Start with: * [Using the Security Event Graph to Drive Alert Prioritization][1] by Sift Security [1]: http://blog.siftsecurity.com/2017/09/using-security-event-graph-to-drive.html
