Method, apparatus, system, and non-transitory computer readable medium for identifying and prioritizing network security events

What is claimed is: 1 . A server for identifying and prioritizing a collection of information technology (IT) security events associated with a network, the server comprising: a memory storing computer readable instructions; and processing circuitry configured to execute the computer readable instructions to cause the server to, receive a dataset representing a plurality of IT security events associated with the network, the plurality of IT security events specific to one or more resources associated with the network, generate, by each of a plurality of defined algorithms, a plurality of individual scores for the plurality of IT security events, each individual score indicative that a possible security incident occurred, the plurality of defined algorithms including a first defined algorithm employing one or more machine learning models and a second defined algorithm employing one or more rule-based conditions, wherein the first defined algorithm and the second defined algorithm each generates an individual score for each IT security event, correlate, based on the received dataset, each of the individual scores for the plurality of IT security events with the one or more resources, aggregate, for a resource of the one or more resources, each of the individual scores correlated with the resource into a security score specific to the resource, determine whether the security score specific to the resource exceeds a defined threshold, in response to the security score specific to the resource exceeding the defined threshold, generate and transmit a security incident alert specific to the resource to a security operation center (SOC), the security incident alert including each IT security event correlated with the resource, and in response to the security score specific to the resource not exceeding the defined threshold, update the security score specific to the resource only after receiving a plurality of new IT security events. 2 . The server of claim 1 , wherein the processing circuitry is further configured to execute the computer readable instructions to cause the server to: determine whether the security score specific to the resource exceeds the defined threshold in a defined period of time, and in response to the security score specific to the resource exceeding the defined threshold in the defined period of time, generate and transmit the security incident alert specific to the resource to the SOC. 3 . The server of claim 1 , wherein the processing circuitry is further configured to execute the computer readable instructions to cause the server to receive the dataset representing the plurality of IT security events associated with the network from a plurality of data sources. 4 . The server of claim 3 , wherein the plurality of data sources includes at least one of logs from authentication processes, logs from accessing websites, and one or more machine learning models. 5 . The server of claim 1 , wherein the processing circuitry is further configured to execute the computer readable instructions to cause the server to store the dataset representing the plurality of IT security events in one or more databases. 6 . The server of claim 1 , wherein the one or more resources includes at least one of an IP address, an individual, a virtual computing machine, and a physical computing machine. 7 . The server of claim 1 , wherein the processing circuitry is further configured to execute the computer readable instructions to cause the server to aggregate, for the resource, each of the individual scores correlated with the resource into the security score specific to the resource by summing each of the individual scores correlated with the resource. 8 . The server of claim 1 , wherein the plurality of defined algorithms includes a third defined algorithm employing one or more defined formulas, and the first defined algorithm, the second defined algorithm, and the third defined algorithm each generates an individual score for each IT security event. 9 . A method for identifying and prioritizing a collection of information technology (IT) security events associated with a network, the method comprising: receiving a dataset representing a plurality of IT security events associated with the network, the plurality of IT security events specific to one or more resources associated with the network, generating, by each of a plurality of defined algorithms, a plurality of individual scores for the plurality of IT security events, each individual score indicative that a possible security incident occurred, the plurality of defined algorithms including a first defined algorithm employing one or more machine learning models and a second defined algorithm employing one or more rule-based conditions, wherein the first defined algorithm and the second defined algorithm each generates an individual score for each IT security event, correlating, based on the received dataset, each of the individual scores for the plurality of IT security events with the one or more resources, aggregating, for a resource of the one or more resources, each of the individual scores correlated with the resource into a security score specific to the resource, determining whether the security score specific to the resource exceeds a defined threshold, in response to the security score specific to the resource not exceeding the defined threshold, updating the security score specific to the resource only after receiving a plurality of new IT security events, and in response to the updated security score specific to the resource exceeding the defined threshold, generating and transmitting a security incident alert specific to the resource to a security operation center (SOC), the security incident alert including each IT security event correlated with the resource. 10 . The method of claim 9 , wherein: determining whether the security score specific to the resource exceeds the defined threshold includes determining whether the security score specific to the resource exceeds the defined threshold in a defined period of time, and generating and transmitting the security incident alert specific to the resource to the SOC includes generating and transmitting the security incident alert to the SOC in response to the security score specific to the resource exceeding the defined threshold in the defined period of time. 11 . The method of claim 9 , wherein receiving the dataset representing the plurality of IT security events associated with the network includes receiving the dataset from a plurality of data sources. 12 . The method of claim 11 , wherein the plurality of data sources includes at least one of logs from authentication processes, logs from accessing websites, and one or more machine learning models. 13 . The method of claim 12 , further comprising storing the dataset representing the plurality of IT security events in one or more databases. 14 . The method of claim 9 , wherein the one or more resources includes at least one of an IP address, an individual, a virtual computing machine, and a physical computing machine. 15 . The method of claim 9 , wherein aggregating, for the resource, each of the individual scores correlated with the resource into the security score specific to the resource includes summing each of the individual scores correlated with the resource. 16 . The method of claim 9 , wherein the plurality of defined algorithms includes a third defined algorithm employing one or more defined formulas, and the first defined algorithm, the second defined algorithm, and the third defi