Systems and methods for intelligent cybersecurity alert similarity detection and cybersecurity alert handling

We claim: 1 . A method comprising: deriving at least one string of text that summarizes a target security event based on one or more pieces of event data associated with the target security event; computing a vector representation of the target security event based on the at least one string of text; identifying a proposed event handling action for the target security event based on a search of a security events database using the vector representation of the target security event as a search parameter; displaying the proposed event handling action on a graphical user interface associated with the target security event based on the identifying of the proposed event handling action, wherein: the graphical user interface includes an event similarity user interface element, and the event similarity user interface element includes a selectable user interface object that, when selected, executes the proposed event handling action; and while displaying the event similarity user interface element: receiving an input selecting the selectable user interface object of the event similarity user interface element, and based on receiving the input, executing the proposed event handling action, wherein executing the proposed event handling action includes: automatically routing the target security event to a security event disposal queue, and automatically assigning a disposal rationale to the target security event based on the proposed event handling action. 2 . The method according to claim 1 , wherein: the proposed event handling action, when executed, further includes bypassing a cybersecurity investigation that includes executing an automated investigation workflow. 3 . A computer-implemented method comprising: generating at least one string of text that summarizes a target security alert based on one or more pieces of alert data associated with the target security alert; computing an alert vector representation of the target security alert based on the at least one string of text; identifying a proposed alert handling action for the target security alert based on a search of a security alerts database using the alert vector representation of the target security alert; displaying, on a graphical user interface, the proposed alert handling action for the target security alert based on the identifying of the proposed alert handling action, wherein: the graphical user interface includes a representation of the target security alert, wherein: (i) the representation of the target security alert includes the one or more pieces of alert data associated with the target security alert, and (ii) the graphical user interface includes an alert similarity user interface element displayed within the representation of the target security alert; and while displaying the representation of the target security alert: receiving an input selecting a selectable user interface object of the alert similarity user interface element, and executing the proposed alert handling action based on receiving the input selecting the selectable user interface object of the alert similarity user interface element, wherein executing the proposed alert handling action includes: automatically routing the target security alert to a security alert disposal queue, and automatically assigning a disposal rationale to the target security alert. 4 . The computer-implemented method according to claim 3 , wherein: generating the at least one string of text is further based on an alert type or class of the target security alert. 5 . The computer-implemented method according to claim 3 , wherein: generating the at least one string of text includes: extracting a subset of probative data features from the one or more pieces of alert data; and composing the at least one string of text based on the subset of probative data features. 6 . The computer-implemented method according to claim 3 , wherein: one of the one or more pieces of alert data includes a user-specific identifier, and the computer-implemented method further includes abstracting the user-specific identifier into a non-user specific identifier by generalizing one or more portions of the user-specific identifier, and wherein the at least one string of text includes the non-user specific identifier. 7 . The computer-implemented method according to claim 3 , wherein: the alert similarity user interface element includes: a textual summary comprising (1) a numerical quantity of a total number of historical security alerts returned from the search and (2) the proposed alert handling action, and the selectable user interface object, when selected, executes the proposed alert handling action. 8 . The computer-implemented method according to claim 3 , wherein: the alert similarity user interface element comprises one or more emphasized regions that visually emphasizes the alert similarity user interface element from portions external to the alert similarity user interface element. 9 . A method for accelerating a threat mitigation or disposal of a target security event, the method comprising: obtaining at least one string of text that summarizes the target security event; searching, based on a vector representation of the target security event, an n-dimensional data structure comprising a plurality of historical security event vector representations that correspond to a plurality of historical security events; returning one or more historical security events based on the search; identifying an event handling action for the target security event based on an identification of a historical event handling action that corresponds to at least a subset of the one or more historical security events; and executing the event handling action to resolve or mitigate a threat of the target security event, wherein executing the event handling action includes: automatically routing the target security event to a security alert disposal queue, and automatically assigning a disposal rationale to the target security event based on the event handling action. 10 . The method according to claim 9 , further comprising: automatically assigning an event decay rate to each of the plurality of historical security events of the n-dimensional data structure. 11 . The method according to claim 10 , wherein: each of the one or more historical security events returned from the search is within a target time span based on the event decay rate. 12 . The method according to claim 9 , wherein: the event handling action is executed prior to an execution of an automated investigations workflow.