This talk comprises two parts: How to reduce Alert fatigue in security analysts so as to automatically fuse alerts from disparate log sources; and How to Reuse/recycle ML models from one security domain to another. Both systems are in production in Azure Sentinel, Microsoft’s Cloud SIEM. Attendees will takeaway three core concepts: how to encode uncertainties in attacks using probabilistic kill chains; compressing ML models using high capacity LSTMs; and finally the trials and tribulations of building large scale ML systems for security.