Problem: Raw server logs are noisy and unstructured. Single events rarely indicate attacks. Security teams need to identify patterns over time to detect reconnaissance, automation, and abnormal ...