{"metadata": {"customerIDString": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "offset": 79082668, "eventType": "IdentityProtectionEvent", "eventCreationTime": 1720767468943, "version": "1.0"}, "event": {"IncidentType": "Privilege escalation (user)", "IncidentDescription": "Privilege escalation (user)", "Severity": 0, "SeverityName": "INFO", "StartTime": 1720767468816, "EndTime": 1720767468816, "IdentityProtectionIncidentId": "4577b161-dddd-cccc-bbbbb-aaaaaaaaaaaa", "UserName": "CORP.TESTLABS.COM\\onaruto", "EndpointName": "", "EndpointIp": "", "Category": "Detections", "NumbersOfAlerts": 1, "NumberOfCompromisedEntities": 1, "State": "NEW", "FalconHostLink": "https://falcon.crowdstrike.com/identity-protection/detections/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:ind:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx:4577B161-DDDD-CCCC-BBBBB-AAAAAAAAAAAA"}, "ta_data": {"Feed_id": "0", "Multiple_feeds": "False", "Cloud_environment": "us_commercial", "TA_version": "3.2.1", "Input": "TestlabsCrwd", "App_id": "TestlabsSplunkPoV", "Event_types": "['All']", "Initial_start": "historic"}}