In this talk, we will discuss the application of data driven methods for the detection of post breach attack behaviors within computer networks. We will first review attack behaviors in computer networks. Following that, we will present several baseline models for anomaly detection and a supervised machine learning approach.  Finally, we’ll discuss how we use graphs to tie the attack together. This work is real-world: we use these methods to identify attacks in our large scale deployment of cyber security products at Microsoft.