Security information and event management (SIEM) systems actively and continuously collect and document security-related events across an organization, providing a security team with alerts about potential threats or vulnerabilities. Such systems are designed to provide a single view across the massive datasets generated daily regarding an organization’s enterprise security, based on parameters defined by an administrator to distinguish between normal and anomalous events. Security teams use this information to detect trends and patterns that may signal a threat. Today, however, an average large organization can generate hundreds of thousands or even millions of security alerts a day, making it virtually impossible for the information security team to determine which alerts point to real risks and which ones are meaningless. With no reliable or automated way to mine those alerts for actionable security intelligence, security teams are drowning in a sea of data with very little chance of finding the real threats.