Systems and user interfaces for dynamic and interactive investigation of bad actor behavior based on automatic clustering of related data in various data structures

What is claimed is: 1. A computer system comprising: one or more non-transitory computer readable storage devices configured to store: a plurality of computer executable instructions; and a plurality of data clusters, each data cluster including a respective one or more data items and associated metadata, each data cluster further associated with a respective one or more tag types and a respective tag value for each of the one or more tag types; and one or more hardware computer processors in communication with the one or more non-transitory computer readable storage devices and configured to execute the plurality of computer executable instructions in order to: generate user interface data for rendering a user interface on a computing device, the user interface including one or more selectable elements useable by a user for indicating a tag type; in response to receiving an indication of a first tag type, update the user interface data such that the user interface further includes a plurality of first tiles, wherein: the plurality of first tiles are arranged across a portion of the user interface, each of the first tiles represents a different tag value of the first tag type, each of the first tiles displays a time-based graph showing events associated with data clusters associated with the respective tag values of the respective first tiles, each of the time-based graphs of the first tiles includes at least one common axis and a common range for the at least one common axis; and in response to selection of a tile of the plurality of first tiles, update the user interface data such that, in the user interface, the time-based graph associated with the selected tile is resized to be displayed entirely horizontally across the portion of the user interface while maintaining the common axis and common range previously displayed by the selected tile. 2. The computer system of claim 1 , wherein the one or more hardware computer processors are further configured to execute the plurality of computer executable instructions in order to: for each data cluster of the plurality of data clusters: determine a data cluster type associated with the data cluster; associate one or more tag types with the data cluster based on data cluster tagging rules associated with the determined data cluster type; and for each tag type of the one or more tags types, associate at least one tag value with the tag type based at least in part on one or more data items of the data cluster. 3. The computer system of claim 1 , wherein associating one or more tag types with the particular data cluster comprises: determining one or more tag types associated with the data cluster type. 4. The computer system of claim 3 , wherein associating one or more tag types with the particular data cluster further comprises: analyzing the particular data cluster to identify one or more tag values to associate with at least one of the one or more tag types. 5. The computer system of claim 1 , wherein each of the first tiles indicates a number of critical alerts associated with the respective first tiles. 6. The computer system of claim 1 , wherein the plurality of first tiles are arranged in the portion of the user interface in order of number of critical alerts. 7. The computer system of claim 1 , wherein the plurality of first tiles are colored to represent a tag value having more or fewer critical alerts. 8. The computer system of claim 1 , wherein the time-based graphs represent a merger or aggregation of a plurality of data items associated with data clusters associated with the respective tag values of the respective first tiles. 9. The computer system of claim 1 , wherein the interactive user interface further includes one or more selectable filter criteria, wherein the one or more hardware computer processors are further configured to execute the plurality of computer executable instructions in order to: filter the plurality of data clusters based on one or more filter criteria. 10. The computer system of claim 9 , wherein the one or more hardware computer processors are further configured to execute the plurality of computer executable instructions in order to: receive an indication of the one or more filter criteria via a user selection of at least one of the one or more selectable filter criteria. 11. The computer system of claim 9 , wherein the one or more selectable filter criteria include at least one of a tag value, a cluster type, or a state. 12. The computer system of claim 11 , wherein the one or more hardware computer processors are further configured to execute the plurality of computer executable instructions in order to: further in response to receiving the indication of the first tag type: identify one or more data clusters associated with the first tag type; and generate a plurality of first groups of the one or more identified data clusters, wherein each of the first groups is associated with a different common tag value of the first tag type. 13. The computer system of claim 12 , wherein: filtering the plurality of data clusters comprises determining a subset of data clusters of the plurality of data clusters satisfying the one or more filter criteria, and generating the plurality of first groups of the plurality of data clusters is based on the subset of data clusters. 14. The computer system of claim 9 , wherein filter criteria of the one or more filter criteria of the same type are applied disjunctively when filtering the plurality of data clusters. 15. The computer system of claim 14 , wherein filter criteria of the one or more filter criteria of different types are applied conjunctively when filtering the plurality of data clusters. 16. The computer system of claim 1 , wherein the one or more hardware computer processors are further configured to execute the plurality of computer executable instructions in order to: determine the one or more selectable elements based on one or more tag types associated with a type of investigation to be performed by the user. 17. The computer system of claim 1 , wherein the user interface further includes one or more selectable assignable states, wherein the one or more hardware computer processors are further configured to execute the plurality of computer executable instructions in order to: receive an indication of one of the assignable states via a user selection of one of the one or more selectable assignable states; associate one or more groups of data clusters with the indicated one of the assignable states. 18. A computer-implemented method comprising: by one or more hardware processors executing computer executable instructions: communicate with a data store configured to store a plurality of data clusters, each data cluster including a respective one or more data items and associated metadata, each data cluster further associated with a respective one or more tag types and a respective tag value for each of the one or more tag types; generate user interface data for rendering a user interface on a computing device, the user interface including one or more selectable elements useable by a user for indicating a tag type; in response to receiving an indication of a first tag type, update the user interface data such that the user interface further includes a plurality of first tiles, wherein: the plurality of first tiles are arranged across a portion of the user interface, each of the first tiles represents a different tag value of the first tag type, each of the first tiles displays a tim