diff --git a/Sample Data/Custom/Salem_CL.json b/Sample Data/Custom/Salem_CL.json
new file mode 100644
index 0000000000..2538b3d58a
--- /dev/null
+++ b/Sample Data/Custom/Salem_CL.json	
@@ -0,0 +1,127 @@
+[
+  {
+    "TenantId": "00000000-0000-0000-0000-000000000000",
+    "SourceSystem": "RestAPI",
+    "TimeGenerated [UTC]": "7/30/2023, 7:19:16.731 PM",
+    "Computer": "",
+    "RawData": "",
+    "report_time_t [UTC]": "7/30/2023, 7:19:15.361 PM",
+    "id_g": "00000000-0000-0000-0000-000000000001",
+    "date_s": "7/30/2023",
+    "receive_time_s": 1690744624,
+    "alert_source_s": "sentinel",
+    "raw_s": "{'custom_details': {}, 'earliest': '2023-07-16 19:12:00Z', 'entities': [{'$id': '3', 'Name': 'Partner-Integration', 'Type': 'account'}], 'incident_id': 550, 'latest': '2023-07-30 19:12:01Z'}",
+    "alert_name_s": "Service Principal Authentication Attempt from New Country",
+    "parsed_s": "{'earliest': '2023-07-16 19:12:00Z', 'entities': [{'$id': '3', 'Name': 'Partner-Integration', 'Type': 'account'}], 'incident_id': 550, 'latest': '2023-07-30 19:12:01Z', 'account': ['Partner-Integration'], 'alert_name': 'Service Principal Authentication Attempt from New Country'}",
+    "context_s": "{'action': ['authentication'], 'account': ['shared_access_key']}",
+    "actions_s": "['default_context_lookup', 'naming-convention-admin-users-ActionConf', 'naming-convention-service-accounts-ActionConf', 'naming-convention-domain-account-ActionConf', 'email-domains-ActionConf', 'default_account_match', 'demo_svc_account', 'system_account', 'default_anonymous', 'UserGen_account.regular_user_1676650826', 'UserGen_account.regular_user_1679064922']",
+    "prediction_s": [
+      0.8330117799341679,
+      0.8330117799341679
+    ],
+    "updated_by_s": [],
+    "incident_s": 1,
+    "source_s": "Salem",
+    "Type": "SalemAlerts_CL"
+  },
+  {
+    "TenantId": "00000000-0000-0000-0000-000000000002",
+    "SourceSystem": "RestAPI",
+    "TimeGenerated [UTC]": "7/27/2023, 11:13:26.097 AM",
+    "Computer": "",
+    "RawData": "",
+    "report_time_t [UTC]": "7/27/2023, 11:13:24.722 AM",
+    "id_g": "00000000-0000-0000-0000-000000000003",
+    "date_s": "7/27/2023",
+    "receive_time_s": 1690456295,
+    "alert_source_s": "sentinel",
+    "raw_s": "{'custom_details': {'app': ['Miro'], 'account': ['jan.bragg@example.com'], 'result': ['50074'], 'description': ['Strong Authentication is required.']}, 'earliest': '2023-07-26 11:06:30Z', 'entities': [{'$id': '3', 'Name': 'jan.bragg', 'UPNSuffix': 'example.com', 'Type': 'account'}, {'$id': '4', 'Address': '2600:0000:0000:0000:0000:0000:0000:f0e1', 'Type': 'ip'}], 'incident_id': 543, 'latest': '2023-07-27 11:06:31Z'}",
+    "alert_name_s": "Successful logon from IP and failure from a different IP",
+    "parsed_s": "{'custom_details__app': ['Miro'], 'custom_details__account': ['jan.bragg@example.com'], 'custom_details__result': ['50074'], 'custom_details__description': ['Strong Authentication is required.'], 'earliest': '2023-07-26 11:06:30Z', 'entities': [{'$id': '3', 'Name': jan.bragg', 'UPNSuffix': 'example.com', 'Type': 'account'}, {'$id': '4', 'Address': '2600:0000:0000:0000:0000:0000:0000:f0e1', 'Type': 'ip'}], 'incident_id': 543, 'latest': '2023-07-27 11:06:31Z', 'account': ['jan.bragg'], 'alert_name': 'Successful logon from IP and failure from a different IP'}",
+    "context_s": "{'action': ['authentication'], 'dest': ['cloud_service'], 'program':['approved_program']}",
+    "actions_s": "['default_context_lookup', 'naming-convention-admin-users-ActionConf', 'naming-convention-service-accounts-ActionConf', 'naming-convention-domain-account-ActionConf', 'email-domains-ActionConf', 'default_account_match', 'demo_svc_account', 'system_account', 'default_anonymous', 'UserGen_account.regular_user_1676650826', 'UserGen_account.regular_user_1679064922', 'UserGen_action.failure_1680017671', 'UserGen_action.failure_1680099173', 'UserGen_action.failure_1680532569', 'UserGen_action.failure_1688659161']",
+    "prediction_s": [
+      0.4487365037202835,
+      0.2812345498983101
+    ],
+    "updated_by_s": [],
+    "incident_s": 0,
+    "source_s": "Salem",
+    "Type": "SalemAlerts_CL"
+  },
+  {
+    "TenantId": "00000000-0000-0000-0000-000000000003",
+    "SourceSystem": "RestAPI",
+    "TimeGenerated [UTC]": "7/27/2023, 7:35:38.856 PM",
+    "Computer": "",
+    "RawData": "",
+    "report_time_t [UTC]": "7/27/2023, 7:35:37.094 PM",
+    "id_g": "00000000-0000-0000-0000-000000000004",
+    "date_s": "7/27/2023",
+    "receive_time_s": 1690486413,
+    "alert_source_s": "sentinel",
+    "raw_s": "{'custom_details': {}, 'earliest': '2023-07-20 19:28:29Z', 'entities': [{'$id': '3', 'Name': 'jan.bragg', 'UPNSuffix': 'example.com', 'IsDomainJoined': True, 'DisplayName': 'jan.bragg@example.com', 'Type': 'account'}, {'$id': '4', 'Address': '123.123.123.123', 'Type': 'ip'}], 'incident_id': 544, 'latest': '2023-07-27 19:28:30Z'}",
+    "alert_name_s": "Failed login attempts to Azure Portal",
+    "parsed_s": "{'earliest': '2023-07-20 19:28:29Z', 'entities': [{'$id': '3', 'Name': 'jan.bragg', 'UPNSuffix': 'example.com', 'IsDomainJoined': True, 'DisplayName': 'jan.bragg@example.com', 'Type': 'account'}, {'$id': '4', 'Address': '123.123.123.123', 'Type': 'ip'}], 'incident_id': 544, 'latest': '2023-07-27 19:28:30Z', 'account': ['jan.bragg'], 'alert_name': 'Failed login attempts to Azure Portal'}",
+    "context_s": "{'action': ['authentication', 'expected_aciton'], 'dest': ['cloud_service']}",
+    "actions_s": "['default_context_lookup', 'naming-convention-admin-users-ActionConf', 'naming-convention-service-accounts-ActionConf', 'naming-convention-domain-account-ActionConf', 'email-domains-ActionConf', 'default_account_match', 'demo_svc_account', 'system_account', 'default_anonymous', 'UserGen_account.regular_user_1676650826', 'UserGen_account.regular_user_1679064922']",
+    "prediction_s": [
+      0.4976343959569931,
+      0.1197867461203676
+    ],
+    "updated_by_s": [],
+    "incident_s": 0,
+    "source_s": "Salem",
+    "Type": "SalemAlerts_CL"
+  },
+  {
+    "TenantId": "00000000-0000-0000-0000-000000000004",
+    "SourceSystem": "RestAPI",
+    "TimeGenerated [UTC]": "7/27/2023, 7:53:22.111 PM",
+    "Computer": "",
+    "RawData": "",
+    "report_time_t [UTC]": "7/27/2023, 7:53:21.738 PM",
+    "id_g": "00000000-0000-0000-0000-000000000005",
+    "date_s": "7/27/2023",
+    "receive_time_s": 1690487481,
+    "alert_source_s": "sentinel",
+    "raw_s": "{'custom_details': {'country': ['LV'], 'user_agent': ['[\"Dalvik/2.1.0 (Linux; U; Android 13; Pixel 6 Build/TQ3A.230705.001) ;Pixel 6\"]'], 'src_host': ['[\"\"]'], 'src_ip': ['[\"123.123.123.123\"]'], 'result': ['[\"0 - \"]'], 'user': ['jan.bragg@example.com']}, 'earliest': '2023-07-13 19:46:17Z', 'entities': [{'$id': '3', 'Name': 'jan.bragg', 'UPNSuffix': 'example.com', 'IsDomainJoined': True, 'DisplayName': 'jan.bragg@example.com', 'Type': 'account'}], 'incident_id': 545, 'latest': '2023-07-27 19:46:18Z'}",
+    "alert_name_s": "Authentication Attempt from New Country",
+    "parsed_s": "{'custom_details__country': ['LV'], 'custom_details__user_agent': ['[\"Dalvik/2.1.0 (Linux; U; Android 13; Pixel 6 Build/TQ3A.230705.001) ;Pixel 6\"]'], 'custom_details__src_host': ['[\"\"]'], 'custom_details__src_ip': ['[\"123.123.123.123\"]'], 'custom_details__result': ['[\"0 - \"]'], 'custom_details__user': ['jan.bragg@example.com'], 'earliest': '2023-07-13 19:46:17Z', 'entities': [{'$id': '3', 'Name': 'jan.bragg', 'UPNSuffix': 'example.com', 'IsDomainJoined': True, 'DisplayName': 'jan.bragg@example.com', 'Type': 'account'}], 'incident_id': 545, 'latest': '2023-07-27 19:46:18Z', 'account': ['jan.bragg'], 'alert_name': 'Authentication Attempt from New Country'}",
+    "context_s": "{'action': ['authentication'] 'account': ['on_travel', 'domain_account']}",
+    "actions_s": "['default_context_lookup', 'naming-convention-admin-users-ActionConf', 'naming-convention-service-accounts-ActionConf', 'naming-convention-domain-account-ActionConf', 'email-domains-ActionConf', 'default_account_match', 'demo_svc_account', 'system_account', 'default_anonymous', 'UserGen_account.regular_user_1676650826', 'UserGen_account.regular_user_1679064922', 'UserGen_action.failure_1680017671', 'UserGen_action.unapproved_action_1680017995', 'UserGen_action.failure_1680099173', 'UserGen_action.failure_1680532569', 'UserGen_action.failure_1688659161']",
+    "prediction_s": [
+      0.4487365037202835,
+      0.3422004755431098
+    ],
+    "updated_by_s": [],
+    "incident_s": 0,
+    "source_s": "Salem",
+    "Type": "SalemAlerts_CL"
+  },
+  {
+    "TenantId": "00000000-0000-0000-0000-000000000006",
+    "SourceSystem": "RestAPI",
+    "TimeGenerated [UTC]": "7/25/2023, 2:42:40.263 PM",
+    "Computer": "",
+    "RawData": "",
+    "report_time_t [UTC]": "7/25/2023, 2:42:37.783 PM",
+    "id_g": "00000000-0000-0000-0000-000000000007",
+    "date_s": "7/25/2023",
+    "receive_time_s": 1690296007,
+    "alert_source_s": "sentinel",
+    "raw_s": "{'custom_details': {'city': ['Mumbai'], 'src_os': ['Windows 10'], 'account': ['jan.bragg@example.com'], 'process': ['Edge 18.19045'], 'logon_type': ['AADNonInteractiveUserSignInLogs'], 'region': ['IN'], 'src': ['[\"123.123.123.123\",\"123.123.123.124\"]'], 'app': ['Microsoft Office'], 'result': ['[\"failure\"]']}, 'earliest': '2023-07-24 14:35:02Z', 'entities': [{'$id': '3', 'Name': 'jan.bragg', 'UPNSuffix': 'example.com', 'IsDomainJoined': True, 'DisplayName': 'jan.bragg@example.com', 'Type': 'account'}], 'incident_id': 541, 'latest': '2023-07-25 14:35:03Z'}",
+    "alert_name_s": "Attempt to bypass conditional access rule in Azure AD",
+    "parsed_s": "{'custom_details__city': ['Mumbai'], 'custom_details__src_os': ['Windows 10'], 'custom_details__account': ['jan.bragg@example.com'], 'custom_details__process': ['Edge 18.19045'], 'custom_details__logon_type': ['AADNonInteractiveUserSignInLogs'], 'custom_details__region': ['IN'], 'custom_details__src': ['[\"123.123.123.123\",\"123.123.123.124\"]'], 'custom_details__app': ['Microsoft Office'], 'custom_details__result': ['[\"failure\"]'], 'earliest': '2023-07-24 14:35:02Z', 'entities': [{'$id': '3', 'Name': 'jan.bragg', 'UPNSuffix': 'example.com', 'IsDomainJoined': True, 'DisplayName': 'jan.bragg@example.com', 'Type': 'account'}], 'incident_id': 541, 'latest': '2023-07-25 14:35:03Z', 'account': ['jan.bragg'], 'alert_name': 'Attempt to bypass conditional access rule in Azure AD'}",
+    "context_s": "{'dest': ['cloud_service'], 'action': ['authentication', 'failure'], 'account':['mfa_enabled']}",
+    "actions_s": "['default_context_lookup', 'naming-convention-admin-users-ActionConf', 'naming-convention-service-accounts-ActionConf', 'naming-convention-domain-account-ActionConf', 'email-domains-ActionConf', 'default_account_match', 'demo_svc_account', 'system_account', 'default_anonymous', 'UserGen_account.regular_user_1676650826', 'UserGen_account.regular_user_1679064922', 'UserGen_action.failure_1680017671', 'UserGen_action.failure_1680099173', 'UserGen_action.failure_1680532569', 'UserGen_action.failure_1688659161']",
+    "prediction_s": [
+      0.49763429164886475,
+      0.0329890876554427
+    ],
+    "updated_by_s": [],
+    "incident_s": 0,
+    "source_s": "Salem",
+    "Type": "SalemAlerts_CL"
+  }
+]
\ No newline at end of file