Security operations and analytics platform architecture is becoming part of a more global cybersecurity software architecture. SOAPA uses middleware (i.e. message queueing, transaction processing, etc.), APIs, and industry standards such as Cyber Observable eXpression (CybOX), Structured Threat Information Expression (STIX) and Trusted Automated eXchange of Indicator Information (TAXII) to connect disparate cybersecurity analytics and operations tools and data sources like EDR, network security analytics, UBA/machine learning analytics systems.”]