format_input.py

import re
import sys
import os

def detect_log_type(log_data):
    if "device_name" in log_data and "src_ip" in log_data and "dst_ip" in log_data:
        return "sophos"
    elif "userPrincipalName" in log_data and "ipAddress" in log_data:
        return "azure-sign-in"
    elif "src" in log_data and "dest" in log_data and "severity" in log_data:
        return "palo-alto"
    elif "UserId" in log_data and "ClientIP" in log_data and "Operation" in log_data:
        return "office365"
    else:
        return "Unknown"