SCIENCESOFT QLEAN APP SUITE - QRadar SIEM: Admin Guide
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
QLean for IBM Security
www.scnsoft.com
QRadar SIEM: Admin Guide
SCIENCESOFT QLEAN APP SUITE
© 2021 ScienceSoft™ | Page 1 from 27
QLEAN™ App Suite
Table of Contents
QLEAN for Advanced QRadar Assessment ...................................................................... 3
QSM Session Manager .................................................................................................... 5
QMEA Microsoft Exchange Audit .................................................................................... 7
QWAD WinCollect Assisted Deployment ......................................................................... 8
QIN Incident Notifier.................................................................................................... 11
QDLA Dynamic License Allocator .................................................................................. 14
QDATA LDAP Data Enrichment ..................................................................................... 15
QVTI VirusTotal Integration for Hash Checking ........................................................... 16
QTOR Darknet Monitoring ............................................................................................ 17
QMLA Missing Logs Alert .............................................................................................. 18
QLSI Log Source Inventory .......................................................................................... 19
QSSA Slow Search Alert ................................................................................................ 20
QOR Offense Reporter .................................................................................................. 21
QLED Log Source EPS Details ....................................................................................... 22
QEFC Exclude From Correlation .................................................................................... 23
QFSO Find Similar Offenses .......................................................................................... 24
QDGA DGA Analyzer ..................................................................................................... 25
MITRE Windows Integration App ................................................................................. 26
MITRE Linux Integration App ....................................................................................... 27
© 2021 ScienceSoft™ | Page 2 from 27
QLEAN™ App Suite
QLEAN for advanced QRadar health assessment
QLEAN (previously known as HCF or Health Check Framework) is the most advanced app for QRadar fine-
tuning and health check. QLEAN makes QRadar maintenance easy and transparent by optimizing and
automating routine SOC processes and a wide range of advanced fine-tuning and health check procedures
that can free up to 30% QRadar admin time.
QLEAN Features:
• Over 50 advanced novel performance and behavioral metrics including Data Quality, Offense Analysis, Raw
EPS and FPI timeline, Rules Performance, SOC KPIs, Fine Tuning, and many others;
• An instant complete snapshot of the system state and data quality with a timeline that makes it easy to
investigate security threats & top offenses;
• Saving on maintenance budget and effort by automating QRadar management, administration, and
deployment assessment routines enabling a security team to focus on the most important tasks;
• Helps improve log data coverage;
• Helps improve the efficiency of SIEM license use and data quality;
• A single-component plug & play architecture;
• Advanced reports delivered via email;
• Significantly lower QRadar maintenance costs and improved ROI;
• Higher client/operator satisfaction;
• The user base includes major banks, MSSPs, Fortune 500 companies, and government organizations.
© 2021 ScienceSoft™ | Page 3 from 27
QLEAN™ App Suite
Useful Links:
QLEAN latest version along with all supporting documents: www.qlean.io
QLEAN IBM Training: https://www.securitylearningacademy.com/course/view.php?id=5809
QLEAN interactive demo: www.scnsoft.com/services/security/siem/qlean/demo
QLEAN case study by IBM: www.ibm.com/case-studies/unibank
Unique features
XLS/JSON reporting, scheduled mode, advanced innovative metrics such as Data Quality independent of the
QRadar API version.
License
QLEAN is a commercial application by ScienceSoft with a limited number of metrics available for free. QLEAN
license is required in case users want to get full reports.
QLEAN on IBM App Exchange
https://exchange.xforce.ibmcloud.com/hub/extension/7b76f487c8e370a3749d9264cd5998d9
© 2021 ScienceSoft™ | Page 4 from 27
QLEAN™ App Suite
QSM Session Manager
QSM or QRadar Session Manager makes it easy to manage user sessions and investigate security events using
session information even if the user name is not available in log messages e.g.:
• Firewall activity
• IDS/IPS activity
• Web Servers activity
• Operating Systems logs missing username
• Database and business application queries etc.
Session information for a specific user or IP address can be accessed via the right-click menu in the Log Activity
tab, or through the QSM tab.
QSM is essential in environments with lots of DHCP endpoints and users, and other scenarios.
Detailed description
QSM tracks user sessions starting from initial authentication until timeout or new authentication from the same
IP address, and stores session information in a special log source within QRadar.
Runtime (active) session information is stored in memory so when the session is closed for any reason, it will
be tracked in the QRadar log source. It allows users to apply native QRadar retention settings to QSM data
and review session information directly in the QRadar interface.
QSM session information can include any event field available in QRadar e.g. Log Source Name, Event Name,
IP addresses, Custom Properties.
Configuration
Different profiles can be created to connect different QRadar instances via API (QSM must be installed and
configured on each QRadar instance).
© 2021 ScienceSoft™ | Page 5 from 27
QLEAN™ App Suite
Users can define a specific set of columns for user activity tracking view, enable/disable debug mode and
choose grouping criteria for a session activity report.
QRadar Native Alternatives
There is no such native functionality available in the QRadar interface. Every search in a series must be created
and processed manually. QSM saves up to 3 working hours daily for an analyst who’s performing such
investigations.
License
QSM is a commercial application by ScienceSoft with some of its functionality available for free. QSM license
is required in case the user wants to export all session results to Excel and open particular session information
in QRadar UI (a drill-down feature).
IBM AppExchange
https://exchange.xforce.ibmcloud.com/hub/extension/136433f58135047cf6f22539a6eade88
© 2021 ScienceSoft™ | Page 6 from 27
QLEAN™ App Suite
QMEA Microsoft Exchange Audit
Microsoft Exchange Audit for IBM Security QRadar SIEM is an application for exporting Microsoft Exchange
Admin Audit and Mailbox Audit logs and forwarding log records via Syslog protocol (TCP/514) to the QRadar
Console in near real time. The log format generated by QMEA is automatically recognized by QRadar, so there
is no need to create a log source manually.
Supported Microsoft Exchange versions are:
• 2010 SP1+
• 2013
• 2016
Logs Collection
The initial collection gets audit data for the last 1 hour. The previous collection time can be reset by clicking
on the corresponding button in the configuration window to start another collection as an initial one. To
minimize potential performance impact on Exchange Server, only the last 24-hour audit logs are being collected
even if the previous collection occurred more than 24 hours ago.
QRadar Native Alternatives
These logs are not available via standard QRadar protocols. Third-party LogBinderEX solution is much more
expensive and requires agent installation on target servers.
License
QMEA is a commercial application by ScienceSoft with some of its functionality available for free. QMEA license
is required in case a user wants to collect data continuously in near real time. If no license is applied, data
collection can only be performed once per 6 hours.
IBM App Exchange
https://exchange.xforce.ibmcloud.com/hub/extension/8e56283e90649e00f4cb707c72a42c5e
© 2021 ScienceSoft™ | Page 7 from 27
QLEAN™ App Suite
QWAD WinCollect Assisted Deployment
QWAD WinCollect Assisted Deployment is designed to automatically install and configure IBM WinCollect Agent
in the unmanaged mode.
WinCollect is a Syslog event forwarder that administrators can use for forwarding events from Windows logs
to QRadar. With either a standalone or managed deployment scenario, WinCollect can provide an efficient and
convenient way to feed log data to the SIEM solution, not limited to native Windows audit journals but also
the majority of Windows services like IIS, DHCP, DNS, and others.
Many security architects realize that the integration of third-party agents into the corporate network is not an
easy process. Even when all corporate requirements for minor performance impact, code sustainability and
supportability are met, WinCollect agents still have to be deployed and configured all over the network. This
task requires permanent coordination with operating systems admins, engaging automation tools for
deployment, monitoring tools integration, manual interaction for specific log sources configuration on every
target system, troubleshooting, upgrade policies implementation, etc.
Once installed, QWAD easily covers the following scenarios:
• Deploy WinCollect agent all over the network* using different deployment, authentication and host
profiles for maximum flexibility;
• Automatically configure all log source types supported by WinCollect** custom logs polling;
• Filter out unnecessary events with X-Path;
• Deploy and configure Sysmon along with WinCollect, easily integrate with VirusTotal;
• Monitor the agent’s status, download remote agent logs for troubleshooting;
• Perform remote upgrade, re-configure agents (detect new Windows services) without re-installation;
• Avoid manual log sources creation: all automatically configured log sources are auto-detected in
QRadar;
• Plan and organize security-related infrastructure separately from operating systems infrastructure.
*Supported Operating Systems:
• Microsoft Windows 7
© 2021 ScienceSoft™ | Page 8 from 27
QLEAN™ App Suite
• Microsoft Windows 10
• Microsoft Windows 2003 Server
• Microsoft Windows 2008 Server
• Microsoft Windows 2008R2 Server
• Microsoft Windows 2012 Server
• Microsoft Windows 2012R2 Server
• Microsoft Windows 2016 Server
• Microsoft Windows 2019 Server
**Auto-configured Log Source Types:
• Microsoft Windows Security Log
• Microsoft Windows Application Log
• Microsoft Windows System Log
• Microsoft Directory Service Log
• Microsoft File Replication Service Log
• Microsoft Forwarded Event Log
• Microsoft SQL Log
• Microsoft IIS Log
• Microsoft DHCP Logs
• Microsoft Exchange: Outlook Web Access events (OWA)
• Microsoft Exchange: Simple Mail Transfer Protocol events (SMTP)
• Microsoft Exchange: Message Tracking Protocol events (MSGTRK)
• Microsoft DNS Debug Logs
• XPath Query and Sysmon Logs
• Custom Plain-Text Logs
• Custom IIS-Formatted Logs
© 2021 ScienceSoft™ | Page 9 from 27
QLEAN™ App Suite
QRadar Native Alternatives
There is no such native functionality in QRadar. All steps must be performed manually which is extremely
time-consuming.
License
QWAD is a commercial application by ScienceSoft with some of its functionality available for free. QWAD
license is required in case the user wants to get a fully functional solution. If no license is applied, QWAD will
be limited to three (3) target Windows hosts only for all deployment and monitoring tasks.
IBM App Exchange
https://exchange.xforce.ibmcloud.com/hub/extension/4f382fa29289032e03db51af981b74e5
© 2021 ScienceSoft™ | Page 10 from 27QLEAN™ App Suite
QIN Incident Notifier
QIN Incident Notifier is an application that notifies users about new triggered offenses and assigns offenses
to security analysts based on the following information: offense description, name of the rule that has triggered
the offense, offense category, payload of related events and/or flows.
As of version 1.0.1, notifications can be sent via the following messaging services:
• Email (custom templates allowed)
• Twilio SMS
• Telegram
• Slack
• Jira
• Teams
The main purpose of all SIEM systems is to know ASAP about any security incidents that have just happened.
IBM QRadar SIEM parses and correlates events from all kinds of sources and creates offenses whenever any
security incident happens.
There are out-of-the-box mechanisms, such as GUI and email notifications, that allow QRadar to notify security
analysts about offenses. While out-of-the-box email notifications work fine, they still lack some flexibility and
require some technical knowledge to create or edit an email template.
Also, by using vanilla QRadar an offense cannot be assigned to a specific analyst based on the type or content
of the offense.
© 2021 ScienceSoft™ | Page 11 from 27QLEAN™ App Suite
QIN allows administrators to perform these tasks simply and configure notifications to be sent not only via
email but also using SMS, Telegram, Slack, Jira and MS Teams messaging services.
QIN uses rules to make decisions on where and how to send notifications and to assign offenses to analysts,
as well as templates to determine the amount of information included in the message.
Every rule is based on a regex that can be applied to offense description, name of the rule that has triggered
the offense, offense category, or the actual payload of related events and/or flows. Integrated Rule Manager
and Template Editor make it so easy to configure the app.
© 2021 ScienceSoft™ | Page 12 from 27QLEAN™ App Suite
QRadar Native Alternatives
Out-of-the-box QRadar offense notification mechanism is limited and cannot assign offenses; email template
modification requires root access and does not support HTML tags. Native email notification can’t send offense
ID and event details in the same notification, and there is no option to include several related events/flows,
rule(s) details, and asset information.
License
QIN is a commercial application by ScienceSoft and it requires a license to unlock full functionality. Without a
license the following restrictions are applied:
• You are allowed to use only one Auto Assignment rule
• You are allowed to use only one email notification type
• Every email notification contains a “Free version” announcement
• Configuration backup is not available
IBM App Exchange
https://exchange.xforce.ibmcloud.com/hub/extension/7fcc709a5d2aa4eec6daca7192d8253c
© 2021 ScienceSoft™ | Page 13 from 27QLEAN™ App Suite
QDLA Dynamic License Allocator
QDLA Dynamic License Allocator for IBM Security QRadar SIEM is an application that dynamically re-allocates
EPS and FPM licenses across QRadar managed hosts to address the current EPS/FPM usage. It helps prevent
events/flows drops when one Managed host experiences an EPS/FPM outburst while the others have free
allocated capacity available.
QDLA allows the user to set minimum and maximum EPS/FPM values per host or exclude specific hosts from
dynamic re-allocation.
QRadar Native Alternatives
There is no such native functionality in QRadar. Users have to always monitor license consumption, and
overlooked spikes may cause data loss.
License
QDLA is a commercial application by ScienceSoft which requires a valid license to operate. Free 7-days trial
period with no restrictions is available upon installation.
IBM App Exchange
Coming soon.
© 2021 ScienceSoft™ | Page 14 from 27QLEAN™ App Suite
QDATA LDAP Data Enrichment
QDATA LDAP Data Enrichment for IBM Security QRadar SIEM is an application that synchronizes QRadar
Reference Sets and Tables content with the information from Active Directory and other LDAP-based storages.
QDATA supports multiple tasks for either periodic or scheduled synchronizations, complex LDAP queries,
advanced configuration, per-task statistics, and in-app logging.
QDATA is vital for developing rules that depend on specific account type or group of users.
Use cases include:
• Someone with Windows administrative account is accessing restricted servers;
• Users from the HR department are logged in to Sales file server;
• The Exchange server admin is accessing another person’s mailbox
Using a simple flat list with usernames (reference set), it is just a matter of configuring proper LDAP query in
QDATA and adding e.g. “when any of Username is contained in any of Corp_Admin_Accounts” as a rule test.
QRadar Native Alternatives
The official QRadar LDAP extension provides imported data in a format that cannot be used in correlation
rules.
License
QDATA is a free application by ScienceSoft. Open Source / Apache 2.
IBM App Exchange
https://exchange.xforce.ibmcloud.com/hub/extension/dacdef785326c3412d53d35cd90eb0b4
© 2021 ScienceSoft™ | Page 15 from 27QLEAN™ App Suite
QVTI VirusTotal Integration for Hash Checking
QVTI Virus Total Integration for IBM Security QRadar SIEM (aka QVTI) is an application for checking
software process hashes against VirusTotal database using VirusTotal public API.
QVTI checks file hashes against VirusTotal DB and generates offenses for malicious ones.
QVTI relies on the Sysmon log data collected with WinCollect agents.
Automatic Sysmon/WinCollect installation and configuration are possible with the QWAD WinCollect Assisted
Deployment application.
QRadar Native Alternatives
There is no such native functionality in QRadar. Users have to manually extract hashes from the payload and
upload them to VirusTotal.
License
QVTI is a free application by ScienceSoft. Open Source / Apache 2.
Paid VirusTotal subscription is optional and cannot be purchased through ScienceSoft.
IBM App Exchange
https://exchange.xforce.ibmcloud.com/hub/extension/958aef69ad1215d8c075c8ebc0fb7d2b
© 2021 ScienceSoft™ | Page 16 from 27QLEAN™ App Suite
QTOR Darknet Monitoring
QTOR Darknet/TOR Nodes Monitoring for IBM Security QRadar SIEM is an application that allows users to
easily monitor inbound and outbound connection to the Darknet via TOR relay and exit nodes.
QTOR requires Internet access to reach https://onionoo.torproject.org website which is used to gather
information about the active relay and exit TOR nodes.
QTOR package contains the following security content:
• QRadar application to poll TOR nodes;
• 2 custom rules for inbound and outbound TOR connections monitoring (works for events and flows).
QRadar Native Alternatives
There is no such native functionality in QRadar. Users have to manually extract and search for the required
data.
License
QTOR is a free application by ScienceSoft. Open Source / Apache 2.
IBM App Exchange
https://exchange.xforce.ibmcloud.com/hub/extension/9003eccba37a50232c19b43e6a682c9d
© 2021 ScienceSoft™ | Page 17 from 27QLEAN™ App Suite
QMLA Missing Logs Alert
QMLA Missing Logs Alert for IBM Security QRadar SIEM is an application that notifies users about Log Sources
that have stopped sending events.
QMLA uses QRadar log source groups and allows specifying a timeout for each group individually. Notifications
are generated and sent via a set of rules shipped with the application.
QMLA provides users with comprehensive information about Log Sources that have stopped sending events
including Log Source Name, Log Source Type, Log Source Group, the last time events seen from this Log
Source, etc.
QRadar Native Alternatives
QRadar provides notifications about Log Source groups that have stopped sending logs, but it requires a
separate custom rule to be implemented for each group. QRadar native notifications for idle groups do not
contain specific Log Source name, which makes it hard for administrators to identify it quickly.
License
Open Source / Apache 2.
IBM App Exchange
Available as a complimentary app within a commercial tool purchase.
© 2021 ScienceSoft™ | Page 18 from 27QLEAN™ App Suite
QLSI Log Source Inventory
QLSI Log Source Inventory for IBM Security QRadar SIEM is an application that generates periodical log
source reports in Excel format and sends them by email.
QLSI reports are:
• configurable;
• report data is separated by domains;
• include log sources with all possible statuses (OK, in error, warning/timeout, disabled, unknown);
• include all important log source information and a legend;
• presented in MS Excel format that allows users to easily sort and filter the data.
QRadar Native Alternatives
Log Source Management extension and QRadar reports allow exporting to CSV format which is not quite
convenient for analysis and reporting. QLSI report contains unique information that is not available from
standard exports, e.g. EPS values per each log source.
License
Open Source / Apache 2.
IBM App Exchange
Available as a complimentary app within a commercial tool purchase.
© 2021 ScienceSoft™ | Page 19 from 27QLEAN™ App Suite
QSSA Slow Search Alert
QSSA Slow Search Alert for IBM Security QRadar SIEM is an application that notifies users via email when
protracted active searches are detected in the system.
QRadar Native Alternatives
There is no such native functionality in QRadar.
License
Open Source / Apache 2.
IBM App Exchange
Available as a complimentary app within a commercial tool purchase.
© 2021 ScienceSoft™ | Page 20 from 27QLEAN™ App Suite
QOR Offense Reporter
QOR Offense Reporter for IBM Security QRadar SIEM is an application that generates periodical offense reports
in Excel format and sends them by email.
Offense Reports are:
• configurable;
• report data is separated by domains;
• include all offenses (active, inactive, closed);
• include a closing date, reason, notes, closed-by-user, etc.;
• presented in MS Excel format that allows users to easily sort and filter the data.
QRadar Native Alternatives
QRadar reports allow exporting offenses to CSV format which is not quite convenient for analysis and reporting.
QOR report also contains unique information that is not available in standard exported data, e.g. notes, closing
reasons, offense rule name, etc.
License
Open Source / Apache 2.
IBM App Exchange
Available as a complimentary app within a commercial tool purchase.
© 2021 ScienceSoft™ | Page 21 from 27QLEAN™ App Suite
QLED Log Source EPS Details
QLED Log Source EPS Details for IBM Security QRadar SIEM is an application that allows users to easily monitor
the number of events received by each log source and exceeding a configurable EPS threshold.
QLED does not utilize heavy AQL queries, but rather requests data via QRadar API, stores EPS statistics data
in a built-in database and visualizes it via charts in a new QRadar tab.
QRadar Native Alternatives
The native Top Log Sources dashboard shows the number of events instead of EPS (conversion/calculation is
needed), does not allow drilling down to details of specific event types – manual searching is required, and
utilizes heavy AQL queries.
License
Open Source / Apache 2.
IBM App Exchange
Available as a complimentary app within a commercial tool purchase.
© 2021 ScienceSoft™ | Page 22 from 27QLEAN™ App Suite
QEFC Exclude From Correlation
QEFC Exclude From Correlation for IBM Security QRadar SIEM is an extension that allows users to temporarily
prevent rules from generating new offenses for specific offense sources (username, IP address, etc.).
The application is useful when the incident response team has already identified a compromised host or
username and do not need further notifications for the same source until the asset is fully recovered.
QEFC package contains the following security content:
• QRadar application (a new button on the offense details page and configuration page in Admin tab);
• A custom rule which matches event/flow property (Username and Source IP by default) with data in
the reference set populated with a button click.
QRadar Native Alternatives
There is no such native functionality in QRadar. Analysts must manually change all rules that might trigger the
required property.
License
Open Source / Apache 2.
IBM App Exchange
Available as a complimentary app within a commercial tool purchase.
© 2021 ScienceSoft™ | Page 23 from 27QLEAN™ App Suite
QFSO Find Similar Offenses
QFSO Find Similar Offenses for IBM Security QRadar SIEM is an extension that adds a new button on the
offense details page. By clicking this button, users get a list of all offenses generated by the same rule. If
multiple rules contribute to the offense, users will be asked to select a specific rule. This application is useful
for speeding up offense investigations and tuning rules.
QRadar Native Alternatives
There is no such native functionality in QRadar. Analysts have to manually search for similar offenses.
License
Open Source / Apache 2.
IBM App Exchange
Available as a complimentary app within a commercial tool purchase.
© 2021 ScienceSoft™ | Page 24 from 27QLEAN™ App Suite
QDGA DGA Analyzer
QDGA DGA Analyzer for IBM Security QRadar SIEM is an application that includes rules and reference sets and
serves as a collector of "bad" domains that were created by Domain Generation Algorithms.
Using a special rule, these domains collected with specified log sources are put to a selected Reference Set.
Then, QDGA processes and filters collected domains by a trained neural network and notifies users via offenses
about detected suspicious domains.
QRadar Native Alternatives
DGA processing is available in the QRadar DNS Analyzer application. QDGA is a lightweight alternative to that
application.
License
Open Source / Apache 2.
IBM App Exchange
Available as a complimentary app within a commercial tool purchase.
© 2021 ScienceSoft™ | Page 25 from 27QLEAN™ App Suite
MITRE Windows Integration App
MITRE ATT&CK tactics for Microsoft Windows by ScienceSoft are based on logs provided by properly
configured Microsoft Sysmon tool.
System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system,
remains resident across system reboots to monitor and log system activity to the Windows event log. It
provides detailed information about process creations, network connections, and changes to file creation time.
By collecting its events into the SIEM and subsequently analyzing them, you can identify malicious or
anomalous activity, and understand how intruders and malware operate on your network.
While being thoroughly tested and tuned, some rules are disabled by default to prevent potential false-
positives in the production SIEM environment, so make sure to enable them after configuring Sysmon.
The rules can be easily mapped to MITRE Techniques using QRadar Use Case Manager.
The app includes detailed instructions and prepared configuration files to properly set up Sysmon and
WinCollect services on target systems.
QRadar Native Alternatives
There is no such native functionality in QRadar. All correlation rules must be developed and corresponding
configuration of target systems must be investigated and performed manually.
License
MITRE Windows Integration App is a commercial application by ScienceSoft with some of its functionality
available for free. The free version contains 78 correlation rules whereas the paid one provides 155 tactics.
IBM App Exchange
https://exchange.xforce.ibmcloud.com/hub/extension/23ac3448fff12a2f49a2ea44a63521a0
© 2021 ScienceSoft™ | Page 26 from 27QLEAN™ App Suite
MITRE Linux Integration App
MITRE ATT&CK tactics for Linux OS by ScienceSoft are based on auditd logs provided by a properly
configured auditing component.
Auditd is a userspace component for the UNIX Auditing System (Audit Daemon) that provides users with a
security auditing aspect in various Linux distributives. The set of rules developed by ScienceSoft includes
auditd configuration steps that must be performed in order to work properly for these rules.
Linux MITRE ATT&CK rules are well-tested and tuned. To start the work with the app, make sure to
enable the rules when the auditd configuration is done, as they are disabled by default in order to prevent
possible false-positives in the production SIEM environment.
The rules can be easily mapped to MITRE Techniques using QRadar Use Case Manager.
The app includes detailed instructions and prepared configuration files to properly set up syslog and auditd
components on target systems.
QRadar Native Alternatives
There is no such native functionality in QRadar. All correlation rules must be developed and corresponding
configuration of target systems must be investigated and performed manually.
License
MITRE Linux Integration App is a commercial application by ScienceSoft with some of its functionality available
for free. The free version contains 47 correlation rules out of 67 available in the paid one.
IBM App Exchange
https://exchange.xforce.ibmcloud.com/hub/extension/79d1dd8735f00396a524e4fa7d361a51
© 2021 ScienceSoft™ | Page 27 from 27You can also read
