The system described herein can automatically match, link, or otherwise associate electronic activities with one or more record objects. For an electronic activity that is eligible or qualifies to be matched with one or more record objects, the system can identify one or more set of rules or rule sets. Using the rule sets, the system can identify candidate record objects. The system can then rank the identified candidate record objects to select one or more record objects with which to associate the electronic activity. The system can then store an association between the electronic activity and the selected one or more record objects.

The present disclosure relates to generating performance profiles of member nodes. A plurality of electronic activities can be accessed. A subset of electronic activities from the plurality of electronic activities can be identified. The subset of electronic activities can be parsed to identify participants of the electronic activities. A second node profile can be accessed for each participant. Participant types can be identified from each second node profiles. A distribution of the subset of electronic activities can be determined. A performance profile can be generated.

The present disclosure relates to generating performance profiles of member nodes. A plurality of electronic activities can be accessed. A subset of electronic activities from the plurality of electronic activities can be identified. The subset of electronic activities can be parsed to identify participants of the electronic activities. A second node profile can be accessed for each participant. Participant types can be identified from each second node profiles. A distribution of the subset of electronic activities can be determined. A performance profile can be generated.

The present disclosure relates to determining the shareability of values of node profiles. Record objects and electronic activities of a system of record corresponding to a data source provider may be accessed. Each record object may correspond to a record object type and have one or more object field-value pairs. Node profiles may be maintained. Values of fields corresponding to a predetermined type of field including fewer than a predetermined threshold number of data source providers may be identified. A restriction tag used to restrict populating other node profiles may be generated. Provision of the value with a second data source provider may be restricted.

The present disclosure relates to determining the shareability of values of node profiles. Record objects and electronic activities of a system of record corresponding to a data source provider may be accessed. Each record object may correspond to a record object type and have one or more object field-value pairs. Node profiles may be maintained. Values of fields corresponding to a predetermined type of field including fewer than a predetermined threshold number of data source providers may be identified. A restriction tag used to restrict populating other node profiles may be generated. Provision of the value with a second data source provider may be restricted.

The present disclosure relates to systems and methods for matching electronic activities with record objects based on entity relationships. The method can include accessing a plurality of electronic activities, identifying an electronic activity, identifying a first participant associated with a first entity and a second participant associated with a second entity, determining whether a record object identifier is included in the electronic activity, identifying a first record object of the system of record that includes an instance of the record object identifier, and storing an association between the electronic activity and the first record object. The method can include determining a second record object corresponding to the second entity, identifying, using a matching policy, a third record object linked to the second record object and identifying a third entity, and storing, by the one or more processors, an association between the electronic activity and the third record object.

The present disclosure relates to systems and methods for matching electronic activities with record objects based on entity relationships. The method can include accessing a plurality of electronic activities, identifying an electronic activity, identifying a first participant associated with a first entity and a second participant associated with a second entity, determining whether a record object identifier is included in the electronic activity, identifying a first record object of the system of record that includes an instance of the record object identifier, and storing an association between the electronic activity and the first record object. The method can include determining a second record object corresponding to the second entity, identifying, using a matching policy, a third record object linked to the second record object and identifying a third entity, and storing, by the one or more processors, an association between the electronic activity and the third record object.

Techniques are described for analyzing data regarding activity in an IT environment to determine information regarding the entities associated with the activity and using the information to detect anomalous activity that may be indicative of malicious activity. In an embodiment, a plurality of events reflecting activity by a plurality of entities in an IT environment are processed to resolve the identities of the entities, discover how the entities fit within a topology of the IT environment, and determine what the entities are. This information is then used to generate an entity relationship graph that includes nodes representing the entities in the IT environment and edges connecting the nodes representing interaction relationships between the entities. In some embodiments, baselines are established by monitoring the activity between entities. This baseline information can be represented in the entity relationship graph in the form of directionality applied to the edges. The entity relationship graph can then be monitored to detect anomalous activity.

Techniques are described for analyzing data regarding activity in an IT environment to determine information regarding the entities associated with the activity and using the information to detect anomalous activity that may be indicative of malicious activity. In an embodiment, a plurality of events reflecting activity by a plurality of entities in an IT environment are processed to resolve the identities of the entities, discover how the entities fit within a topology of the IT environment, and determine what the entities are. This information is then used to generate an entity relationship graph that includes nodes representing the entities in the IT environment and edges connecting the nodes representing interaction relationships between the entities. In some embodiments, baselines are established by monitoring the activity between entities. This baseline information can be represented in the entity relationship graph in the form of directionality applied to the edges. The entity relationship graph can then be monitored to detect anomalous activity.

The present disclosure relates to systems and methods for filtering electronic activities. Exemplary implementations may include ingesting a first electronic activity; identifying an associated entity; and selecting a first filtering model based on the entity, the first filtering model trained to indicate whether to restrict further processing of ingested electronic activities. The method may further include generating a plurality of structured data tags for the first electronic activity; applying the selected first filtering model to the plurality of structured data tags for the first electronic activity to determine whether the first electronic activity satisfies a first restriction condition; and responsive to the first electronic activity satisfying the first restriction condition, restricting the first electronic activity from further processing; or responsive to the first electronic activity not satisfying the first restriction condition, further processing, by the one or more processors, the first electronic activity.