Artificial intelligence controller orchestrating network components for a cyber threat defense

What is claimed is: 1. A method for a cyber threat protection system, comprising: analyzing input data on entities associated with a network using one or more models that are self-learning Artificial Intelligence models trained on a normal behavior of users and devices associated with the network; where a normal behavior benchmark is used by a given model as a benchmark of parameters that correspond to a normal pattern of life for the network, and the normal behavior benchmark allows that self-learning model to spot behavior on the network that falls outside the parameters set by the normal behavior benchmark; comparing the analyzed input data on one or more of the entities associated with the network to the benchmark of parameters that correspond to the normal pattern of life for the devices and users of the network; identifying at least one of a device, a user, or a combination of both, that are in a breach state of the benchmark of parameters, utilized by the Artificial Intelligence models, that correspond to the normal pattern of life for the network; sending an external communication to selected network devices in order to initiate actions with that network device in order to counter a behavior of a detected threat of at least one of i) a user, ii) a device, iii) both a user and a device, iv) a set of users, v) a set of devices acting abnormal to the normal pattern of life on the network, and vi) various combinations of these entities; while minimizing an impact on other network devices and users that are i) currently active in the network and ii) that are not in breach of being outside the normal behavior benchmark; using an observation and evaluation feedback loop to choose a best initial response and the initial set of actions to take while minimizing the impact on other network devices that are i) currently active in the network and ii) that are not in breach of being outside the normal behavior benchmark, where a cyber-threat coordinator-component directs the initial set of actions to be taken and expects i) an impact on the detected threat and ii) an effect on the rest of the active devices and active users in the network, and where the feedback loop monitors an actual effect on the detected threat in breach from the initial set of actions taken as well as an actual effect on the rest of the devices and users in the network not in breach from the initial set of actions taken; and using the observation and evaluation feedback loop to take a sequence of actions and evaluate the actual impact after each action in the sequence, in order to yield a best possible result to contain the detected threat while minimizing the impact on other network devices and users that are i) currently active and ii) not in breach, from different possible actions to take, where at least a first action is initiated and resulting actual effects are monitored and then a second action in the sequence of actions is initiated and monitored with the observation and evaluation feedback loop to yield the best possible result. 2. The method for the cyber threat protection system of claim 1 , further comprising: i) discovering capabilities of each network device in the network being monitored and ii) discovering actions they can take to counter and/or contain the detected threat to the network, as well as iii) discovering the communications needed to initiate those actions. 3. The method for the cyber threat protection system of claim 2 , further comprising: coordinating the capabilities of two or more network devices that are selected to counter the detected threat acting abnormal to the normal pattern of life by sending an external communication to each selected network device in order to initiate actions with that network device in order to counter the behavior of the detected threat while minimizing the impact on other network devices and users that are i) currently active in the network and ii) that are not in breach of being outside the normal behavior benchmark. 4. The method for the cyber threat protection system of claim 1 , further comprising: using the AI models to understand the normal pattern of life of the network; and thus, normal behaviors of entities in the network, where the AI models use one or more mathematical functions to evaluate different factors, and then choose a best set of one or more actions from all of the possible actions, and then use one or more Application Programming Interfaces to translate desired actions from selected network devices into a specific language and syntax utilized by that network device in order to send the communications to the selected network devices from potentially multiple different vendors to take those desired actions. 5. The method for the cyber threat protection system of claim 4 , further comprising: using the one or more mathematical functions to generate a score for each of the possible actions and/or sequence of multiple possible actions that can be taken in order to determine which set of actions to choose among many possible actions to initiate, where the one or more possible actions to take and their calculated scores will be stacked against each other to factor 1) a likelihood of containing the detected threat acting abnormal with each possible set of actions, 2) a severity level of the detected threat to the network, and 3) the impact of taking each possible set of actions i) on users and ii) on devices currently active in the network not acting abnormal to the normal behavior of the network, and then initiate the chosen set of actions to cause a best counter of the behavior of the detected threat acting abnormal to the normal pattern of life on the network while minimizing the impact on other network devices and users that are i) currently active and ii) not in breach of being outside the normal behavior benchmark. 6. The method for the cyber threat protection system of claim 1 , further comprising: choosing an initial set of one or more actions indicated as a best initial response to the detected threat by autonomously initiating those actions to defend against the detected threat without any human interaction, where the self-learning Artificial Intelligence models choose the best initial response and autonomously initiate that initial set of one or more actions. 7. The method for the cyber threat protection system of claim 1 , wherein the self-learning models of normal behavior use an architecture that is continuously updated, where the self-learning Artificial Intelligence models trained on the normal behavior of users and devices associated with the network, record and continuously update their training on the normal behavior of the network system that a cyber-threat coordinator-component using the self-learning Artificial Intelligence models is monitoring and protecting, and where the normal behavior benchmark is varied according to the updated changes in the network. 8. A non-transitory computer readable medium comprising computer readable code operable, when executed by one or more processing apparatuses in the computer system to instruct a computing device to perform the method of claim 1 . 9. A cyber-threat coordinator-component, comprising: an analysis module configured to analyze input data on entities associated with a network using one or more self-learning Artificial Intelligence models trained on a normal behavior of users and devices associated with the network; where a normal behavior benchmark is used by a given AI model as a benchmark of parameters that correspond to a normal pattern of life for the network, and the normal behavior benchmark allows that self-learning model to spot behavior on the network that falls outside the parameters set by the normal behavior benchmark;