The weights should be configurable. One can probably come up with a dynamic/formula but not sure if it pays off since vast majority will be fine with a static (but manually configurable) value. I have some dynamic weights too, for instance when capturing "lateral movement" or "post-exploitation" signals. There are so many commands falling into those categories we need to group them. Now, all that I am assuming the weights are basically the core value for individual or indicator subsets, correct? Having access to real-world data is crucial here. I could not see it happening without being able to leverage that, so I suggest you find a good customer/employer that allows you do experiment/develop. I have been exchanging ideas with a few NL/DS experts and they all say the same: no need to use fancy stuff, start simple and keep growing and discovering new ways! Thanks for the compliment and I'm glad it "cliks" fpr you too! Watch this space for more! Cheers!