A system, method, and computer-readable medium are disclosed for performing a security analytics mapping operation. The security analytics mapping operation includes receiving a plurality of electronically-observable actions of a first entity, the plurality of electronically-observable actions of the first entity corresponding to a respective first plurality of events enacted by the first entity; receiving a plurality of electronically-observable actions of a second entity, the plurality of electronically-observable actions of the second entity corresponding to a respective second plurality of events enacted by the second entity; determining, via a distributed security analytics environment, whether a first event of the respective first plurality of events and a second event of the respective second plurality of events comprise an entity interaction between the first entity and the second entity; and, generating, via the distributed security analytics environment, an entity interaction map, the entity interaction map providing a representation of the entity interaction between the first entity and the second entity.