Addressed Copilot review comments

Author: ParthaI

docs/tables/github_security_log/queries.md

@@ -603,7 +603,7 @@ Identify peak activity hours for security events.
 
 ```sql
 select
-  extract(hour from "@timestamp") as hour_of_day,
+  extract(hour from timestamp) as hour_of_day,
   count(*) as event_count
 from
   github_security_log

tables/security_log/security_log_mapper.go

@@ -37,7 +37,7 @@ func (m *SecurityLogMapper) Map(ctx context.Context, a any, _ ...mappers.MapOpti
 			return nil, error_types.NewRowErrorWithMessage("invalid json string")
 		}
 	default:
-		slog.Error("unable to map security log record: expected string/*string, got %T", a)
+		slog.Error("unable to map security log record: expected string/*string", "got_type", fmt.Sprintf("%T", a))
 		return nil, error_types.NewRowErrorWithMessage("unable to map row, invalid type received")
 	}
 

tables/security_log/security_log_table.go

@@ -42,14 +42,8 @@ func (t *SecurityLogTable) EnrichRow(row *SecurityLog, sourceEnrichmentFields sc
 
 	// Parse timestamp from the @timestamp field
 	if row.Timestamp != nil {
-		if timestamp, err := time.Parse(time.RFC3339, row.Timestamp.Format(time.RFC3339)); err == nil {
-			row.TpTimestamp = timestamp
-		} else {
-			// Fallback to current time if parsing fails
-			row.TpTimestamp = time.Now()
-		}
-	} else {
-		row.TpTimestamp = time.Now()
+		row.TpTimestamp = *row.Timestamp
+		row.TpDate = row.TpTimestamp.Truncate(24 * time.Hour)
 	}
 
 	row.TpIngestTimestamp = time.Now()
@@ -62,10 +56,6 @@ func (t *SecurityLogTable) EnrichRow(row *SecurityLog, sourceEnrichmentFields sc
 		row.TpUsernames = append(row.TpUsernames, *row.User)
 	}
 
-	// Note: Security logs don't typically have direct IP fields like audit logs
-	// We would need to extract from additional fields if available
-
-	row.TpDate = row.TpTimestamp.Truncate(24 * time.Hour)
 	return row, nil
 }