Enterprise cybersecurity AI platform

What is claimed is: 1. A method comprising: obtaining data associated with operation of a monitored system, the monitored system comprising electronic devices and one or more networks, the obtained data associated with events involving the electronic devices and the one or more networks; using one or more first machine learning models to identify anomalies in the monitored system based on the obtained data, each anomaly identifying an anomalous behavior of at least one of the electronic devices or at least one of the one or more networks; using multiple second machine learning models to classify each of at least some of the identified anomalies into one of multiple classifications, different ones of the classifications associated with different types of cyberthreats to the monitored system, the multiple second machine learning models comprising multiple classification models configured to generate multiple values for each of at least some of the anomalies, each classification model trained differently from the other classification models in order to recognize a single different classification of anomalies among the multiple classifications, each classification model configured to generate a value identifying a likelihood that an associated one of the anomalies is classifiable into the single different classification associated with that classification model, the identified anomalies classified based on risk scores determined by using machine learning to combine the multiple values from the multiple classification models; performing graph-based response identification based on a directed graph that represents components of the monitored system as nodes and that represents network traffic or events involving the components of the monitored system as directed edges; and identifying, for each of at least some of the anomalies, one or more actions to be performed in order to counteract the cyberthreat associated with the anomaly; wherein performing the graph-based response identification comprises, for at least one node of the directed graph: generating edge statistics of one or more directed edges going into the at least one node of the directed graph; generating edge statistics of one or more directed edges going out of the at least one node of the directed graph; and providing the edge statistics to the multiple second machine learning models to identify actions to be taken to isolate the at least one node of the directed graph. 2. The method of claim 1 , wherein obtaining the data associated with the operation of the monitored system comprises: obtaining the data from multiple data sources, the data comprising logs and network traffic, the data sources comprising one or more data sources within the monitored system and one or more data sources outside the monitored system; identifying relevant data within the obtained data; identifying input features using the relevant data; and generating profiles each containing a portion of the relevant data and one or more of the input features that are associated with the portion of the relevant data. 3. The method of claim 1 , wherein: the one or more first machine learning models comprise: at least one unsupervised anomaly detection model configured to detect anomalies using unsupervised learning, the unsupervised learning analyzing and clustering the obtained data in order to identify associations within the obtained data; and at least one supervised anomaly detection model configured to detect anomalies using supervised learning, the supervised learning processing the obtained data in order to identify labels for specific types of anomalies detected within the obtained data; and detection outputs from the unsupervised and supervised anomaly detection models are used to identify the anomalies in the monitored system. 4. The method of claim 1 , wherein each risk score identifies a final probability that the associated one of the anomalies is classifiable into one of the multiple classifications. 5. The method of claim 1 , wherein the risk scores are generated using supervised machine learning to combine the multiple values from the multiple classification models. 6. The method of claim 1 , wherein the multiple second machine learning models comprise one of: a machine learning model for each classification and for each monitored system; and a machine learning model for each classification and for multiple monitored systems. 7. The method of claim 1 , further comprising: obtaining shared insights across multiple monitored systems associated with different enterprises; and using the shared insights to identify importances of features to be used when identifying the anomalies associated with the different types of cyberthreats. 8. The method of claim 7 , further comprising: identifying multiple groups associated with different monitored systems; and storing the shared insights in association with the groups such that the importances of features for one group are available for use in additional monitored systems associated with that group. 9. The method of claim 8 , wherein the importances of features for each group allow cyberthreats identified at one or more monitored systems associated with one group to be detected at other monitored systems associated with the same group. 10. The method of claim 1 , further comprising: presenting information to explain one or more decisions made by the one or more first machine learning models or the multiple second machine learning models. 11. The method of claim 1 , further comprising: identifying, for each of at least some of the anomalies, at least one of a location of an attacker or incident associated with the anomaly and a location of a victim associated with the anomaly; wherein the one or more actions to be performed in order to counteract the cyberthreat associated with one of the anomalies is based on at least one of the location of the attacker or incident associated with the anomaly and the location of the victim associated with the anomaly. 12. The method of claim 1 , wherein identifying, for each of at least some of the anomalies, the one or more actions to be performed comprises one of: for an anomaly associated with a known cyberthreat, identifying one or more predefined actions to be performed based on the classification and at least one of the risk scores associated with the anomaly; and for an anomaly associated with a new or unknown cyberthreat, using a clustering or similarity scoring algorithm to identify a closest known cyberthreat to the new or unknown cyberthreat and identifying one or more predefined actions to be performed associated with the closest known cyberthreat. 13. The method of claim 1 , wherein: identifying, for each of at least some of the anomalies, the one or more actions to be performed comprises using at least one third machine learning model; and the at least one third machine learning model is trained to identify labels, the labels identifying actions to be performed in response to the anomalies. 14. The method of claim 1 , further comprising: performing graph-based anomaly classification based on the directed graph. 15. The method of claim 14 , wherein performing the graph-based anomaly classification comprises, for at least one node of the directed graph: generating edge statistics of one or more directed edges going into the at least one node of the directed graph; generating edge statistics of one or more directed edges going out of the at least one node of the directed graph; and providing the edge statistics to the multiple second machine learnin