{
  "dataset": "authentication_events",
  "vendor": "Microsoft",
  "product": "Active Directory",
  "log_type": "authentication",
  "raw_log": "{\"EventID\":4625,\"AccountName\":\"jsmith\",...}",
  "timestamp": "2024-01-15T10:28:00.000Z",
  "tenant_id": "xsiam-tenant-001",
  "event_id": "evt-20240115-102800-002"
}