Techniques for building and maintaining cyber security threat detection models are described. The techniques include data selection, algorithm selection, risk score algorithm selection, model outcome selection, and model automation. During data selection, data is received from various sources and in various formats. The data is then tokenized into vector form and compared to preexisting vectors. If the vectors are equal, the tokenized vector is saved in the database. If the vectors are not equal, a new vector, in key value pair format, is formed. After which, algorithms can be selected to detect anomalies within the data and assign a risk score to the data. Subsequently, a matrix is formed with the vector, selected algorithm, and parameters of the data that were analyzed. The matrix is then stored for application with future data based on a predetermined rule. The output can be modeled in various user-friendly methods.