Cyber security appliance for a cloud infrastructure

What is claimed is: 1. A cyber security appliance comprising: one or more memories; and one or more processors operatively coupled to the one or more memories and configured to: utilize probes to interact with entities in a cloud infrastructure environment reliant on packet transmission, whether by application programming interface (API) interaction, accessing logging tools, observing virtualized network traffic, and/or making requests, and that use the probes to feed information about changes in the cloud infrastructure environment back to the cyber-security appliance; use the information about changes in the cloud infrastructure environment fed from the probes, and use one or more machine learning models that are trained on a normal behavior of at least a first entity associated with the cloud infrastructure environment; and thus, are able to indicate when a behavior of the first entity fall outside of a normal pattern of life, where the changes in the cloud infrastructure environment incudes at least information pertaining to server access, data access, timings of events, credentials usage, and Domain Name System (DNS) requests, and where normal behavior is determined based at least in part on historical data; use one or more machine learning models trained on cyber threats in the cloud infrastructure environment and examine at least the behaviors of the first entity falling outside of the normal pattern of life to determine ‘what is a likelihood of ‘a chain of unusual behaviors under analysis that fall outside of the normal behavior’ is a cyber threat; and cause one or more actions to be taken to counter the cyber threat, identified by the cyber security appliance within an organization's portion of the cloud infrastructure environment when a cyber-threat risk parameter is indicative of a likelihood of a cyber-threat is equal to or above an actionable threshold, where the one or more actions taken are caused automatically by the cyber security appliance rather than a human taking an action where the cyber security appliance further comprises a user interface to display and allow a viewer of the user interface on a display screen to contextualize Cloud and Software as a Service (SaaS) events in light of network traffic from the probes on the same user interface, where the user interface is configured to be able to pivot between SaaS metrics and Cloud metrics to link those events and better understand at least the first entity's behavior by considering the SaaS metrics and events as well as the cloud metrics and events as an interconnected whole rather than separate realms. 2. The apparatus of claim 1 , where the cyber security appliance is further configured to use the information about changes in the cloud infrastructure environment from the probes and then contextualize 1) this information with ii) physical network traffic information and, when any exists, iii) behavior of the first entity outside the cloud infrastructure environment from the probes, to analyze what is the likelihood the chain of unusual behaviors under analysis that fall outside of the normal behavior is malicious activity; and thus, is the cyber threat. 3. The apparatus of claim 1 , where the one or more machine learning models trained on the cloud system examine at least the behaviors of the entities of devices, containers, users, and traffic patterns falling outside of the normal pattern of life and what is the likelihood of the chain of unusual behaviors from these devices, containers, users, and traffic patterns that fall outside of the normal behavior correspond to a malicious behavior associated with the cyber threat, where the models trained on the cloud system use unsupervised machine learning and Artificial Intelligence algorithms to understand and spot the normal behavior and deviations that fall outside of the normal behavior. 4. The apparatus of claim 1 , where the cyber security appliance is further configured to know when to cause the one or more autonomous actions to be taken, via a user interface setting that allows a selection of different autonomous actions to be taken to counter the cyber threat, based on a set of conditions, where the set of conditions is a setting selected from a group consisting of i) when the cyber-threat risk parameter indicative of the likelihood of the cyber-threat is equal to or above the actionable threshold and the actionable threshold is a threat level score, ii) always act when a predefined scenario with a programmable set of behaviors, unusual or not unusual, is detected which autonomously triggers the one or more actions to occur, iii) act on the chain of unusual behaviors at two or more different times when the cyber-threat risk parameter indicative of the likelihood of the cyber-threat, via another user interface setting is configured to programmably allow a set one or more different users and/or category of users of the cloud infrastructure environment to have a different threat level score needed to trigger the one or more autonomous actions to occur, or iv) any combination of these three. 5. The apparatus of claim 1 , where the cyber security appliance and the one or more machine learning models trained on the cloud infrastructure environment, examine at least the behaviors of i) administrative changes in the cloud infrastructure environment, ii) traffic that in a virtual environment, and iii) virtual traffic that leaves the virtual environment in the cloud infrastructure environment and then travels over a physical network, as captured and fed back to the cyber security appliance over a secure connection by the probes. 6. The apparatus of claim 5 , where the probes include one or more of a first type of sensors configured to be installed on each cloud endpoint and programmed to send copies of network traffic to a third type of sensor, and where the first type of sensors are further configured to cooperate with the cyber security appliance to carry out the autonomous actions through the first type of sensor, and one or more of a second type of sensors are configured to monitor the administrative changes in the cloud infrastructure environment. 7. The apparatus of claim 5 , where the cyber security appliance further comprises: one or more of a third type of sensors configured to capture a record of the virtual traffic in the virtual environment, and receive captured traffic from one or more of a first type of sensor, and where the second type of sensors is also configured to provide the cybersecurity appliance with the IP addresses of the one or more virtual machines which are placed on a dynamic blacklist accessed by the network firewall to allow users access to the one or more virtual machines through the secure connection without needing to obtain a firewall exception to access the one or more virtual machines. 8. The apparatus of claim 1 , where the cyber security appliance is further configured to take a varied list of events and metrics from the probes and then organize them into one of several distinct granular categories, in which logic in the cyber security appliance deems a most appropriate category. 9. The apparatus of claim 1 , where the probes include one or more of a second type of sensors configured to cooperate with the cyber security appliance to run a check from the cyber security appliance on and through the second type of sensors to implement a method of mapping the cloud infrastructure environment to highlight any virtual-machines which are not covered by the first type of sensor and therefore not visible to the cybersecurity appliance. 10. A method for a cyber security appliance, comprising: configuring one or more modules to utilize probes to interact with entities in a clou