Multidimensional clustering analysis and visualizing that clustered analysis on a user interface

What is claimed is: 1. A method to protect a system from cyber threats, comprising: plotting a behavior from a group consisting of i) one or more individual alerts, ii) one or more individual events, and iii) combinations of both, from the system into a multiple dimension space, where at least one of the dimensions is time; identifying one or more unusual patterns of behavior within the plotted individual alerts and/or events in the multiple dimension space; clustering the individual alerts and events that form the unusual pattern into a distinct item for cyber threat analysis of that cluster of distinct alerts and/or events; applying one or more machine learning models to infer for the cyber threat analysis on what is possibly happening with the distinct item of the cluster of distinct alerts and/or events, which came from the unusual pattern, and then assign a threat risk associated with that distinct item of the cluster of alerts and/or events forming the unusual pattern; and projecting on a user interface displayed on a display screen, based on the analysis by the one or more machine learning models, the assigned threat risk associated with that distinct item of the cluster of alerts and/or events forming the unusual pattern; where the unusual patterns of behavior are determined from a comparison of a normal pattern of life for that system corresponding to a historical normal distribution of alerts and events for that system mapped out in the same multiple dimension space as the plotted individual alerts and/or events under analysis; identifying similar characteristics from the individual alerts and/or events forming the distinct item made up of the cluster of alerts and/or events forming the unusual pattern; projecting on the user interface displayed on a display screen both the assigned threat risk associated with that distinct item of the cluster of alerts and/or events forming the unusual pattern and at least a label of similar characteristics shared among the individual alerts and/or events in the distinct item of the cluster of alerts and/or events; and projecting the individual alerts and/or events forming the cluster onto the user interface with at least three-dimensions of i) a window of time, ii) a scale indicative of the threat risk assigned for each alert and/or event in the cluster and iii) a different color for the similar characteristics shared among the individual alerts and events forming the distinct item of the cluster so that a human visually sees what spatially and content-wise is making up a particular cluster rather than merely viewing a textual log of data. 2. The method of claim 1 , where the one or more machine learning models use the comparison of i) the normal pattern of life for that system corresponding to the historical normal distribution of alerts and events for that system mapped out in the same multiple dimension space to ii) the plotted individual alert and event behavior under analysis, in order to detect the one or more unusual patterns of behavior within the plotted individual alerts and/or events, which allows detection of previously unidentified cyber threats compared to finding cyber threats with merely predefined descriptive objects and/or signatures. 3. The method of claim 1 , further comprising: displaying a slider that is scripted to filter out abnormal behavior that cause events and/or alerts, including one or more clusters, which are below a set point controlled by the slider, where the events and/or alerts that are below the setpoint controlled by the slider is not displayed on the display screen, and thus the slider allows is scripted to allow a viewer to filter out any of i) less strongly anomalous, ii) less relevant events, and/or iii) less relevant alerts, compared to the setpoint, which enables the viewer to prioritize their time to focus on displayed events and/or alerts, including one or more clusters, that are above the setpoint set by the slider; however, algorithms in the one or more machine learning models and the cluster module are configured to continue to analyze and cluster these events and/or alerts that are below the set point. 4. The method of claim 1 , further comprising: simultaneously running a number of different clustering methods including matrix based clustering, density based clustering, and hierarchical clustering techniques to reveal the one or more unusual patterns of behavior and inform the one or more machine learning models. 5. A non-transitory computer readable medium comprising computer readable code operable, when executed by one or more processing apparatuses in the computer system to instruct a computing device to perform the method of claim 1 . 6. A method to protect a system from cyber threats, comprising: plotting a behavior from a group consisting of i) one or more individual alerts, ii) one or more individual events, and iii) combinations of both, from the system into a multiple dimension space, where at least one of the dimensions is time; identifying one or more unusual patterns of behavior within the plotted individual alerts and/or events in the multiple dimension space; clustering the individual alerts and events that form the unusual pattern into a distinct item for cyber threat analysis of that cluster of distinct alerts and/or events; applying one or more machine learning models to infer for the cyber threat analysis what is possibly happening with the distinct item of the cluster of distinct alerts and/or events, which came from the unusual pattern, and then assign a threat risk associated with that distinct item of the cluster of alerts and/or events forming the unusual pattern; projecting on a user interface displayed on a display screen, based on the analysis by the one or more machine learning models, the assigned threat risk associated with that distinct item of the cluster of alerts and/or events forming the unusual pattern, where the unusual patterns of behavior are determined from a comparison of a normal pattern of life for that system corresponding to a historical normal distribution of alerts and events for that system mapped out in the same multiple dimension space as the plotted individual alerts and/or events under analysis; identifying similar characteristics from the individual alerts and/or events forming the distinct item made up of the cluster of alerts and/or events forming the unusual pattern; projecting on the user interface displayed on a display screen both the assigned threat risk associated with that distinct item of the cluster of alerts and/or events forming the unusual pattern and at least a label of similar characteristics shared among the individual alerts and/or events in the distinct item of the cluster of alerts and/or events; and analyzing and assigning the threat risk associated with the distinct item of the cluster of alerts and/or events forming the unusual pattern with the one or more machine learning models that use unsupervised learning algorithms to establish what is the normal pattern of life for the system, where the machine learning models train on both i) the historical normal distribution of alerts and events for that system as well as ii) factored in as a normal distribution information from similar peer systems to establish the normal pattern of life of the behavior of alerts and/or events for that system. 7. A method to protect a system from cyber threats, comprising: plotting a behavior from a group consisting of i) one or more individual alerts, ii) one or more individual events, and iii) combinations of both, from the system into a multiple dimension space, where at least one of the dimensions is time; identifying one or more unusual patterns of behavior within the plotted individual alerts and/or events in the mul