Abstract: Disclosed techniques include integrated cybersecurity threat management. A plurality of network-connected cybersecurity threat protection applications is accessed. A plurality of heterogeneous log files is ingested, wherein the log files are generated by at least two of the cybersecurity threat protection applications. The plurality of heterogeneous log files that were ingested is evaluated to enable identification of cybersecurity threat protection application capabilities. Each of the plurality of log files is sorted. The sorting enables identification of cybersecurity threat protection elements among the plurality of log files. The cybersecurity threat protection elements that were identified are integrated. The integrated cybersecurity threat protection elements are evaluated. At least one response for cybersecurity threat management is generated, based on a result of the evaluating. The response is provided to a cybersecurity threat management entity.

Abstract: Disclosed techniques include cybersecurity threat management using impact scoring. A plurality of cybersecurity threat protection applications is accessed. A first cybersecurity threat notification is received from one of the plurality of cybersecurity threat protection applications. An impact score is dynamically assigned to the first cybersecurity threat notification, wherein the assigning an impact score is based on information about a device for which the first cybersecurity threat notification was received. The impact score is weighted based on an evaluation of a user of the device for which the first cybersecurity threat notification was received. The weighting is further based on evaluation of device owners and evaluation of an asset. The information about a device and information about one or more users of the device comprise impact score metadata. The first cybersecurity threat notification is responded to, based on the impact score. The dynamically assigning includes the impact score metadata.

Abstract: Disclosed techniques include cybersecurity threat management using element mapping. A plurality of cybersecurity threat protection applications is accessed. The cybersecurity threat protection applications include at least two different data management schemas. A first mapping of each of the plurality of cybersecurity threat protection applications is integrated. The first mapping includes a transformation of outputs of each of the plurality of cybersecurity threat protection applications. A second mapping of each of the plurality of cybersecurity threat protection applications is integrated. The second mapping includes a transformation of inputs of each of the plurality of cybersecurity threat protection applications. Cybersecurity is managed for a data network, based on data collected through the first mapping and data transmitted through the second mapping. The integrating a first mapping and a second mapping comprises a universal data layer for cybersecurity management.