diff --git a/README.md b/README.md
index 6c910f2..75442af 100644
--- a/README.md
+++ b/README.md
@@ -89,6 +89,7 @@ workspaces/custom_parser/          # workspace root
 │   └── custom_parser.py           # CoreParser-based template
 ├── tests/
 │   └── test_custom_parser.py      # generated from template to test custom_parser
+├── data.json                      # example data to run the code
 ├── LICENSE.md                     # copied from main project
 ├── .gitignore                     # copied from main project
 ├── .pre-commit-config.yaml        # copied from main project
diff --git a/docs/basic_usage.md b/docs/basic_usage.md
index 4207789..b24141f 100644
--- a/docs/basic_usage.md
+++ b/docs/basic_usage.md
@@ -1,9 +1,155 @@
 
 # Getting started:  Basic usage
 
-Basic usage of the DetectMate Library.
+In this section, we will show different examples of the basic usage of the DetectMate Library.
 
+## Parser
 
+In this example, we will use the [`MatcherParser`](parsers/template_matcher.md) to parse audit data from the [AIT Log Data Set V2.0](https://zenodo.org/records/5789064). The code loads the logs, parse them and save the input and output in json files using [`from_to`](helper/from_to.md) module.
+
+```python
+from detectmatelibrary.parsers.template_matcher import MatcherParser
+from detectmatelibrary.helper.from_to import From, To
+
+
+config_dict = {
+    "parsers": {
+        "MatcherParser": {
+            "auto_config": True,
+            "method_type": "matcher_parser",
+            "path_templates": "ait_audit.txt",
+            "log_format": r'type=<Type> msg=audit\(<Time>:<Serial>\): <Content>'
+        }
+    }
+}
+parser = MatcherParser(name="MatcherParser", config=config_dict)
+
+
+for i, log in enumerate(From.log(parser, "audit.log", do_process=False)):
+    To.json(log, "logs.json")
+
+    parsed_log = parser.process(log)
+    To.json(parsed_log, "parsed_log.json")
+
+```
+
+The logs will be saved in `logs.json` in this format:
+
+```json
+{
+"0": {
+        "log": "type=USER_ACCT msg=audit(1642723741.072:375): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "__version__": "1.0.0",
+        "hostname": "",
+        "logSource": "",
+        "logID": "0"
+    },
+...
+}
+```
+And the `parsed_log.json`:
+
+```json
+{
+    "0": {
+        "parserID": "MatcherParser",
+        "parsedLogID": "10",
+        "logID": "0",
+        "parsedTimestamp": 1772027171,
+        "logFormatVariables": {
+            "Type": "USER_ACCT",
+            "Serial": "375",
+            "Time": "1642723741.072",
+            "Content": "pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+        },
+        "__version__": "1.0.0",
+        "receivedTimestamp": 1772027171,
+        "variables": [
+            "10125",
+            "0",
+            "4294967295",
+            "4294967295",
+            "PAM:accounting",
+            "\"root\"",
+            "\"/usr/sbin/cron\"",
+            "?",
+            "?",
+            "cron",
+            "success"
+        ],
+        "log": "type=USER_ACCT msg=audit(1642723741.072:375): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "parserType": "matcher_parser",
+        "EventID": 0,
+        "template": "pid=<*> uid=<*> auid=<*> ses=<*> msg='op=<*> acct=<*> exe=<*> hostname=<*> addr=<*> terminal=<*> res=<*>'"
+    },
+...
+}
+```
+
+## Detector
+
+In this example, we will use the [`RandomDetector`](detectors/random_detector.md) with the parsed logs from the previous example.
+
+```python
+from detectmatelibrary.parsers.template_matcher import MatcherParser
+from detectmatelibrary.helper.from_to import From, To, FromTo
+
+config_dict = {
+    "detectors": {
+        "RandomDetector": {
+            "auto_config": False,
+            "method_type": "random_detector",
+            "params": {},
+            "events": {
+                1: {
+                    "test": {
+                        "params": {},
+                        "variables": [{
+                            "pos": 0,
+                            "name": "process",
+                            "params": {
+                                "threshold": 0.
+                            }
+                        }]
+                    }
+                }
+            }
+        }
+    }
+}
+detector =  RandomDetector(name="RandomDetector", config=config_dict)
+
+for alert in FromTo.json2json(detector, "parsed_log.json", "alerts.json"):
+    if alert is not None:
+        print("Anomaly detected!")
+```
+
+The alerts will be saved in `alerts.json` in this format:
+
+```json
+{
+    "0": {
+        "extractedTimestamps": [
+            1642723752
+        ],
+        "receivedTimestamp": 1772032073,
+        "score": 1.0,
+        "detectionTimestamp": 1772032073,
+        "alertID": "10",
+        "detectorType": "random_detector",
+        "detectorID": "RandomDetector",
+        "description": "",
+        "__version__": "1.0.0",
+        "logIDs": [
+            "6"
+        ],
+        "alertsObtain": {
+            "process": "1.0"
+        }
+    },
+...
+}
+```
 
 
 Go back to [Index](index.md), to previous step: [Installation](installation.md) or to next step: [Create new component](create_components.md).
diff --git a/docs/create_components.md b/docs/create_components.md
index aaac1cb..2debd11 100644
--- a/docs/create_components.md
+++ b/docs/create_components.md
@@ -5,7 +5,7 @@ DetectMateLibrary includes a small CLI helper to bootstrap standalone workspaces
 for custom parsers and detectors. This is useful if you want to develop and test
 components in isolation while still using the same library and schemas.
 
-### Usage
+## Usage
 
 The CLI entry point is `mate` with a `create` command:
 
@@ -20,7 +20,7 @@ mate create --type <parser|detector> --name <workspace_name> --dir <target_dir>
 | `--dir`  | Directory where the workspace will be created                                                                                                                                 |
 
 
-### What gets generated
+## What gets generated
 
 For example:
 
@@ -37,6 +37,7 @@ workspaces/custom_parser/          # workspace root
 │   └── custom_parser.py           # CoreParser-based template
 ├── tests/
 │   └── test_custom_parser.py      # generated from template to test custom_parser
+├── data.json                      # example data to run the code
 ├── LICENSE.md                     # copied from main project
 ├── .gitignore                     # copied from main project
 ├── .pre-commit-config.yaml        # copied from main project
@@ -44,7 +45,13 @@ workspaces/custom_parser/          # workspace root
 └── README.md                      # setup instructions
 ```
 
+## Add component to DetectMateLibrary
 
+To add the new component to the `DetectMateLibrary`, you need to add the component file to the specific folder and update the import paths.
 
+* **Detector**: Add the detector file component in `src/detectmatelibrary/detectors` and the unit tests in `tests/test_detectors`.
+* **Parsers**: Add the parser file component in `src/detectmatelibrary/parsers` and the unit tests in `tests/test_parsers`.
 
-Go back to [Index](index.md), to previous step: [Basic usage](basic_usage.md) or to next step: [Implement new component](implement_components.md).
+Once that is complete, **ensure that all unit tests and the pre-commit process are successful**.
+
+Go back to [Index](index.md), to previous step: [Basic usage](basic_usage.md).
diff --git a/docs/implement_components.md b/docs/implement_components.md
deleted file mode 100644
index f1c0a31..0000000
--- a/docs/implement_components.md
+++ /dev/null
@@ -1,7 +0,0 @@
-
-
-# Getting started: Implement new component
-
-
-
-Go back to [Index](index.md) or to previous step: [Create new component](create_components.md).
diff --git a/docs/index.md b/docs/index.md
index 8225cfb..d8dd0d0 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -11,7 +11,6 @@ List of steps to follow for new users of the library:
 * [Installation](installation.md): steps to install all the components need it.
 * [Basic usage](basic_usage.md): create a basic script with the different components.
 * [Create new component](create_components.md): guide to use the mate commands.
-* [Implement new component](implement_components.md): guide to implement your own component.
 
 ## Components
 
diff --git a/mkdocs.yml b/mkdocs.yml
index 5e675f2..b2b0de9 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -10,7 +10,6 @@ nav:
     - Installation: installation.md
     - Basic usage: basic_usage.md
     - Create new component: create_components.md
-    - Implement new component: implement_components.md
   - Components:
     - Overall architecture: overall_architecture.md
     - Schemas: schemas.md
diff --git a/src/detectmatelibrary/common/core.py b/src/detectmatelibrary/common/core.py
index 229c91d..e17c550 100644
--- a/src/detectmatelibrary/common/core.py
+++ b/src/detectmatelibrary/common/core.py
@@ -120,7 +120,7 @@ def process(self, data: BaseSchema | bytes) -> BaseSchema | bytes | None:
             logger.info(f"<<{self.name}>> returns None")
             return None
 
-        logger.info(f"<<{self.name}>> processed:\n{output_}")
+        logger.debug(f"<<{self.name}>> processed:\n{output_}")
         return SchemaPipeline.postprocess(output_, is_byte=is_byte)
 
     def get_config(self) -> Dict[str, Any]:
diff --git a/src/tools/workspace/create_workspace.py b/src/tools/workspace/create_workspace.py
index eb582c1..4045713 100644
--- a/src/tools/workspace/create_workspace.py
+++ b/src/tools/workspace/create_workspace.py
@@ -11,6 +11,10 @@
 TEMPLATE_DIR = BASE_DIR / "workspace" / "templates"
 
 META_FILES = ["LICENSE.md", ".gitignore", ".pre-commit-config.yaml"]
+DATA_FILES = {
+    "parser": "src/tools/workspace/templates/data/logs.json",
+    "detector": "src/tools/workspace/templates/data/parsed_log.json"
+}
 
 
 def copy_file(src: Path, dst: Path) -> None:
@@ -61,6 +65,7 @@ def create_tests(type_: str, name: str, workspace_root: Path, pkg_name: str) ->
     # replace the remaining occurrences of CustomParser/CustomDetector
     # with the new class name (inside the tests)
     content = content.replace(base_class, new_class)
+    content = content.replace(f'"custom_{type_}"', f'"{name}_{type_}"')
     content = content.rstrip() + "\n"
 
     test_file.write_text(content)
@@ -106,6 +111,7 @@ def create_workspace(type_: str, name: str, target_dir: Path) -> None:
         original_class = f"Custom{type_.capitalize()}"
         new_class = camelize(name)
         template_content = template_content.replace(original_class, new_class)
+        template_content = template_content.replace(f"custom_{type_}", f"{name}_{type_}")
 
         target_code_file.write_text(template_content)
 
@@ -116,6 +122,9 @@ def create_workspace(type_: str, name: str, target_dir: Path) -> None:
 
     create_tests(type_=type_, name=name, workspace_root=workspace_root, pkg_name=pkg_name)
 
+    # Copy data
+    copy_file(PROJECT_ROOT / DATA_FILES[type_], workspace_root / "data.json")
+
     # Copy meta/root files
     for file_name in META_FILES:
         src = PROJECT_ROOT / file_name
diff --git a/src/tools/workspace/templates/CustomDetector.py b/src/tools/workspace/templates/CustomDetector.py
index a182bad..07f6b8d 100644
--- a/src/tools/workspace/templates/CustomDetector.py
+++ b/src/tools/workspace/templates/CustomDetector.py
@@ -2,6 +2,7 @@
 
 from detectmatelibrary.common.detector import CoreDetector, CoreDetectorConfig
 from detectmatelibrary.utils.data_buffer import BufferMode
+from detectmatelibrary.helper.from_to import From
 from detectmatelibrary import schemas
 
 
@@ -54,3 +55,12 @@ def detect(
             output_["alertsObtain"]["type"] = "Anomaly detected by CustomDetector"  # Additional info
 
         return result
+
+
+if __name__ == "__main__":
+
+    print(detector := CustomDetector())
+
+    print("Running with data...")
+    for alerts in From.json(detector, "data.json"):
+        print(alerts)
diff --git a/src/tools/workspace/templates/CustomParser.py b/src/tools/workspace/templates/CustomParser.py
index 38fa2cb..a40a932 100644
--- a/src/tools/workspace/templates/CustomParser.py
+++ b/src/tools/workspace/templates/CustomParser.py
@@ -1,6 +1,7 @@
 from typing import Any
 
 from detectmatelibrary.common.parser import CoreParser, CoreParserConfig
+from detectmatelibrary.helper.from_to import From
 from detectmatelibrary import schemas
 
 
@@ -43,3 +44,12 @@ def parse(
         output_["EventID"] = 2  # Number of the log template
         output_["variables"].extend(["dummy_variable"])  # Variables found in the log
         output_["template"] = "This is a dummy template"  # Log template
+
+
+if __name__ == "__main__":
+
+    print(parser := CustomParser())
+
+    print("Running with data...")
+    for parsed_log in From.json(parser, "data.json"):
+        print(parsed_log)
diff --git a/src/tools/workspace/templates/data/logs.json b/src/tools/workspace/templates/data/logs.json
new file mode 100644
index 0000000..bdcda27
--- /dev/null
+++ b/src/tools/workspace/templates/data/logs.json
@@ -0,0 +1,86 @@
+{
+    "0": {
+        "log": "type=USER_ACCT msg=audit(1642723741.072:375): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "__version__": "1.0.0",
+        "hostname": "",
+        "logSource": "",
+        "logID": "0"
+    },
+    "1": {
+        "log": "type=CRED_ACQ msg=audit(1642723741.072:376): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "__version__": "1.0.0",
+        "hostname": "",
+        "logSource": "",
+        "logID": "1"
+    },
+    "2": {
+        "log": "type=LOGIN msg=audit(1642723741.076:377): pid=10125 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=65 res=1",
+        "__version__": "1.0.0",
+        "hostname": "",
+        "logSource": "",
+        "logID": "2"
+    },
+    "3": {
+        "log": "type=USER_START msg=audit(1642723741.080:378): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "__version__": "1.0.0",
+        "hostname": "",
+        "logSource": "",
+        "logID": "3"
+    },
+    "4": {
+        "log": "type=CRED_DISP msg=audit(1642723741.084:379): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "__version__": "1.0.0",
+        "hostname": "",
+        "logSource": "",
+        "logID": "4"
+    },
+    "5": {
+        "log": "type=USER_END msg=audit(1642723741.084:380): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_close acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "__version__": "1.0.0",
+        "hostname": "",
+        "logSource": "",
+        "logID": "5"
+    },
+    "6": {
+        "log": "type=SERVICE_START msg=audit(1642723752.624:381): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
+        "__version__": "1.0.0",
+        "hostname": "",
+        "logSource": "",
+        "logID": "6"
+    },
+    "7": {
+        "log": "type=SERVICE_STOP msg=audit(1642723752.624:382): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
+        "__version__": "1.0.0",
+        "hostname": "",
+        "logSource": "",
+        "logID": "7"
+    },
+    "8": {
+        "log": "type=USER_ACCT msg=audit(1642724221.094:383): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "__version__": "1.0.0",
+        "hostname": "",
+        "logSource": "",
+        "logID": "8"
+    },
+    "9": {
+        "log": "type=CRED_ACQ msg=audit(1642724221.098:384): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "__version__": "1.0.0",
+        "hostname": "",
+        "logSource": "",
+        "logID": "9"
+    },
+    "10": {
+        "log": "type=LOGIN msg=audit(1642724221.098:385): pid=10197 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=66 res=1",
+        "__version__": "1.0.0",
+        "hostname": "",
+        "logSource": "",
+        "logID": "10"
+    },
+    "11": {
+        "log": "type=USER_START msg=audit(1642724221.102:386): pid=10197 uid=0 auid=0 ses=66 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "__version__": "1.0.0",
+        "hostname": "",
+        "logSource": "",
+        "logID": "11"
+    }
+}
\ No newline at end of file
diff --git a/src/tools/workspace/templates/data/parsed_log.json b/src/tools/workspace/templates/data/parsed_log.json
new file mode 100644
index 0000000..412fd63
--- /dev/null
+++ b/src/tools/workspace/templates/data/parsed_log.json
@@ -0,0 +1,368 @@
+{
+    "0": {
+        "parserID": "MatcherParser",
+        "parsedLogID": "10",
+        "logID": "0",
+        "parsedTimestamp": 1772027171,
+        "logFormatVariables": {
+            "Type": "USER_ACCT",
+            "Serial": "375",
+            "Time": "1642723741.072",
+            "Content": "pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+        },
+        "__version__": "1.0.0",
+        "receivedTimestamp": 1772027171,
+        "variables": [
+            "10125",
+            "0",
+            "4294967295",
+            "4294967295",
+            "PAM:accounting",
+            "\"root\"",
+            "\"/usr/sbin/cron\"",
+            "?",
+            "?",
+            "cron",
+            "success"
+        ],
+        "log": "type=USER_ACCT msg=audit(1642723741.072:375): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "parserType": "matcher_parser",
+        "EventID": 0,
+        "template": "pid=<*> uid=<*> auid=<*> ses=<*> msg='op=<*> acct=<*> exe=<*> hostname=<*> addr=<*> terminal=<*> res=<*>'"
+    },
+    "1": {
+        "parserID": "MatcherParser",
+        "parsedLogID": "11",
+        "logID": "1",
+        "parsedTimestamp": 1772027171,
+        "logFormatVariables": {
+            "Type": "CRED_ACQ",
+            "Serial": "376",
+            "Time": "1642723741.072",
+            "Content": "pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+        },
+        "__version__": "1.0.0",
+        "receivedTimestamp": 1772027171,
+        "variables": [
+            "10125",
+            "0",
+            "4294967295",
+            "4294967295",
+            "PAM:setcred",
+            "\"root\"",
+            "\"/usr/sbin/cron\"",
+            "?",
+            "?",
+            "cron",
+            "success"
+        ],
+        "log": "type=CRED_ACQ msg=audit(1642723741.072:376): pid=10125 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "parserType": "matcher_parser",
+        "EventID": 0,
+        "template": "pid=<*> uid=<*> auid=<*> ses=<*> msg='op=<*> acct=<*> exe=<*> hostname=<*> addr=<*> terminal=<*> res=<*>'"
+    },
+    "2": {
+        "parserID": "MatcherParser",
+        "parsedLogID": "12",
+        "logID": "2",
+        "parsedTimestamp": 1772027171,
+        "logFormatVariables": {
+            "Type": "LOGIN",
+            "Serial": "377",
+            "Time": "1642723741.076",
+            "Content": "pid=10125 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=65 res=1"
+        },
+        "__version__": "1.0.0",
+        "receivedTimestamp": 1772027171,
+        "variables": [
+            "10125",
+            "0",
+            "4294967295",
+            "0",
+            "(none)",
+            "4294967295",
+            "65",
+            "1"
+        ],
+        "log": "type=LOGIN msg=audit(1642723741.076:377): pid=10125 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=65 res=1",
+        "parserType": "matcher_parser",
+        "EventID": 2,
+        "template": "pid=<*> uid=<*> old-auid=<*> auid=<*> tty=<*> old-ses=<*> ses=<*> res=<*>"
+    },
+    "3": {
+        "parserID": "MatcherParser",
+        "parsedLogID": "13",
+        "logID": "3",
+        "parsedTimestamp": 1772027171,
+        "logFormatVariables": {
+            "Type": "USER_START",
+            "Serial": "378",
+            "Time": "1642723741.080",
+            "Content": "pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+        },
+        "__version__": "1.0.0",
+        "receivedTimestamp": 1772027171,
+        "variables": [
+            "10125",
+            "0",
+            "0",
+            "65",
+            "PAM:session_open",
+            "\"root\"",
+            "\"/usr/sbin/cron\"",
+            "?",
+            "?",
+            "cron",
+            "success"
+        ],
+        "log": "type=USER_START msg=audit(1642723741.080:378): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "parserType": "matcher_parser",
+        "EventID": 0,
+        "template": "pid=<*> uid=<*> auid=<*> ses=<*> msg='op=<*> acct=<*> exe=<*> hostname=<*> addr=<*> terminal=<*> res=<*>'"
+    },
+    "4": {
+        "parserID": "MatcherParser",
+        "parsedLogID": "14",
+        "logID": "4",
+        "parsedTimestamp": 1772027171,
+        "logFormatVariables": {
+            "Type": "CRED_DISP",
+            "Serial": "379",
+            "Time": "1642723741.084",
+            "Content": "pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+        },
+        "__version__": "1.0.0",
+        "receivedTimestamp": 1772027171,
+        "variables": [
+            "10125",
+            "0",
+            "0",
+            "65",
+            "PAM:setcred",
+            "\"root\"",
+            "\"/usr/sbin/cron\"",
+            "?",
+            "?",
+            "cron",
+            "success"
+        ],
+        "log": "type=CRED_DISP msg=audit(1642723741.084:379): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "parserType": "matcher_parser",
+        "EventID": 0,
+        "template": "pid=<*> uid=<*> auid=<*> ses=<*> msg='op=<*> acct=<*> exe=<*> hostname=<*> addr=<*> terminal=<*> res=<*>'"
+    },
+    "5": {
+        "parserID": "MatcherParser",
+        "parsedLogID": "15",
+        "logID": "5",
+        "parsedTimestamp": 1772027171,
+        "logFormatVariables": {
+            "Type": "USER_END",
+            "Serial": "380",
+            "Time": "1642723741.084",
+            "Content": "pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_close acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+        },
+        "__version__": "1.0.0",
+        "receivedTimestamp": 1772027171,
+        "variables": [
+            "10125",
+            "0",
+            "0",
+            "65",
+            "PAM:session_close",
+            "\"root\"",
+            "\"/usr/sbin/cron\"",
+            "?",
+            "?",
+            "cron",
+            "success"
+        ],
+        "log": "type=USER_END msg=audit(1642723741.084:380): pid=10125 uid=0 auid=0 ses=65 msg='op=PAM:session_close acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "parserType": "matcher_parser",
+        "EventID": 0,
+        "template": "pid=<*> uid=<*> auid=<*> ses=<*> msg='op=<*> acct=<*> exe=<*> hostname=<*> addr=<*> terminal=<*> res=<*>'"
+    },
+    "6": {
+        "parserID": "MatcherParser",
+        "parsedLogID": "16",
+        "logID": "6",
+        "parsedTimestamp": 1772027171,
+        "logFormatVariables": {
+            "Type": "SERVICE_START",
+            "Serial": "381",
+            "Time": "1642723752.624",
+            "Content": "pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'"
+        },
+        "__version__": "1.0.0",
+        "receivedTimestamp": 1772027171,
+        "variables": [
+            "1",
+            "0",
+            "4294967295",
+            "4294967295",
+            "phpsessionclean",
+            "\"systemd\"",
+            "\"/lib/systemd/systemd\"",
+            "?",
+            "?",
+            "?",
+            "success"
+        ],
+        "log": "type=SERVICE_START msg=audit(1642723752.624:381): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
+        "parserType": "matcher_parser",
+        "EventID": 1,
+        "template": "pid=<*> uid=<*> auid=<*> ses=<*> msg='unit=<*> comm=<*> exe=<*> hostname=<*> addr=<*> terminal=<*> res=<*>'"
+    },
+    "7": {
+        "parserID": "MatcherParser",
+        "parsedLogID": "17",
+        "logID": "7",
+        "parsedTimestamp": 1772027171,
+        "logFormatVariables": {
+            "Type": "SERVICE_STOP",
+            "Serial": "382",
+            "Time": "1642723752.624",
+            "Content": "pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'"
+        },
+        "__version__": "1.0.0",
+        "receivedTimestamp": 1772027171,
+        "variables": [
+            "1",
+            "0",
+            "4294967295",
+            "4294967295",
+            "phpsessionclean",
+            "\"systemd\"",
+            "\"/lib/systemd/systemd\"",
+            "?",
+            "?",
+            "?",
+            "success"
+        ],
+        "log": "type=SERVICE_STOP msg=audit(1642723752.624:382): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=phpsessionclean comm=\"systemd\" exe=\"/lib/systemd/systemd\" hostname=? addr=? terminal=? res=success'",
+        "parserType": "matcher_parser",
+        "EventID": 1,
+        "template": "pid=<*> uid=<*> auid=<*> ses=<*> msg='unit=<*> comm=<*> exe=<*> hostname=<*> addr=<*> terminal=<*> res=<*>'"
+    },
+    "8": {
+        "parserID": "MatcherParser",
+        "parsedLogID": "18",
+        "logID": "8",
+        "parsedTimestamp": 1772027171,
+        "logFormatVariables": {
+            "Type": "USER_ACCT",
+            "Serial": "383",
+            "Time": "1642724221.094",
+            "Content": "pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+        },
+        "__version__": "1.0.0",
+        "receivedTimestamp": 1772027171,
+        "variables": [
+            "10197",
+            "0",
+            "4294967295",
+            "4294967295",
+            "PAM:accounting",
+            "\"root\"",
+            "\"/usr/sbin/cron\"",
+            "?",
+            "?",
+            "cron",
+            "success"
+        ],
+        "log": "type=USER_ACCT msg=audit(1642724221.094:383): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "parserType": "matcher_parser",
+        "EventID": 0,
+        "template": "pid=<*> uid=<*> auid=<*> ses=<*> msg='op=<*> acct=<*> exe=<*> hostname=<*> addr=<*> terminal=<*> res=<*>'"
+    },
+    "9": {
+        "parserID": "MatcherParser",
+        "parsedLogID": "19",
+        "logID": "9",
+        "parsedTimestamp": 1772027171,
+        "logFormatVariables": {
+            "Type": "CRED_ACQ",
+            "Serial": "384",
+            "Time": "1642724221.098",
+            "Content": "pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+        },
+        "__version__": "1.0.0",
+        "receivedTimestamp": 1772027171,
+        "variables": [
+            "10197",
+            "0",
+            "4294967295",
+            "4294967295",
+            "PAM:setcred",
+            "\"root\"",
+            "\"/usr/sbin/cron\"",
+            "?",
+            "?",
+            "cron",
+            "success"
+        ],
+        "log": "type=CRED_ACQ msg=audit(1642724221.098:384): pid=10197 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "parserType": "matcher_parser",
+        "EventID": 0,
+        "template": "pid=<*> uid=<*> auid=<*> ses=<*> msg='op=<*> acct=<*> exe=<*> hostname=<*> addr=<*> terminal=<*> res=<*>'"
+    },
+    "10": {
+        "parserID": "MatcherParser",
+        "parsedLogID": "20",
+        "logID": "10",
+        "parsedTimestamp": 1772027171,
+        "logFormatVariables": {
+            "Type": "LOGIN",
+            "Serial": "385",
+            "Time": "1642724221.098",
+            "Content": "pid=10197 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=66 res=1"
+        },
+        "__version__": "1.0.0",
+        "receivedTimestamp": 1772027171,
+        "variables": [
+            "10197",
+            "0",
+            "4294967295",
+            "0",
+            "(none)",
+            "4294967295",
+            "66",
+            "1"
+        ],
+        "log": "type=LOGIN msg=audit(1642724221.098:385): pid=10197 uid=0 old-auid=4294967295 auid=0 tty=(none) old-ses=4294967295 ses=66 res=1",
+        "parserType": "matcher_parser",
+        "EventID": 2,
+        "template": "pid=<*> uid=<*> old-auid=<*> auid=<*> tty=<*> old-ses=<*> ses=<*> res=<*>"
+    },
+    "11": {
+        "parserID": "MatcherParser",
+        "parsedLogID": "21",
+        "logID": "11",
+        "parsedTimestamp": 1772027171,
+        "logFormatVariables": {
+            "Type": "USER_START",
+            "Serial": "386",
+            "Time": "1642724221.102",
+            "Content": "pid=10197 uid=0 auid=0 ses=66 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'"
+        },
+        "__version__": "1.0.0",
+        "receivedTimestamp": 1772027171,
+        "variables": [
+            "10197",
+            "0",
+            "0",
+            "66",
+            "PAM:session_open",
+            "\"root\"",
+            "\"/usr/sbin/cron\"",
+            "?",
+            "?",
+            "cron",
+            "success"
+        ],
+        "log": "type=USER_START msg=audit(1642724221.102:386): pid=10197 uid=0 auid=0 ses=66 msg='op=PAM:session_open acct=\"root\" exe=\"/usr/sbin/cron\" hostname=? addr=? terminal=cron res=success'",
+        "parserType": "matcher_parser",
+        "EventID": 0,
+        "template": "pid=<*> uid=<*> auid=<*> ses=<*> msg='op=<*> acct=<*> exe=<*> hostname=<*> addr=<*> terminal=<*> res=<*>'"
+    }
+}
\ No newline at end of file
diff --git a/src/tools/workspace/utils.py b/src/tools/workspace/utils.py
index 516ee66..3fd13ec 100644
--- a/src/tools/workspace/utils.py
+++ b/src/tools/workspace/utils.py
@@ -27,7 +27,6 @@ def create_readme(name: str, ws_type: str, target_impl: Path, target_dir: Path)
         target_dir (Path): Directory where the README will be created.
     """
     # Import path to the implementation module, e.g. "MyCoolThing.MyCoolThing"
-    impl_module = f"{target_dir.name}.{target_impl.stem}"
 
     readme_text = textwrap.dedent(
         f"""
@@ -79,7 +78,7 @@ def create_readme(name: str, ws_type: str, target_impl: Path, target_dir: Path)
 
         ```bash
         # Install Git hooks from .pre-commit-config.yaml using prek
-        prek install
+        uv sync
 
         # You can run all hooks on the full codebase with:
         # prek run --all-files
@@ -87,59 +86,24 @@ def create_readme(name: str, ws_type: str, target_impl: Path, target_dir: Path)
 
         After this, hooks will run automatically on each commit.
 
-        ## Alternative setup (pip instead of uv)
-
-        If you prefer plain `pip`, you can set things up like this instead:
-
-        ```bash
-        cd <workspace-root>
-
-        # Create a virtual environment
-        python -m venv .venv
-
-        # Activate it
-        source .venv/bin/activate         # Linux/macOS
-        # .venv\\Scripts\\activate          # Windows
-
-        # Install the project in editable mode with dev dependencies
-        pip install -e .[dev]
-        ```
-
-        With `pip`, `prek` will still be available from the virtual environment,
-        and you can use the same `prek install` command to install hooks.
 
         ## Next steps
 
-        Open `{target_impl.name}` and implement your custom {ws_type}.
-
-        ## (Optional) Run it as a Service
+        Open `{target_impl.name}` and implement your custom {ws_type}. Execute it with example data doing:
 
-        You can run your {ws_type} as a Service using the DetectMateService, which is added as
-        an optional dependency in the `dev` extras.
-
-        For this, create a settings file (e.g., `service_settings.yaml`) in the workspace root,
-        which could look like this:
-
-        ```yaml
-        component_name: {name}
-        component_type: {impl_module}.{name}
-        component_config_class: {impl_module}.{name}Config
-        log_level: DEBUG
-        log_dir: ./logs
-        manager_addr: ipc:///tmp/{name.lower()}_cmd.ipc
-        engine_addr: ipc:///tmp/{name.lower()}_engine.ipc
+        ```python
+        python {target_impl.name.replace('.py', '')}/{target_impl.name}
         ```
+        and run the custom unit tests doing:
 
-        Then start your {ws_type} service with:
-
-        ```bash
-        detectmate start --settings service_settings.yaml
+        ```python
+        python -m pytest
         ```
 
-        For more info about DetectMate Service, see https://github.com/ait-detectmate/DetectMateService.
+        For more information check the official documentation:
 
-        Make sure you run this command from within the virtual environment where you installed
-        this workspace (e.g. after `uv venv && source .venv/bin/activate`).
+        * [DetectMateLibrary](https://ait-detectmate.github.io/DetectMateLibrary/latest/)
+        * [DetectMateService](https://ait-detectmate.github.io/DetectMateService/latest/)
         """
     ).strip() + "\n"
 
diff --git a/tests/test_workspace/test_create_workspace.py b/tests/test_workspace/test_create_workspace.py
index ddca99f..189a050 100644
--- a/tests/test_workspace/test_create_workspace.py
+++ b/tests/test_workspace/test_create_workspace.py
@@ -44,6 +44,7 @@ def test_create_parser_workspace(temp_dir: Path):
     assert (workspace_root / ".gitignore").exists()
     assert (workspace_root / ".pre-commit-config.yaml").exists()
     assert (workspace_root / "README.md").exists()
+    assert (workspace_root / "data.json").exists()
 
     # Python files live in package directory
     py_files = list(pkg_dir.glob("*.py"))