Arm the SOC to "repel" attackers. Reduce MTTR to threats, mean time to containment. Data ingest to Elastic - cloud, OS, cloud, containers, etc. Building on top of a compromised container? Stop at runtime. Advanced Entity Analytics. Baseline of what's "normal". Bubble up what's "not normal".