Abstract: A method includes receiving, from a source from a plurality of sources, data associated with an event at the source. The data includes an event timestamp and an event data-frame. The method includes defining a standardized event based on the event by parsing the data to map predefined data fields within the event data-frame based on predefined standardization rules, calculating a representative identifier for the event by providing a representation of the standardized event as an input to a predefined function, defining an identifier for the event based on the representative identifier, calculating a distance of the identifier to an identifier associated with each event cohort from a plurality of event cohorts, assigning the event to an event cohort from the plurality of event cohorts based on the distance meeting a criterion of that cohort, and identifying an anomalous event based on the distance exceeding a predetermined threshold.

Abstract: A method includes receiving, from a source from a plurality of sources, data associated with an event at the source. The data includes an event timestamp and an event data-frame. The method includes defining a standardized event based on the event by parsing the data to map predefined data fields within the event data-frame based on predefined standardization rules, calculating a representative identifier for the event by providing a representation of the standardized event as an input to a predefined function, defining an identifier for the event based on the representative identifier, calculating a distance of the identifier to an identifier associated with each event cohort from a plurality of event cohorts, assigning the event to an event cohort from the plurality of event cohorts based on the distance meeting a criterion of that cohort, and identifying an anomalous event based on the distance exceeding a predetermined threshold.