Worked on enhancing the Kubernetes audit log parser within the SEKOIA-IO/intake-formats repository, focusing on improving user attribution for impersonation events. Developed logic to extract usernames and groups from the impersonatedUser field when present, with a fallback to the user field to ensure continuity and prevent data loss. This approach maintained backward compatibility with existing parsing workflows while enriching audit data for downstream analytics and alerting. Utilized YAML for configuration and applied skills in data ingestion and log parsing to deliver a robust feature that strengthens security monitoring by reducing ambiguity in audit logs and supporting more accurate event attribution.