This question is primarily directed to @bapowell, but I encourage others to please add any thoughts or suggestions. Brian, I just saw your bio while reading the CMB primers, and thought you may have some ideas on cybersecurity data analytics. Some background: I've been in cybersecurity since 2000, and have been using Splunk for anomaly detection and investigation for just over a year now. Instead of opting for Splunk's SIEM package, I've been developing our anomaly detection logic from scratch, which has evolved over time to include any combination of the following: volume (count) commonality (count distinct entities) frequency (relative time comparison) variance (entity or population z-score) Am I missing any ways of looking at the data? Variance detection was the last major evolution in my efforts, and now I am looking for the next one. I will say my reseach and testing in machine learning was a bit of a dud, since I could only ever achieve ~80% accuracy instead of high 90s like I was hoping for, but this may have been a limitation of my abilities.