This document discusses security analytics for detection and response. It summarizes collecting data from various sources, normalizing and enriching the data, indexing it, performing automated detection using machine learning, and interactive analysis and response. Key parts of the platform include collecting data using Beats, normalizing it with Elastic Common Schema, enriching it with contextual data, indexing it in Elasticsearch, detecting threats via dynamic correlation and machine learning, and responding by integrating alerts with other systems.