Distributed malware detection system and submission workflow thereof

What is claimed is: 1. A computerized method comprising: advertising, by a cloud-based enrollment service, features and capabilities of clusters performing malware analyses within a cloud-based malware detection system; receiving, by the cloud-based enrollment service, an enrollment request message including tenant credentials associated with a sensor having an object to be analyzed for malware, the tenant credentials being used to authenticate the sensor and determine a type of subscription assigned to the sensor; and transmitting an enrollment response message including a portion of the advertised features and capabilities of a selected cluster of the cloud-based malware detection system in response to the sensor being authenticated, the portion of the advertised features and capabilities enables the sensor to establish communications with the selected cluster. 2. The computerized method of claim 1 , wherein the features and capabilities of the selected cluster of the clusters include an Internet Protocol address or host name or key information associate with a broker computing node associated with the selected cluster. 3. The computerized method of claim 1 , wherein the features and capabilities of the selected cluster of the clusters include a connection load indicating a number of sensors supported by the selected cluster. 4. The computerized method of claim 1 , wherein the features and capabilities of the selected cluster of the clusters include information associated with a geographical location of the selected cluster. 5. The computerized method of claim 1 , wherein the features and capabilities of the selected cluster of the clusters include capacity information associated the selected cluster, the capacity information identifies a workload level that is still available for sensors accessing the selected cluster. 6. The computerized method of claim 1 , wherein the features and capabilities of the selected cluster of the clusters include information associated with types of sensors supported by the selected cluster. 7. The computerized method of claim 1 , wherein the tenant credentials further include information that identifies when the subscription is set to expire. 8. The computerized method of claim 7 wherein the cloud-based enrollment service is configured to cause removal of authenticated keying material for the sensor when the tenant credentials identify that the subscription has expired. 9. The computerized method of claim 1 , wherein prior to transmitting the enrollment response message, authenticating the sensor and determine one or more clusters of the clusters to which the sensor is authorized to communicate based on a subscription level assigned to the sensor. 10. A management system comprising: a processor; and a non-transitory storage medium accessible by the processor, the non-transitory storage medium includes an enrollment service being software that, when executed by the processor, performs operations including advertising features and capabilities of clusters performing malware analyses within a cloud-based malware detection system, receiving an enrollment request message including tenant credentials associated with a sensor having an object to be analyzed for malware, the tenant credentials being used to authenticate the sensor and determine a type of subscription assigned to the sensor, and transmitting an enrollment response message in response to the enrollment request message, the enrollment response message includes a portion of the advertised features and capabilities of a selected cluster of the cloud-based malware detection system when the sensor is authenticated, the portion of the advertised features and capabilities enables the sensor to establish communications with the selected cluster. 11. The management system of claim 10 , wherein the advertised features and capabilities of the selected cluster of the clusters include an Internet Protocol address or host name or key information associate with a broker computing node associated with the selected cluster. 12. The management system of claim 10 , wherein the advertised features and capabilities of the selected cluster of the clusters include a connection load indicating a number of sensors supported by the selected cluster. 13. The management system of claim 10 , wherein the advertised features and capabilities of the selected cluster of the clusters include information associated with a geographical location of the selected cluster. 14. The management system of claim 10 , wherein the advertised features and capabilities of the selected cluster of the clusters include information associated with types of sensors supported by the selected cluster. 15. The management system of claim 10 , wherein the advertised features and capabilities of the selected cluster of the clusters include capacity information associated the selected cluster, the capacity information identifies a workload level that is still available for sensors accessing the selected cluster. 16. The management system of claim 10 , wherein the tenant credentials further include information that identifies when the subscription is set to expire. 17. The management system of claim 16 , wherein the enrollment service is configured to cause removal of authenticated keying material for the sensor when the tenant credentials identify that the subscription has expired. 18. The management system of claim 10 , wherein the enrollment services, prior to transmitting the enrollment response message, is configured to (i) authenticate the sensor and (ii) determine one or more clusters of the clusters to which the sensor is authorized to communicate based on a subscription level assigned to the sensor, the one or more clusters including the selected cluster. 19. A non-transitory storage medium including software that, when processed, performs operations comprising: advertising features and capabilities of clusters performing malware analyses within a cloud-based malware detection system; receiving a first message including tenant credentials associated with a sensor having an object to be analyzed for malware, the tenant credentials being used to authenticate the sensor and determine a type of subscription assigned to the sensor; and transmitting a second message including a portion of the advertised features and capabilities of a selected cluster of the cloud-based malware detection system in response to the sensor being authenticated, the portion of the advertised features and capabilities enables the sensor to establish communications with the selected cluster. 20. The non-transitory storage medium of claim 19 , wherein the features and capabilities of the selected cluster of the clusters transmitted by the software include an Internet Protocol address or host name or key information associate with a broker computing node associated with the selected cluster. 21. The non-transitory storage medium of claim 19 , wherein the features and capabilities of the selected cluster of the clusters transmitted by the software include a connection load indicating a number of sensors supported by the selected cluster. 22. The non-transitory storage medium of claim 19 , wherein the features and capabilities of the selected cluster of the clusters transmitted by the software include information associated with a geographical location of the selected cluster. 23. The non-transitory storage medium of claim 19 , wherein the features and