In the cybersecurity world, identifying and contrasting cyber attacks necessitates the synergistic deployment of diverse tools. These tools generate streams of alerts and isolated data, with different log formats and data schema, often demanding manual correlation for comprehensive analysis and response. The Splunk State of Security 2023 report [1] underscores that 64% of Security Operations Center (SOC) teams face challenges transitioning between security tools due to limited integration. The collected data cannot be seamlessly combined, hindering the ability to obtain a holistic view of the security environment. Cybersecurity teams find themselves dedicating significant time and effort to manually normalize data across diverse tools.