient if valid singular type specified`, async () => {
         const { client, baseClient } = await createSpacesSavedObjectsClient();
         const expectedReturnValue = {
@@ -151,7 +145,7 @@ const ERROR_NAMESPACE_SPECIFIED = 'Spaces currently determines the namespaces';
         expect(actualReturnValue).toBe(expectedReturnValue);
         expect(baseClient.find).toHaveBeenCalledWith({
           type: ['foo'],
-          namespace: currentSpace.expectedNamespace,
+          namespaces: [currentSpace.expectedNamespace ?? 'default'],
         });
       });
 
@@ -171,8 +165,101 @@ const ERROR_NAMESPACE_SPECIFIED = 'Spaces currently determines the namespaces';
         expect(actualReturnValue).toBe(expectedReturnValue);
         expect(baseClient.find).toHaveBeenCalledWith({
           type: ['foo', 'bar'],
-          namespace: currentSpace.expectedNamespace,
+          namespaces: [currentSpace.expectedNamespace ?? 'default'],
+        });
+      });
+
+      test(`passes options.namespaces along`, async () => {
+        const { client, baseClient, spacesService } = await createSpacesSavedObjectsClient();
+        const expectedReturnValue = {
+          saved_objects: [createMockResponse()],
+          total: 1,
+          per_page: 0,
+          page: 0,
+        };
+        baseClient.find.mockReturnValue(Promise.resolve(expectedReturnValue));
+
+        const spacesClient = (await spacesService.scopedClient(null as any)) as jest.Mocked<
+          SpacesClient
+        >;
+        spacesClient.getAll.mockImplementation(() =>
+          Promise.resolve([
+            { id: 'ns-1', name: '', disabledFeatures: [] },
+            { id: 'ns-2', name: '', disabledFeatures: [] },
+          ])
+        );
+
+        const options = Object.freeze({ type: ['foo', 'bar'], namespaces: ['ns-1', 'ns-2'] });
+        const actualReturnValue = await client.find(options);
+
+        expect(actualReturnValue).toBe(expectedReturnValue);
+        expect(baseClient.find).toHaveBeenCalledWith({
+          type: ['foo', 'bar'],
+          namespaces: ['ns-1', 'ns-2'],
+        });
+        expect(spacesClient.getAll).toHaveBeenCalledWith('findSavedObjects');
+      });
+
+      test(`filters options.namespaces based on authorization`, async () => {
+        const { client, baseClient, spacesService } = await createSpacesSavedObjectsClient();
+        const expectedReturnValue = {
+          saved_objects: [createMockResponse()],
+          total: 1,
+          per_page: 0,
+          page: 0,
+        };
+        baseClient.find.mockReturnValue(Promise.resolve(expectedReturnValue));
+
+        const spacesClient = (await spacesService.scopedClient(null as any)) as jest.Mocked<
+          SpacesClient
+        >;
+        spacesClient.getAll.mockImplementation(() =>
+          Promise.resolve([
+            { id: 'ns-1', name: '', disabledFeatures: [] },
+            { id: 'ns-2', name: '', disabledFeatures: [] },
+          ])
+        );
+
+        const options = Object.freeze({ type: ['foo', 'bar'], namespaces: ['ns-1', 'ns-3'] });
+        const actualReturnValue = await client.find(options);
+
+        expect(actualReturnValue).toBe(expectedReturnValue);
+        expect(baseClient.find).toHaveBeenCalledWith({
+          type: ['foo', 'bar'],
+          namespaces: ['ns-1'],
+        });
+        expect(spacesClient.getAll).toHaveBeenCalledWith('findSavedObjects');
+      });
+
+      test(`translates options.namespace: ['*']`, async () => {
+        const { client, baseClient, spacesService } = await createSpacesSavedObjectsClient();
+        const expectedReturnValue = {
+          saved_objects: [createMockResponse()],
+          total: 1,
+          per_page: 0,
+          page: 0,
+        };
+        baseClient.find.mockReturnValue(Promise.resolve(expectedReturnValue));
+
+        const spacesClient = (await spacesService.scopedClient(null as any)) as jest.Mocked<
+          SpacesClient
+        >;
+        spacesClient.getAll.mockImplementation(() =>
+          Promise.resolve([
+            { id: 'ns-1', name: '', disabledFeatures: [] },
+            { id: 'ns-2', name: '', disabledFeatures: [] },
+          ])
+        );
+
+        const options = Object.freeze({ type: ['foo', 'bar'], namespaces: ['*'] });
+        const actualReturnValue = await client.find(options);
+
+        expect(actualReturnValue).toBe(expectedReturnValue);
+        expect(baseClient.find).toHaveBeenCalledWith({
+          type: ['foo', 'bar'],
+          namespaces: ['ns-1', 'ns-2'],
         });
+        expect(spacesClient.getAll).toHaveBeenCalledWith('findSavedObjects');
       });
     });
 
diff --git a/x-pack/plugins/spaces/server/saved_objects/spaces_saved_objects_client.ts b/x-pack/plugins/spaces/server/saved_objects/spaces_saved_objects_client.ts
index 6611725be8b67b..7e2b302d7cff56 100644
--- a/x-pack/plugins/spaces/server/saved_objects/spaces_saved_objects_client.ts
+++ b/x-pack/plugins/spaces/server/saved_objects/spaces_saved_objects_client.ts
@@ -19,6 +19,7 @@ import {
 } from 'src/core/server';
 import { SpacesServiceSetup } from '../spaces_service/spaces_service';
 import { spaceIdToNamespace } from '../lib/utils/namespace';
+import { SpacesClient } from '../lib/spaces_client';
 
 interface SpacesSavedObjectsClientOptions {
   baseClient: SavedObjectsClientContract;
@@ -45,12 +46,14 @@ export class SpacesSavedObjectsClient implements SavedObjectsClientContract {
   private readonly client: SavedObjectsClientContract;
   private readonly spaceId: string;
   private readonly types: string[];
+  private readonly getSpacesClient: Promise<SpacesClient>;
   public readonly errors: SavedObjectsClientContract['errors'];
 
   constructor(options: SpacesSavedObjectsClientOptions) {
     const { baseClient, request, spacesService, typeRegistry } = options;
 
     this.client = baseClient;
+    this.getSpacesClient = spacesService.scopedClient(request);
     this.spaceId = spacesService.getSpaceId(request);
     this.types = typeRegistry.getAllTypes().map((t) => t.name);
     this.errors = baseClient.errors;
@@ -131,19 +134,40 @@ export class SpacesSavedObjectsClient implements SavedObjectsClientContract {
    * @property {string} [options.sortField]
    * @property {string} [options.sortOrder]
    * @property {Array<string>} [options.fields]
-   * @property {string} [options.namespace]
+   * @property {string} [options.namespaces]
    * @property {object} [options.hasReference] - { type, id }
    * @returns {promise} - { saved_objects: [{ id, type, version, attributes }], total, per_page, page }
    */
   public async find<T = unknown>(options: SavedObjectsFindOptions) {
     throwErrorIfNamespaceSpecified(options);
 
+    let namespaces = options.namespaces;
+    if (namespaces) {
+      const spacesClient = await this.getSpacesClient;
+      const availableSpaces = await spacesClient.getAll('findSavedObjects');
+      if (namespaces.includes('*')) {
+        namespaces = availableSpaces.map((space) => space.id);
+      } else {
+        namespaces = namespaces.filter((namespace) =>
+          availableSpaces.some((space) => space.id === namespace)
+        );
+      }
+      // This forbidden error allows this scenario to be consistent
+      // with the way the SpacesClient behaves when no spaces are authorized
+      // there.
+      if (namespaces.length === 0) {
+        throw this.errors.decorateForbiddenError(new Error());
+      }
+    } else {
+      namespaces = [this.spaceId];
+    }
+
     return await this.client.find<T>({
       ...options,
       type: (options.type ? coerceToArray(options.type) : this.types).filter(
         (type) => type !== 'space'
       ),
-      namespace: spaceIdToNamespace(this.spaceId),
+      namespaces,
     });
   }
 
diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json
index c1f36372ec94e4..ef95f5f9c09d8f 100644
--- a/x-pack/plugins/translations/translations/ja-JP.json
+++ b/x-pack/plugins/translations/translations/ja-JP.json
@@ -7469,14 +7469,9 @@
     "xpack.infra.logs.alerting.threshold.fired": "実行",
     "xpack.infra.logs.analysis.analyzeInMlButtonLabel": "ML で分析",
     "xpack.infra.logs.analysis.anomaliesSectionLineSeriesName": "15 分ごとのログエントリー (平均)",
-    "xpack.infra.logs.analysis.anomaliesSectionLoadingAriaLabel": "異常を読み込み中",
     "xpack.infra.logs.analysis.anomaliesSectionTitle": "異常",
     "xpack.infra.logs.analysis.anomalySectionNoDataBody": "時間範囲を調整する必要があるかもしれません。",
     "xpack.infra.logs.analysis.anomalySectionNoDataTitle": "表示するデータがありません。",
-    "xpack.infra.logs.analysis.jobConfigurationOutdatedCalloutMessage": "異なるソース構成を使用して ML ジョブが作成されました。現在の構成を適用するにはジョブを再作成してください。これにより以前検出された異常が削除されます。",
-    "xpack.infra.logs.analysis.jobConfigurationOutdatedCalloutTitle": "古い ML ジョブ構成",
-    "xpack.infra.logs.analysis.jobDefinitionOutdatedCalloutMessage": "ML ジョブの新しいバージョンが利用可能です。新しいバージョンをデプロイするにはジョブを再作成してください。これにより以前検出された異常が削除されます。",
-    "xpack.infra.logs.analysis.jobDefinitionOutdatedCalloutTitle": "古い ML ジョブ定義",
     "xpack.infra.logs.analysis.jobStoppedCalloutMessage": "ML ジョブが手動またはリソース不足により停止しました。新しいログエントリーはジョブが再起動するまで処理されません。",
     "xpack.infra.logs.analysis.jobStoppedCalloutTitle": "ML ジョブが停止しました",
     "xpack.infra.logs.analysis.missingMlResultsPrivilegesBody": "本機能は機械学習ジョブを利用し、そのステータスと結果にアクセスするためには、少なくとも{machineLearningUserRole}ロールが必要です。",
@@ -7517,7 +7512,6 @@
     "xpack.infra.logs.highlights.highlightsPopoverButtonLabel": "ハイライト",
     "xpack.infra.logs.highlights.highlightTermsFieldLabel": "ハイライトする用語",
     "xpack.infra.logs.index.logCategoriesBetaBadgeTitle": "カテゴリー",
-    "xpack.infra.logs.index.logRateBetaBadgeTitle": "ログレート",
     "xpack.infra.logs.index.settingsTabTitle": "設定",
     "xpack.infra.logs.index.streamTabTitle": "ストリーム",
     "xpack.infra.logs.jumpToTailText": "最も新しいエントリーに移動",
@@ -8104,9 +8098,6 @@
     "xpack.ingestManager.agentReassignConfig.flyoutTitle": "新しいエージェント構成を割り当て",
     "xpack.ingestManager.agentReassignConfig.selectConfigLabel": "エージェント構成",
     "xpack.ingestManager.agentReassignConfig.successSingleNotificationTitle": "新しいエージェント構成が再割り当てされました",
-    "xpack.ingestManager.alphaBadge.labelText": "実験的",
-    "xpack.ingestManager.alphaBadge.titleText": "実験的",
-    "xpack.ingestManager.alphaBadge.tooltipText": "このプラグインは今後のリリースで変更または削除される可能性があり、SLAのサポート対象になりません。",
     "xpack.ingestManager.alphaMessageDescription": "Ingest Managerは開発中であり、本番用ではありません。",
     "xpack.ingestManager.alphaMessageTitle": "実験的",
     "xpack.ingestManager.alphaMessaging.docsLink": "ドキュメンテーション",
@@ -8114,8 +8105,6 @@
     "xpack.ingestManager.alphaMessaging.flyoutTitle": "このリリースについて",
     "xpack.ingestManager.alphaMessaging.forumLink": "ディスカッションフォーラム",
     "xpack.ingestManager.alphaMessaging.introText": "このリリースはテスト段階であり、SLAの対象ではありません。ユーザーがIngest Managerと新しいElasticエージェントをテストしてフィードバックを提供することを目的としています。今後のリリースにおいて特定の機能が変更されたり、廃止されたりする可能性があるため、本番環境で使用しないでください。",
-    "xpack.ingestManager.alphaMessaging.warningNote": "注",
-    "xpack.ingestManager.alphaMessaging.warningText": "{note}：今後のリリースでは表示が制限されるため、Ingest Managerでは重要なデータを保存しないでください。このバージョンは、今後のリリースで廃止予定のインデックスストラテジーを使用していて、移行方法はありません。また、特定の機能のライセンスは検討中であり、今後変更される場合があります。結果として、ライセンスティアによっては、特定の機能へのアクセスが失われる場合があります。",
     "xpack.ingestManager.alphaMessging.closeFlyoutLabel": "閉じる",
     "xpack.ingestManager.appNavigation.configurationsLinkText": "構成",
     "xpack.ingestManager.appNavigation.dataStreamsLinkText": "データストリーム",
@@ -12409,7 +12398,8 @@
     "xpack.reporting.errorButton.unableToGenerateReportTitle": "レポートを生成できません",
     "xpack.reporting.exportTypes.common.failedToDecryptReportJobDataErrorMessage": "レポートジョブデータの解読に失敗しました。{encryptionKey}が設定されていることを確認してこのレポートを再生成してください。{err}",
     "xpack.reporting.exportTypes.common.missingJobHeadersErrorMessage": "ジョブヘッダーがありません",
-    "xpack.reporting.exportTypes.csv_from_savedobject.executeJob.failedToAccessPanel": "ジョブ実行のパネルメタデータにアクセスできませんでした",
+    "xpack.reporting.exportTypes.csv_from_savedobject.executeJob.failedToDecryptReportJobDataErrorMessage": "レポートジョブデータの解読に失敗しました{encryptionKey} が設定されていることを確認してこのレポートを再生成してください。{err}",
+    "xpack.reporting.exportTypes.csv_from_savedobject.executeJob.missingJobHeadersErrorMessage": "ジョブヘッダーがありません",
     "xpack.reporting.exportTypes.csv.executeJob.dateFormateSetting": "Kibana の高度な設定「{dateFormatTimezone}」が「ブラウザー」に設定されていますあいまいさを避けるために日付は UTC 形式に変換されます。",
     "xpack.reporting.exportTypes.csv.executeJob.failedToDecryptReportJobDataErrorMessage": "レポートジョブデータの解読に失敗しました{encryptionKey} が設定されていることを確認してこのレポートを再生成してください。{err}",
     "xpack.reporting.exportTypes.csv.executeJob.missingJobHeadersErrorMessage": "ジョブヘッダーがありません",
diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json
index 7e36d5676585ca..108fb4ba320463 100644
--- a/x-pack/plugins/translations/translations/zh-CN.json
+++ b/x-pack/plugins/translations/translations/zh-CN.json
@@ -7474,14 +7474,9 @@
     "xpack.infra.logs.alerting.threshold.fired": "已触发",
     "xpack.infra.logs.analysis.analyzeInMlButtonLabel": "在 ML 中分析",
     "xpack.infra.logs.analysis.anomaliesSectionLineSeriesName": "每 15 分钟日志条目数（平均值）",
-    "xpack.infra.logs.analysis.anomaliesSectionLoadingAriaLabel": "正在加载异常",
     "xpack.infra.logs.analysis.anomaliesSectionTitle": "异常",
     "xpack.infra.logs.analysis.anomalySectionNoDataBody": "您可能想调整时间范围。",
     "xpack.infra.logs.analysis.anomalySectionNoDataTitle": "没有可显示的数据。",
-    "xpack.infra.logs.analysis.jobConfigurationOutdatedCalloutMessage": "创建 ML 作业时所使用的源配置不同。重新创建作业以应用当前配置。这将移除以前检测到的异常。",
-    "xpack.infra.logs.analysis.jobConfigurationOutdatedCalloutTitle": "ML 作业配置已过期",
-    "xpack.infra.logs.analysis.jobDefinitionOutdatedCalloutMessage": "ML 作业有更新的版本可用。重新创建作业以部署更新的版本。这将移除以前检测到的异常。",
-    "xpack.infra.logs.analysis.jobDefinitionOutdatedCalloutTitle": "ML 作业定义已过期",
     "xpack.infra.logs.analysis.jobStoppedCalloutMessage": "ML 作业已手动停止或由于缺乏资源而停止。作业重新启动后，才会处理新的日志条目。",
     "xpack.infra.logs.analysis.jobStoppedCalloutTitle": "ML 作业已停止",
     "xpack.infra.logs.analysis.missingMlResultsPrivilegesBody": "此功能使用 Machine Learning 作业，要访问这些作业的状态和结果，至少需要 {machineLearningUserRole} 角色。",
@@ -7522,7 +7517,6 @@
     "xpack.infra.logs.highlights.highlightsPopoverButtonLabel": "突出显示",
     "xpack.infra.logs.highlights.highlightTermsFieldLabel": "要突出显示的词",
     "xpack.infra.logs.index.logCategoriesBetaBadgeTitle": "类别",
-    "xpack.infra.logs.index.logRateBetaBadgeTitle": "日志速率",
     "xpack.infra.logs.index.settingsTabTitle": "设置",
     "xpack.infra.logs.index.streamTabTitle": "流式传输",
     "xpack.infra.logs.jumpToTailText": "跳到最近的条目",
@@ -8109,9 +8103,6 @@
     "xpack.ingestManager.agentReassignConfig.flyoutTitle": "分配新代理配置",
     "xpack.ingestManager.agentReassignConfig.selectConfigLabel": "代理配置",
     "xpack.ingestManager.agentReassignConfig.successSingleNotificationTitle": "代理配置已重新分配",
-    "xpack.ingestManager.alphaBadge.labelText": "实验性",
-    "xpack.ingestManager.alphaBadge.titleText": "实验性",
-    "xpack.ingestManager.alphaBadge.tooltipText": "在未来的版本中可能会更改或移除此插件，其不受支持 SLA 的约束。",
     "xpack.ingestManager.alphaMessageDescription": "Ingest Manager 仍处于开发状态，不适用于生产用途。",
     "xpack.ingestManager.alphaMessageTitle": "实验性",
     "xpack.ingestManager.alphaMessaging.docsLink": "文档",
@@ -8119,8 +8110,6 @@
     "xpack.ingestManager.alphaMessaging.flyoutTitle": "关于本版本",
     "xpack.ingestManager.alphaMessaging.forumLink": "讨论论坛",
     "xpack.ingestManager.alphaMessaging.introText": "本版本为实验性版本，不受支持 SLA 的约束。其用于用户测试 Ingest Manager 和新 Elastic 代理并提供相关反馈。因为在未来版本中可能更改或移除某些功能，所以不适用于生产环境。",
-    "xpack.ingestManager.alphaMessaging.warningNote": "注意",
-    "xpack.ingestManager.alphaMessaging.warningText": "{note}：不应使用 Ingest Manager 存储重要的数据，因为在未来的版本中可能看不到这些数据。此版本将使用在未来版本中会过时的索引策略，而且没有迁移路径。另外，某些功能的许可方式正在考虑之中，将来可能会变更。因为，根据您的许可证级别，您可能无法使用某些功能。",
     "xpack.ingestManager.alphaMessging.closeFlyoutLabel": "关闭",
     "xpack.ingestManager.appNavigation.configurationsLinkText": "配置",
     "xpack.ingestManager.appNavigation.dataStreamsLinkText": "数据流",
@@ -12415,7 +12404,8 @@
     "xpack.reporting.errorButton.unableToGenerateReportTitle": "无法生成报告",
     "xpack.reporting.exportTypes.common.failedToDecryptReportJobDataErrorMessage": "无法解密报告作业数据。请确保已设置 {encryptionKey}，然后重新生成此报告。{err}",
     "xpack.reporting.exportTypes.common.missingJobHeadersErrorMessage": "作业标头缺失",
-    "xpack.reporting.exportTypes.csv_from_savedobject.executeJob.failedToAccessPanel": "无法访问用于作业执行的面板元数据",
+    "xpack.reporting.exportTypes.csv_from_savedobject.executeJob.failedToDecryptReportJobDataErrorMessage": "无法解密报告作业数据。请确保已设置 {encryptionKey}，然后重新生成此报告。{err}",
+    "xpack.reporting.exportTypes.csv_from_savedobject.executeJob.missingJobHeadersErrorMessage": "作业标头缺失",
     "xpack.reporting.exportTypes.csv.executeJob.dateFormateSetting": "Kibana 高级设置“{dateFormatTimezone}”已设置为“浏览器”。日期将格式化为 UTC 以避免混淆。",
     "xpack.reporting.exportTypes.csv.executeJob.failedToDecryptReportJobDataErrorMessage": "无法解密报告作业数据。请确保已设置 {encryptionKey}，然后重新生成此报告。{err}",
     "xpack.reporting.exportTypes.csv.executeJob.missingJobHeadersErrorMessage": "作业标头缺失",
diff --git a/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/update.ts b/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/update.ts
index 2bcc035beb7a93..37c0116396b1cc 100644
--- a/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/update.ts
+++ b/x-pack/test/alerting_api_integration/security_and_spaces/tests/alerting/update.ts
@@ -29,7 +29,8 @@ export default function createUpdateTests({ getService }: FtrProviderContext) {
       .then((response: SupertestResponse) => response.body);
   }
 
-  describe('update', () => {
+  // Failing ES promotion: https://github.com/elastic/kibana/issues/71558
+  describe.skip('update', () => {
     const objectRemover = new ObjectRemover(supertest);
 
     after(() => objectRemover.removeAll());
diff --git a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_rules_bulk.ts b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_rules_bulk.ts
index 52865e43be7504..897738d0919f28 100644
--- a/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_rules_bulk.ts
+++ b/x-pack/test/detection_engine_api_integration/security_and_spaces/tests/create_rules_bulk.ts
@@ -29,7 +29,8 @@ export default ({ getService }: FtrProviderContext): void => {
   const supertest = getService('supertest');
   const es = getService('es');
 
-  describe('create_rules_bulk', () => {
+  // Preventing ES promotion: https://github.com/elastic/kibana/issues/71555
+  describe.skip('create_rules_bulk', () => {
     describe('validation errors', () => {
       it('should give a 200 even if the index does not exist as all bulks return a 200 but have an error of 409 bad request in the body', async () => {
         const { body } = await supertest
diff --git a/x-pack/test/functional/es_archives/reporting/multi_index/data.json.gz b/x-pack/test/functional/es_archives/reporting/multi_index/data.json.gz
new file mode 100644
index 00000000000000..bb0e05d632f54f
Binary files /dev/null and b/x-pack/test/functional/es_archives/reporting/multi_index/data.json.gz differ
diff --git a/x-pack/test/functional/es_archives/reporting/multi_index/mappings.json b/x-pack/test/functional/es_archives/reporting/multi_index/mappings.json
new file mode 100644
index 00000000000000..f28ffce8ce3ce0
--- /dev/null
+++ b/x-pack/test/functional/es_archives/reporting/multi_index/mappings.json
@@ -0,0 +1,92 @@
+{
+  "type": "index",
+  "value": {
+    "aliases": {
+    },
+    "index": "tests-001",
+    "mappings": {
+      "properties": {
+        "@date": {
+          "type": "date"
+        },
+        "ants": {
+          "type": "integer"
+        },
+        "country": {
+          "type": "keyword"
+        },
+        "name": {
+          "type": "keyword"
+        }
+      }
+    },
+    "settings": {
+      "index": {
+        "number_of_replicas": "0",
+        "number_of_shards": "1"
+      }
+    }
+  }
+}
+
+{
+  "type": "index",
+  "value": {
+    "aliases": {
+    },
+    "index": "tests-002",
+    "mappings": {
+      "properties": {
+        "@date": {
+          "type": "date"
+        },
+        "ants": {
+          "type": "integer"
+        },
+        "country": {
+          "type": "keyword"
+        },
+        "name": {
+          "type": "keyword"
+        }
+      }
+    },
+    "settings": {
+      "index": {
+        "number_of_replicas": "0",
+        "number_of_shards": "1"
+      }
+    }
+  }
+}
+
+{
+  "type": "index",
+  "value": {
+    "aliases": {
+    },
+    "index": "tests-003",
+    "mappings": {
+      "properties": {
+        "@date": {
+          "type": "date"
+        },
+        "ants": {
+          "type": "integer"
+        },
+        "country": {
+          "type": "keyword"
+        },
+        "name": {
+          "type": "keyword"
+        }
+      }
+    },
+    "settings": {
+      "index": {
+        "number_of_replicas": "0",
+        "number_of_shards": "1"
+      }
+    }
+  }
+}
diff --git a/x-pack/test/functional/es_archives/reporting/multi_index_kibana/data.json.gz b/x-pack/test/functional/es_archives/reporting/multi_index_kibana/data.json.gz
new file mode 100644
index 00000000000000..a6330916d62f77
Binary files /dev/null and b/x-pack/test/functional/es_archives/reporting/multi_index_kibana/data.json.gz differ
diff --git a/x-pack/test/functional/es_archives/reporting/multi_index_kibana/mappings.json b/x-pack/test/functional/es_archives/reporting/multi_index_kibana/mappings.json
new file mode 100644
index 00000000000000..97b9599bc86cc8
--- /dev/null
+++ b/x-pack/test/functional/es_archives/reporting/multi_index_kibana/mappings.json
@@ -0,0 +1,2073 @@
+{
+  "type": "index",
+  "value": {
+    "aliases": {
+      ".kibana": {
+      }
+    },
+    "index": ".kibana_1",
+    "mappings": {
+      "_meta": {
+        "migrationMappingPropertyHashes": {
+          "action": "6e96ac5e648f57523879661ea72525b7",
+          "action_task_params": "a9d49f184ee89641044be0ca2950fa3a",
+          "alert": "7b44fba6773e37c806ce290ea9b7024e",
+          "apm-indices": "9bb9b2bf1fa636ed8619cbab5ce6a1dd",
+          "apm-telemetry": "3525d7c22c42bc80f5e6e9cb3f2b26a2",
+          "application_usage_totals": "c897e4310c5f24b07caaff3db53ae2c1",
+          "application_usage_transactional": "965839e75f809fefe04f92dc4d99722a",
+          "canvas-element": "7390014e1091044523666d97247392fc",
+          "canvas-workpad": "b0a1706d356228dbdcb4a17e6b9eb231",
+          "cases": "32aa96a6d3855ddda53010ae2048ac22",
+          "cases-comments": "c2061fb929f585df57425102fa928b4b",
+          "cases-configure": "42711cbb311976c0687853f4c1354572",
+          "cases-user-actions": "32277330ec6b721abe3b846cfd939a71",
+          "config": "ae24d22d5986d04124cc6568f771066f",
+          "dashboard": "d00f614b29a80360e1190193fd333bab",
+          "file-upload-telemetry": "0ed4d3e1983d1217a30982630897092e",
+          "graph-workspace": "cd7ba1330e6682e9cc00b78850874be1",
+          "index-pattern": "66eccb05066c5a89924f48a9e9736499",
+          "kql-telemetry": "d12a98a6f19a2d273696597547e064ee",
+          "lens": "d33c68a69ff1e78c9888dedd2164ac22",
+          "lens-ui-telemetry": "509bfa5978586998e05f9e303c07a327",
+          "map": "4a05b35c3a3a58fbc72dd0202dc3487f",
+          "maps": "bfd39d88aadadb4be597ea984d433dbe",
+          "migrationVersion": "4a1746014a75ade3a714e1db5763276f",
+          "ml-telemetry": "257fd1d4b4fdbb9cb4b8a3b27da201e9",
+          "namespace": "2f4316de49999235636386fe51dc06c1",
+          "namespaces": "2f4316de49999235636386fe51dc06c1",
+          "query": "11aaeb7f5f7fa5bb43f25e18ce26e7d9",
+          "references": "7997cf5a56cc02bdc9c93361bde732b0",
+          "sample-data-telemetry": "7d3cfeb915303c9641c59681967ffeb4",
+          "search": "181661168bbadd1eff5902361e2a0d5c",
+          "telemetry": "36a616f7026dfa617d6655df850fe16d",
+          "timelion-sheet": "9a2a2748877c7a7b582fef201ab1d4cf",
+          "tsvb-validation-telemetry": "3a37ef6c8700ae6fc97d5c7da00e9215",
+          "type": "2f4316de49999235636386fe51dc06c1",
+          "ui-metric": "0d409297dc5ebe1e3a1da691c6ee32e3",
+          "updated_at": "00da57df13e94e9d98437d13ace4bfe0",
+          "upgrade-assistant-reindex-operation": "296a89039fc4260292be36b1b005d8f2",
+          "upgrade-assistant-telemetry": "56702cec857e0a9dacfb696655b4ff7b",
+          "uptime-dynamic-settings": "fcdb453a30092f022f2642db29523d80",
+          "url": "b675c3be8d76ecf029294d51dc7ec65d",
+          "visualization": "52d7a13ad68a150c4525b292d23e12cc"
+        }
+      },
+      "dynamic": "strict",
+      "properties": {
+        "action": {
+          "properties": {
+            "actionTypeId": {
+              "type": "keyword"
+            },
+            "config": {
+              "enabled": false,
+              "type": "object"
+            },
+            "name": {
+              "fields": {
+                "keyword": {
+                  "type": "keyword"
+                }
+              },
+              "type": "text"
+            },
+            "secrets": {
+              "type": "binary"
+            }
+          }
+        },
+        "action_task_params": {
+          "properties": {
+            "actionId": {
+              "type": "keyword"
+            },
+            "apiKey": {
+              "type": "binary"
+            },
+            "params": {
+              "enabled": false,
+              "type": "object"
+            }
+          }
+        },
+        "alert": {
+          "properties": {
+            "actions": {
+              "properties": {
+                "actionRef": {
+                  "type": "keyword"
+                },
+                "actionTypeId": {
+                  "type": "keyword"
+                },
+                "group": {
+                  "type": "keyword"
+                },
+                "params": {
+                  "enabled": false,
+                  "type": "object"
+                }
+              },
+              "type": "nested"
+            },
+            "alertTypeId": {
+              "type": "keyword"
+            },
+            "apiKey": {
+              "type": "binary"
+            },
+            "apiKeyOwner": {
+              "type": "keyword"
+            },
+            "consumer": {
+              "type": "keyword"
+            },
+            "createdAt": {
+              "type": "date"
+            },
+            "createdBy": {
+              "type": "keyword"
+            },
+            "enabled": {
+              "type": "boolean"
+            },
+            "muteAll": {
+              "type": "boolean"
+            },
+            "mutedInstanceIds": {
+              "type": "keyword"
+            },
+            "name": {
+              "fields": {
+                "keyword": {
+                  "type": "keyword"
+                }
+              },
+              "type": "text"
+            },
+            "params": {
+              "enabled": false,
+              "type": "object"
+            },
+            "schedule": {
+              "properties": {
+                "interval": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "scheduledTaskId": {
+              "type": "keyword"
+            },
+            "tags": {
+              "type": "keyword"
+            },
+            "throttle": {
+              "type": "keyword"
+            },
+            "updatedBy": {
+              "type": "keyword"
+            }
+          }
+        },
+        "apm-indices": {
+          "properties": {
+            "apm_oss": {
+              "properties": {
+                "errorIndices": {
+                  "type": "keyword"
+                },
+                "metricsIndices": {
+                  "type": "keyword"
+                },
+                "onboardingIndices": {
+                  "type": "keyword"
+                },
+                "sourcemapIndices": {
+                  "type": "keyword"
+                },
+                "spanIndices": {
+                  "type": "keyword"
+                },
+                "transactionIndices": {
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        },
+        "apm-telemetry": {
+          "properties": {
+            "agents": {
+              "properties": {
+                "dotnet": {
+                  "properties": {
+                    "agent": {
+                      "properties": {
+                        "version": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        }
+                      }
+                    },
+                    "service": {
+                      "properties": {
+                        "framework": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "language": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "runtime": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                },
+                "go": {
+                  "properties": {
+                    "agent": {
+                      "properties": {
+                        "version": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        }
+                      }
+                    },
+                    "service": {
+                      "properties": {
+                        "framework": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "language": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "runtime": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                },
+                "java": {
+                  "properties": {
+                    "agent": {
+                      "properties": {
+                        "version": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        }
+                      }
+                    },
+                    "service": {
+                      "properties": {
+                        "framework": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "language": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "runtime": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                },
+                "js-base": {
+                  "properties": {
+                    "agent": {
+                      "properties": {
+                        "version": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        }
+                      }
+                    },
+                    "service": {
+                      "properties": {
+                        "framework": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "language": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "runtime": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                },
+                "nodejs": {
+                  "properties": {
+                    "agent": {
+                      "properties": {
+                        "version": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        }
+                      }
+                    },
+                    "service": {
+                      "properties": {
+                        "framework": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "language": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "runtime": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                },
+                "python": {
+                  "properties": {
+                    "agent": {
+                      "properties": {
+                        "version": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        }
+                      }
+                    },
+                    "service": {
+                      "properties": {
+                        "framework": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "language": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "runtime": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                },
+                "ruby": {
+                  "properties": {
+                    "agent": {
+                      "properties": {
+                        "version": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        }
+                      }
+                    },
+                    "service": {
+                      "properties": {
+                        "framework": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "language": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "runtime": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                },
+                "rum-js": {
+                  "properties": {
+                    "agent": {
+                      "properties": {
+                        "version": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        }
+                      }
+                    },
+                    "service": {
+                      "properties": {
+                        "framework": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "language": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "runtime": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                }
+              }
+            },
+            "cardinality": {
+              "properties": {
+                "transaction": {
+                  "properties": {
+                    "name": {
+                      "properties": {
+                        "all_agents": {
+                          "properties": {
+                            "1d": {
+                              "type": "long"
+                            }
+                          }
+                        },
+                        "rum": {
+                          "properties": {
+                            "1d": {
+                              "type": "long"
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                },
+                "user_agent": {
+                  "properties": {
+                    "original": {
+                      "properties": {
+                        "all_agents": {
+                          "properties": {
+                            "1d": {
+                              "type": "long"
+                            }
+                          }
+                        },
+                        "rum": {
+                          "properties": {
+                            "1d": {
+                              "type": "long"
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                }
+              }
+            },
+            "counts": {
+              "properties": {
+                "agent_configuration": {
+                  "properties": {
+                    "all": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "error": {
+                  "properties": {
+                    "1d": {
+                      "type": "long"
+                    },
+                    "all": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "max_error_groups_per_service": {
+                  "properties": {
+                    "1d": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "max_transaction_groups_per_service": {
+                  "properties": {
+                    "1d": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "metric": {
+                  "properties": {
+                    "1d": {
+                      "type": "long"
+                    },
+                    "all": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "onboarding": {
+                  "properties": {
+                    "1d": {
+                      "type": "long"
+                    },
+                    "all": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "services": {
+                  "properties": {
+                    "1d": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "sourcemap": {
+                  "properties": {
+                    "1d": {
+                      "type": "long"
+                    },
+                    "all": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "span": {
+                  "properties": {
+                    "1d": {
+                      "type": "long"
+                    },
+                    "all": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "traces": {
+                  "properties": {
+                    "1d": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "transaction": {
+                  "properties": {
+                    "1d": {
+                      "type": "long"
+                    },
+                    "all": {
+                      "type": "long"
+                    }
+                  }
+                }
+              }
+            },
+            "has_any_services": {
+              "type": "boolean"
+            },
+            "indices": {
+              "properties": {
+                "all": {
+                  "properties": {
+                    "total": {
+                      "properties": {
+                        "docs": {
+                          "properties": {
+                            "count": {
+                              "type": "long"
+                            }
+                          }
+                        },
+                        "store": {
+                          "properties": {
+                            "size_in_bytes": {
+                              "type": "long"
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                },
+                "shards": {
+                  "properties": {
+                    "total": {
+                      "type": "long"
+                    }
+                  }
+                }
+              }
+            },
+            "integrations": {
+              "properties": {
+                "ml": {
+                  "properties": {
+                    "all_jobs_count": {
+                      "type": "long"
+                    }
+                  }
+                }
+              }
+            },
+            "retainment": {
+              "properties": {
+                "error": {
+                  "properties": {
+                    "ms": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "metric": {
+                  "properties": {
+                    "ms": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "onboarding": {
+                  "properties": {
+                    "ms": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "span": {
+                  "properties": {
+                    "ms": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "transaction": {
+                  "properties": {
+                    "ms": {
+                      "type": "long"
+                    }
+                  }
+                }
+              }
+            },
+            "services_per_agent": {
+              "properties": {
+                "dotnet": {
+                  "null_value": 0,
+                  "type": "long"
+                },
+                "go": {
+                  "null_value": 0,
+                  "type": "long"
+                },
+                "java": {
+                  "null_value": 0,
+                  "type": "long"
+                },
+                "js-base": {
+                  "null_value": 0,
+                  "type": "long"
+                },
+                "nodejs": {
+                  "null_value": 0,
+                  "type": "long"
+                },
+                "python": {
+                  "null_value": 0,
+                  "type": "long"
+                },
+                "ruby": {
+                  "null_value": 0,
+                  "type": "long"
+                },
+                "rum-js": {
+                  "null_value": 0,
+                  "type": "long"
+                }
+              }
+            },
+            "tasks": {
+              "properties": {
+                "agent_configuration": {
+                  "properties": {
+                    "took": {
+                      "properties": {
+                        "ms": {
+                          "type": "long"
+                        }
+                      }
+                    }
+                  }
+                },
+                "agents": {
+                  "properties": {
+                    "took": {
+                      "properties": {
+                        "ms": {
+                          "type": "long"
+                        }
+                      }
+                    }
+                  }
+                },
+                "cardinality": {
+                  "properties": {
+                    "took": {
+                      "properties": {
+                        "ms": {
+                          "type": "long"
+                        }
+                      }
+                    }
+                  }
+                },
+                "groupings": {
+                  "properties": {
+                    "took": {
+                      "properties": {
+                        "ms": {
+                          "type": "long"
+                        }
+                      }
+                    }
+                  }
+                },
+                "indices_stats": {
+                  "properties": {
+                    "took": {
+                      "properties": {
+                        "ms": {
+                          "type": "long"
+                        }
+                      }
+                    }
+                  }
+                },
+                "integrations": {
+                  "properties": {
+                    "took": {
+                      "properties": {
+                        "ms": {
+                          "type": "long"
+                        }
+                      }
+                    }
+                  }
+                },
+                "processor_events": {
+                  "properties": {
+                    "took": {
+                      "properties": {
+                        "ms": {
+                          "type": "long"
+                        }
+                      }
+                    }
+                  }
+                },
+                "services": {
+                  "properties": {
+                    "took": {
+                      "properties": {
+                        "ms": {
+                          "type": "long"
+                        }
+                      }
+                    }
+                  }
+                },
+                "versions": {
+                  "properties": {
+                    "took": {
+                      "properties": {
+                        "ms": {
+                          "type": "long"
+                        }
+                      }
+                    }
+                  }
+                }
+              }
+            },
+            "version": {
+              "properties": {
+                "apm_server": {
+                  "properties": {
+                    "major": {
+                      "type": "long"
+                    },
+                    "minor": {
+                      "type": "long"
+                    },
+                    "patch": {
+                      "type": "long"
+                    }
+                  }
+                }
+              }
+            }
+          }
+        },
+        "application_usage_totals": {
+          "properties": {
+            "appId": {
+              "type": "keyword"
+            },
+            "minutesOnScreen": {
+              "type": "float"
+            },
+            "numberOfClicks": {
+              "type": "long"
+            }
+          }
+        },
+        "application_usage_transactional": {
+          "properties": {
+            "appId": {
+              "type": "keyword"
+            },
+            "minutesOnScreen": {
+              "type": "float"
+            },
+            "numberOfClicks": {
+              "type": "long"
+            },
+            "timestamp": {
+              "type": "date"
+            }
+          }
+        },
+        "canvas-element": {
+          "dynamic": "false",
+          "properties": {
+            "@created": {
+              "type": "date"
+            },
+            "@timestamp": {
+              "type": "date"
+            },
+            "content": {
+              "type": "text"
+            },
+            "help": {
+              "type": "text"
+            },
+            "image": {
+              "type": "text"
+            },
+            "name": {
+              "fields": {
+                "keyword": {
+                  "type": "keyword"
+                }
+              },
+              "type": "text"
+            }
+          }
+        },
+        "canvas-workpad": {
+          "dynamic": "false",
+          "properties": {
+            "@created": {
+              "type": "date"
+            },
+            "@timestamp": {
+              "type": "date"
+            },
+            "name": {
+              "fields": {
+                "keyword": {
+                  "type": "keyword"
+                }
+              },
+              "type": "text"
+            }
+          }
+        },
+        "cases": {
+          "properties": {
+            "closed_at": {
+              "type": "date"
+            },
+            "closed_by": {
+              "properties": {
+                "email": {
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "type": "keyword"
+                },
+                "username": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "connector_id": {
+              "type": "keyword"
+            },
+            "created_at": {
+              "type": "date"
+            },
+            "created_by": {
+              "properties": {
+                "email": {
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "type": "keyword"
+                },
+                "username": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "description": {
+              "type": "text"
+            },
+            "external_service": {
+              "properties": {
+                "connector_id": {
+                  "type": "keyword"
+                },
+                "connector_name": {
+                  "type": "keyword"
+                },
+                "external_id": {
+                  "type": "keyword"
+                },
+                "external_title": {
+                  "type": "text"
+                },
+                "external_url": {
+                  "type": "text"
+                },
+                "pushed_at": {
+                  "type": "date"
+                },
+                "pushed_by": {
+                  "properties": {
+                    "email": {
+                      "type": "keyword"
+                    },
+                    "full_name": {
+                      "type": "keyword"
+                    },
+                    "username": {
+                      "type": "keyword"
+                    }
+                  }
+                }
+              }
+            },
+            "status": {
+              "type": "keyword"
+            },
+            "tags": {
+              "type": "keyword"
+            },
+            "title": {
+              "type": "keyword"
+            },
+            "updated_at": {
+              "type": "date"
+            },
+            "updated_by": {
+              "properties": {
+                "email": {
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "type": "keyword"
+                },
+                "username": {
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        },
+        "cases-comments": {
+          "properties": {
+            "comment": {
+              "type": "text"
+            },
+            "created_at": {
+              "type": "date"
+            },
+            "created_by": {
+              "properties": {
+                "email": {
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "type": "keyword"
+                },
+                "username": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "pushed_at": {
+              "type": "date"
+            },
+            "pushed_by": {
+              "properties": {
+                "email": {
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "type": "keyword"
+                },
+                "username": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "updated_at": {
+              "type": "date"
+            },
+            "updated_by": {
+              "properties": {
+                "email": {
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "type": "keyword"
+                },
+                "username": {
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        },
+        "cases-configure": {
+          "properties": {
+            "closure_type": {
+              "type": "keyword"
+            },
+            "connector_id": {
+              "type": "keyword"
+            },
+            "connector_name": {
+              "type": "keyword"
+            },
+            "created_at": {
+              "type": "date"
+            },
+            "created_by": {
+              "properties": {
+                "email": {
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "type": "keyword"
+                },
+                "username": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "updated_at": {
+              "type": "date"
+            },
+            "updated_by": {
+              "properties": {
+                "email": {
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "type": "keyword"
+                },
+                "username": {
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        },
+        "cases-user-actions": {
+          "properties": {
+            "action": {
+              "type": "keyword"
+            },
+            "action_at": {
+              "type": "date"
+            },
+            "action_by": {
+              "properties": {
+                "email": {
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "type": "keyword"
+                },
+                "username": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "action_field": {
+              "type": "keyword"
+            },
+            "new_value": {
+              "type": "text"
+            },
+            "old_value": {
+              "type": "text"
+            }
+          }
+        },
+        "config": {
+          "dynamic": "true",
+          "properties": {
+            "buildNum": {
+              "type": "keyword"
+            },
+            "defaultIndex": {
+              "fields": {
+                "keyword": {
+                  "ignore_above": 256,
+                  "type": "keyword"
+                }
+              },
+              "type": "text"
+            }
+          }
+        },
+        "dashboard": {
+          "properties": {
+            "description": {
+              "type": "text"
+            },
+            "hits": {
+              "type": "integer"
+            },
+            "kibanaSavedObjectMeta": {
+              "properties": {
+                "searchSourceJSON": {
+                  "type": "text"
+                }
+              }
+            },
+            "optionsJSON": {
+              "type": "text"
+            },
+            "panelsJSON": {
+              "type": "text"
+            },
+            "refreshInterval": {
+              "properties": {
+                "display": {
+                  "type": "keyword"
+                },
+                "pause": {
+                  "type": "boolean"
+                },
+                "section": {
+                  "type": "integer"
+                },
+                "value": {
+                  "type": "integer"
+                }
+              }
+            },
+            "timeFrom": {
+              "type": "keyword"
+            },
+            "timeRestore": {
+              "type": "boolean"
+            },
+            "timeTo": {
+              "type": "keyword"
+            },
+            "title": {
+              "type": "text"
+            },
+            "version": {
+              "type": "integer"
+            }
+          }
+        },
+        "file-upload-telemetry": {
+          "properties": {
+            "filesUploadedTotalCount": {
+              "type": "long"
+            }
+          }
+        },
+        "graph-workspace": {
+          "properties": {
+            "description": {
+              "type": "text"
+            },
+            "kibanaSavedObjectMeta": {
+              "properties": {
+                "searchSourceJSON": {
+                  "type": "text"
+                }
+              }
+            },
+            "numLinks": {
+              "type": "integer"
+            },
+            "numVertices": {
+              "type": "integer"
+            },
+            "title": {
+              "type": "text"
+            },
+            "version": {
+              "type": "integer"
+            },
+            "wsState": {
+              "type": "text"
+            }
+          }
+        },
+        "index-pattern": {
+          "properties": {
+            "fieldFormatMap": {
+              "type": "text"
+            },
+            "fields": {
+              "type": "text"
+            },
+            "intervalName": {
+              "type": "keyword"
+            },
+            "notExpandable": {
+              "type": "boolean"
+            },
+            "sourceFilters": {
+              "type": "text"
+            },
+            "timeFieldName": {
+              "type": "keyword"
+            },
+            "title": {
+              "type": "text"
+            },
+            "type": {
+              "type": "keyword"
+            },
+            "typeMeta": {
+              "type": "keyword"
+            }
+          }
+        },
+        "kql-telemetry": {
+          "properties": {
+            "optInCount": {
+              "type": "long"
+            },
+            "optOutCount": {
+              "type": "long"
+            }
+          }
+        },
+        "lens": {
+          "properties": {
+            "description": {
+              "type": "text"
+            },
+            "expression": {
+              "index": false,
+              "type": "keyword"
+            },
+            "state": {
+              "type": "flattened"
+            },
+            "title": {
+              "type": "text"
+            },
+            "visualizationType": {
+              "type": "keyword"
+            }
+          }
+        },
+        "lens-ui-telemetry": {
+          "properties": {
+            "count": {
+              "type": "integer"
+            },
+            "date": {
+              "type": "date"
+            },
+            "name": {
+              "type": "keyword"
+            },
+            "type": {
+              "type": "keyword"
+            }
+          }
+        },
+        "map": {
+          "properties": {
+            "description": {
+              "type": "text"
+            },
+            "layerListJSON": {
+              "type": "text"
+            },
+            "mapStateJSON": {
+              "type": "text"
+            },
+            "title": {
+              "type": "text"
+            },
+            "uiStateJSON": {
+              "type": "text"
+            },
+            "version": {
+              "type": "integer"
+            }
+          }
+        },
+        "maps": {
+          "properties": {
+            "attributesPerMap": {
+              "properties": {
+                "dataSourcesCount": {
+                  "properties": {
+                    "avg": {
+                      "type": "long"
+                    },
+                    "max": {
+                      "type": "long"
+                    },
+                    "min": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "emsVectorLayersCount": {
+                  "dynamic": "true",
+                  "type": "object"
+                },
+                "layerTypesCount": {
+                  "dynamic": "true",
+                  "type": "object"
+                },
+                "layersCount": {
+                  "properties": {
+                    "avg": {
+                      "type": "long"
+                    },
+                    "max": {
+                      "type": "long"
+                    },
+                    "min": {
+                      "type": "long"
+                    }
+                  }
+                }
+              }
+            },
+            "indexPatternsWithGeoFieldCount": {
+              "type": "long"
+            },
+            "indexPatternsWithGeoPointFieldCount": {
+              "type": "long"
+            },
+            "indexPatternsWithGeoShapeFieldCount": {
+              "type": "long"
+            },
+            "mapsTotalCount": {
+              "type": "long"
+            },
+            "settings": {
+              "properties": {
+                "showMapVisualizationTypes": {
+                  "type": "boolean"
+                }
+              }
+            },
+            "timeCaptured": {
+              "type": "date"
+            }
+          }
+        },
+        "migrationVersion": {
+          "dynamic": "true",
+          "properties": {
+            "config": {
+              "fields": {
+                "keyword": {
+                  "ignore_above": 256,
+                  "type": "keyword"
+                }
+              },
+              "type": "text"
+            },
+            "index-pattern": {
+              "fields": {
+                "keyword": {
+                  "ignore_above": 256,
+                  "type": "keyword"
+                }
+              },
+              "type": "text"
+            }
+          }
+        },
+        "ml-telemetry": {
+          "properties": {
+            "file_data_visualizer": {
+              "properties": {
+                "index_creation_count": {
+                  "type": "long"
+                }
+              }
+            }
+          }
+        },
+        "namespace": {
+          "type": "keyword"
+        },
+        "namespaces": {
+          "type": "keyword"
+        },
+        "query": {
+          "properties": {
+            "description": {
+              "type": "text"
+            },
+            "filters": {
+              "enabled": false,
+              "type": "object"
+            },
+            "query": {
+              "properties": {
+                "language": {
+                  "type": "keyword"
+                },
+                "query": {
+                  "index": false,
+                  "type": "keyword"
+                }
+              }
+            },
+            "timefilter": {
+              "enabled": false,
+              "type": "object"
+            },
+            "title": {
+              "type": "text"
+            }
+          }
+        },
+        "references": {
+          "properties": {
+            "id": {
+              "type": "keyword"
+            },
+            "name": {
+              "type": "keyword"
+            },
+            "type": {
+              "type": "keyword"
+            }
+          },
+          "type": "nested"
+        },
+        "sample-data-telemetry": {
+          "properties": {
+            "installCount": {
+              "type": "long"
+            },
+            "unInstallCount": {
+              "type": "long"
+            }
+          }
+        },
+        "search": {
+          "properties": {
+            "columns": {
+              "type": "keyword"
+            },
+            "description": {
+              "type": "text"
+            },
+            "hits": {
+              "type": "integer"
+            },
+            "kibanaSavedObjectMeta": {
+              "properties": {
+                "searchSourceJSON": {
+                  "type": "text"
+                }
+              }
+            },
+            "sort": {
+              "type": "keyword"
+            },
+            "title": {
+              "type": "text"
+            },
+            "version": {
+              "type": "integer"
+            }
+          }
+        },
+        "telemetry": {
+          "properties": {
+            "allowChangingOptInStatus": {
+              "type": "boolean"
+            },
+            "enabled": {
+              "type": "boolean"
+            },
+            "lastReported": {
+              "type": "date"
+            },
+            "lastVersionChecked": {
+              "type": "keyword"
+            },
+            "reportFailureCount": {
+              "type": "integer"
+            },
+            "reportFailureVersion": {
+              "type": "keyword"
+            },
+            "sendUsageFrom": {
+              "type": "keyword"
+            },
+            "userHasSeenNotice": {
+              "type": "boolean"
+            }
+          }
+        },
+        "timelion-sheet": {
+          "properties": {
+            "description": {
+              "type": "text"
+            },
+            "hits": {
+              "type": "integer"
+            },
+            "kibanaSavedObjectMeta": {
+              "properties": {
+                "searchSourceJSON": {
+                  "type": "text"
+                }
+              }
+            },
+            "timelion_chart_height": {
+              "type": "integer"
+            },
+            "timelion_columns": {
+              "type": "integer"
+            },
+            "timelion_interval": {
+              "type": "keyword"
+            },
+            "timelion_other_interval": {
+              "type": "keyword"
+            },
+            "timelion_rows": {
+              "type": "integer"
+            },
+            "timelion_sheet": {
+              "type": "text"
+            },
+            "title": {
+              "type": "text"
+            },
+            "version": {
+              "type": "integer"
+            }
+          }
+        },
+        "tsvb-validation-telemetry": {
+          "properties": {
+            "failedRequests": {
+              "type": "long"
+            }
+          }
+        },
+        "type": {
+          "type": "keyword"
+        },
+        "ui-metric": {
+          "properties": {
+            "count": {
+              "type": "integer"
+            }
+          }
+        },
+        "updated_at": {
+          "type": "date"
+        },
+        "upgrade-assistant-reindex-operation": {
+          "properties": {
+            "errorMessage": {
+              "type": "keyword"
+            },
+            "indexName": {
+              "type": "keyword"
+            },
+            "lastCompletedStep": {
+              "type": "integer"
+            },
+            "locked": {
+              "type": "date"
+            },
+            "newIndexName": {
+              "type": "keyword"
+            },
+            "reindexOptions": {
+              "properties": {
+                "openAndClose": {
+                  "type": "boolean"
+                },
+                "queueSettings": {
+                  "properties": {
+                    "queuedAt": {
+                      "type": "long"
+                    },
+                    "startedAt": {
+                      "type": "long"
+                    }
+                  }
+                }
+              }
+            },
+            "reindexTaskId": {
+              "type": "keyword"
+            },
+            "reindexTaskPercComplete": {
+              "type": "float"
+            },
+            "runningReindexCount": {
+              "type": "integer"
+            },
+            "status": {
+              "type": "integer"
+            }
+          }
+        },
+        "upgrade-assistant-telemetry": {
+          "properties": {
+            "features": {
+              "properties": {
+                "deprecation_logging": {
+                  "properties": {
+                    "enabled": {
+                      "null_value": true,
+                      "type": "boolean"
+                    }
+                  }
+                }
+              }
+            },
+            "ui_open": {
+              "properties": {
+                "cluster": {
+                  "null_value": 0,
+                  "type": "long"
+                },
+                "indices": {
+                  "null_value": 0,
+                  "type": "long"
+                },
+                "overview": {
+                  "null_value": 0,
+                  "type": "long"
+                }
+              }
+            },
+            "ui_reindex": {
+              "properties": {
+                "close": {
+                  "null_value": 0,
+                  "type": "long"
+                },
+                "open": {
+                  "null_value": 0,
+                  "type": "long"
+                },
+                "start": {
+                  "null_value": 0,
+                  "type": "long"
+                },
+                "stop": {
+                  "null_value": 0,
+                  "type": "long"
+                }
+              }
+            }
+          }
+        },
+        "uptime-dynamic-settings": {
+          "properties": {
+            "certAgeThreshold": {
+              "type": "long"
+            },
+            "certExpirationThreshold": {
+              "type": "long"
+            },
+            "heartbeatIndices": {
+              "type": "keyword"
+            }
+          }
+        },
+        "url": {
+          "properties": {
+            "accessCount": {
+              "type": "long"
+            },
+            "accessDate": {
+              "type": "date"
+            },
+            "createDate": {
+              "type": "date"
+            },
+            "url": {
+              "fields": {
+                "keyword": {
+                  "type": "keyword"
+                }
+              },
+              "type": "text"
+            }
+          }
+        },
+        "visualization": {
+          "properties": {
+            "description": {
+              "type": "text"
+            },
+            "kibanaSavedObjectMeta": {
+              "properties": {
+                "searchSourceJSON": {
+                  "type": "text"
+                }
+              }
+            },
+            "savedSearchRefName": {
+              "type": "keyword"
+            },
+            "title": {
+              "type": "text"
+            },
+            "uiStateJSON": {
+              "type": "text"
+            },
+            "version": {
+              "type": "integer"
+            },
+            "visState": {
+              "type": "text"
+            }
+          }
+        }
+      }
+    },
+    "settings": {
+      "index": {
+        "auto_expand_replicas": "0-1",
+        "number_of_replicas": "0",
+        "number_of_shards": "1"
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/x-pack/test/functional/es_archives/reporting/scripted_small/data.json.gz b/x-pack/test/functional/es_archives/reporting/scripted_small/data.json.gz
deleted file mode 100644
index 2d6bbce42cc15c..00000000000000
Binary files a/x-pack/test/functional/es_archives/reporting/scripted_small/data.json.gz and /dev/null differ
diff --git a/x-pack/test/functional/es_archives/reporting/scripted_small/mappings.json b/x-pack/test/functional/es_archives/reporting/scripted_small/mappings.json
deleted file mode 100644
index 8c192b21f822af..00000000000000
--- a/x-pack/test/functional/es_archives/reporting/scripted_small/mappings.json
+++ /dev/null
@@ -1,739 +0,0 @@
-{
-  "type": "index",
-  "value": {
-    "aliases": {
-      ".kibana": {
-      }
-    },
-    "index": ".kibana_1",
-    "mappings": {
-      "_meta": {
-        "migrationMappingPropertyHashes": {
-          "apm-telemetry": "0383a570af33654a51c8a1352417bc6b",
-          "canvas-workpad": "b0a1706d356228dbdcb4a17e6b9eb231",
-          "config": "87aca8fdb053154f11383fce3dbf3edf",
-          "dashboard": "eb3789e1af878e73f85304333240f65f",
-          "graph-workspace": "cd7ba1330e6682e9cc00b78850874be1",
-          "index-pattern": "66eccb05066c5a89924f48a9e9736499",
-          "infrastructure-ui-source": "10acdf67d9a06d462e198282fd6d4b81",
-          "kql-telemetry": "d12a98a6f19a2d273696597547e064ee",
-          "map": "23d7aa4a720d4938ccde3983f87bd58d",
-          "maps-telemetry": "a4229f8b16a6820c6d724b7e0c1f729d",
-          "migrationVersion": "4a1746014a75ade3a714e1db5763276f",
-          "ml-telemetry": "257fd1d4b4fdbb9cb4b8a3b27da201e9",
-          "namespace": "2f4316de49999235636386fe51dc06c1",
-          "references": "7997cf5a56cc02bdc9c93361bde732b0",
-          "sample-data-telemetry": "7d3cfeb915303c9641c59681967ffeb4",
-          "search": "181661168bbadd1eff5902361e2a0d5c",
-          "server": "ec97f1c5da1a19609a60874e5af1100c",
-          "space": "0d5011d73a0ef2f0f615bb42f26f187e",
-          "telemetry": "e1c8bc94e443aefd9458932cc0697a4d",
-          "timelion-sheet": "9a2a2748877c7a7b582fef201ab1d4cf",
-          "type": "2f4316de49999235636386fe51dc06c1",
-          "updated_at": "00da57df13e94e9d98437d13ace4bfe0",
-          "upgrade-assistant-reindex-operation": "a53a20fe086b72c9a86da3cc12dad8a6",
-          "upgrade-assistant-telemetry": "56702cec857e0a9dacfb696655b4ff7b",
-          "url": "c7f66a0df8b1b52f17c28c4adb111105",
-          "user-action": "0d409297dc5ebe1e3a1da691c6ee32e3",
-          "visualization": "52d7a13ad68a150c4525b292d23e12cc"
-        }
-      },
-      "dynamic": "strict",
-      "properties": {
-        "apm-telemetry": {
-          "properties": {
-            "has_any_services": {
-              "type": "boolean"
-            },
-            "services_per_agent": {
-              "properties": {
-                "go": {
-                  "null_value": 0,
-                  "type": "long"
-                },
-                "java": {
-                  "null_value": 0,
-                  "type": "long"
-                },
-                "js-base": {
-                  "null_value": 0,
-                  "type": "long"
-                },
-                "nodejs": {
-                  "null_value": 0,
-                  "type": "long"
-                },
-                "python": {
-                  "null_value": 0,
-                  "type": "long"
-                },
-                "ruby": {
-                  "null_value": 0,
-                  "type": "long"
-                },
-                "rum-js": {
-                  "null_value": 0,
-                  "type": "long"
-                }
-              }
-            }
-          }
-        },
-        "canvas-workpad": {
-          "dynamic": "false",
-          "properties": {
-            "@created": {
-              "type": "date"
-            },
-            "@timestamp": {
-              "type": "date"
-            },
-            "name": {
-              "fields": {
-                "keyword": {
-                  "type": "keyword"
-                }
-              },
-              "type": "text"
-            }
-          }
-        },
-        "config": {
-          "dynamic": "true",
-          "properties": {
-            "buildNum": {
-              "type": "keyword"
-            },
-            "dateFormat:tz": {
-              "fields": {
-                "keyword": {
-                  "ignore_above": 256,
-                  "type": "keyword"
-                }
-              },
-              "type": "text"
-            },
-            "defaultIndex": {
-              "fields": {
-                "keyword": {
-                  "ignore_above": 256,
-                  "type": "keyword"
-                }
-              },
-              "type": "text"
-            },
-            "search:queryLanguage": {
-              "fields": {
-                "keyword": {
-                  "ignore_above": 256,
-                  "type": "keyword"
-                }
-              },
-              "type": "text"
-            }
-          }
-        },
-        "dashboard": {
-          "properties": {
-            "description": {
-              "type": "text"
-            },
-            "hits": {
-              "type": "integer"
-            },
-            "kibanaSavedObjectMeta": {
-              "properties": {
-                "searchSourceJSON": {
-                  "type": "text"
-                }
-              }
-            },
-            "optionsJSON": {
-              "type": "text"
-            },
-            "panelsJSON": {
-              "type": "text"
-            },
-            "refreshInterval": {
-              "properties": {
-                "display": {
-                  "type": "keyword"
-                },
-                "pause": {
-                  "type": "boolean"
-                },
-                "section": {
-                  "type": "integer"
-                },
-                "value": {
-                  "type": "integer"
-                }
-              }
-            },
-            "timeFrom": {
-              "type": "keyword"
-            },
-            "timeRestore": {
-              "type": "boolean"
-            },
-            "timeTo": {
-              "type": "keyword"
-            },
-            "title": {
-              "type": "text"
-            },
-            "uiStateJSON": {
-              "type": "text"
-            },
-            "version": {
-              "type": "integer"
-            }
-          }
-        },
-        "graph-workspace": {
-          "properties": {
-            "description": {
-              "type": "text"
-            },
-            "kibanaSavedObjectMeta": {
-              "properties": {
-                "searchSourceJSON": {
-                  "type": "text"
-                }
-              }
-            },
-            "numLinks": {
-              "type": "integer"
-            },
-            "numVertices": {
-              "type": "integer"
-            },
-            "title": {
-              "type": "text"
-            },
-            "version": {
-              "type": "integer"
-            },
-            "wsState": {
-              "type": "text"
-            }
-          }
-        },
-        "index-pattern": {
-          "properties": {
-            "fieldFormatMap": {
-              "type": "text"
-            },
-            "fields": {
-              "type": "text"
-            },
-            "intervalName": {
-              "type": "keyword"
-            },
-            "notExpandable": {
-              "type": "boolean"
-            },
-            "sourceFilters": {
-              "type": "text"
-            },
-            "timeFieldName": {
-              "type": "keyword"
-            },
-            "title": {
-              "type": "text"
-            },
-            "type": {
-              "type": "keyword"
-            },
-            "typeMeta": {
-              "type": "keyword"
-            }
-          }
-        },
-        "infrastructure-ui-source": {
-          "properties": {
-            "description": {
-              "type": "text"
-            },
-            "fields": {
-              "properties": {
-                "container": {
-                  "type": "keyword"
-                },
-                "host": {
-                  "type": "keyword"
-                },
-                "pod": {
-                  "type": "keyword"
-                },
-                "tiebreaker": {
-                  "type": "keyword"
-                },
-                "timestamp": {
-                  "type": "keyword"
-                }
-              }
-            },
-            "logAlias": {
-              "type": "keyword"
-            },
-            "metricAlias": {
-              "type": "keyword"
-            },
-            "name": {
-              "type": "text"
-            }
-          }
-        },
-        "kql-telemetry": {
-          "properties": {
-            "optInCount": {
-              "type": "long"
-            },
-            "optOutCount": {
-              "type": "long"
-            }
-          }
-        },
-        "map": {
-          "properties": {
-            "bounds": {
-              "type": "geo_shape"
-            },
-            "description": {
-              "type": "text"
-            },
-            "layerListJSON": {
-              "type": "text"
-            },
-            "mapStateJSON": {
-              "type": "text"
-            },
-            "title": {
-              "type": "text"
-            },
-            "uiStateJSON": {
-              "type": "text"
-            },
-            "version": {
-              "type": "integer"
-            }
-          }
-        },
-        "maps-telemetry": {
-          "properties": {
-            "attributesPerMap": {
-              "properties": {
-                "dataSourcesCount": {
-                  "properties": {
-                    "avg": {
-                      "type": "long"
-                    },
-                    "max": {
-                      "type": "long"
-                    },
-                    "min": {
-                      "type": "long"
-                    }
-                  }
-                },
-                "emsVectorLayersCount": {
-                  "dynamic": "true",
-                  "type": "object"
-                },
-                "layerTypesCount": {
-                  "dynamic": "true",
-                  "type": "object"
-                },
-                "layersCount": {
-                  "properties": {
-                    "avg": {
-                      "type": "long"
-                    },
-                    "max": {
-                      "type": "long"
-                    },
-                    "min": {
-                      "type": "long"
-                    }
-                  }
-                }
-              }
-            },
-            "mapsTotalCount": {
-              "type": "long"
-            },
-            "timeCaptured": {
-              "type": "date"
-            }
-          }
-        },
-        "migrationVersion": {
-          "dynamic": "true",
-          "properties": {
-            "dashboard": {
-              "fields": {
-                "keyword": {
-                  "ignore_above": 256,
-                  "type": "keyword"
-                }
-              },
-              "type": "text"
-            },
-            "index-pattern": {
-              "fields": {
-                "keyword": {
-                  "ignore_above": 256,
-                  "type": "keyword"
-                }
-              },
-              "type": "text"
-            },
-            "search": {
-              "fields": {
-                "keyword": {
-                  "ignore_above": 256,
-                  "type": "keyword"
-                }
-              },
-              "type": "text"
-            },
-            "visualization": {
-              "fields": {
-                "keyword": {
-                  "ignore_above": 256,
-                  "type": "keyword"
-                }
-              },
-              "type": "text"
-            }
-          }
-        },
-        "ml-telemetry": {
-          "properties": {
-            "file_data_visualizer": {
-              "properties": {
-                "index_creation_count": {
-                  "type": "long"
-                }
-              }
-            }
-          }
-        },
-        "namespace": {
-          "type": "keyword"
-        },
-        "references": {
-          "properties": {
-            "id": {
-              "type": "keyword"
-            },
-            "name": {
-              "type": "keyword"
-            },
-            "type": {
-              "type": "keyword"
-            }
-          },
-          "type": "nested"
-        },
-        "sample-data-telemetry": {
-          "properties": {
-            "installCount": {
-              "type": "long"
-            },
-            "unInstallCount": {
-              "type": "long"
-            }
-          }
-        },
-        "search": {
-          "properties": {
-            "columns": {
-              "type": "keyword"
-            },
-            "description": {
-              "type": "text"
-            },
-            "hits": {
-              "type": "integer"
-            },
-            "kibanaSavedObjectMeta": {
-              "properties": {
-                "searchSourceJSON": {
-                  "type": "text"
-                }
-              }
-            },
-            "sort": {
-              "type": "keyword"
-            },
-            "title": {
-              "type": "text"
-            },
-            "version": {
-              "type": "integer"
-            }
-          }
-        },
-        "server": {
-          "properties": {
-            "uuid": {
-              "type": "keyword"
-            }
-          }
-        },
-        "space": {
-          "properties": {
-            "_reserved": {
-              "type": "boolean"
-            },
-            "disabledFeatures": {
-              "type": "keyword"
-            },
-            "color": {
-              "type": "keyword"
-            },
-            "description": {
-              "type": "text"
-            },
-            "disabledFeatures": {
-              "type": "keyword"
-            },
-            "initials": {
-              "type": "keyword"
-            },
-            "name": {
-              "fields": {
-                "keyword": {
-                  "ignore_above": 2048,
-                  "type": "keyword"
-                }
-              },
-              "type": "text"
-            }
-          }
-        },
-        "telemetry": {
-          "properties": {
-            "enabled": {
-              "type": "boolean"
-            }
-          }
-        },
-        "timelion-sheet": {
-          "properties": {
-            "description": {
-              "type": "text"
-            },
-            "hits": {
-              "type": "integer"
-            },
-            "kibanaSavedObjectMeta": {
-              "properties": {
-                "searchSourceJSON": {
-                  "type": "text"
-                }
-              }
-            },
-            "timelion_chart_height": {
-              "type": "integer"
-            },
-            "timelion_columns": {
-              "type": "integer"
-            },
-            "timelion_interval": {
-              "type": "keyword"
-            },
-            "timelion_other_interval": {
-              "type": "keyword"
-            },
-            "timelion_rows": {
-              "type": "integer"
-            },
-            "timelion_sheet": {
-              "type": "text"
-            },
-            "title": {
-              "type": "text"
-            },
-            "version": {
-              "type": "integer"
-            }
-          }
-        },
-        "type": {
-          "type": "keyword"
-        },
-        "updated_at": {
-          "type": "date"
-        },
-        "upgrade-assistant-reindex-operation": {
-          "dynamic": "true",
-          "properties": {
-            "indexName": {
-              "type": "keyword"
-            },
-            "status": {
-              "type": "integer"
-            }
-          }
-        },
-        "upgrade-assistant-telemetry": {
-          "properties": {
-            "features": {
-              "properties": {
-                "deprecation_logging": {
-                  "properties": {
-                    "enabled": {
-                      "null_value": true,
-                      "type": "boolean"
-                    }
-                  }
-                }
-              }
-            },
-            "ui_open": {
-              "properties": {
-                "cluster": {
-                  "null_value": 0,
-                  "type": "long"
-                },
-                "indices": {
-                  "null_value": 0,
-                  "type": "long"
-                },
-                "overview": {
-                  "null_value": 0,
-                  "type": "long"
-                }
-              }
-            },
-            "ui_reindex": {
-              "properties": {
-                "close": {
-                  "null_value": 0,
-                  "type": "long"
-                },
-                "open": {
-                  "null_value": 0,
-                  "type": "long"
-                },
-                "start": {
-                  "null_value": 0,
-                  "type": "long"
-                },
-                "stop": {
-                  "null_value": 0,
-                  "type": "long"
-                }
-              }
-            }
-          }
-        },
-        "url": {
-          "properties": {
-            "accessCount": {
-              "type": "long"
-            },
-            "accessDate": {
-              "type": "date"
-            },
-            "createDate": {
-              "type": "date"
-            },
-            "url": {
-              "fields": {
-                "keyword": {
-                  "ignore_above": 2048,
-                  "type": "keyword"
-                }
-              },
-              "type": "text"
-            }
-          }
-        },
-        "user-action": {
-          "properties": {
-            "count": {
-              "type": "integer"
-            }
-          }
-        },
-        "visualization": {
-          "properties": {
-            "description": {
-              "type": "text"
-            },
-            "kibanaSavedObjectMeta": {
-              "properties": {
-                "searchSourceJSON": {
-                  "type": "text"
-                }
-              }
-            },
-            "savedSearchRefName": {
-              "type": "keyword"
-            },
-            "title": {
-              "type": "text"
-            },
-            "uiStateJSON": {
-              "type": "text"
-            },
-            "version": {
-              "type": "integer"
-            },
-            "visState": {
-              "type": "text"
-            }
-          }
-        }
-      }
-    },
-    "settings": {
-      "index": {
-        "auto_expand_replicas": "0-1",
-        "number_of_replicas": "0",
-        "number_of_shards": "1"
-      }
-    }
-  }
-}
-
-{
-  "type": "index",
-  "value": {
-    "aliases": {
-    },
-    "index": "babynames",
-    "mappings": {
-      "properties": {
-        "date": {
-          "type": "date"
-        },
-        "gender": {
-          "type": "keyword"
-        },
-        "name": {
-          "type": "keyword"
-        },
-        "percent": {
-          "type": "float"
-        },
-        "value": {
-          "type": "integer"
-        },
-        "year": {
-          "type": "integer"
-        }
-      }
-    },
-    "settings": {
-      "index": {
-        "number_of_replicas": "0",
-        "number_of_shards": "1"
-      }
-    }
-  }
-}
diff --git a/x-pack/test/functional/es_archives/reporting/scripted_small2/data.json.gz b/x-pack/test/functional/es_archives/reporting/scripted_small2/data.json.gz
new file mode 100644
index 00000000000000..5e421015770b35
Binary files /dev/null and b/x-pack/test/functional/es_archives/reporting/scripted_small2/data.json.gz differ
diff --git a/x-pack/test/functional/es_archives/reporting/scripted_small2/mappings.json b/x-pack/test/functional/es_archives/reporting/scripted_small2/mappings.json
new file mode 100644
index 00000000000000..e1683e54804a35
--- /dev/null
+++ b/x-pack/test/functional/es_archives/reporting/scripted_small2/mappings.json
@@ -0,0 +1,2217 @@
+{
+  "type": "index",
+  "value": {
+    "aliases": {
+      ".kibana": {
+      }
+    },
+    "index": ".kibana_1",
+    "mappings": {
+      "_meta": {
+        "migrationMappingPropertyHashes": {
+          "action": "6e96ac5e648f57523879661ea72525b7",
+          "action_task_params": "a9d49f184ee89641044be0ca2950fa3a",
+          "alert": "7b44fba6773e37c806ce290ea9b7024e",
+          "apm-indices": "9bb9b2bf1fa636ed8619cbab5ce6a1dd",
+          "apm-telemetry": "3525d7c22c42bc80f5e6e9cb3f2b26a2",
+          "application_usage_totals": "c897e4310c5f24b07caaff3db53ae2c1",
+          "application_usage_transactional": "965839e75f809fefe04f92dc4d99722a",
+          "canvas-element": "7390014e1091044523666d97247392fc",
+          "canvas-workpad": "b0a1706d356228dbdcb4a17e6b9eb231",
+          "cases": "32aa96a6d3855ddda53010ae2048ac22",
+          "cases-comments": "c2061fb929f585df57425102fa928b4b",
+          "cases-configure": "42711cbb311976c0687853f4c1354572",
+          "cases-user-actions": "32277330ec6b721abe3b846cfd939a71",
+          "config": "ae24d22d5986d04124cc6568f771066f",
+          "dashboard": "d00f614b29a80360e1190193fd333bab",
+          "file-upload-telemetry": "0ed4d3e1983d1217a30982630897092e",
+          "graph-workspace": "cd7ba1330e6682e9cc00b78850874be1",
+          "index-pattern": "66eccb05066c5a89924f48a9e9736499",
+          "kql-telemetry": "d12a98a6f19a2d273696597547e064ee",
+          "lens": "d33c68a69ff1e78c9888dedd2164ac22",
+          "lens-ui-telemetry": "509bfa5978586998e05f9e303c07a327",
+          "map": "23d7aa4a720d4938ccde3983f87bd58d",
+          "maps-telemetry": "bfd39d88aadadb4be597ea984d433dbe",
+          "migrationVersion": "4a1746014a75ade3a714e1db5763276f",
+          "ml-telemetry": "257fd1d4b4fdbb9cb4b8a3b27da201e9",
+          "namespace": "2f4316de49999235636386fe51dc06c1",
+          "namespaces": "2f4316de49999235636386fe51dc06c1",
+          "query": "11aaeb7f5f7fa5bb43f25e18ce26e7d9",
+          "references": "7997cf5a56cc02bdc9c93361bde732b0",
+          "sample-data-telemetry": "7d3cfeb915303c9641c59681967ffeb4",
+          "search": "181661168bbadd1eff5902361e2a0d5c",
+          "telemetry": "36a616f7026dfa617d6655df850fe16d",
+          "timelion-sheet": "9a2a2748877c7a7b582fef201ab1d4cf",
+          "tsvb-validation-telemetry": "3a37ef6c8700ae6fc97d5c7da00e9215",
+          "type": "2f4316de49999235636386fe51dc06c1",
+          "ui-metric": "0d409297dc5ebe1e3a1da691c6ee32e3",
+          "updated_at": "00da57df13e94e9d98437d13ace4bfe0",
+          "upgrade-assistant-reindex-operation": "296a89039fc4260292be36b1b005d8f2",
+          "upgrade-assistant-telemetry": "56702cec857e0a9dacfb696655b4ff7b",
+          "uptime-dynamic-settings": "fcdb453a30092f022f2642db29523d80",
+          "url": "b675c3be8d76ecf029294d51dc7ec65d",
+          "visualization": "52d7a13ad68a150c4525b292d23e12cc"
+        }
+      },
+      "dynamic": "strict",
+      "properties": {
+        "action": {
+          "properties": {
+            "actionTypeId": {
+              "type": "keyword"
+            },
+            "config": {
+              "enabled": false,
+              "type": "object"
+            },
+            "name": {
+              "fields": {
+                "keyword": {
+                  "type": "keyword"
+                }
+              },
+              "type": "text"
+            },
+            "secrets": {
+              "type": "binary"
+            }
+          }
+        },
+        "action_task_params": {
+          "properties": {
+            "actionId": {
+              "type": "keyword"
+            },
+            "apiKey": {
+              "type": "binary"
+            },
+            "params": {
+              "enabled": false,
+              "type": "object"
+            }
+          }
+        },
+        "alert": {
+          "properties": {
+            "actions": {
+              "properties": {
+                "actionRef": {
+                  "type": "keyword"
+                },
+                "actionTypeId": {
+                  "type": "keyword"
+                },
+                "group": {
+                  "type": "keyword"
+                },
+                "params": {
+                  "enabled": false,
+                  "type": "object"
+                }
+              },
+              "type": "nested"
+            },
+            "alertTypeId": {
+              "type": "keyword"
+            },
+            "apiKey": {
+              "type": "binary"
+            },
+            "apiKeyOwner": {
+              "type": "keyword"
+            },
+            "consumer": {
+              "type": "keyword"
+            },
+            "createdAt": {
+              "type": "date"
+            },
+            "createdBy": {
+              "type": "keyword"
+            },
+            "enabled": {
+              "type": "boolean"
+            },
+            "muteAll": {
+              "type": "boolean"
+            },
+            "mutedInstanceIds": {
+              "type": "keyword"
+            },
+            "name": {
+              "fields": {
+                "keyword": {
+                  "type": "keyword"
+                }
+              },
+              "type": "text"
+            },
+            "params": {
+              "enabled": false,
+              "type": "object"
+            },
+            "schedule": {
+              "properties": {
+                "interval": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "scheduledTaskId": {
+              "type": "keyword"
+            },
+            "tags": {
+              "type": "keyword"
+            },
+            "throttle": {
+              "type": "keyword"
+            },
+            "updatedBy": {
+              "type": "keyword"
+            }
+          }
+        },
+        "apm-indices": {
+          "properties": {
+            "apm_oss": {
+              "properties": {
+                "errorIndices": {
+                  "type": "keyword"
+                },
+                "metricsIndices": {
+                  "type": "keyword"
+                },
+                "onboardingIndices": {
+                  "type": "keyword"
+                },
+                "sourcemapIndices": {
+                  "type": "keyword"
+                },
+                "spanIndices": {
+                  "type": "keyword"
+                },
+                "transactionIndices": {
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        },
+        "apm-telemetry": {
+          "properties": {
+            "agents": {
+              "properties": {
+                "dotnet": {
+                  "properties": {
+                    "agent": {
+                      "properties": {
+                        "version": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        }
+                      }
+                    },
+                    "service": {
+                      "properties": {
+                        "framework": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "language": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "runtime": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                },
+                "go": {
+                  "properties": {
+                    "agent": {
+                      "properties": {
+                        "version": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        }
+                      }
+                    },
+                    "service": {
+                      "properties": {
+                        "framework": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "language": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "runtime": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                },
+                "java": {
+                  "properties": {
+                    "agent": {
+                      "properties": {
+                        "version": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        }
+                      }
+                    },
+                    "service": {
+                      "properties": {
+                        "framework": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "language": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "runtime": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                },
+                "js-base": {
+                  "properties": {
+                    "agent": {
+                      "properties": {
+                        "version": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        }
+                      }
+                    },
+                    "service": {
+                      "properties": {
+                        "framework": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "language": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "runtime": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                },
+                "nodejs": {
+                  "properties": {
+                    "agent": {
+                      "properties": {
+                        "version": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        }
+                      }
+                    },
+                    "service": {
+                      "properties": {
+                        "framework": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "language": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "runtime": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                },
+                "python": {
+                  "properties": {
+                    "agent": {
+                      "properties": {
+                        "version": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        }
+                      }
+                    },
+                    "service": {
+                      "properties": {
+                        "framework": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "language": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "runtime": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                },
+                "ruby": {
+                  "properties": {
+                    "agent": {
+                      "properties": {
+                        "version": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        }
+                      }
+                    },
+                    "service": {
+                      "properties": {
+                        "framework": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "language": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "runtime": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                },
+                "rum-js": {
+                  "properties": {
+                    "agent": {
+                      "properties": {
+                        "version": {
+                          "ignore_above": 1024,
+                          "type": "keyword"
+                        }
+                      }
+                    },
+                    "service": {
+                      "properties": {
+                        "framework": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "language": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        },
+                        "runtime": {
+                          "properties": {
+                            "composite": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "name": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            },
+                            "version": {
+                              "ignore_above": 1024,
+                              "type": "keyword"
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                }
+              }
+            },
+            "cardinality": {
+              "properties": {
+                "transaction": {
+                  "properties": {
+                    "name": {
+                      "properties": {
+                        "all_agents": {
+                          "properties": {
+                            "1d": {
+                              "type": "long"
+                            }
+                          }
+                        },
+                        "rum": {
+                          "properties": {
+                            "1d": {
+                              "type": "long"
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                },
+                "user_agent": {
+                  "properties": {
+                    "original": {
+                      "properties": {
+                        "all_agents": {
+                          "properties": {
+                            "1d": {
+                              "type": "long"
+                            }
+                          }
+                        },
+                        "rum": {
+                          "properties": {
+                            "1d": {
+                              "type": "long"
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                }
+              }
+            },
+            "counts": {
+              "properties": {
+                "agent_configuration": {
+                  "properties": {
+                    "all": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "error": {
+                  "properties": {
+                    "1d": {
+                      "type": "long"
+                    },
+                    "all": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "max_error_groups_per_service": {
+                  "properties": {
+                    "1d": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "max_transaction_groups_per_service": {
+                  "properties": {
+                    "1d": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "metric": {
+                  "properties": {
+                    "1d": {
+                      "type": "long"
+                    },
+                    "all": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "onboarding": {
+                  "properties": {
+                    "1d": {
+                      "type": "long"
+                    },
+                    "all": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "services": {
+                  "properties": {
+                    "1d": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "sourcemap": {
+                  "properties": {
+                    "1d": {
+                      "type": "long"
+                    },
+                    "all": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "span": {
+                  "properties": {
+                    "1d": {
+                      "type": "long"
+                    },
+                    "all": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "traces": {
+                  "properties": {
+                    "1d": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "transaction": {
+                  "properties": {
+                    "1d": {
+                      "type": "long"
+                    },
+                    "all": {
+                      "type": "long"
+                    }
+                  }
+                }
+              }
+            },
+            "has_any_services": {
+              "type": "boolean"
+            },
+            "indices": {
+              "properties": {
+                "all": {
+                  "properties": {
+                    "total": {
+                      "properties": {
+                        "docs": {
+                          "properties": {
+                            "count": {
+                              "type": "long"
+                            }
+                          }
+                        },
+                        "store": {
+                          "properties": {
+                            "size_in_bytes": {
+                              "type": "long"
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                },
+                "shards": {
+                  "properties": {
+                    "total": {
+                      "type": "long"
+                    }
+                  }
+                }
+              }
+            },
+            "integrations": {
+              "properties": {
+                "ml": {
+                  "properties": {
+                    "all_jobs_count": {
+                      "type": "long"
+                    }
+                  }
+                }
+              }
+            },
+            "retainment": {
+              "properties": {
+                "error": {
+                  "properties": {
+                    "ms": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "metric": {
+                  "properties": {
+                    "ms": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "onboarding": {
+                  "properties": {
+                    "ms": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "span": {
+                  "properties": {
+                    "ms": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "transaction": {
+                  "properties": {
+                    "ms": {
+                      "type": "long"
+                    }
+                  }
+                }
+              }
+            },
+            "services_per_agent": {
+              "properties": {
+                "dotnet": {
+                  "null_value": 0,
+                  "type": "long"
+                },
+                "go": {
+                  "null_value": 0,
+                  "type": "long"
+                },
+                "java": {
+                  "null_value": 0,
+                  "type": "long"
+                },
+                "js-base": {
+                  "null_value": 0,
+                  "type": "long"
+                },
+                "nodejs": {
+                  "null_value": 0,
+                  "type": "long"
+                },
+                "python": {
+                  "null_value": 0,
+                  "type": "long"
+                },
+                "ruby": {
+                  "null_value": 0,
+                  "type": "long"
+                },
+                "rum-js": {
+                  "null_value": 0,
+                  "type": "long"
+                }
+              }
+            },
+            "tasks": {
+              "properties": {
+                "agent_configuration": {
+                  "properties": {
+                    "took": {
+                      "properties": {
+                        "ms": {
+                          "type": "long"
+                        }
+                      }
+                    }
+                  }
+                },
+                "agents": {
+                  "properties": {
+                    "took": {
+                      "properties": {
+                        "ms": {
+                          "type": "long"
+                        }
+                      }
+                    }
+                  }
+                },
+                "cardinality": {
+                  "properties": {
+                    "took": {
+                      "properties": {
+                        "ms": {
+                          "type": "long"
+                        }
+                      }
+                    }
+                  }
+                },
+                "groupings": {
+                  "properties": {
+                    "took": {
+                      "properties": {
+                        "ms": {
+                          "type": "long"
+                        }
+                      }
+                    }
+                  }
+                },
+                "indices_stats": {
+                  "properties": {
+                    "took": {
+                      "properties": {
+                        "ms": {
+                          "type": "long"
+                        }
+                      }
+                    }
+                  }
+                },
+                "integrations": {
+                  "properties": {
+                    "took": {
+                      "properties": {
+                        "ms": {
+                          "type": "long"
+                        }
+                      }
+                    }
+                  }
+                },
+                "processor_events": {
+                  "properties": {
+                    "took": {
+                      "properties": {
+                        "ms": {
+                          "type": "long"
+                        }
+                      }
+                    }
+                  }
+                },
+                "services": {
+                  "properties": {
+                    "took": {
+                      "properties": {
+                        "ms": {
+                          "type": "long"
+                        }
+                      }
+                    }
+                  }
+                },
+                "versions": {
+                  "properties": {
+                    "took": {
+                      "properties": {
+                        "ms": {
+                          "type": "long"
+                        }
+                      }
+                    }
+                  }
+                }
+              }
+            },
+            "version": {
+              "properties": {
+                "apm_server": {
+                  "properties": {
+                    "major": {
+                      "type": "long"
+                    },
+                    "minor": {
+                      "type": "long"
+                    },
+                    "patch": {
+                      "type": "long"
+                    }
+                  }
+                }
+              }
+            }
+          }
+        },
+        "application_usage_totals": {
+          "properties": {
+            "appId": {
+              "type": "keyword"
+            },
+            "minutesOnScreen": {
+              "type": "float"
+            },
+            "numberOfClicks": {
+              "type": "long"
+            }
+          }
+        },
+        "application_usage_transactional": {
+          "properties": {
+            "appId": {
+              "type": "keyword"
+            },
+            "minutesOnScreen": {
+              "type": "float"
+            },
+            "numberOfClicks": {
+              "type": "long"
+            },
+            "timestamp": {
+              "type": "date"
+            }
+          }
+        },
+        "canvas-element": {
+          "dynamic": "false",
+          "properties": {
+            "@created": {
+              "type": "date"
+            },
+            "@timestamp": {
+              "type": "date"
+            },
+            "content": {
+              "type": "text"
+            },
+            "help": {
+              "type": "text"
+            },
+            "image": {
+              "type": "text"
+            },
+            "name": {
+              "fields": {
+                "keyword": {
+                  "type": "keyword"
+                }
+              },
+              "type": "text"
+            }
+          }
+        },
+        "canvas-workpad": {
+          "dynamic": "false",
+          "properties": {
+            "@created": {
+              "type": "date"
+            },
+            "@timestamp": {
+              "type": "date"
+            },
+            "name": {
+              "fields": {
+                "keyword": {
+                  "type": "keyword"
+                }
+              },
+              "type": "text"
+            }
+          }
+        },
+        "cases": {
+          "properties": {
+            "closed_at": {
+              "type": "date"
+            },
+            "closed_by": {
+              "properties": {
+                "email": {
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "type": "keyword"
+                },
+                "username": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "connector_id": {
+              "type": "keyword"
+            },
+            "created_at": {
+              "type": "date"
+            },
+            "created_by": {
+              "properties": {
+                "email": {
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "type": "keyword"
+                },
+                "username": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "description": {
+              "type": "text"
+            },
+            "external_service": {
+              "properties": {
+                "connector_id": {
+                  "type": "keyword"
+                },
+                "connector_name": {
+                  "type": "keyword"
+                },
+                "external_id": {
+                  "type": "keyword"
+                },
+                "external_title": {
+                  "type": "text"
+                },
+                "external_url": {
+                  "type": "text"
+                },
+                "pushed_at": {
+                  "type": "date"
+                },
+                "pushed_by": {
+                  "properties": {
+                    "email": {
+                      "type": "keyword"
+                    },
+                    "full_name": {
+                      "type": "keyword"
+                    },
+                    "username": {
+                      "type": "keyword"
+                    }
+                  }
+                }
+              }
+            },
+            "status": {
+              "type": "keyword"
+            },
+            "tags": {
+              "type": "keyword"
+            },
+            "title": {
+              "type": "keyword"
+            },
+            "updated_at": {
+              "type": "date"
+            },
+            "updated_by": {
+              "properties": {
+                "email": {
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "type": "keyword"
+                },
+                "username": {
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        },
+        "cases-comments": {
+          "properties": {
+            "comment": {
+              "type": "text"
+            },
+            "created_at": {
+              "type": "date"
+            },
+            "created_by": {
+              "properties": {
+                "email": {
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "type": "keyword"
+                },
+                "username": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "pushed_at": {
+              "type": "date"
+            },
+            "pushed_by": {
+              "properties": {
+                "email": {
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "type": "keyword"
+                },
+                "username": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "updated_at": {
+              "type": "date"
+            },
+            "updated_by": {
+              "properties": {
+                "email": {
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "type": "keyword"
+                },
+                "username": {
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        },
+        "cases-configure": {
+          "properties": {
+            "closure_type": {
+              "type": "keyword"
+            },
+            "connector_id": {
+              "type": "keyword"
+            },
+            "connector_name": {
+              "type": "keyword"
+            },
+            "created_at": {
+              "type": "date"
+            },
+            "created_by": {
+              "properties": {
+                "email": {
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "type": "keyword"
+                },
+                "username": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "updated_at": {
+              "type": "date"
+            },
+            "updated_by": {
+              "properties": {
+                "email": {
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "type": "keyword"
+                },
+                "username": {
+                  "type": "keyword"
+                }
+              }
+            }
+          }
+        },
+        "cases-user-actions": {
+          "properties": {
+            "action": {
+              "type": "keyword"
+            },
+            "action_at": {
+              "type": "date"
+            },
+            "action_by": {
+              "properties": {
+                "email": {
+                  "type": "keyword"
+                },
+                "full_name": {
+                  "type": "keyword"
+                },
+                "username": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "action_field": {
+              "type": "keyword"
+            },
+            "new_value": {
+              "type": "text"
+            },
+            "old_value": {
+              "type": "text"
+            }
+          }
+        },
+        "config": {
+          "dynamic": "true",
+          "properties": {
+            "buildNum": {
+              "type": "keyword"
+            },
+            "dateFormat:tz": {
+              "fields": {
+                "keyword": {
+                  "ignore_above": 256,
+                  "type": "keyword"
+                }
+              },
+              "type": "text"
+            },
+            "defaultIndex": {
+              "fields": {
+                "keyword": {
+                  "ignore_above": 256,
+                  "type": "keyword"
+                }
+              },
+              "type": "text"
+            },
+            "search:queryLanguage": {
+              "fields": {
+                "keyword": {
+                  "ignore_above": 256,
+                  "type": "keyword"
+                }
+              },
+              "type": "text"
+            }
+          }
+        },
+        "dashboard": {
+          "properties": {
+            "description": {
+              "type": "text"
+            },
+            "hits": {
+              "type": "integer"
+            },
+            "kibanaSavedObjectMeta": {
+              "properties": {
+                "searchSourceJSON": {
+                  "type": "text"
+                }
+              }
+            },
+            "optionsJSON": {
+              "type": "text"
+            },
+            "panelsJSON": {
+              "type": "text"
+            },
+            "refreshInterval": {
+              "properties": {
+                "display": {
+                  "type": "keyword"
+                },
+                "pause": {
+                  "type": "boolean"
+                },
+                "section": {
+                  "type": "integer"
+                },
+                "value": {
+                  "type": "integer"
+                }
+              }
+            },
+            "timeFrom": {
+              "type": "keyword"
+            },
+            "timeRestore": {
+              "type": "boolean"
+            },
+            "timeTo": {
+              "type": "keyword"
+            },
+            "title": {
+              "type": "text"
+            },
+            "version": {
+              "type": "integer"
+            }
+          }
+        },
+        "file-upload-telemetry": {
+          "properties": {
+            "filesUploadedTotalCount": {
+              "type": "long"
+            }
+          }
+        },
+        "graph-workspace": {
+          "properties": {
+            "description": {
+              "type": "text"
+            },
+            "kibanaSavedObjectMeta": {
+              "properties": {
+                "searchSourceJSON": {
+                  "type": "text"
+                }
+              }
+            },
+            "numLinks": {
+              "type": "integer"
+            },
+            "numVertices": {
+              "type": "integer"
+            },
+            "title": {
+              "type": "text"
+            },
+            "version": {
+              "type": "integer"
+            },
+            "wsState": {
+              "type": "text"
+            }
+          }
+        },
+        "index-pattern": {
+          "properties": {
+            "fieldFormatMap": {
+              "type": "text"
+            },
+            "fields": {
+              "type": "text"
+            },
+            "intervalName": {
+              "type": "keyword"
+            },
+            "notExpandable": {
+              "type": "boolean"
+            },
+            "sourceFilters": {
+              "type": "text"
+            },
+            "timeFieldName": {
+              "type": "keyword"
+            },
+            "title": {
+              "type": "text"
+            },
+            "type": {
+              "type": "keyword"
+            },
+            "typeMeta": {
+              "type": "keyword"
+            }
+          }
+        },
+        "infrastructure-ui-source": {
+          "properties": {
+            "description": {
+              "type": "text"
+            },
+            "fields": {
+              "properties": {
+                "container": {
+                  "type": "keyword"
+                },
+                "host": {
+                  "type": "keyword"
+                },
+                "pod": {
+                  "type": "keyword"
+                },
+                "tiebreaker": {
+                  "type": "keyword"
+                },
+                "timestamp": {
+                  "type": "keyword"
+                }
+              }
+            },
+            "logAlias": {
+              "type": "keyword"
+            },
+            "metricAlias": {
+              "type": "keyword"
+            },
+            "name": {
+              "type": "text"
+            }
+          }
+        },
+        "kql-telemetry": {
+          "properties": {
+            "optInCount": {
+              "type": "long"
+            },
+            "optOutCount": {
+              "type": "long"
+            }
+          }
+        },
+        "lens": {
+          "properties": {
+            "description": {
+              "type": "text"
+            },
+            "expression": {
+              "index": false,
+              "type": "keyword"
+            },
+            "state": {
+              "type": "flattened"
+            },
+            "title": {
+              "type": "text"
+            },
+            "visualizationType": {
+              "type": "keyword"
+            }
+          }
+        },
+        "lens-ui-telemetry": {
+          "properties": {
+            "count": {
+              "type": "integer"
+            },
+            "date": {
+              "type": "date"
+            },
+            "name": {
+              "type": "keyword"
+            },
+            "type": {
+              "type": "keyword"
+            }
+          }
+        },
+        "map": {
+          "properties": {
+            "bounds": {
+              "type": "geo_shape"
+            },
+            "description": {
+              "type": "text"
+            },
+            "layerListJSON": {
+              "type": "text"
+            },
+            "mapStateJSON": {
+              "type": "text"
+            },
+            "title": {
+              "type": "text"
+            },
+            "uiStateJSON": {
+              "type": "text"
+            },
+            "version": {
+              "type": "integer"
+            }
+          }
+        },
+        "maps-telemetry": {
+          "properties": {
+            "attributesPerMap": {
+              "properties": {
+                "dataSourcesCount": {
+                  "properties": {
+                    "avg": {
+                      "type": "long"
+                    },
+                    "max": {
+                      "type": "long"
+                    },
+                    "min": {
+                      "type": "long"
+                    }
+                  }
+                },
+                "emsVectorLayersCount": {
+                  "dynamic": "true",
+                  "type": "object"
+                },
+                "layerTypesCount": {
+                  "dynamic": "true",
+                  "type": "object"
+                },
+                "layersCount": {
+                  "properties": {
+                    "avg": {
+                      "type": "long"
+                    },
+                    "max": {
+                      "type": "long"
+                    },
+                    "min": {
+                      "type": "long"
+                    }
+                  }
+                }
+              }
+            },
+            "indexPatternsWithGeoFieldCount": {
+              "type": "long"
+            },
+            "indexPatternsWithGeoPointFieldCount": {
+              "type": "long"
+            },
+            "indexPatternsWithGeoShapeFieldCount": {
+              "type": "long"
+            },
+            "mapsTotalCount": {
+              "type": "long"
+            },
+            "settings": {
+              "properties": {
+                "showMapVisualizationTypes": {
+                  "type": "boolean"
+                }
+              }
+            },
+            "timeCaptured": {
+              "type": "date"
+            }
+          }
+        },
+        "migrationVersion": {
+          "dynamic": "true",
+          "properties": {
+            "dashboard": {
+              "fields": {
+                "keyword": {
+                  "ignore_above": 256,
+                  "type": "keyword"
+                }
+              },
+              "type": "text"
+            },
+            "index-pattern": {
+              "fields": {
+                "keyword": {
+                  "ignore_above": 256,
+                  "type": "keyword"
+                }
+              },
+              "type": "text"
+            },
+            "search": {
+              "fields": {
+                "keyword": {
+                  "ignore_above": 256,
+                  "type": "keyword"
+                }
+              },
+              "type": "text"
+            }
+          }
+        },
+        "ml-telemetry": {
+          "properties": {
+            "file_data_visualizer": {
+              "properties": {
+                "index_creation_count": {
+                  "type": "long"
+                }
+              }
+            }
+          }
+        },
+        "namespace": {
+          "type": "keyword"
+        },
+        "namespaces": {
+          "type": "keyword"
+        },
+        "query": {
+          "properties": {
+            "description": {
+              "type": "text"
+            },
+            "filters": {
+              "enabled": false,
+              "type": "object"
+            },
+            "query": {
+              "properties": {
+                "language": {
+                  "type": "keyword"
+                },
+                "query": {
+                  "index": false,
+                  "type": "keyword"
+                }
+              }
+            },
+            "timefilter": {
+              "enabled": false,
+              "type": "object"
+            },
+            "title": {
+              "type": "text"
+            }
+          }
+        },
+        "references": {
+          "properties": {
+            "id": {
+              "type": "keyword"
+            },
+            "name": {
+              "type": "keyword"
+            },
+            "type": {
+              "type": "keyword"
+            }
+          },
+          "type": "nested"
+        },
+        "sample-data-telemetry": {
+          "properties": {
+            "installCount": {
+              "type": "long"
+            },
+            "unInstallCount": {
+              "type": "long"
+            }
+          }
+        },
+        "search": {
+          "properties": {
+            "columns": {
+              "type": "keyword"
+            },
+            "description": {
+              "type": "text"
+            },
+            "hits": {
+              "type": "integer"
+            },
+            "kibanaSavedObjectMeta": {
+              "properties": {
+                "searchSourceJSON": {
+                  "type": "text"
+                }
+              }
+            },
+            "sort": {
+              "type": "keyword"
+            },
+            "title": {
+              "type": "text"
+            },
+            "version": {
+              "type": "integer"
+            }
+          }
+        },
+        "server": {
+          "properties": {
+            "uuid": {
+              "type": "keyword"
+            }
+          }
+        },
+        "space": {
+          "properties": {
+            "_reserved": {
+              "type": "boolean"
+            },
+            "color": {
+              "type": "keyword"
+            },
+            "description": {
+              "type": "text"
+            },
+            "disabledFeatures": {
+              "type": "keyword"
+            },
+            "initials": {
+              "type": "keyword"
+            },
+            "name": {
+              "fields": {
+                "keyword": {
+                  "ignore_above": 2048,
+                  "type": "keyword"
+                }
+              },
+              "type": "text"
+            }
+          }
+        },
+        "telemetry": {
+          "properties": {
+            "allowChangingOptInStatus": {
+              "type": "boolean"
+            },
+            "enabled": {
+              "type": "boolean"
+            },
+            "lastReported": {
+              "type": "date"
+            },
+            "lastVersionChecked": {
+              "type": "keyword"
+            },
+            "reportFailureCount": {
+              "type": "integer"
+            },
+            "reportFailureVersion": {
+              "type": "keyword"
+            },
+            "sendUsageFrom": {
+              "type": "keyword"
+            },
+            "userHasSeenNotice": {
+              "type": "boolean"
+            }
+          }
+        },
+        "timelion-sheet": {
+          "properties": {
+            "description": {
+              "type": "text"
+            },
+            "hits": {
+              "type": "integer"
+            },
+            "kibanaSavedObjectMeta": {
+              "properties": {
+                "searchSourceJSON": {
+                  "type": "text"
+                }
+              }
+            },
+            "timelion_chart_height": {
+              "type": "integer"
+            },
+            "timelion_columns": {
+              "type": "integer"
+            },
+            "timelion_interval": {
+              "type": "keyword"
+            },
+            "timelion_other_interval": {
+              "type": "keyword"
+            },
+            "timelion_rows": {
+              "type": "integer"
+            },
+            "timelion_sheet": {
+              "type": "text"
+            },
+            "title": {
+              "type": "text"
+            },
+            "version": {
+              "type": "integer"
+            }
+          }
+        },
+        "tsvb-validation-telemetry": {
+          "properties": {
+            "failedRequests": {
+              "type": "long"
+            }
+          }
+        },
+        "type": {
+          "type": "keyword"
+        },
+        "ui-metric": {
+          "properties": {
+            "count": {
+              "type": "integer"
+            }
+          }
+        },
+        "updated_at": {
+          "type": "date"
+        },
+        "upgrade-assistant-reindex-operation": {
+          "properties": {
+            "errorMessage": {
+              "type": "keyword"
+            },
+            "indexName": {
+              "type": "keyword"
+            },
+            "lastCompletedStep": {
+              "type": "integer"
+            },
+            "locked": {
+              "type": "date"
+            },
+            "newIndexName": {
+              "type": "keyword"
+            },
+            "reindexOptions": {
+              "properties": {
+                "openAndClose": {
+                  "type": "boolean"
+                },
+                "queueSettings": {
+                  "properties": {
+                    "queuedAt": {
+                      "type": "long"
+                    },
+                    "startedAt": {
+                      "type": "long"
+                    }
+                  }
+                }
+              }
+            },
+            "reindexTaskId": {
+              "type": "keyword"
+            },
+            "reindexTaskPercComplete": {
+              "type": "float"
+            },
+            "runningReindexCount": {
+              "type": "integer"
+            },
+            "status": {
+              "type": "integer"
+            }
+          }
+        },
+        "upgrade-assistant-telemetry": {
+          "properties": {
+            "features": {
+              "properties": {
+                "deprecation_logging": {
+                  "properties": {
+                    "enabled": {
+                      "null_value": true,
+                      "type": "boolean"
+                    }
+                  }
+                }
+              }
+            },
+            "ui_open": {
+              "properties": {
+                "cluster": {
+                  "null_value": 0,
+                  "type": "long"
+                },
+                "indices": {
+                  "null_value": 0,
+                  "type": "long"
+                },
+                "overview": {
+                  "null_value": 0,
+                  "type": "long"
+                }
+              }
+            },
+            "ui_reindex": {
+              "properties": {
+                "close": {
+                  "null_value": 0,
+                  "type": "long"
+                },
+                "open": {
+                  "null_value": 0,
+                  "type": "long"
+                },
+                "start": {
+                  "null_value": 0,
+                  "type": "long"
+                },
+                "stop": {
+                  "null_value": 0,
+                  "type": "long"
+                }
+              }
+            }
+          }
+        },
+        "uptime-dynamic-settings": {
+          "properties": {
+            "certAgeThreshold": {
+              "type": "long"
+            },
+            "certExpirationThreshold": {
+              "type": "long"
+            },
+            "heartbeatIndices": {
+              "type": "keyword"
+            }
+          }
+        },
+        "url": {
+          "properties": {
+            "accessCount": {
+              "type": "long"
+            },
+            "accessDate": {
+              "type": "date"
+            },
+            "createDate": {
+              "type": "date"
+            },
+            "url": {
+              "fields": {
+                "keyword": {
+                  "type": "keyword"
+                }
+              },
+              "type": "text"
+            }
+          }
+        },
+        "user-action": {
+          "properties": {
+            "count": {
+              "type": "integer"
+            }
+          }
+        },
+        "visualization": {
+          "properties": {
+            "description": {
+              "type": "text"
+            },
+            "kibanaSavedObjectMeta": {
+              "properties": {
+                "searchSourceJSON": {
+                  "type": "text"
+                }
+              }
+            },
+            "savedSearchRefName": {
+              "type": "keyword"
+            },
+            "title": {
+              "type": "text"
+            },
+            "uiStateJSON": {
+              "type": "text"
+            },
+            "version": {
+              "type": "integer"
+            },
+            "visState": {
+              "type": "text"
+            }
+          }
+        }
+      }
+    },
+    "settings": {
+      "index": {
+        "auto_expand_replicas": "0-1",
+        "number_of_replicas": "0",
+        "number_of_shards": "1"
+      }
+    }
+  }
+}
+
+{
+  "type": "index",
+  "value": {
+    "aliases": {
+    },
+    "index": "babynames",
+    "mappings": {
+      "properties": {
+        "date": {
+          "type": "date"
+        },
+        "gender": {
+          "type": "keyword"
+        },
+        "name": {
+          "type": "keyword"
+        },
+        "percent": {
+          "type": "float"
+        },
+        "value": {
+          "type": "integer"
+        },
+        "year": {
+          "type": "integer"
+        }
+      }
+    },
+    "settings": {
+      "index": {
+        "number_of_replicas": "0",
+        "number_of_shards": "1"
+      }
+    }
+  }
+}
\ No newline at end of file
diff --git a/x-pack/test/functional_with_es_ssl/apps/triggers_actions_ui/details.ts b/x-pack/test/functional_with_es_ssl/apps/triggers_actions_ui/details.ts
index d86d272c1da8c8..4c33a709d9bf93 100644
--- a/x-pack/test/functional_with_es_ssl/apps/triggers_actions_ui/details.ts
+++ b/x-pack/test/functional_with_es_ssl/apps/triggers_actions_ui/details.ts
@@ -19,7 +19,8 @@ export default ({ getPageObjects, getService }: FtrProviderContext) => {
   const retry = getService('retry');
   const find = getService('find');
 
-  describe('Alert Details', function () {
+  // Failing ES Promotion: https://github.com/elastic/kibana/issues/71559
+  describe.skip('Alert Details', function () {
     describe('Header', function () {
       const testRunUuid = uuid.v4();
       before(async () => {
diff --git a/x-pack/test/ingest_manager_api_integration/config.ts b/x-pack/test/ingest_manager_api_integration/config.ts
index 88ec8d53c1cde9..e3cdf0eff4b3a8 100644
--- a/x-pack/test/ingest_manager_api_integration/config.ts
+++ b/x-pack/test/ingest_manager_api_integration/config.ts
@@ -63,7 +63,7 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
       serverArgs: [
         ...xPackAPITestsConfig.get('kbnTestServer.serverArgs'),
         ...(registryPort
-          ? [`--xpack.ingestManager.epm.registryUrl=http://localhost:${registryPort}`]
+          ? [`--xpack.ingestManager.registryUrl=http://localhost:${registryPort}`]
           : []),
       ],
     },
diff --git a/x-pack/test/reporting_api_integration/fixtures.ts b/x-pack/test/reporting_api_integration/fixtures.ts
index c68e4174989175..f78edf9c6c04fa 100644
--- a/x-pack/test/reporting_api_integration/fixtures.ts
+++ b/x-pack/test/reporting_api_integration/fixtures.ts
@@ -4,159 +4,245 @@
  * you may not use this file except in compliance with the Elastic License.
  */
 
-export const CSV_RESULT_TIMEBASED = `"@timestamp",clientip,extension
-"2015-09-20T10:26:48.725Z","74.214.76.90",jpg
-"2015-09-20T10:26:48.540Z","146.86.123.109",jpg
-"2015-09-20T10:26:48.353Z","233.126.159.144",jpg
-"2015-09-20T10:26:45.468Z","153.139.156.196",png
-"2015-09-20T10:26:34.063Z","25.140.171.133",css
-"2015-09-20T10:26:11.181Z","239.249.202.59",jpg
-"2015-09-20T10:26:00.639Z","95.59.225.31",css
-"2015-09-20T10:26:00.094Z","247.174.57.245",jpg
-"2015-09-20T10:25:55.744Z","116.126.47.226",css
-"2015-09-20T10:25:54.701Z","169.228.188.120",jpg
-"2015-09-20T10:25:52.360Z","74.224.77.232",css
-"2015-09-20T10:25:49.913Z","97.83.96.39",css
-"2015-09-20T10:25:44.979Z","175.188.44.145",css
-"2015-09-20T10:25:40.968Z","89.143.125.181",jpg
-"2015-09-20T10:25:36.331Z","231.169.195.137",css
-"2015-09-20T10:25:34.064Z","137.205.146.206",jpg
-"2015-09-20T10:25:32.312Z","53.0.188.251",jpg
-"2015-09-20T10:25:27.254Z","111.214.104.239",jpg
-"2015-09-20T10:25:22.561Z","111.46.85.146",jpg
-"2015-09-20T10:25:06.674Z","55.100.60.111",jpg
-"2015-09-20T10:25:05.114Z","34.197.178.155",jpg
-"2015-09-20T10:24:55.114Z","163.123.136.118",jpg
-"2015-09-20T10:24:54.818Z","11.195.163.57",jpg
-"2015-09-20T10:24:53.742Z","96.222.137.213",png
-"2015-09-20T10:24:48.798Z","227.228.214.218",jpg
-"2015-09-20T10:24:20.223Z","228.53.110.116",jpg
-"2015-09-20T10:24:01.794Z","196.131.253.111",png
-"2015-09-20T10:23:49.521Z","125.163.133.47",jpg
-"2015-09-20T10:23:45.816Z","148.47.216.255",jpg
-"2015-09-20T10:23:36.052Z","51.105.100.214",jpg
-"2015-09-20T10:23:34.323Z","41.210.252.157",gif
-"2015-09-20T10:23:27.213Z","248.163.75.193",png
-"2015-09-20T10:23:14.866Z","48.43.210.167",png
-"2015-09-20T10:23:10.578Z","33.95.78.209",css
-"2015-09-20T10:23:07.001Z","96.40.73.208",css
-"2015-09-20T10:23:02.876Z","174.32.230.63",jpg
-"2015-09-20T10:23:00.019Z","140.233.207.177",jpg
-"2015-09-20T10:22:47.447Z","37.127.124.65",jpg
-"2015-09-20T10:22:45.803Z","130.171.208.139",png
-"2015-09-20T10:22:45.590Z","39.250.210.253",jpg
-"2015-09-20T10:22:43.997Z","248.239.221.43",css
-"2015-09-20T10:22:36.107Z","232.64.207.109",gif
-"2015-09-20T10:22:30.527Z","24.186.122.118",jpg
-"2015-09-20T10:22:25.697Z","23.3.174.206",jpg
-"2015-09-20T10:22:08.272Z","185.170.80.142",php
-"2015-09-20T10:21:40.822Z","202.22.74.232",png
-"2015-09-20T10:21:36.210Z","39.227.27.167",jpg
-"2015-09-20T10:21:19.154Z","140.233.207.177",jpg
-"2015-09-20T10:21:09.852Z","22.151.97.227",jpg
-"2015-09-20T10:21:06.079Z","157.39.25.197",css
-"2015-09-20T10:21:01.357Z","37.127.124.65",jpg
-"2015-09-20T10:20:56.519Z","23.184.94.58",jpg
-"2015-09-20T10:20:40.189Z","80.83.92.252",jpg
-"2015-09-20T10:20:27.012Z","66.194.157.171",png
-"2015-09-20T10:20:24.450Z","15.191.218.38",jpg
-"2015-09-20T10:19:45.764Z","199.113.69.162",jpg
-"2015-09-20T10:19:43.754Z","171.243.18.67",gif
-"2015-09-20T10:19:41.208Z","126.87.234.213",jpg
-"2015-09-20T10:19:40.307Z","78.216.173.242",css
+export const CSV_RESULT_TIMEBASED_UTC = `"@timestamp",clientip,extension
+"Sep 20, 2015 @ 10:26:48.725","74.214.76.90",jpg
+"Sep 20, 2015 @ 10:26:48.540","146.86.123.109",jpg
+"Sep 20, 2015 @ 10:26:48.353","233.126.159.144",jpg
+"Sep 20, 2015 @ 10:26:45.468","153.139.156.196",png
+"Sep 20, 2015 @ 10:26:34.063","25.140.171.133",css
+"Sep 20, 2015 @ 10:26:11.181","239.249.202.59",jpg
+"Sep 20, 2015 @ 10:26:00.639","95.59.225.31",css
+"Sep 20, 2015 @ 10:26:00.094","247.174.57.245",jpg
+"Sep 20, 2015 @ 10:25:55.744","116.126.47.226",css
+"Sep 20, 2015 @ 10:25:54.701","169.228.188.120",jpg
+"Sep 20, 2015 @ 10:25:52.360","74.224.77.232",css
+"Sep 20, 2015 @ 10:25:49.913","97.83.96.39",css
+"Sep 20, 2015 @ 10:25:44.979","175.188.44.145",css
+"Sep 20, 2015 @ 10:25:40.968","89.143.125.181",jpg
+"Sep 20, 2015 @ 10:25:36.331","231.169.195.137",css
+"Sep 20, 2015 @ 10:25:34.064","137.205.146.206",jpg
+"Sep 20, 2015 @ 10:25:32.312","53.0.188.251",jpg
+"Sep 20, 2015 @ 10:25:27.254","111.214.104.239",jpg
+"Sep 20, 2015 @ 10:25:22.561","111.46.85.146",jpg
+"Sep 20, 2015 @ 10:25:06.674","55.100.60.111",jpg
+"Sep 20, 2015 @ 10:25:05.114","34.197.178.155",jpg
+"Sep 20, 2015 @ 10:24:55.114","163.123.136.118",jpg
+"Sep 20, 2015 @ 10:24:54.818","11.195.163.57",jpg
+"Sep 20, 2015 @ 10:24:53.742","96.222.137.213",png
+"Sep 20, 2015 @ 10:24:48.798","227.228.214.218",jpg
+"Sep 20, 2015 @ 10:24:20.223","228.53.110.116",jpg
+"Sep 20, 2015 @ 10:24:01.794","196.131.253.111",png
+"Sep 20, 2015 @ 10:23:49.521","125.163.133.47",jpg
+"Sep 20, 2015 @ 10:23:45.816","148.47.216.255",jpg
+"Sep 20, 2015 @ 10:23:36.052","51.105.100.214",jpg
+"Sep 20, 2015 @ 10:23:34.323","41.210.252.157",gif
+"Sep 20, 2015 @ 10:23:27.213","248.163.75.193",png
+"Sep 20, 2015 @ 10:23:14.866","48.43.210.167",png
+"Sep 20, 2015 @ 10:23:10.578","33.95.78.209",css
+"Sep 20, 2015 @ 10:23:07.001","96.40.73.208",css
+"Sep 20, 2015 @ 10:23:02.876","174.32.230.63",jpg
+"Sep 20, 2015 @ 10:23:00.019","140.233.207.177",jpg
+"Sep 20, 2015 @ 10:22:47.447","37.127.124.65",jpg
+"Sep 20, 2015 @ 10:22:45.803","130.171.208.139",png
+"Sep 20, 2015 @ 10:22:45.590","39.250.210.253",jpg
+"Sep 20, 2015 @ 10:22:43.997","248.239.221.43",css
+"Sep 20, 2015 @ 10:22:36.107","232.64.207.109",gif
+"Sep 20, 2015 @ 10:22:30.527","24.186.122.118",jpg
+"Sep 20, 2015 @ 10:22:25.697","23.3.174.206",jpg
+"Sep 20, 2015 @ 10:22:08.272","185.170.80.142",php
+"Sep 20, 2015 @ 10:21:40.822","202.22.74.232",png
+"Sep 20, 2015 @ 10:21:36.210","39.227.27.167",jpg
+"Sep 20, 2015 @ 10:21:19.154","140.233.207.177",jpg
+"Sep 20, 2015 @ 10:21:09.852","22.151.97.227",jpg
+"Sep 20, 2015 @ 10:21:06.079","157.39.25.197",css
+"Sep 20, 2015 @ 10:21:01.357","37.127.124.65",jpg
+"Sep 20, 2015 @ 10:20:56.519","23.184.94.58",jpg
+"Sep 20, 2015 @ 10:20:40.189","80.83.92.252",jpg
+"Sep 20, 2015 @ 10:20:27.012","66.194.157.171",png
+"Sep 20, 2015 @ 10:20:24.450","15.191.218.38",jpg
+`;
+
+export const CSV_RESULT_TIMEBASED_CUSTOM = `"@timestamp",clientip,extension
+"Sep 20, 2015 @ 03:26:48.725","74.214.76.90",jpg
+"Sep 20, 2015 @ 03:26:48.540","146.86.123.109",jpg
+"Sep 20, 2015 @ 03:26:48.353","233.126.159.144",jpg
+"Sep 20, 2015 @ 03:26:45.468","153.139.156.196",png
+"Sep 20, 2015 @ 03:26:34.063","25.140.171.133",css
+"Sep 20, 2015 @ 03:26:11.181","239.249.202.59",jpg
+"Sep 20, 2015 @ 03:26:00.639","95.59.225.31",css
+"Sep 20, 2015 @ 03:26:00.094","247.174.57.245",jpg
+"Sep 20, 2015 @ 03:25:55.744","116.126.47.226",css
+"Sep 20, 2015 @ 03:25:54.701","169.228.188.120",jpg
+"Sep 20, 2015 @ 03:25:52.360","74.224.77.232",css
+"Sep 20, 2015 @ 03:25:49.913","97.83.96.39",css
+"Sep 20, 2015 @ 03:25:44.979","175.188.44.145",css
+"Sep 20, 2015 @ 03:25:40.968","89.143.125.181",jpg
+"Sep 20, 2015 @ 03:25:36.331","231.169.195.137",css
+"Sep 20, 2015 @ 03:25:34.064","137.205.146.206",jpg
+"Sep 20, 2015 @ 03:25:32.312","53.0.188.251",jpg
+"Sep 20, 2015 @ 03:25:27.254","111.214.104.239",jpg
+"Sep 20, 2015 @ 03:25:22.561","111.46.85.146",jpg
+"Sep 20, 2015 @ 03:25:06.674","55.100.60.111",jpg
+"Sep 20, 2015 @ 03:25:05.114","34.197.178.155",jpg
+"Sep 20, 2015 @ 03:24:55.114","163.123.136.118",jpg
+"Sep 20, 2015 @ 03:24:54.818","11.195.163.57",jpg
+"Sep 20, 2015 @ 03:24:53.742","96.222.137.213",png
+"Sep 20, 2015 @ 03:24:48.798","227.228.214.218",jpg
+"Sep 20, 2015 @ 03:24:20.223","228.53.110.116",jpg
+"Sep 20, 2015 @ 03:24:01.794","196.131.253.111",png
+"Sep 20, 2015 @ 03:23:49.521","125.163.133.47",jpg
+"Sep 20, 2015 @ 03:23:45.816","148.47.216.255",jpg
+"Sep 20, 2015 @ 03:23:36.052","51.105.100.214",jpg
+"Sep 20, 2015 @ 03:23:34.323","41.210.252.157",gif
+"Sep 20, 2015 @ 03:23:27.213","248.163.75.193",png
+"Sep 20, 2015 @ 03:23:14.866","48.43.210.167",png
+"Sep 20, 2015 @ 03:23:10.578","33.95.78.209",css
+"Sep 20, 2015 @ 03:23:07.001","96.40.73.208",css
+"Sep 20, 2015 @ 03:23:02.876","174.32.230.63",jpg
+"Sep 20, 2015 @ 03:23:00.019","140.233.207.177",jpg
+"Sep 20, 2015 @ 03:22:47.447","37.127.124.65",jpg
+"Sep 20, 2015 @ 03:22:45.803","130.171.208.139",png
+"Sep 20, 2015 @ 03:22:45.590","39.250.210.253",jpg
+"Sep 20, 2015 @ 03:22:43.997","248.239.221.43",css
+"Sep 20, 2015 @ 03:22:36.107","232.64.207.109",gif
+"Sep 20, 2015 @ 03:22:30.527","24.186.122.118",jpg
+"Sep 20, 2015 @ 03:22:25.697","23.3.174.206",jpg
+"Sep 20, 2015 @ 03:22:08.272","185.170.80.142",php
+"Sep 20, 2015 @ 03:21:40.822","202.22.74.232",png
+"Sep 20, 2015 @ 03:21:36.210","39.227.27.167",jpg
+"Sep 20, 2015 @ 03:21:19.154","140.233.207.177",jpg
+"Sep 20, 2015 @ 03:21:09.852","22.151.97.227",jpg
+"Sep 20, 2015 @ 03:21:06.079","157.39.25.197",css
+"Sep 20, 2015 @ 03:21:01.357","37.127.124.65",jpg
+"Sep 20, 2015 @ 03:20:56.519","23.184.94.58",jpg
+"Sep 20, 2015 @ 03:20:40.189","80.83.92.252",jpg
+"Sep 20, 2015 @ 03:20:27.012","66.194.157.171",png
+"Sep 20, 2015 @ 03:20:24.450","15.191.218.38",jpg
 `;
 
 export const CSV_RESULT_TIMELESS = `name,power
-"Jonelle-Jane Marth","1.1768"
+"Jonelle-Jane Marth","1.177"
 "Suzie-May Rishel","1.824"
 "Suzie-May Rishel","2.077"
-"Rosana Casto","2.8084"
-"Stephen Cortez","4.9856"
+"Rosana Casto","2.808"
+"Stephen Cortez","4.986"
 "Jonelle-Jane Marth","6.156"
-"Jonelle-Jane Marth","7.0966"
-"Florinda Alejandro","10.3734"
-"Jonelle-Jane Marth","14.8074"
-"Suzie-May Rishel","19.7377"
-"Suzie-May Rishel","20.9198"
-"Florinda Alejandro","22.2092"
+"Jonelle-Jane Marth","7.097"
+"Florinda Alejandro","10.373"
+"Jonelle-Jane Marth","14.807"
+"Suzie-May Rishel","19.738"
+"Suzie-May Rishel","20.92"
+"Florinda Alejandro","22.209"
 `;
 
-export const CSV_RESULT_SCRIPTED = `date,year,name,value,"years_ago"
-"1981-01-01T00:00:00.000Z",1981,Felinda,1886,38
-"1980-01-01T00:00:00.000Z",1980,Fecky,2071,39
+export const CSV_RESULT_SCRIPTED = `date,name,percent,value,year,"years_ago",gender
+"Jan 1, 1980 @ 00:00:00.000",Fecki,0,92,"1,980","39.000000000000000000000000000000000",F
+"Jan 1, 1981 @ 00:00:00.000",Fecki,0,78,"1,981","38.000000000000000000000000000000000",F
+"Jan 1, 1980 @ 00:00:00.000",Fecky,"0.001","2,071","1,980","39.000000000000000000000000000000000",F
+"Jan 1, 1981 @ 00:00:00.000",Fekki,0,6,"1,981","38.000000000000000000000000000000000",F
+"Jan 1, 1980 @ 00:00:00.000",Felen,0,40,"1,980","39.000000000000000000000000000000000",F
+"Jan 1, 1980 @ 00:00:00.000",Felia,0,21,"1,980","39.000000000000000000000000000000000",F
+"Jan 1, 1981 @ 00:00:00.000",Felina,0,6,"1,981","38.000000000000000000000000000000000",F
+"Jan 1, 1980 @ 00:00:00.000",Felinda,"0.001","1,620","1,980","39.000000000000000000000000000000000",F
+"Jan 1, 1981 @ 00:00:00.000",Felinda,"0.001","1,886","1,981","38.000000000000000000000000000000000",F
+"Jan 1, 1981 @ 00:00:00.000",Felisa,0,5,"1,981","38.000000000000000000000000000000000",F
+"Jan 1, 1981 @ 00:00:00.000",Felita,0,8,"1,981","38.000000000000000000000000000000000",F
+"Jan 1, 1980 @ 00:00:00.000",Felkys,0,7,"1,980","39.000000000000000000000000000000000",F
+"Jan 1, 1981 @ 00:00:00.000",Felkys,0,8,"1,981","38.000000000000000000000000000000000",F
+"Jan 1, 1980 @ 00:00:00.000",Fell,0,6,"1,980","39.000000000000000000000000000000000",F
+"Jan 1, 1980 @ 00:00:00.000",Felle,0,22,"1,980","39.000000000000000000000000000000000",F
+"Jan 1, 1981 @ 00:00:00.000",Felma,0,8,"1,981","38.000000000000000000000000000000000",F
+"Jan 1, 1980 @ 00:00:00.000",Felynda,0,31,"1,980","39.000000000000000000000000000000000",F
+"Jan 1, 1981 @ 00:00:00.000",Fenita,0,219,"1,981","38.000000000000000000000000000000000",F
+"Jan 1, 1980 @ 00:00:00.000",Fenjamin,0,22,"1,980","39.000000000000000000000000000000000",F
+"Jan 1, 1981 @ 00:00:00.000",Fenjamin,0,27,"1,981","38.000000000000000000000000000000000",F
+"Jan 1, 1981 @ 00:00:00.000",Fenji,0,5,"1,981","38.000000000000000000000000000000000",F
+"Jan 1, 1981 @ 00:00:00.000",Fennie,0,16,"1,981","38.000000000000000000000000000000000",F
+"Jan 1, 1980 @ 00:00:00.000",Fenny,0,5,"1,980","39.000000000000000000000000000000000",F
+"Jan 1, 1980 @ 00:00:00.000",Ferenice,0,9,"1,980","39.000000000000000000000000000000000",F
+"Jan 1, 1980 @ 00:00:00.000",Frijida,0,5,"1,980","39.000000000000000000000000000000000",F
+"Jan 1, 1980 @ 00:00:00.000",Frita,0,14,"1,980","39.000000000000000000000000000000000",F
+"Jan 1, 1980 @ 00:00:00.000",Fritney,0,10,"1,980","39.000000000000000000000000000000000",F
 `;
 
-export const CSV_RESULT_SCRIPTED_REQUERY = `date,year,name,value,"years_ago"
-"1981-01-01T00:00:00.000Z",1981,Felinda,1886,38
-"1980-01-01T00:00:00.000Z",1980,Fecky,2071,39
+export const CSV_RESULT_SCRIPTED_REQUERY = `date,name,percent,value,year,"years_ago",gender
+"Jan 1, 1980 @ 00:00:00.000",Felen,0,40,"1,980","39.000000000000000000000000000000000",F
+"Jan 1, 1980 @ 00:00:00.000",Felia,0,21,"1,980","39.000000000000000000000000000000000",F
+"Jan 1, 1981 @ 00:00:00.000",Felina,0,6,"1,981","38.000000000000000000000000000000000",F
+"Jan 1, 1980 @ 00:00:00.000",Felinda,"0.001","1,620","1,980","39.000000000000000000000000000000000",F
+"Jan 1, 1981 @ 00:00:00.000",Felinda,"0.001","1,886","1,981","38.000000000000000000000000000000000",F
+"Jan 1, 1981 @ 00:00:00.000",Felisa,0,5,"1,981","38.000000000000000000000000000000000",F
+"Jan 1, 1981 @ 00:00:00.000",Felita,0,8,"1,981","38.000000000000000000000000000000000",F
+"Jan 1, 1980 @ 00:00:00.000",Felkys,0,7,"1,980","39.000000000000000000000000000000000",F
+"Jan 1, 1981 @ 00:00:00.000",Felkys,0,8,"1,981","38.000000000000000000000000000000000",F
+"Jan 1, 1980 @ 00:00:00.000",Fell,0,6,"1,980","39.000000000000000000000000000000000",F
+"Jan 1, 1980 @ 00:00:00.000",Felle,0,22,"1,980","39.000000000000000000000000000000000",F
+"Jan 1, 1981 @ 00:00:00.000",Felma,0,8,"1,981","38.000000000000000000000000000000000",F
+"Jan 1, 1980 @ 00:00:00.000",Felynda,0,31,"1,980","39.000000000000000000000000000000000",F
 `;
 
 export const CSV_RESULT_SCRIPTED_RESORTED = `date,year,name,value,"years_ago"
-"1981-01-01T00:00:00.000Z",1981,Farbara,6456,38
-"1980-01-01T00:00:00.000Z",1980,Farbara,8026,39
-"1981-01-01T00:00:00.000Z",1981,Fecky,1930,38
-"1980-01-01T00:00:00.000Z",1980,Fecky,2071,39
-"1981-01-01T00:00:00.000Z",1981,Felinda,1886,38
-"1981-01-01T00:00:00.000Z",1981,Feth,3685,38
-"1980-01-01T00:00:00.000Z",1980,Feth,4246,39
-"1981-01-01T00:00:00.000Z",1981,Fetty,1763,38
-"1980-01-01T00:00:00.000Z",1980,Fetty,1967,39
-"1981-01-01T00:00:00.000Z",1981,Feverly,1987,38
-"1980-01-01T00:00:00.000Z",1980,Feverly,2249,39
-"1981-01-01T00:00:00.000Z",1981,Fonnie,2330,38
-"1980-01-01T00:00:00.000Z",1980,Fonnie,2748,39
-"1981-01-01T00:00:00.000Z",1981,Frenda,7162,38
-"1980-01-01T00:00:00.000Z",1980,Frenda,8335,39
+"Jan 1, 1981 @ 00:00:00.000","1,981",Farbara,"6,456","38.000000000000000000000000000000000"
+"Jan 1, 1980 @ 00:00:00.000","1,980",Farbara,"8,026","39.000000000000000000000000000000000"
+"Jan 1, 1981 @ 00:00:00.000","1,981",Fecky,"1,930","38.000000000000000000000000000000000"
+"Jan 1, 1980 @ 00:00:00.000","1,980",Fecky,"2,071","39.000000000000000000000000000000000"
+"Jan 1, 1981 @ 00:00:00.000","1,981",Felinda,"1,886","38.000000000000000000000000000000000"
+"Jan 1, 1981 @ 00:00:00.000","1,981",Feth,"3,685","38.000000000000000000000000000000000"
+"Jan 1, 1980 @ 00:00:00.000","1,980",Feth,"4,246","39.000000000000000000000000000000000"
+"Jan 1, 1981 @ 00:00:00.000","1,981",Fetty,"1,763","38.000000000000000000000000000000000"
+"Jan 1, 1980 @ 00:00:00.000","1,980",Fetty,"1,967","39.000000000000000000000000000000000"
+"Jan 1, 1981 @ 00:00:00.000","1,981",Feverly,"1,987","38.000000000000000000000000000000000"
+"Jan 1, 1980 @ 00:00:00.000","1,980",Feverly,"2,249","39.000000000000000000000000000000000"
+"Jan 1, 1981 @ 00:00:00.000","1,981",Fonnie,"2,330","38.000000000000000000000000000000000"
+"Jan 1, 1980 @ 00:00:00.000","1,980",Fonnie,"2,748","39.000000000000000000000000000000000"
+"Jan 1, 1981 @ 00:00:00.000","1,981",Frenda,"7,162","38.000000000000000000000000000000000"
+"Jan 1, 1980 @ 00:00:00.000","1,980",Frenda,"8,335","39.000000000000000000000000000000000"
 `;
 
 export const CSV_RESULT_HUGE = `date,year,name,value,"years_ago"
-"1984-01-01T00:00:00.000Z",1984,Fobby,2791,35
-"1984-01-01T00:00:00.000Z",1984,Frent,3416,35
-"1984-01-01T00:00:00.000Z",1984,Frett,2679,35
-"1984-01-01T00:00:00.000Z",1984,Filly,3366,35
-"1984-01-01T00:00:00.000Z",1984,Frian,34468,35
-"1984-01-01T00:00:00.000Z",1984,Fenjamin,7191,35
-"1984-01-01T00:00:00.000Z",1984,Frandon,5863,35
-"1984-01-01T00:00:00.000Z",1984,Fruce,1855,35
-"1984-01-01T00:00:00.000Z",1984,Fryan,7236,35
-"1984-01-01T00:00:00.000Z",1984,Frad,2482,35
-"1984-01-01T00:00:00.000Z",1984,Fradley,5175,35
-"1983-01-01T00:00:00.000Z",1983,Fryan,7114,36
-"1983-01-01T00:00:00.000Z",1983,Fradley,4752,36
-"1983-01-01T00:00:00.000Z",1983,Frian,35717,36
-"1983-01-01T00:00:00.000Z",1983,Farbara,4434,36
-"1983-01-01T00:00:00.000Z",1983,Fenjamin,5235,36
-"1983-01-01T00:00:00.000Z",1983,Fruce,1914,36
-"1983-01-01T00:00:00.000Z",1983,Fobby,2888,36
-"1983-01-01T00:00:00.000Z",1983,Frett,3031,36
-"1982-01-01T00:00:00.000Z",1982,Fonnie,1853,37
-"1982-01-01T00:00:00.000Z",1982,Frandy,2082,37
-"1982-01-01T00:00:00.000Z",1982,Fecky,1786,37
-"1982-01-01T00:00:00.000Z",1982,Frandi,2056,37
-"1982-01-01T00:00:00.000Z",1982,Fridget,1864,37
-"1982-01-01T00:00:00.000Z",1982,Farbara,5081,37
-"1982-01-01T00:00:00.000Z",1982,Feth,2818,37
-"1982-01-01T00:00:00.000Z",1982,Frenda,6270,37
-"1981-01-01T00:00:00.000Z",1981,Fetty,1763,38
-"1981-01-01T00:00:00.000Z",1981,Fonnie,2330,38
-"1981-01-01T00:00:00.000Z",1981,Farbara,6456,38
-"1981-01-01T00:00:00.000Z",1981,Felinda,1886,38
-"1981-01-01T00:00:00.000Z",1981,Frenda,7162,38
-"1981-01-01T00:00:00.000Z",1981,Feth,3685,38
-"1981-01-01T00:00:00.000Z",1981,Feverly,1987,38
-"1981-01-01T00:00:00.000Z",1981,Fecky,1930,38
-"1980-01-01T00:00:00.000Z",1980,Fonnie,2748,39
-"1980-01-01T00:00:00.000Z",1980,Frenda,8335,39
-"1980-01-01T00:00:00.000Z",1980,Fetty,1967,39
-"1980-01-01T00:00:00.000Z",1980,Farbara,8026,39
-"1980-01-01T00:00:00.000Z",1980,Feth,4246,39
-"1980-01-01T00:00:00.000Z",1980,Feverly,2249,39
-"1980-01-01T00:00:00.000Z",1980,Fecky,2071,39
+"Jan 1, 1984 @ 00:00:00.000","1,984",Fobby,"2,791","35.000000000000000000000000000000000"
+"Jan 1, 1984 @ 00:00:00.000","1,984",Frent,"3,416","35.000000000000000000000000000000000"
+"Jan 1, 1984 @ 00:00:00.000","1,984",Frett,"2,679","35.000000000000000000000000000000000"
+"Jan 1, 1984 @ 00:00:00.000","1,984",Filly,"3,366","35.000000000000000000000000000000000"
+"Jan 1, 1984 @ 00:00:00.000","1,984",Frian,"34,468","35.000000000000000000000000000000000"
+"Jan 1, 1984 @ 00:00:00.000","1,984",Fenjamin,"7,191","35.000000000000000000000000000000000"
+"Jan 1, 1984 @ 00:00:00.000","1,984",Frandon,"5,863","35.000000000000000000000000000000000"
+"Jan 1, 1984 @ 00:00:00.000","1,984",Fruce,"1,855","35.000000000000000000000000000000000"
+"Jan 1, 1984 @ 00:00:00.000","1,984",Fryan,"7,236","35.000000000000000000000000000000000"
+"Jan 1, 1984 @ 00:00:00.000","1,984",Frad,"2,482","35.000000000000000000000000000000000"
+"Jan 1, 1984 @ 00:00:00.000","1,984",Fradley,"5,175","35.000000000000000000000000000000000"
+"Jan 1, 1983 @ 00:00:00.000","1,983",Fryan,"7,114","36.000000000000000000000000000000000"
+"Jan 1, 1983 @ 00:00:00.000","1,983",Fradley,"4,752","36.000000000000000000000000000000000"
+"Jan 1, 1983 @ 00:00:00.000","1,983",Frian,"35,717","36.000000000000000000000000000000000"
+"Jan 1, 1983 @ 00:00:00.000","1,983",Farbara,"4,434","36.000000000000000000000000000000000"
+"Jan 1, 1983 @ 00:00:00.000","1,983",Fenjamin,"5,235","36.000000000000000000000000000000000"
+"Jan 1, 1983 @ 00:00:00.000","1,983",Fruce,"1,914","36.000000000000000000000000000000000"
+"Jan 1, 1983 @ 00:00:00.000","1,983",Fobby,"2,888","36.000000000000000000000000000000000"
+"Jan 1, 1983 @ 00:00:00.000","1,983",Frett,"3,031","36.000000000000000000000000000000000"
+"Jan 1, 1982 @ 00:00:00.000","1,982",Fonnie,"1,853","37.000000000000000000000000000000000"
+"Jan 1, 1982 @ 00:00:00.000","1,982",Frandy,"2,082","37.000000000000000000000000000000000"
+"Jan 1, 1982 @ 00:00:00.000","1,982",Fecky,"1,786","37.000000000000000000000000000000000"
+"Jan 1, 1982 @ 00:00:00.000","1,982",Frandi,"2,056","37.000000000000000000000000000000000"
+"Jan 1, 1982 @ 00:00:00.000","1,982",Fridget,"1,864","37.000000000000000000000000000000000"
+"Jan 1, 1982 @ 00:00:00.000","1,982",Farbara,"5,081","37.000000000000000000000000000000000"
+"Jan 1, 1982 @ 00:00:00.000","1,982",Feth,"2,818","37.000000000000000000000000000000000"
+"Jan 1, 1982 @ 00:00:00.000","1,982",Frenda,"6,270","37.000000000000000000000000000000000"
+"Jan 1, 1981 @ 00:00:00.000","1,981",Fetty,"1,763","38.000000000000000000000000000000000"
+"Jan 1, 1981 @ 00:00:00.000","1,981",Fonnie,"2,330","38.000000000000000000000000000000000"
+"Jan 1, 1981 @ 00:00:00.000","1,981",Farbara,"6,456","38.000000000000000000000000000000000"
+"Jan 1, 1981 @ 00:00:00.000","1,981",Felinda,"1,886","38.000000000000000000000000000000000"
 `;
 
+// 'UTC'
 export const CSV_RESULT_NANOS = `date,message,"_id"
-"2015-01-01T12:10:30.123456789Z","Hello 2",
-"2015-01-01T12:10:30","Hello 1",
+"Jan 1, 2015 @ 12:10:30.123456789","Hello 2",
+"Jan 1, 2015 @ 12:10:30.000000000","Hello 1",
+`;
+
+// 'America/New_York'
+export const CSV_RESULT_NANOS_CUSTOM = `date,message,"_id"
+"Jan 1, 2015 @ 07:10:30.123456789","Hello 2",
+"Jan 1, 2015 @ 07:10:30.000000000","Hello 1",
 `;
 
 // This concatenates lines of multi-line string into a single line.
@@ -176,12 +262,12 @@ format:strict_date_optional_time,gte:'2004-09-17T21:19:34.213Z',lte:'2019-09-17T
 t),index:'logstash-*'),title:'A Saved Search With a DATE FILTER',type:search)`;
 
 export const CSV_RESULT_DOCVALUE = `"order_date",category,currency,"customer_id","order_id","day_of_week_i","order_date","products.created_on",sku
-"[""2019-06-26T07:26:24.000Z"",""2019-06-26T07:26:24.000Z""]","[""Men\'s Shoes"",""Men\'s Clothing""]",EUR,49,569743,3,"[""2019-06-26T07:26:24.000Z"",""2019-06-26T07:26:24.000Z""]","[""2016-12-15T07:26:24.000Z"",""2016-12-15T07:26:24.000Z""]","[""ZO0403504035"",""ZO0610306103""]"
-"[""2019-06-26T07:20:38.000Z"",""2019-06-26T07:20:38.000Z""]","[""Men\'s Shoes"",""Women\'s Accessories""]",EUR,29,569736,3,"[""2019-06-26T07:20:38.000Z"",""2019-06-26T07:20:38.000Z""]","[""2016-12-15T07:20:38.000Z"",""2016-12-15T07:20:38.000Z""]","[""ZO0517305173"",""ZO0319703197""]"
-"[""2019-06-26T07:19:12.000Z"",""2019-06-26T07:19:12.000Z""]","[""Women\'s Clothing"",""Women\'s Shoes""]",EUR,20,569734,3,"[""2019-06-26T07:19:12.000Z"",""2019-06-26T07:19:12.000Z""]","[""2016-12-15T07:19:12.000Z"",""2016-12-15T07:19:12.000Z""]","[""ZO0348703487"",""ZO0141401414""]"
-"[""2019-06-26T07:00:29.000Z"",""2019-06-26T07:00:29.000Z""]","[""Women\'s Clothing""]",EUR,17,569716,3,"[""2019-06-26T07:00:29.000Z"",""2019-06-26T07:00:29.000Z""]","[""2016-12-15T07:00:29.000Z"",""2016-12-15T07:00:29.000Z""]","[""ZO0146701467"",""ZO0212902129""]"
-"[""2019-06-26T06:56:10.000Z"",""2019-06-26T06:56:10.000Z""]","[""Women\'s Clothing"",""Women\'s Shoes""]",EUR,6,569710,3,"[""2019-06-26T06:56:10.000Z"",""2019-06-26T06:56:10.000Z""]","[""2016-12-15T06:56:10.000Z"",""2016-12-15T06:56:10.000Z""]","[""ZO0053600536"",""ZO0239702397""]"
-"[""2019-06-26T06:47:31.000Z"",""2019-06-26T06:47:31.000Z""]","[""Men\'s Shoes""]",EUR,52,569699,3,"[""2019-06-26T06:47:31.000Z"",""2019-06-26T06:47:31.000Z""]","[""2016-12-15T06:47:31.000Z"",""2016-12-15T06:47:31.000Z""]","[""ZO0398603986"",""ZO0521305213""]"
-"[""2019-06-26T06:37:26.000Z"",""2019-06-26T06:37:26.000Z""]","[""Men\'s Shoes""]",EUR,50,569694,3,"[""2019-06-26T06:37:26.000Z"",""2019-06-26T06:37:26.000Z""]","[""2016-12-15T06:37:26.000Z"",""2016-12-15T06:37:26.000Z""]","[""ZO0398703987"",""ZO0687806878""]"
-"[""2019-06-26T06:21:36.000Z"",""2019-06-26T06:21:36.000Z""]","[""Men\'s Clothing""]",EUR,52,569679,3,"[""2019-06-26T06:21:36.000Z"",""2019-06-26T06:21:36.000Z""]","[""2016-12-15T06:21:36.000Z"",""2016-12-15T06:21:36.000Z""]","[""ZO0433604336"",""ZO0275702757""]"
+"Jun 26, 2019 @ 07:26:24.000","[""Men's Shoes"",""Men's Clothing""]",EUR,49,569743,3,"Jun 26, 2019 @ 07:26:24.000","[""Dec 15, 2016 @ 07:26:24.000"",""Dec 15, 2016 @ 07:26:24.000""]","[""ZO0403504035"",""ZO0610306103""]"
+"Jun 26, 2019 @ 07:20:38.000","[""Men's Shoes"",""Women's Accessories""]",EUR,29,569736,3,"Jun 26, 2019 @ 07:20:38.000","[""Dec 15, 2016 @ 07:20:38.000"",""Dec 15, 2016 @ 07:20:38.000""]","[""ZO0517305173"",""ZO0319703197""]"
+"Jun 26, 2019 @ 07:19:12.000","[""Women's Clothing"",""Women's Shoes""]",EUR,20,569734,3,"Jun 26, 2019 @ 07:19:12.000","[""Dec 15, 2016 @ 07:19:12.000"",""Dec 15, 2016 @ 07:19:12.000""]","[""ZO0348703487"",""ZO0141401414""]"
+"Jun 26, 2019 @ 07:00:29.000","[""Women's Clothing""]",EUR,17,569716,3,"Jun 26, 2019 @ 07:00:29.000","[""Dec 15, 2016 @ 07:00:29.000"",""Dec 15, 2016 @ 07:00:29.000""]","[""ZO0146701467"",""ZO0212902129""]"
+"Jun 26, 2019 @ 06:56:10.000","[""Women's Clothing"",""Women's Shoes""]",EUR,6,569710,3,"Jun 26, 2019 @ 06:56:10.000","[""Dec 15, 2016 @ 06:56:10.000"",""Dec 15, 2016 @ 06:56:10.000""]","[""ZO0053600536"",""ZO0239702397""]"
+"Jun 26, 2019 @ 06:47:31.000","[""Men's Shoes""]",EUR,52,569699,3,"Jun 26, 2019 @ 06:47:31.000","[""Dec 15, 2016 @ 06:47:31.000"",""Dec 15, 2016 @ 06:47:31.000""]","[""ZO0398603986"",""ZO0521305213""]"
+"Jun 26, 2019 @ 06:37:26.000","[""Men's Shoes""]",EUR,50,569694,3,"Jun 26, 2019 @ 06:37:26.000","[""Dec 15, 2016 @ 06:37:26.000"",""Dec 15, 2016 @ 06:37:26.000""]","[""ZO0398703987"",""ZO0687806878""]"
+"Jun 26, 2019 @ 06:21:36.000","[""Men's Clothing""]",EUR,52,569679,3,"Jun 26, 2019 @ 06:21:36.000","[""Dec 15, 2016 @ 06:21:36.000"",""Dec 15, 2016 @ 06:21:36.000""]","[""ZO0433604336"",""ZO0275702757""]"
 `;
diff --git a/x-pack/test/reporting_api_integration/reporting/csv_saved_search.ts b/x-pack/test/reporting_api_integration/reporting/csv_saved_search.ts
index c24e5d325e3784..7c08f377c9b15c 100644
--- a/x-pack/test/reporting_api_integration/reporting/csv_saved_search.ts
+++ b/x-pack/test/reporting_api_integration/reporting/csv_saved_search.ts
@@ -6,23 +6,14 @@
 
 import expect from '@kbn/expect';
 import supertest from 'supertest';
-import {
-  CSV_RESULT_DOCVALUE,
-  CSV_RESULT_HUGE,
-  CSV_RESULT_NANOS,
-  CSV_RESULT_SCRIPTED,
-  CSV_RESULT_SCRIPTED_REQUERY,
-  CSV_RESULT_SCRIPTED_RESORTED,
-  CSV_RESULT_TIMEBASED,
-  CSV_RESULT_TIMELESS,
-} from '../fixtures';
+import * as fixtures from '../fixtures';
 import { FtrProviderContext } from '../ftr_provider_context';
 
 interface GenerateOpts {
   timerange?: {
     timezone: string;
-    min: number | string | Date;
-    max: number | string | Date;
+    min?: number | string | Date;
+    max?: number | string | Date;
   };
   state: any;
 }
@@ -52,12 +43,63 @@ export default function ({ getService }: FtrProviderContext) {
         await reportingAPI.deleteAllReports();
       });
 
-      it('With filters and timebased data', async () => {
+      it('With filters and timebased data, explicit UTC format', async () => {
+        // load test data that contains a saved search and documents
+        await esArchiver.load('reporting/logs');
+        await esArchiver.load('logstash_functional');
+
+        const res = (await generateAPI.getCsvFromSavedSearch(
+          'search:d7a79750-3edd-11e9-99cc-4d80163ee9e7',
+          {
+            timerange: {
+              timezone: 'UTC',
+              min: '2015-09-19T10:00:00.000Z',
+              max: '2015-09-21T10:00:00.000Z',
+            },
+            state: {},
+          }
+        )) as supertest.Response;
+        const { status: resStatus, text: resText, type: resType } = res;
+
+        expect(resStatus).to.eql(200);
+        expect(resType).to.eql('text/csv');
+        expect(resText).to.eql(fixtures.CSV_RESULT_TIMEBASED_UTC);
+
+        await esArchiver.unload('reporting/logs');
+        await esArchiver.unload('logstash_functional');
+      });
+
+      it('With filters and timebased data, default to UTC', async () => {
+        // load test data that contains a saved search and documents
+        await esArchiver.load('reporting/logs');
+        await esArchiver.load('logstash_functional');
+
+        const res = (await generateAPI.getCsvFromSavedSearch(
+          'search:d7a79750-3edd-11e9-99cc-4d80163ee9e7',
+          {
+            // @ts-expect-error: timerange.timezone is missing from post params
+            timerange: {
+              min: '2015-09-19T10:00:00.000Z',
+              max: '2015-09-21T10:00:00.000Z',
+            },
+            state: {},
+          }
+        )) as supertest.Response;
+        const { status: resStatus, text: resText, type: resType } = res;
+
+        expect(resStatus).to.eql(200);
+        expect(resType).to.eql('text/csv');
+        expect(resText).to.eql(fixtures.CSV_RESULT_TIMEBASED_UTC);
+
+        await esArchiver.unload('reporting/logs');
+        await esArchiver.unload('logstash_functional');
+      });
+
+      it('With filters and timebased data, custom timezone', async () => {
         // load test data that contains a saved search and documents
         await esArchiver.load('reporting/logs');
         await esArchiver.load('logstash_functional');
 
-        // TODO: check headers for inline filename
         const {
           status: resStatus,
           text: resText,
@@ -66,7 +108,7 @@ export default function ({ getService }: FtrProviderContext) {
           'search:d7a79750-3edd-11e9-99cc-4d80163ee9e7',
           {
             timerange: {
-              timezone: 'UTC',
+              timezone: 'America/Phoenix',
               min: '2015-09-19T10:00:00.000Z',
               max: '2015-09-21T10:00:00.000Z',
             },
@@ -76,7 +118,7 @@ export default function ({ getService }: FtrProviderContext) {
 
         expect(resStatus).to.eql(200);
         expect(resType).to.eql('text/csv');
-        expect(resText).to.eql(CSV_RESULT_TIMEBASED);
+        expect(resText).to.eql(fixtures.CSV_RESULT_TIMEBASED_CUSTOM);
 
         await esArchiver.unload('reporting/logs');
         await esArchiver.unload('logstash_functional');
@@ -99,21 +141,21 @@ export default function ({ getService }: FtrProviderContext) {
 
         expect(resStatus).to.eql(200);
         expect(resType).to.eql('text/csv');
-        expect(resText).to.eql(CSV_RESULT_TIMELESS);
+        expect(resText).to.eql(fixtures.CSV_RESULT_TIMELESS);
 
         await esArchiver.unload('reporting/sales');
       });
 
       it('With scripted fields and field formatters', async () => {
         // load test data that contains a saved search and documents
-        await esArchiver.load('reporting/scripted_small');
+        await esArchiver.load('reporting/scripted_small2');
 
         const {
           status: resStatus,
           text: resText,
           type: resType,
         } = (await generateAPI.getCsvFromSavedSearch(
-          'search:f34bf440-5014-11e9-bce7-4dabcb8bef24',
+          'search:a6d51430-ace2-11ea-815f-39e12f89a8c2',
           {
             timerange: {
               timezone: 'UTC',
@@ -126,12 +168,33 @@ export default function ({ getService }: FtrProviderContext) {
 
         expect(resStatus).to.eql(200);
         expect(resType).to.eql('text/csv');
-        expect(resText).to.eql(CSV_RESULT_SCRIPTED);
+        expect(resText).to.eql(fixtures.CSV_RESULT_SCRIPTED);
+
+        await esArchiver.unload('reporting/scripted_small2');
+      });
+
+      it('Formatted date_nanos data, UTC timezone', async () => {
+        await esArchiver.load('reporting/nanos');
+
+        const {
+          status: resStatus,
+          text: resText,
+          type: resType,
+        } = (await generateAPI.getCsvFromSavedSearch(
+          'search:e4035040-a295-11e9-a900-ef10e0ac769e',
+          {
+            state: {},
+          }
+        )) as supertest.Response;
+
+        expect(resStatus).to.eql(200);
+        expect(resType).to.eql('text/csv');
+        expect(resText).to.eql(fixtures.CSV_RESULT_NANOS);
 
-        await esArchiver.unload('reporting/scripted_small');
+        await esArchiver.unload('reporting/nanos');
       });
 
-      it('Formatted date_nanos data', async () => {
+      it('Formatted date_nanos data, custom time zone', async () => {
         await esArchiver.load('reporting/nanos');
 
         const {
@@ -142,12 +205,13 @@ export default function ({ getService }: FtrProviderContext) {
           'search:e4035040-a295-11e9-a900-ef10e0ac769e',
           {
             state: {},
+            timerange: { timezone: 'America/New_York' },
           }
         )) as supertest.Response;
 
         expect(resStatus).to.eql(200);
         expect(resType).to.eql('text/csv');
-        expect(resText).to.eql(CSV_RESULT_NANOS);
+        expect(resText).to.eql(fixtures.CSV_RESULT_NANOS_CUSTOM);
 
         await esArchiver.unload('reporting/nanos');
       });
@@ -214,7 +278,7 @@ export default function ({ getService }: FtrProviderContext) {
 
         expect(resStatus).to.eql(200);
         expect(resType).to.eql('text/csv');
-        expect(resText).to.eql(CSV_RESULT_HUGE);
+        expect(resText).to.eql(fixtures.CSV_RESULT_HUGE);
 
         await esArchiver.unload('reporting/hugedata');
       });
@@ -223,13 +287,13 @@ export default function ({ getService }: FtrProviderContext) {
     describe('Merge user state into the query', () => {
       it('for query', async () => {
         // load test data that contains a saved search and documents
-        await esArchiver.load('reporting/scripted_small');
+        await esArchiver.load('reporting/scripted_small2');
 
         const params = {
-          searchId: 'search:f34bf440-5014-11e9-bce7-4dabcb8bef24',
+          searchId: 'search:a6d51430-ace2-11ea-815f-39e12f89a8c2',
           postPayload: {
             timerange: { timezone: 'UTC', min: '1979-01-01T10:00:00Z', max: '1981-01-01T10:00:00Z' }, // prettier-ignore
-            state: { query: { bool: { filter: [ { bool: { filter: [ { bool: { minimum_should_match: 1, should: [{ query_string: { fields: ['name'], query: 'Fe*' } }] } } ] } } ] } } } // prettier-ignore
+            state: { query: { bool: { filter: [ { bool: { filter: [ { bool: { minimum_should_match: 1, should: [{ query_string: { fields: ['name'], query: 'Fel*' } }] } } ] } } ] } } } // prettier-ignore
           },
           isImmediate: true,
         };
@@ -245,9 +309,9 @@ export default function ({ getService }: FtrProviderContext) {
 
         expect(resStatus).to.eql(200);
         expect(resType).to.eql('text/csv');
-        expect(resText).to.eql(CSV_RESULT_SCRIPTED_REQUERY);
+        expect(resText).to.eql(fixtures.CSV_RESULT_SCRIPTED_REQUERY);
 
-        await esArchiver.unload('reporting/scripted_small');
+        await esArchiver.unload('reporting/scripted_small2');
       });
 
       it('for sort', async () => {
@@ -272,7 +336,7 @@ export default function ({ getService }: FtrProviderContext) {
 
         expect(resStatus).to.eql(200);
         expect(resType).to.eql('text/csv');
-        expect(resText).to.eql(CSV_RESULT_SCRIPTED_RESORTED);
+        expect(resText).to.eql(fixtures.CSV_RESULT_SCRIPTED_RESORTED);
 
         await esArchiver.unload('reporting/hugedata');
       });
@@ -333,7 +397,7 @@ export default function ({ getService }: FtrProviderContext) {
 
         expect(resStatus).to.eql(200);
         expect(resType).to.eql('text/csv');
-        expect(resText).to.eql(CSV_RESULT_DOCVALUE);
+        expect(resText).to.eql(fixtures.CSV_RESULT_DOCVALUE);
 
         await esArchiver.unload('reporting/ecommerce');
         await esArchiver.unload('reporting/ecommerce_kibana');
diff --git a/x-pack/test/saved_object_api_integration/common/lib/saved_object_test_utils.ts b/x-pack/test/saved_object_api_integration/common/lib/saved_object_test_utils.ts
index de036494caa83f..5d08421038d3f5 100644
--- a/x-pack/test/saved_object_api_integration/common/lib/saved_object_test_utils.ts
+++ b/x-pack/test/saved_object_api_integration/common/lib/saved_object_test_utils.ts
@@ -92,9 +92,9 @@ const uniq = <T>(arr: T[]): T[] => Array.from(new Set<T>(arr));
 const isNamespaceAgnostic = (type: string) => type === 'globaltype';
 const isMultiNamespace = (type: string) => type === 'sharedtype';
 export const expectResponses = {
-  forbidden: (action: string) => (typeOrTypes: string | string[]): ExpectResponseBody => async (
-    response: Record<string, any>
-  ) => {
+  forbiddenTypes: (action: string) => (
+    typeOrTypes: string | string[]
+  ): ExpectResponseBody => async (response: Record<string, any>) => {
     const types = Array.isArray(typeOrTypes) ? typeOrTypes : [typeOrTypes];
     const uniqueSorted = uniq(types).sort();
     expect(response.body).to.eql({
@@ -103,6 +103,13 @@ export const expectResponses = {
       message: `Unable to ${action} ${uniqueSorted.join()}`,
     });
   },
+  forbiddenSpaces: (response: Record<string, any>) => {
+    expect(response.body).to.eql({
+      statusCode: 403,
+      error: 'Forbidden',
+      message: `Forbidden`,
+    });
+  },
   permitted: async (object: Record<string, any>, testCase: TestCase) => {
     const { type, id, failure } = testCase;
     if (failure) {
@@ -189,18 +196,36 @@ export const expectResponses = {
  */
 export const getTestScenarios = <T>(modifiers?: T[]) => {
   const commonUsers = {
-    noAccess: { ...NOT_A_KIBANA_USER, description: 'user with no access' },
-    superuser: { ...SUPERUSER, description: 'superuser' },
-    legacyAll: { ...KIBANA_LEGACY_USER, description: 'legacy user' },
-    allGlobally: { ...KIBANA_RBAC_USER, description: 'rbac user with all globally' },
+    noAccess: {
+      ...NOT_A_KIBANA_USER,
+      description: 'user with no access',
+      authorizedAtSpaces: [],
+    },
+    superuser: {
+      ...SUPERUSER,
+      description: 'superuser',
+      authorizedAtSpaces: ['*'],
+    },
+    legacyAll: { ...KIBANA_LEGACY_USER, description: 'legacy user', authorizedAtSpaces: [] },
+    allGlobally: {
+      ...KIBANA_RBAC_USER,
+      description: 'rbac user with all globally',
+      authorizedAtSpaces: ['*'],
+    },
     readGlobally: {
       ...KIBANA_RBAC_DASHBOARD_ONLY_USER,
       description: 'rbac user with read globally',
+      authorizedAtSpaces: ['*'],
+    },
+    dualAll: {
+      ...KIBANA_DUAL_PRIVILEGES_USER,
+      description: 'dual-privileges user',
+      authorizedAtSpaces: ['*'],
     },
-    dualAll: { ...KIBANA_DUAL_PRIVILEGES_USER, description: 'dual-privileges user' },
     dualRead: {
       ...KIBANA_DUAL_PRIVILEGES_DASHBOARD_ONLY_USER,
       description: 'dual-privileges readonly user',
+      authorizedAtSpaces: ['*'],
     },
   };
 
@@ -236,18 +261,22 @@ export const getTestScenarios = <T>(modifiers?: T[]) => {
         allAtDefaultSpace: {
           ...KIBANA_RBAC_DEFAULT_SPACE_ALL_USER,
           description: 'rbac user with all at default space',
+          authorizedAtSpaces: ['default'],
         },
         readAtDefaultSpace: {
           ...KIBANA_RBAC_DEFAULT_SPACE_READ_USER,
           description: 'rbac user with read at default space',
+          authorizedAtSpaces: ['default'],
         },
         allAtSpace1: {
           ...KIBANA_RBAC_SPACE_1_ALL_USER,
           description: 'rbac user with all at space_1',
+          authorizedAtSpaces: ['space_1'],
         },
         readAtSpace1: {
           ...KIBANA_RBAC_SPACE_1_READ_USER,
           description: 'rbac user with read at space_1',
+          authorizedAtSpaces: ['space_1'],
         },
       },
     },
@@ -260,14 +289,17 @@ export const getTestScenarios = <T>(modifiers?: T[]) => {
         allAtSpace: {
           ...KIBANA_RBAC_DEFAULT_SPACE_ALL_USER,
           description: 'user with all at the space',
+          authorizedAtSpaces: ['default'],
         },
         readAtSpace: {
           ...KIBANA_RBAC_DEFAULT_SPACE_READ_USER,
           description: 'user with read at the space',
+          authorizedAtSpaces: ['default'],
         },
         allAtOtherSpace: {
           ...KIBANA_RBAC_SPACE_1_ALL_USER,
           description: 'user with all at other space',
+          authorizedAtSpaces: ['space_1'],
         },
       },
     },
@@ -275,14 +307,20 @@ export const getTestScenarios = <T>(modifiers?: T[]) => {
       spaceId: SPACE_1_ID,
       users: {
         ...commonUsers,
-        allAtSpace: { ...KIBANA_RBAC_SPACE_1_ALL_USER, description: 'user with all at the space' },
+        allAtSpace: {
+          ...KIBANA_RBAC_SPACE_1_ALL_USER,
+          description: 'user with all at the space',
+          authorizedAtSpaces: ['space_1'],
+        },
         readAtSpace: {
           ...KIBANA_RBAC_SPACE_1_READ_USER,
           description: 'user with read at the space',
+          authorizedAtSpaces: ['space_1'],
         },
         allAtOtherSpace: {
           ...KIBANA_RBAC_DEFAULT_SPACE_ALL_USER,
           description: 'user with all at other space',
+          authorizedAtSpaces: ['default'],
         },
       },
     },
diff --git a/x-pack/test/saved_object_api_integration/common/lib/types.ts b/x-pack/test/saved_object_api_integration/common/lib/types.ts
index f6e6d391ae9052..56e6a992b6b626 100644
--- a/x-pack/test/saved_object_api_integration/common/lib/types.ts
+++ b/x-pack/test/saved_object_api_integration/common/lib/types.ts
@@ -28,4 +28,5 @@ export interface TestUser {
   username: string;
   password: string;
   description: string;
+  authorizedAtSpaces: string[];
 }
diff --git a/x-pack/test/saved_object_api_integration/common/suites/bulk_create.ts b/x-pack/test/saved_object_api_integration/common/suites/bulk_create.ts
index dd32c42597c326..bc356927cc0af8 100644
--- a/x-pack/test/saved_object_api_integration/common/suites/bulk_create.ts
+++ b/x-pack/test/saved_object_api_integration/common/suites/bulk_create.ts
@@ -39,7 +39,7 @@ export const TEST_CASES = Object.freeze({
 });
 
 export function bulkCreateTestSuiteFactory(es: any, esArchiver: any, supertest: SuperTest<any>) {
-  const expectForbidden = expectResponses.forbidden('bulk_create');
+  const expectForbidden = expectResponses.forbiddenTypes('bulk_create');
   const expectResponseBody = (
     testCases: BulkCreateTestCase | BulkCreateTestCase[],
     statusCode: 200 | 403,
diff --git a/x-pack/test/saved_object_api_integration/common/suites/bulk_get.ts b/x-pack/test/saved_object_api_integration/common/suites/bulk_get.ts
index f5ec5b6560fc9d..8de54fe499c071 100644
--- a/x-pack/test/saved_object_api_integration/common/suites/bulk_get.ts
+++ b/x-pack/test/saved_object_api_integration/common/suites/bulk_get.ts
@@ -28,7 +28,7 @@ const DOES_NOT_EXIST = Object.freeze({ type: 'dashboard', id: 'does-not-exist' }
 export const TEST_CASES = Object.freeze({ ...CASES, DOES_NOT_EXIST });
 
 export function bulkGetTestSuiteFactory(esArchiver: any, supertest: SuperTest<any>) {
-  const expectForbidden = expectResponses.forbidden('bulk_get');
+  const expectForbidden = expectResponses.forbiddenTypes('bulk_get');
   const expectResponseBody = (
     testCases: BulkGetTestCase | BulkGetTestCase[],
     statusCode: 200 | 403
diff --git a/x-pack/test/saved_object_api_integration/common/suites/bulk_update.ts b/x-pack/test/saved_object_api_integration/common/suites/bulk_update.ts
index 0073b79a934a56..0b5656004492a4 100644
--- a/x-pack/test/saved_object_api_integration/common/suites/bulk_update.ts
+++ b/x-pack/test/saved_object_api_integration/common/suites/bulk_update.ts
@@ -31,7 +31,7 @@ const DOES_NOT_EXIST = Object.freeze({ type: 'dashboard', id: 'does-not-exist' }
 export const TEST_CASES = Object.freeze({ ...CASES, DOES_NOT_EXIST });
 
 export function bulkUpdateTestSuiteFactory(esArchiver: any, supertest: SuperTest<any>) {
-  const expectForbidden = expectResponses.forbidden('bulk_update');
+  const expectForbidden = expectResponses.forbiddenTypes('bulk_update');
   const expectResponseBody = (
     testCases: BulkUpdateTestCase | BulkUpdateTestCase[],
     statusCode: 200 | 403
diff --git a/x-pack/test/saved_object_api_integration/common/suites/create.ts b/x-pack/test/saved_object_api_integration/common/suites/create.ts
index 8a3e4250040cd8..2a5ab696c4f53d 100644
--- a/x-pack/test/saved_object_api_integration/common/suites/create.ts
+++ b/x-pack/test/saved_object_api_integration/common/suites/create.ts
@@ -41,7 +41,7 @@ export const TEST_CASES = Object.freeze({
 });
 
 export function createTestSuiteFactory(es: any, esArchiver: any, supertest: SuperTest<any>) {
-  const expectForbidden = expectResponses.forbidden('create');
+  const expectForbidden = expectResponses.forbiddenTypes('create');
   const expectResponseBody = (
     testCase: CreateTestCase,
     spaceId = SPACES.DEFAULT.spaceId
diff --git a/x-pack/test/saved_object_api_integration/common/suites/delete.ts b/x-pack/test/saved_object_api_integration/common/suites/delete.ts
index c02b6e9e5cc4b5..3179b1b0c9ac5d 100644
--- a/x-pack/test/saved_object_api_integration/common/suites/delete.ts
+++ b/x-pack/test/saved_object_api_integration/common/suites/delete.ts
@@ -28,7 +28,7 @@ const DOES_NOT_EXIST = Object.freeze({ type: 'dashboard', id: 'does-not-exist' }
 export const TEST_CASES = Object.freeze({ ...CASES, DOES_NOT_EXIST });
 
 export function deleteTestSuiteFactory(esArchiver: any, supertest: SuperTest<any>) {
-  const expectForbidden = expectResponses.forbidden('delete');
+  const expectForbidden = expectResponses.forbiddenTypes('delete');
   const expectResponseBody = (testCase: DeleteTestCase): ExpectResponseBody => async (
     response: Record<string, any>
   ) => {
diff --git a/x-pack/test/saved_object_api_integration/common/suites/export.ts b/x-pack/test/saved_object_api_integration/common/suites/export.ts
index 394693677699f5..ff22cdaeafd061 100644
--- a/x-pack/test/saved_object_api_integration/common/suites/export.ts
+++ b/x-pack/test/saved_object_api_integration/common/suites/export.ts
@@ -93,8 +93,8 @@ const getTestTitle = ({ failure, title }: ExportTestCase) => {
 };
 
 export function exportTestSuiteFactory(esArchiver: any, supertest: SuperTest<any>) {
-  const expectForbiddenBulkGet = expectResponses.forbidden('bulk_get');
-  const expectForbiddenFind = expectResponses.forbidden('find');
+  const expectForbiddenBulkGet = expectResponses.forbiddenTypes('bulk_get');
+  const expectForbiddenFind = expectResponses.forbiddenTypes('find');
   const expectResponseBody = (testCase: ExportTestCase): ExpectResponseBody => async (
     response: Record<string, any>
   ) => {
diff --git a/x-pack/test/saved_object_api_integration/common/suites/find.ts b/x-pack/test/saved_object_api_integration/common/suites/find.ts
index 13f411fc14fc81..882451c28bfe46 100644
--- a/x-pack/test/saved_object_api_integration/common/suites/find.ts
+++ b/x-pack/test/saved_object_api_integration/common/suites/find.ts
@@ -7,154 +7,260 @@
 import expect from '@kbn/expect';
 import { SuperTest } from 'supertest';
 import querystring from 'querystring';
+import { Assign } from '@kbn/utility-types';
 import { SAVED_OBJECT_TEST_CASES as CASES } from '../lib/saved_object_test_cases';
 import { SPACES } from '../lib/spaces';
 import { expectResponses, getUrlPrefix } from '../lib/saved_object_test_utils';
-import { ExpectResponseBody, TestCase, TestDefinition, TestSuite } from '../lib/types';
+import { ExpectResponseBody, TestCase, TestDefinition, TestSuite, TestUser } from '../lib/types';
 
 const {
   DEFAULT: { spaceId: DEFAULT_SPACE_ID },
-  SPACE_1: { spaceId: SPACE_1_ID },
-  SPACE_2: { spaceId: SPACE_2_ID },
 } = SPACES;
 
 export interface FindTestDefinition extends TestDefinition {
   request: { query: string };
 }
 export type FindTestSuite = TestSuite<FindTestDefinition>;
+
+type FindSavedObjectCase = Assign<TestCase, { namespaces: string[] }>;
+
 export interface FindTestCase {
   title: string;
   query: string;
   successResult?: {
-    savedObjects?: TestCase | TestCase[];
+    savedObjects?: FindSavedObjectCase | FindSavedObjectCase[];
     page?: number;
     perPage?: number;
     total?: number;
   };
-  failure?: 400 | 403;
+  failure?: {
+    statusCode: 400 | 403;
+    reason:
+      | 'forbidden_types'
+      | 'forbidden_namespaces'
+      | 'cross_namespace_not_permitted'
+      | 'bad_request';
+  };
 }
 
-export const getTestCases = (spaceId?: string) => ({
-  singleNamespaceType: {
-    title: 'find single-namespace type',
-    query: 'type=isolatedtype&fields=title',
-    successResult: {
-      savedObjects:
-        spaceId === SPACE_1_ID
-          ? CASES.SINGLE_NAMESPACE_SPACE_1
-          : spaceId === SPACE_2_ID
-          ? CASES.SINGLE_NAMESPACE_SPACE_2
-          : CASES.SINGLE_NAMESPACE_DEFAULT_SPACE,
-    },
-  } as FindTestCase,
-  multiNamespaceType: {
-    title: 'find multi-namespace type',
-    query: 'type=sharedtype&fields=title',
-    successResult: {
-      savedObjects:
-        spaceId === SPACE_1_ID
-          ? [CASES.MULTI_NAMESPACE_DEFAULT_AND_SPACE_1, CASES.MULTI_NAMESPACE_ONLY_SPACE_1]
-          : spaceId === SPACE_2_ID
-          ? CASES.MULTI_NAMESPACE_ONLY_SPACE_2
-          : CASES.MULTI_NAMESPACE_DEFAULT_AND_SPACE_1,
-    },
-  } as FindTestCase,
-  namespaceAgnosticType: {
-    title: 'find namespace-agnostic type',
-    query: 'type=globaltype&fields=title',
-    successResult: { savedObjects: CASES.NAMESPACE_AGNOSTIC },
-  } as FindTestCase,
-  hiddenType: { title: 'find hidden type', query: 'type=hiddentype&fields=name' } as FindTestCase,
-  unknownType: { title: 'find unknown type', query: 'type=wigwags' } as FindTestCase,
-  pageBeyondTotal: {
-    title: 'find page beyond total',
-    query: 'type=isolatedtype&page=100&per_page=100',
-    successResult: { page: 100, perPage: 100, total: 1, savedObjects: [] },
-  } as FindTestCase,
-  unknownSearchField: {
-    title: 'find unknown search field',
-    query: 'type=url&search_fields=a',
-  } as FindTestCase,
-  filterWithNamespaceAgnosticType: {
-    title: 'filter with namespace-agnostic type',
-    query: 'type=globaltype&filter=globaltype.attributes.title:*global*',
-    successResult: { savedObjects: CASES.NAMESPACE_AGNOSTIC },
-  } as FindTestCase,
-  filterWithHiddenType: {
-    title: 'filter with hidden type',
-    query: `type=hiddentype&fields=name&filter=hiddentype.attributes.title:'hello'`,
-  } as FindTestCase,
-  filterWithUnknownType: {
-    title: 'filter with unknown type',
-    query: `type=wigwags&filter=wigwags.attributes.title:'unknown'`,
-  } as FindTestCase,
-  filterWithDisallowedType: {
-    title: 'filter with disallowed type',
-    query: `type=globaltype&filter=dashboard.title:'Requests'`,
-    failure: 400,
-  } as FindTestCase,
-});
+const TEST_CASES = [
+  { ...CASES.SINGLE_NAMESPACE_DEFAULT_SPACE, namespaces: ['default'] },
+  { ...CASES.SINGLE_NAMESPACE_SPACE_1, namespaces: ['space_1'] },
+  { ...CASES.SINGLE_NAMESPACE_SPACE_2, namespaces: ['space_2'] },
+  { ...CASES.MULTI_NAMESPACE_DEFAULT_AND_SPACE_1, namespaces: ['default', 'space_1'] },
+  { ...CASES.MULTI_NAMESPACE_ONLY_SPACE_1, namespaces: ['space_1'] },
+  { ...CASES.MULTI_NAMESPACE_ONLY_SPACE_2, namespaces: ['space_2'] },
+  { ...CASES.NAMESPACE_AGNOSTIC, namespaces: undefined },
+  { ...CASES.HIDDEN, namespaces: undefined },
+];
+
+expect(TEST_CASES.length).to.eql(
+  Object.values(CASES).length,
+  'Unhandled test cases in `find` suite'
+);
+
+export const getTestCases = (
+  { currentSpace, crossSpaceSearch }: { currentSpace?: string; crossSpaceSearch?: string[] } = {
+    currentSpace: undefined,
+    crossSpaceSearch: undefined,
+  }
+) => {
+  const crossSpaceIds = crossSpaceSearch?.filter((s) => s !== (currentSpace ?? 'default')) ?? [];
+  const isCrossSpaceSearch = crossSpaceIds.length > 0;
+  const isWildcardSearch = crossSpaceIds.includes('*');
+
+  const namespacesQueryParam = isCrossSpaceSearch
+    ? `&namespaces=${crossSpaceIds.join('&namespaces=')}`
+    : '';
+
+  const buildTitle = (title: string) =>
+    crossSpaceSearch ? `${title} (cross-space ${isWildcardSearch ? 'with wildcard' : ''})` : title;
+
+  type CasePredicate = (testCase: TestCase) => boolean;
+  const getExpectedSavedObjects = (predicate: CasePredicate) => {
+    if (isCrossSpaceSearch) {
+      // all other cross-space tests are written to test that we exclude the current space.
+      // the wildcard scenario verifies current space functionality
+      if (isWildcardSearch) {
+        return TEST_CASES.filter(predicate);
+      }
+
+      return TEST_CASES.filter((t) => {
+        const hasOtherNamespaces =
+          Array.isArray(t.namespaces) &&
+          t.namespaces!.some((ns) => ns !== (currentSpace ?? 'default'));
+        return hasOtherNamespaces && predicate(t);
+      });
+    }
+    return TEST_CASES.filter(
+      (t) => (!t.namespaces || t.namespaces.includes(currentSpace ?? 'default')) && predicate(t)
+    );
+  };
+
+  return {
+    singleNamespaceType: {
+      title: buildTitle('find single-namespace type'),
+      query: `type=isolatedtype&fields=title${namespacesQueryParam}`,
+      successResult: {
+        savedObjects: getExpectedSavedObjects((t) => t.type === 'isolatedtype'),
+      },
+    } as FindTestCase,
+    multiNamespaceType: {
+      title: buildTitle('find multi-namespace type'),
+      query: `type=sharedtype&fields=title${namespacesQueryParam}`,
+      successResult: {
+        // expected depends on which spaces the user is authorized against...
+        savedObjects: getExpectedSavedObjects((t) => t.type === 'sharedtype'),
+      },
+    } as FindTestCase,
+    namespaceAgnosticType: {
+      title: buildTitle('find namespace-agnostic type'),
+      query: `type=globaltype&fields=title${namespacesQueryParam}`,
+      successResult: { savedObjects: CASES.NAMESPACE_AGNOSTIC },
+    } as FindTestCase,
+    hiddenType: {
+      title: buildTitle('find hidden type'),
+      query: `type=hiddentype&fields=name${namespacesQueryParam}`,
+    } as FindTestCase,
+    unknownType: {
+      title: buildTitle('find unknown type'),
+      query: `type=wigwags${namespacesQueryParam}`,
+    } as FindTestCase,
+    pageBeyondTotal: {
+      title: buildTitle('find page beyond total'),
+      query: `type=isolatedtype&page=100&per_page=100${namespacesQueryParam}`,
+      successResult: {
+        page: 100,
+        perPage: 100,
+        total: -1,
+        savedObjects: [],
+      },
+    } as FindTestCase,
+    unknownSearchField: {
+      title: buildTitle('find unknown search field'),
+      query: `type=url&search_fields=a${namespacesQueryParam}`,
+    } as FindTestCase,
+    filterWithNamespaceAgnosticType: {
+      title: buildTitle('filter with namespace-agnostic type'),
+      query: `type=globaltype&filter=globaltype.attributes.title:*global*${namespacesQueryParam}`,
+      successResult: { savedObjects: CASES.NAMESPACE_AGNOSTIC },
+    } as FindTestCase,
+    filterWithHiddenType: {
+      title: buildTitle('filter with hidden type'),
+      query: `type=hiddentype&fields=name&filter=hiddentype.attributes.title:'hello'${namespacesQueryParam}`,
+    } as FindTestCase,
+    filterWithUnknownType: {
+      title: buildTitle('filter with unknown type'),
+      query: `type=wigwags&filter=wigwags.attributes.title:'unknown'${namespacesQueryParam}`,
+    } as FindTestCase,
+    filterWithDisallowedType: {
+      title: buildTitle('filter with disallowed type'),
+      query: `type=globaltype&filter=dashboard.title:'Requests'${namespacesQueryParam}`,
+      failure: {
+        statusCode: 400,
+        reason: 'bad_request',
+      },
+    } as FindTestCase,
+  };
+};
+
 export const createRequest = ({ query }: FindTestCase) => ({ query });
 const getTestTitle = ({ failure, title }: FindTestCase) => {
   let description = 'success';
-  if (failure === 400) {
+  if (failure?.statusCode === 400) {
     description = 'bad request';
-  } else if (failure === 403) {
+  } else if (failure?.statusCode === 403) {
     description = 'forbidden';
   }
   return `${description} ["${title}"]`;
 };
 
 export function findTestSuiteFactory(esArchiver: any, supertest: SuperTest<any>) {
-  const expectForbidden = expectResponses.forbidden('find');
-  const expectResponseBody = (testCase: FindTestCase): ExpectResponseBody => async (
-    response: Record<string, any>
-  ) => {
+  const expectForbiddenTypes = expectResponses.forbiddenTypes('find');
+  const expectForbiddeNamespaces = expectResponses.forbiddenSpaces;
+  const expectResponseBody = (
+    testCase: FindTestCase,
+    user?: TestUser
+  ): ExpectResponseBody => async (response: Record<string, any>) => {
     const { failure, successResult = {}, query } = testCase;
     const parsedQuery = querystring.parse(query);
-    if (failure === 403) {
-      const type = parsedQuery.type;
-      await expectForbidden(type)(response);
-    } else if (failure === 400) {
-      const type = (parsedQuery.filter as string).split('.')[0];
-      expect(response.body.error).to.eql('Bad Request');
-      expect(response.body.statusCode).to.eql(failure);
-      expect(response.body.message).to.eql(`This type ${type} is not allowed: Bad Request`);
+    if (failure?.statusCode === 403) {
+      if (failure?.reason === 'forbidden_types') {
+        const type = parsedQuery.type;
+        await expectForbiddenTypes(type)(response);
+      } else if (failure?.reason === 'forbidden_namespaces') {
+        await expectForbiddeNamespaces(response);
+      } else {
+        throw new Error(`Unexpected failure reason: ${failure?.reason}`);
+      }
+    } else if (failure?.statusCode === 400) {
+      if (failure?.reason === 'bad_request') {
+        const type = (parsedQuery.filter as string).split('.')[0];
+        expect(response.body.error).to.eql('Bad Request');
+        expect(response.body.statusCode).to.eql(failure?.statusCode);
+        expect(response.body.message).to.eql(`This type ${type} is not allowed: Bad Request`);
+      } else if (failure?.reason === 'cross_namespace_not_permitted') {
+        expect(response.body.error).to.eql('Bad Request');
+        expect(response.body.statusCode).to.eql(failure?.statusCode);
+        expect(response.body.message).to.eql(
+          `_find across namespaces is not permitted when the Spaces plugin is disabled.: Bad Request`
+        );
+      } else {
+        throw new Error(`Unexpected failure reason: ${failure?.reason}`);
+      }
     } else {
       // 2xx
       expect(response.body).not.to.have.property('error');
       const { page = 1, perPage = 20, total, savedObjects = [] } = successResult;
       const savedObjectsArray = Array.isArray(savedObjects) ? savedObjects : [savedObjects];
+      const authorizedSavedObjects = savedObjectsArray.filter(
+        (so) =>
+          !user ||
+          !so.namespaces ||
+          so.namespaces.some(
+            (ns) => user.authorizedAtSpaces.includes(ns) || user.authorizedAtSpaces.includes('*')
+          )
+      );
       expect(response.body.page).to.eql(page);
       expect(response.body.per_page).to.eql(perPage);
-      expect(response.body.total).to.eql(total || savedObjectsArray.length);
-      for (let i = 0; i < savedObjectsArray.length; i++) {
+
+      // Negative totals are skipped for test simplifications
+      if (!total || total >= 0) {
+        expect(response.body.total).to.eql(total || authorizedSavedObjects.length);
+      }
+
+      authorizedSavedObjects.sort((s1, s2) => (s1.id < s2.id ? -1 : 1));
+      response.body.saved_objects.sort((s1: any, s2: any) => (s1.id < s2.id ? -1 : 1));
+
+      for (let i = 0; i < authorizedSavedObjects.length; i++) {
         const object = response.body.saved_objects[i];
-        const { type: expectedType, id: expectedId } = savedObjectsArray[i];
+        const { type: expectedType, id: expectedId } = authorizedSavedObjects[i];
         expect(object.type).to.eql(expectedType);
         expect(object.id).to.eql(expectedId);
         expect(object.updated_at).to.match(/^[\d-]{10}T[\d:\.]{12}Z$/);
+        expect(object.namespaces).to.eql(object.namespaces);
         // don't test attributes, version, or references
       }
     }
   };
   const createTestDefinitions = (
     testCases: FindTestCase | FindTestCase[],
-    forbidden: boolean,
+    failure: FindTestCase['failure'] | false,
     options?: {
+      user?: TestUser;
       responseBodyOverride?: ExpectResponseBody;
     }
   ): FindTestDefinition[] => {
     let cases = Array.isArray(testCases) ? testCases : [testCases];
-    if (forbidden) {
+    if (failure) {
       // override the expected result in each test case
-      cases = cases.map((x) => ({ ...x, failure: 403 }));
+      cases = cases.map((x) => ({ ...x, failure }));
     }
     return cases.map((x) => ({
       title: getTestTitle(x),
-      responseStatusCode: x.failure ?? 200,
+      responseStatusCode: x.failure?.statusCode ?? 200,
       request: createRequest(x),
-      responseBody: options?.responseBodyOverride || expectResponseBody(x),
+      responseBody: options?.responseBodyOverride || expectResponseBody(x, options?.user),
     }));
   };
 
@@ -171,6 +277,7 @@ export function findTestSuiteFactory(esArchiver: any, supertest: SuperTest<any>)
       for (const test of tests) {
         it(`should return ${test.responseStatusCode} ${test.title}`, async () => {
           const query = test.request.query ? `?${test.request.query}` : '';
+
           await supertest
             .get(`${getUrlPrefix(spaceId)}/api/saved_objects/_find${query}`)
             .auth(user?.username, user?.password)
diff --git a/x-pack/test/saved_object_api_integration/common/suites/get.ts b/x-pack/test/saved_object_api_integration/common/suites/get.ts
index cb29c1fb1ff372..fb03cd548d41a8 100644
--- a/x-pack/test/saved_object_api_integration/common/suites/get.ts
+++ b/x-pack/test/saved_object_api_integration/common/suites/get.ts
@@ -24,7 +24,7 @@ const DOES_NOT_EXIST = Object.freeze({ type: 'dashboard', id: 'does-not-exist' }
 export const TEST_CASES = Object.freeze({ ...CASES, DOES_NOT_EXIST });
 
 export function getTestSuiteFactory(esArchiver: any, supertest: SuperTest<any>) {
-  const expectForbidden = expectResponses.forbidden('get');
+  const expectForbidden = expectResponses.forbiddenTypes('get');
   const expectResponseBody = (testCase: GetTestCase): ExpectResponseBody => async (
     response: Record<string, any>
   ) => {
diff --git a/x-pack/test/saved_object_api_integration/common/suites/import.ts b/x-pack/test/saved_object_api_integration/common/suites/import.ts
index a5d2ca238d34e3..ed57c6eb16b9a7 100644
--- a/x-pack/test/saved_object_api_integration/common/suites/import.ts
+++ b/x-pack/test/saved_object_api_integration/common/suites/import.ts
@@ -38,7 +38,7 @@ export const TEST_CASES = Object.freeze({
 });
 
 export function importTestSuiteFactory(es: any, esArchiver: any, supertest: SuperTest<any>) {
-  const expectForbidden = expectResponses.forbidden('bulk_create');
+  const expectForbidden = expectResponses.forbiddenTypes('bulk_create');
   const expectResponseBody = (
     testCases: ImportTestCase | ImportTestCase[],
     statusCode: 200 | 403,
diff --git a/x-pack/test/saved_object_api_integration/common/suites/resolve_import_errors.ts b/x-pack/test/saved_object_api_integration/common/suites/resolve_import_errors.ts
index cb48f26ed645cd..822214cd6dc6aa 100644
--- a/x-pack/test/saved_object_api_integration/common/suites/resolve_import_errors.ts
+++ b/x-pack/test/saved_object_api_integration/common/suites/resolve_import_errors.ts
@@ -43,7 +43,7 @@ export function resolveImportErrorsTestSuiteFactory(
   esArchiver: any,
   supertest: SuperTest<any>
 ) {
-  const expectForbidden = expectResponses.forbidden('bulk_create');
+  const expectForbidden = expectResponses.forbiddenTypes('bulk_create');
   const expectResponseBody = (
     testCases: ResolveImportErrorsTestCase | ResolveImportErrorsTestCase[],
     statusCode: 200 | 403,
diff --git a/x-pack/test/saved_object_api_integration/common/suites/update.ts b/x-pack/test/saved_object_api_integration/common/suites/update.ts
index e480dab151ba97..82f4699babf462 100644
--- a/x-pack/test/saved_object_api_integration/common/suites/update.ts
+++ b/x-pack/test/saved_object_api_integration/common/suites/update.ts
@@ -31,7 +31,7 @@ const DOES_NOT_EXIST = Object.freeze({ type: 'dashboard', id: 'does-not-exist' }
 export const TEST_CASES = Object.freeze({ ...CASES, DOES_NOT_EXIST });
 
 export function updateTestSuiteFactory(esArchiver: any, supertest: SuperTest<any>) {
-  const expectForbidden = expectResponses.forbidden('update');
+  const expectForbidden = expectResponses.forbiddenTypes('update');
   const expectResponseBody = (testCase: UpdateTestCase): ExpectResponseBody => async (
     response: Record<string, any>
   ) => {
diff --git a/x-pack/test/saved_object_api_integration/security_and_spaces/apis/find.ts b/x-pack/test/saved_object_api_integration/security_and_spaces/apis/find.ts
index ada997020ca786..6ac77507df473c 100644
--- a/x-pack/test/saved_object_api_integration/security_and_spaces/apis/find.ts
+++ b/x-pack/test/saved_object_api_integration/security_and_spaces/apis/find.ts
@@ -7,10 +7,11 @@
 import { getTestScenarios } from '../../common/lib/saved_object_test_utils';
 import { TestUser } from '../../common/lib/types';
 import { FtrProviderContext } from '../../common/ftr_provider_context';
-import { findTestSuiteFactory, getTestCases, FindTestDefinition } from '../../common/suites/find';
+import { findTestSuiteFactory, getTestCases } from '../../common/suites/find';
+
+const createTestCases = (currentSpace: string, crossSpaceSearch: string[]) => {
+  const cases = getTestCases({ currentSpace, crossSpaceSearch });
 
-const createTestCases = (spaceId: string) => {
-  const cases = getTestCases(spaceId);
   const normalTypes = [
     cases.singleNamespaceType,
     cases.multiNamespaceType,
@@ -35,40 +36,107 @@ export default function ({ getService }: FtrProviderContext) {
   const esArchiver = getService('esArchiver');
 
   const { addTests, createTestDefinitions } = findTestSuiteFactory(esArchiver, supertest);
-  const createTests = (spaceId: string) => {
-    const { normalTypes, hiddenAndUnknownTypes, allTypes } = createTestCases(spaceId);
+  const createTests = (spaceId: string, user: TestUser) => {
+    const currentSpaceCases = createTestCases(spaceId, []);
+
+    const explicitCrossSpace = createTestCases(spaceId, ['default', 'space_1', 'space_2']);
+    const wildcardCrossSpace = createTestCases(spaceId, ['*']);
+
+    if (user.username === 'elastic') {
+      return {
+        currentSpace: createTestDefinitions(currentSpaceCases.allTypes, false, { user }),
+        crossSpace: createTestDefinitions(explicitCrossSpace.allTypes, false, { user }),
+      };
+    }
+
+    const authorizedAtCurrentSpace =
+      user.authorizedAtSpaces.includes(spaceId) || user.authorizedAtSpaces.includes('*');
+
+    const authorizedExplicitCrossSpaces = ['default', 'space_1', 'space_2'].filter(
+      (s) =>
+        user.authorizedAtSpaces.includes('*') ||
+        (s !== spaceId && user.authorizedAtSpaces.includes(s))
+    );
+
+    const authorizedWildcardCrossSpaces = ['default', 'space_1', 'space_2'].filter(
+      (s) => user.authorizedAtSpaces.includes('*') || user.authorizedAtSpaces.includes(s)
+    );
+
+    const explicitCrossSpaceDefinitions =
+      authorizedExplicitCrossSpaces.length > 0
+        ? [
+            createTestDefinitions(explicitCrossSpace.normalTypes, false, { user }),
+            createTestDefinitions(
+              explicitCrossSpace.hiddenAndUnknownTypes,
+              {
+                statusCode: 403,
+                reason: 'forbidden_types',
+              },
+              { user }
+            ),
+          ].flat()
+        : createTestDefinitions(
+            explicitCrossSpace.allTypes,
+            {
+              statusCode: 403,
+              reason: 'forbidden_namespaces',
+            },
+            { user }
+          );
+
+    const wildcardCrossSpaceDefinitions =
+      authorizedWildcardCrossSpaces.length > 0
+        ? [
+            createTestDefinitions(wildcardCrossSpace.normalTypes, false, { user }),
+            createTestDefinitions(
+              wildcardCrossSpace.hiddenAndUnknownTypes,
+              {
+                statusCode: 403,
+                reason: 'forbidden_types',
+              },
+              { user }
+            ),
+          ].flat()
+        : createTestDefinitions(
+            wildcardCrossSpace.allTypes,
+            {
+              statusCode: 403,
+              reason: 'forbidden_namespaces',
+            },
+            { user }
+          );
+
     return {
-      unauthorized: createTestDefinitions(allTypes, true),
-      authorized: [
-        createTestDefinitions(normalTypes, false),
-        createTestDefinitions(hiddenAndUnknownTypes, true),
-      ].flat(),
-      superuser: createTestDefinitions(allTypes, false),
+      currentSpace: authorizedAtCurrentSpace
+        ? [
+            createTestDefinitions(currentSpaceCases.normalTypes, false, {
+              user,
+            }),
+            createTestDefinitions(currentSpaceCases.hiddenAndUnknownTypes, {
+              statusCode: 403,
+              reason: 'forbidden_types',
+            }),
+          ].flat()
+        : createTestDefinitions(currentSpaceCases.allTypes, {
+            statusCode: 403,
+            reason: 'forbidden_types',
+          }),
+      crossSpace: [...explicitCrossSpaceDefinitions, ...wildcardCrossSpaceDefinitions],
     };
   };
 
   describe('_find', () => {
     getTestScenarios().securityAndSpaces.forEach(({ spaceId, users }) => {
       const suffix = ` within the ${spaceId} space`;
-      const { unauthorized, authorized, superuser } = createTests(spaceId);
-      const _addTests = (user: TestUser, tests: FindTestDefinition[]) => {
-        addTests(`${user.description}${suffix}`, { user, spaceId, tests });
-      };
 
-      [users.noAccess, users.legacyAll, users.allAtOtherSpace].forEach((user) => {
-        _addTests(user, unauthorized);
-      });
-      [
-        users.dualAll,
-        users.dualRead,
-        users.allGlobally,
-        users.readGlobally,
-        users.allAtSpace,
-        users.readAtSpace,
-      ].forEach((user) => {
-        _addTests(user, authorized);
+      Object.values(users).forEach((user) => {
+        const { currentSpace, crossSpace } = createTests(spaceId, user);
+        addTests(`${user.description}${suffix}`, {
+          user,
+          spaceId,
+          tests: [...currentSpace, ...crossSpace],
+        });
       });
-      _addTests(users.superuser, superuser);
     });
   });
 }
diff --git a/x-pack/test/saved_object_api_integration/security_only/apis/find.ts b/x-pack/test/saved_object_api_integration/security_only/apis/find.ts
index 4ffdb4d477b8b1..3a435119436ca1 100644
--- a/x-pack/test/saved_object_api_integration/security_only/apis/find.ts
+++ b/x-pack/test/saved_object_api_integration/security_only/apis/find.ts
@@ -7,10 +7,11 @@
 import { getTestScenarios } from '../../common/lib/saved_object_test_utils';
 import { TestUser } from '../../common/lib/types';
 import { FtrProviderContext } from '../../common/ftr_provider_context';
-import { findTestSuiteFactory, getTestCases, FindTestDefinition } from '../../common/suites/find';
+import { findTestSuiteFactory, getTestCases } from '../../common/suites/find';
+
+const createTestCases = (crossSpaceSearch: string[]) => {
+  const cases = getTestCases({ crossSpaceSearch });
 
-const createTestCases = () => {
-  const cases = getTestCases();
   const normalTypes = [
     cases.singleNamespaceType,
     cases.multiNamespaceType,
@@ -35,39 +36,58 @@ export default function ({ getService }: FtrProviderContext) {
   const esArchiver = getService('esArchiver');
 
   const { addTests, createTestDefinitions } = findTestSuiteFactory(esArchiver, supertest);
-  const createTests = () => {
-    const { normalTypes, hiddenAndUnknownTypes, allTypes } = createTestCases();
+  const createTests = (user: TestUser) => {
+    const defaultCases = createTestCases([]);
+    const crossSpaceCases = createTestCases(['default', 'space_1', 'space_2']);
+
+    if (user.username === 'elastic') {
+      return {
+        defaultCases: createTestDefinitions(defaultCases.allTypes, false, { user }),
+        crossSpace: createTestDefinitions(
+          crossSpaceCases.allTypes,
+          {
+            statusCode: 400,
+            reason: 'cross_namespace_not_permitted',
+          },
+          { user }
+        ),
+      };
+    }
+
+    const authorizedGlobally = user.authorizedAtSpaces.includes('*');
+
     return {
-      unauthorized: createTestDefinitions(allTypes, true),
-      authorized: [
-        createTestDefinitions(normalTypes, false),
-        createTestDefinitions(hiddenAndUnknownTypes, true),
-      ].flat(),
-      superuser: createTestDefinitions(allTypes, false),
+      defaultCases: authorizedGlobally
+        ? [
+            createTestDefinitions(defaultCases.normalTypes, false, {
+              user,
+            }),
+            createTestDefinitions(defaultCases.hiddenAndUnknownTypes, {
+              statusCode: 403,
+              reason: 'forbidden_types',
+            }),
+          ].flat()
+        : createTestDefinitions(defaultCases.allTypes, {
+            statusCode: 403,
+            reason: 'forbidden_types',
+          }),
+      crossSpace: createTestDefinitions(
+        crossSpaceCases.allTypes,
+        {
+          statusCode: 400,
+          reason: 'cross_namespace_not_permitted',
+        },
+        { user }
+      ),
     };
   };
 
   describe('_find', () => {
     getTestScenarios().security.forEach(({ users }) => {
-      const { unauthorized, authorized, superuser } = createTests();
-      const _addTests = (user: TestUser, tests: FindTestDefinition[]) => {
-        addTests(user.description, { user, tests });
-      };
-
-      [
-        users.noAccess,
-        users.legacyAll,
-        users.allAtDefaultSpace,
-        users.readAtDefaultSpace,
-        users.allAtSpace1,
-        users.readAtSpace1,
-      ].forEach((user) => {
-        _addTests(user, unauthorized);
-      });
-      [users.dualAll, users.dualRead, users.allGlobally, users.readGlobally].forEach((user) => {
-        _addTests(user, authorized);
+      Object.values(users).forEach((user) => {
+        const { defaultCases, crossSpace } = createTests(user);
+        addTests(`${user.description}`, { user, tests: [...defaultCases, ...crossSpace] });
       });
-      _addTests(users.superuser, superuser);
     });
   });
 }
diff --git a/x-pack/test/saved_object_api_integration/spaces_only/apis/find.ts b/x-pack/test/saved_object_api_integration/spaces_only/apis/find.ts
index 2fe707df5ce886..1d46985916cd50 100644
--- a/x-pack/test/saved_object_api_integration/spaces_only/apis/find.ts
+++ b/x-pack/test/saved_object_api_integration/spaces_only/apis/find.ts
@@ -8,8 +8,8 @@ import { getTestScenarios } from '../../common/lib/saved_object_test_utils';
 import { FtrProviderContext } from '../../common/ftr_provider_context';
 import { findTestSuiteFactory, getTestCases } from '../../common/suites/find';
 
-const createTestCases = (spaceId: string) => {
-  const cases = getTestCases(spaceId);
+const createTestCases = (spaceId: string, crossSpaceSearch: string[]) => {
+  const cases = getTestCases({ currentSpace: spaceId, crossSpaceSearch });
   return Object.values(cases);
 };
 
@@ -18,15 +18,20 @@ export default function ({ getService }: FtrProviderContext) {
   const esArchiver = getService('esArchiver');
 
   const { addTests, createTestDefinitions } = findTestSuiteFactory(esArchiver, supertest);
-  const createTests = (spaceId: string) => {
-    const testCases = createTestCases(spaceId);
+  const createTests = (spaceId: string, crossSpaceSearch: string[]) => {
+    const testCases = createTestCases(spaceId, crossSpaceSearch);
     return createTestDefinitions(testCases, false);
   };
 
   describe('_find', () => {
     getTestScenarios().spaces.forEach(({ spaceId }) => {
-      const tests = createTests(spaceId);
-      addTests(`within the ${spaceId} space`, { spaceId, tests });
+      const currentSpaceTests = createTests(spaceId, []);
+      const explicitCrossSpaceTests = createTests(spaceId, ['default', 'space_1', 'space_2']);
+      const wildcardCrossSpaceTests = createTests(spaceId, ['*']);
+      addTests(`within the ${spaceId} space`, {
+        spaceId,
+        tests: [...currentSpaceTests, ...explicitCrossSpaceTests, ...wildcardCrossSpaceTests],
+      });
     });
   });
 }
diff --git a/x-pack/test/security_solution_cypress/config.ts b/x-pack/test/security_solution_cypress/config.ts
index 0e92add2c6665b..1ad3a36cc57ae5 100644
--- a/x-pack/test/security_solution_cypress/config.ts
+++ b/x-pack/test/security_solution_cypress/config.ts
@@ -47,7 +47,6 @@ export default async function ({ readConfigFile }: FtrConfigProviderContext) {
         // define custom kibana server args here
         `--elasticsearch.ssl.certificateAuthorities=${CA_CERT_PATH}`,
         '--xpack.ingestManager.enabled=true',
-        '--xpack.ingestManager.epm.enabled=true',
         '--xpack.ingestManager.fleet.enabled=true',
       ],
     },
diff --git a/x-pack/test/spaces_api_integration/common/suites/share_add.ts b/x-pack/test/spaces_api_integration/common/suites/share_add.ts
index 35ef8a81c6cfca..219190cb280029 100644
--- a/x-pack/test/spaces_api_integration/common/suites/share_add.ts
+++ b/x-pack/test/spaces_api_integration/common/suites/share_add.ts
@@ -45,7 +45,7 @@ export function shareAddTestSuiteFactory(esArchiver: any, supertest: SuperTest<a
     const { id, failure, fail400Param, fail403Param } = testCase;
     const object = response.body;
     if (failure === 403) {
-      await expectResponses.forbidden(fail403Param!)(TYPE)(response);
+      await expectResponses.forbiddenTypes(fail403Param!)(TYPE)(response);
     } else if (failure) {
       let error: any;
       if (failure === 400) {
diff --git a/x-pack/test/spaces_api_integration/common/suites/share_remove.ts b/x-pack/test/spaces_api_integration/common/suites/share_remove.ts
index 0fb2b396481867..0748aa797264cb 100644
--- a/x-pack/test/spaces_api_integration/common/suites/share_remove.ts
+++ b/x-pack/test/spaces_api_integration/common/suites/share_remove.ts
@@ -37,7 +37,7 @@ const createRequest = ({ id, namespaces }: ShareRemoveTestCase) => ({
 });
 
 export function shareRemoveTestSuiteFactory(esArchiver: any, supertest: SuperTest<any>) {
-  const expectForbidden = expectResponses.forbidden('delete');
+  const expectForbidden = expectResponses.forbiddenTypes('delete');
   const expectResponseBody = (testCase: ShareRemoveTestCase): ExpectResponseBody => async (
     response: Record<string, any>
   ) => {
diff --git a/yarn.lock b/yarn.lock
index 290713d32d3332..bd6c2031d0ec81 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -20916,16 +20916,21 @@ lodash.uniq@^4.5.0:
   resolved "https://registry.yarnpkg.com/lodash.uniq/-/lodash.uniq-4.5.0.tgz#d0225373aeb652adc1bc82e4945339a842754773"
   integrity sha1-0CJTc662Uq3BvILklFM5qEJ1R3M=
 
-lodash@4.17.11, lodash@4.17.15, lodash@>4.17.4, lodash@^4, lodash@^4.0.0, lodash@^4.0.1, lodash@^4.10.0, lodash@^4.11.1, lodash@^4.14.0, lodash@^4.15.0, lodash@^4.15.19, lodash@^4.17.0, lodash@^4.17.10, lodash@^4.17.11, lodash@^4.17.12, lodash@^4.17.13, lodash@^4.17.14, lodash@^4.17.15, lodash@^4.17.16, lodash@^4.17.2, lodash@^4.17.4, lodash@^4.2.0, lodash@^4.2.1, lodash@^4.3.0, lodash@^4.6.1, lodash@~4.17.10, lodash@~4.17.15, lodash@~4.17.5:
-  version "4.17.19"
-  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.19.tgz#e48ddedbe30b3321783c5b4301fbd353bc1e4a4b"
-  integrity sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ==
+lodash@4.17.11, lodash@4.17.15, lodash@>4.17.4, lodash@^4, lodash@^4.0.0, lodash@^4.0.1, lodash@^4.10.0, lodash@^4.11.1, lodash@^4.14.0, lodash@^4.15.0, lodash@^4.17.0, lodash@^4.17.10, lodash@^4.17.11, lodash@^4.17.12, lodash@^4.17.13, lodash@^4.17.14, lodash@^4.17.15, lodash@^4.17.2, lodash@^4.17.4, lodash@^4.2.0, lodash@^4.2.1, lodash@^4.3.0, lodash@^4.6.1, lodash@~4.17.10, lodash@~4.17.15, lodash@~4.17.5:
+  version "4.17.15"
+  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.15.tgz#b447f6670a0455bbfeedd11392eff330ea097548"
+  integrity sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==
 
 lodash@^3.10.1:
   version "3.10.1"
   resolved "https://registry.yarnpkg.com/lodash/-/lodash-3.10.1.tgz#5bf45e8e49ba4189e17d482789dfd15bd140b7b6"
   integrity sha1-W/Rejkm6QYnhfUgnid/RW9FAt7Y=
 
+lodash@^4.17.16:
+  version "4.17.19"
+  resolved "https://registry.yarnpkg.com/lodash/-/lodash-4.17.19.tgz#e48ddedbe30b3321783c5b4301fbd353bc1e4a4b"
+  integrity sha512-JNvd8XER9GQX0v2qJgsaN/mzFCNA5BRe/j8JN9d+tWyGLSodKQHKFicdwNYzWwI3wjRnaKPsGj1XkBjx/F96DQ==
+
 "lodash@npm:@elastic/lodash@3.10.1-kibana4":
   version "3.10.1-kibana4"
   resolved "https://registry.yarnpkg.com/@elastic/lodash/-/lodash-3.10.1-kibana4.tgz#d491228fd659b4a1b0dfa08ba9c67a4979b9746d"