Given a scenario where you need to normalize and parse logs from various AWS services to correlate events and identify potential security threats, which approach would you take? Consider the log formats from CloudTrail, VPC Flow Logs, and ELB access logs.
