US Patent 10885393 Scalable incident-response and forensics toolkit

Techniques for performing data analytics using anomaly detection systems and methods are disclosed. The anomaly detection system provides an incident response and monitoring solution, built for distributed processing, that streamlines cyber defense by unifying datasets, via a data translator, from sensors and tools into a uniform schema to provide real-time anomaly detection, via an anomaly detection system that may prevent malware from establishing a foothold on the network. The anomaly detection system may allow for the scalability to provide large-scale data aggregation and anomaly detection without compromising performance. The anomaly detection system may use a distributed architecture to support advanced cyber threat detection across large datasets in real-time for monitoring and rapid incident response. The anomaly detection system may leverage open protocols and interfaces to promote third-party support for development and interoperability.