How would you build a script to extract security events from logs and summarize them for Cisco analysts?