This document discusses how security teams are overwhelmed by large volumes of data from security alerts and indicators. It proposes that graph algorithms can help identify related alerts and events that should be investigated together, such as those targeting the same users or part of the same attack. The document provides examples of how community detection, centrality analysis, and other graph algorithms run on preprocessed security data can help prioritize work and generate new threat indicators.