Protecting all the things, all the time requires the collection and analysis of all the data. The range of threats is wide and can be highly advanced. To bring the sexy back to blue team, the next generation security operations team has too look across all the available data sources. Correlating of network, application, machine, and endpoint OS data events to find anomalous behavior and reduce false positives. This talk covers application of different methods of collection and analysis as well as the use of machine learning to generate behavioral anomalies that are incorporated into overall continuous monitoring capabilities to catch a variety of apt activity before a signature has been developed. This is not a vendor talk and nearly all tools discussed are open source and free.