diff --git a/data_library/ioc/ul.log b/data_library/ioc/ul.log
new file mode 100644
index 0000000..98688a5
--- /dev/null
+++ b/data_library/ioc/ul.log
@@ -0,0 +1,49 @@
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.apple.Safari","category":"navigation","process":"Safari","pid":901,"ppid":1,"user":"alice","event_type":"http_request","message":"Navigated to https://cdn-media-stream[.]net","path":null,"network":{"direction":"outbound","protocol":"https","remote_ip":"104.248.89.146","remote_port":443},"result":"success"},
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.apple.Safari","category":"download","process":"Safari","pid":901,"ppid":1,"user":"alice","event_type":"download_start","message":"Download initiated","path":"/Users/alice/Downloads/eicar_test.sh","network":null,"result":"success"},
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.apple.securityd","category":"file","process":"Safari","pid":901,"ppid":1,"user":"alice","event_type":"file_write","message":"Browser wrote file to disk","path":"/Users/alice/Downloads/eicar_test.sh","network":null,"result":"success"},
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.apple.launchservices","category":"process","process":"bash","pid":1451,"ppid":901,"user":"alice","event_type":"process_launch","message":"Shell spawned immediately after download","path":"/bin/bash","network":null,"result":"success"},
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.apple.endpointsecurity","category":"execution","process":"bash","pid":1451,"ppid":901,"user":"alice","event_type":"file_execute","message":"Executed downloaded script","path":"/Users/alice/Downloads/eicar_test.sh","network":null,"result":"success"},
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.apple.XProtectFramework","category":"malware","process":"bash","pid":1451,"ppid":901,"user":"alice","event_type":"signature_match","message":"EICAR-Test-File detected","path":"/Users/alice/Downloads/eicar_test.sh","network":null,"result":"success"},
+
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.google.Chrome","category":"navigation","process":"Google Chrome","pid":933,"ppid":1,"user":"alice","event_type":"http_request","message":"Visited streaming resource","path":null,"network":{"direction":"outbound","protocol":"https","remote_ip":"195.184.76.65","remote_port":443},"result":"success"},
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.google.Chrome","category":"download","process":"Google Chrome","pid":933,"ppid":1,"user":"alice","event_type":"download_start","message":"Download initiated","path":"/Users/alice/Downloads/eicar_test.sh","network":null,"result":"success"},
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.apple.launchservices","category":"process","process":"sh","pid":1492,"ppid":933,"user":"alice","event_type":"process_launch","message":"Child shell launched from Chrome","path":"/bin/sh","network":null,"result":"success"},
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.apple.endpointsecurity","category":"execution","process":"sh","pid":1492,"ppid":933,"user":"alice","event_type":"file_execute","message":"Executed recently written file","path":"/Users/alice/Downloads/eicar_test.sh","network":null,"result":"success"},
+
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"org.mozilla.firefox","category":"navigation","process":"Firefox","pid":977,"ppid":1,"user":"alice","event_type":"http_request","message":"Navigated to external media endpoint","path":null,"network":{"direction":"outbound","protocol":"https","remote_ip":"171.231.182.106","remote_port":443},"result":"success"},
+
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.apple.coreservices","category":"file","process":"coreservicesd","pid":410,"ppid":1,"user":"root","event_type":"file_write","message":"File written to cache directory","path":"/Users/alice/Library/Caches/com.apple.Safari/cache.tmp","network":null,"result":"success"},
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.apple.coreservices","category":"file","process":"coreservicesd","pid":410,"ppid":1,"user":"root","event_type":"file_write","message":"Additional cache artifact created","path":"/Users/alice/Library/Caches/com.apple.Safari/blob_18472","network":null,"result":"success"},
+
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.apple.securityd","category":"decision","process":"securityd","pid":222,"ppid":1,"user":"root","event_type":"policy_evaluation","message":"Cache directory anomaly detected","path":"/Users/alice/Library/Caches","network":null,"result":"success"},
+
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.apple.networkextension","category":"containment","process":"neagent","pid":601,"ppid":1,"user":"root","event_type":"network_isolation","message":"Host quarantined from network","path":null,"network":{"direction":"outbound","protocol":null,"remote_ip":null,"remote_port":null},"result":"success"},
+
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.apple.metrics","category":"snapshot","process":"metricsextension","pid":711,"ppid":1,"user":"root","event_type":"memory_snapshot","message":"In-memory execution snapshot captured","path":null,"network":null,"result":"success"},
+
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.apple.metrics","category":"cache","process":"metricsextension","pid":711,"ppid":1,"user":"root","event_type":"cache_analysis","message":"Cache directory used as primary telemetry source","path":"/Users/alice/Library/Caches","network":null,"result":"success"}
+
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.apple.Safari","category":"navigation","process":"Safari","pid":901,"ppid":1,"user":"alice","event_type":"http_request","message":"Navigated to https://cdn-media-stream[.]net","path":null,"network":{"direction":"outbound","protocol":"https","remote_ip":"104.248.89.146","remote_port":443},"result":"success"},
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.apple.Safari","category":"download","process":"Safari","pid":901,"ppid":1,"user":"alice","event_type":"download_start","message":"Download initiated","path":"/Users/alice/Downloads/eicar_test.sh","network":null,"result":"success"},
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.apple.securityd","category":"file","process":"Safari","pid":901,"ppid":1,"user":"alice","event_type":"file_write","message":"Browser wrote file to disk","path":"/Users/alice/Downloads/eicar_test.sh","network":null,"result":"success"},
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.apple.launchservices","category":"process","process":"bash","pid":1451,"ppid":901,"user":"alice","event_type":"process_launch","message":"Shell spawned immediately after download","path":"/bin/bash","network":null,"result":"success"},
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.apple.endpointsecurity","category":"execution","process":"bash","pid":1451,"ppid":901,"user":"alice","event_type":"file_execute","message":"Executed downloaded script","path":"/Users/alice/Downloads/eicar_test.sh","network":null,"result":"success"},
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.apple.XProtectFramework","category":"malware","process":"bash","pid":1451,"ppid":901,"user":"alice","event_type":"signature_match","message":"EICAR-Test-File detected","path":"/Users/alice/Downloads/eicar_test.sh","network":null,"result":"success"},
+
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.google.Chrome","category":"navigation","process":"Google Chrome","pid":933,"ppid":1,"user":"alice","event_type":"http_request","message":"Visited streaming resource","path":null,"network":{"direction":"outbound","protocol":"https","remote_ip":"195.184.76.65","remote_port":443},"result":"success"},
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.google.Chrome","category":"download","process":"Google Chrome","pid":933,"ppid":1,"user":"alice","event_type":"download_start","message":"Download initiated","path":"/Users/alice/Downloads/eicar_test.sh","network":null,"result":"success"},
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.apple.launchservices","category":"process","process":"sh","pid":1492,"ppid":933,"user":"alice","event_type":"process_launch","message":"Child shell launched from Chrome","path":"/bin/sh","network":null,"result":"success"},
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.apple.endpointsecurity","category":"execution","process":"sh","pid":1492,"ppid":933,"user":"alice","event_type":"file_execute","message":"Executed recently written file","path":"/Users/alice/Downloads/eicar_test.sh","network":null,"result":"success"},
+
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"org.mozilla.firefox","category":"navigation","process":"Firefox","pid":977,"ppid":1,"user":"alice","event_type":"http_request","message":"Navigated to external media endpoint","path":null,"network":{"direction":"outbound","protocol":"https","remote_ip":"171.231.182.106","remote_port":443},"result":"success"},
+
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.apple.coreservices","category":"file","process":"coreservicesd","pid":410,"ppid":1,"user":"root","event_type":"file_write","message":"File written to cache directory","path":"/Users/alice/Library/Caches/com.apple.Safari/cache.tmp","network":null,"result":"success"},
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.apple.coreservices","category":"file","process":"coreservicesd","pid":410,"ppid":1,"user":"root","event_type":"file_write","message":"Additional cache artifact created","path":"/Users/alice/Library/Caches/com.apple.Safari/blob_18472","network":null,"result":"success"},
+
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.apple.securityd","category":"decision","process":"securityd","pid":222,"ppid":1,"user":"root","event_type":"policy_evaluation","message":"Cache directory anomaly detected","path":"/Users/alice/Library/Caches","network":null,"result":"success"},
+
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.apple.networkextension","category":"containment","process":"neagent","pid":601,"ppid":1,"user":"root","event_type":"network_isolation","message":"Host quarantined from network","path":null,"network":{"direction":"outbound","protocol":null,"remote_ip":null,"remote_port":null},"result":"success"},
+
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.apple.metrics","category":"snapshot","process":"metricsextension","pid":711,"ppid":1,"user":"root","event_type":"memory_snapshot","message":"In-memory execution snapshot captured","path":null,"network":null,"result":"success"},
+
+{"timestamp":"%Y-%m-%dT%H:%M:%S.%3NZ","host":"ceos-macboo","subsystem":"com.apple.metrics","category":"cache","process":"metricsextension","pid":711,"ppid":1,"user":"root","event_type":"cache_analysis","message":"Cache directory used as primary telemetry source","path":"/Users/alice/Library/Caches","network":null,"result":"success"}
\ No newline at end of file
diff --git a/docs/development.md b/docs/development.md
index 72f997b..5ba2915 100644
--- a/docs/development.md
+++ b/docs/development.md
@@ -19,3 +19,20 @@ make build
 ```bash
 make test
 ```
+
+## Adding a Data Library
+
+To add a new data library, create a directory under `data_library/` with your log files:
+
+```bash
+mkdir -p data_library/my-dataset
+# Add your log files to data_library/my-dataset/
+```
+
+The `filegen` generator automatically discovers and reads files from data library directories. Use it with:
+
+```bash
+./blitz --generator-type=filegen --generator-filegen-source=data_library/my-dataset --output-type=stdout
+```
+
+The generator reads files line-by-line and supports timestamp directives (e.g., `%Y-%m-%dT%H:%M:%SZ`) for dynamic timestamp generation.