{"metadata": {"customerIDString": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "offset": 79682841, "eventType": "IdentityProtectionEvent", "eventCreationTime": 1721028869603, "version": "1.0"}, "event": {"IncidentType": "Access from IP with bad reputation", "IncidentDescription": "Access from IP with bad reputation", "Severity": 6, "SeverityName": "MEDIUM", "StartTime": 1721028281000, "EndTime": 1721028281000, "IdentityProtectionIncidentId": "4577b161-dddd-cccc-bbbbb-aaaaaaaaaaaa", "UserName": "TESTLAB.COM\\ppedro", "EndpointName": "", "EndpointIp": "", "Category": "Detections", "NumbersOfAlerts": 1, "NumberOfCompromisedEntities": 1, "State": "NEW", "FalconHostLink": "https://falcon.crowdstrike.com/identity-protection/detections/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:ind:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:4577b161-dddd-cccc-bbbbb-aaaaaaaaaaaa"}, "ta_data": {"Feed_id": "0", "Multiple_feeds": "False", "Cloud_environment": "us_commercial", "TA_version": "3.2.1", "Input": "TestlabCrwd", "App_id": "TestlabSplunkPoV", "Event_types": "['All']", "Initial_start": "historic"}}