Cisco Umbrella Investigate was built leveraging data mining and algorithmic classification techniques such as machine learning, graph theory, anomaly detection, and temporal patterns in combination with contextual search, visualization, and scoring. We are able to leverage an extraordinary amount of data from our security network, and then apply big data storage, data mining methods, machine learning, graph theory, vector analysis, and other mathematical models to categorize and predict attacks before they happen. The Cisco Umbrella Investigate Add-on for Splunk leverages the Investigate API to enrich events within Splunk. See https://docs.umbrella.com/developer/investigate-api/splunk-plugin-for-investigate for full documentation.