Systems and user interfaces for holistic, data-driven investigation of bad actor behavior based on clustering and scoring of related data

What is claimed is: 1. A computer system comprising: one or more hardware computer processors configured to execute a plurality of computer executable instructions to cause the computer system to: access a data cluster; analyze a plurality of external event data items in the data cluster; determine that a quantity of the plurality of external event data items satisfies a threshold; in response to determining that the quantity of the plurality of external event data items satisfies a threshold, generate an alert; assign the generated alert to an alert type of a plurality of alert types; generate user interface data useable for rendering an interactive user interface on a computing device, the interactive user interface including selectable indications of one or more of the plurality of alert types and selectable indications of a plurality of alerts, each alert of said plurality of alerts being assigned to an alert type, wherein the plurality of alerts comprises the generated alert; receive, via the interactive user interface, a user selection to sort the plurality of alerts based on one or more criteria, wherein the criteria includes the alert type to which each alert is assigned; determine the alert type to which each alert is assigned; and automatically move each alert to a group in a position on the interactive user interface proximal to the alert type to which it is assigned based on the determined alert type to which each alert is assigned. 2. The computer system of claim 1 , wherein the plurality of computer executable instructions further cause the computer system to: display, via the interactive user interface, one or more selectable action elements associated with the plurality of alerts; receive, via the user interface, a user selection of an action element; and perform an action, in response to said user selection, on the alert associated with the selected action element. 3. The computer system of claim 1 , wherein the plurality of computer executable instructions further cause the computer system to apply a trading risk indicator to the data cluster, wherein applying the trading risk indicator includes analyzing a plurality of trade data items in the data cluster. 4. The computer system of claim 3 , wherein the data cluster is further associated with data cluster analysis rules and/or data cluster scoring rules that comprise the trading risk indicator, wherein the trading risk indicator is observable or computable from the plurality of data items in the data cluster. 5. The computer system of claim 4 , wherein the plurality of computer executable instructions further cause the computer system to generate a summary report based on the data cluster analysis rules and/or the data cluster scoring rules. 6. The computer system of claim 5 , wherein the plurality of computer executable instructions further cause the computer system to receive feedback from the user through the interactive user interface, the feedback containing a suggestion for improving the summary report generated based on the data cluster analysis rules and/or the data cluster scoring rules. 7. The computer system of claim 6 , wherein the plurality of computer executable instructions further cause the computer system to update the data cluster analysis rules and/or the data cluster scoring rules based on the feedback received from the user for improving the generated summary report. 8. The computer system of claim 3 , wherein the trading risk indicator is a possible dummy trade indicator for identifying when a trade is cancelled or amended before an external event that might affirm the trade is real, and wherein applying the trading risk indicator further comprises: analyzing the plurality of trade data items to identify cancelled or amended trades; determining a cancellation or amendment time associated with each cancelled or amended trade; analyzing the plurality of external event data items to identify an external event associated with each cancelled or amended trade; and determining an external event time associated with the external event associated with each cancelled or amended trade; wherein the alert is generated based at least in part on determining that the cancellation or amendment time is prior to the external event time. 9. The computer system of claim 3 , wherein the trading risk indicator is part of a trading when absent scenario for detecting whether a trader's trading activity coincides with unusual patterns in security badge data, and wherein applying the trading risk indicator further comprises: analyzing the plurality of trade data items to identify trades performed by the trader; determining an execution time associated with each trade performed by the trader; analyzing the plurality of external event data items to identify time windows the trader is not in a building based on security badge usage data for the building; and determining a subset of external event data items, wherein each external event data item of the subset of external event data items is associated with a respective execution time of one of the trades performed by the trader and a time window for which the trader is not in the building. 10. The computer system of claim 9 , wherein the security badge usage data comprises at least one of: time windows the trader is in the building; time windows the trader is not in the building; times the trader used a security badge to enter the building; and times the trader used a security badge to leave the building. 11. The computer system of claim 3 , wherein the trading risk indicator is part of a suspicious badge activity scenario for detecting whether a trader's trading activity coincides with unusual patterns in security badge data, and applying the trading risk indicator further comprises: analyzing the plurality of trade data items to identify trades performed by the trader; determining an execution time associated with each trade performed by the trader; analyzing the plurality of external event data items to identify time windows the trader is not in a building from security badge usage data for the building; determining unusual time windows from the time windows the trader is in the building based on unusual security badge usage patterns; and determining the subset of external event data items, wherein each external event data item of the subset of external data items is associated with a respective execution time of one of the trades performed by the trader and an unusual time window for which the trader is in the building. 12. The computer system of claim 1 , wherein the plurality of computer executable instructions further cause the computer system to apply a trading risk indicator to the data cluster, wherein applying the trading risk indicator includes analyzing a plurality of trade data items in the data cluster and analyzing a plurality of profit and loss (PNL) data items in the data cluster. 13. The computer system of claim 12 , wherein the plurality of computer executable instructions further cause the computer system to generate the alert based on at least applying the trading risk indicator to the data cluster. 14. The computer system of claim 12 , wherein the trading risk indicator is a PNL smoothing indicator for detecting whether a trader's PNL has an unreasonably smooth volatility profile given price volatility of asset classes traded and reflected in the PNL, and wherein applying the trading risk indicator to the data cluster further comprises: analyzing the plurality of PNL data items to identify the asset classes traded by the trader and reflected in the trader's PNL ove