This document discusses using graph databases for real-time cloud security monitoring at scale. It notes that attackers think in graphs while defenders traditionally think in lists, putting defenders at a disadvantage. It then provides an overview of John Boyd's OODA loop concept of observation, orientation, decision, and action. The document compares representing security data as log entries versus modeling it as a graph of nodes and relationships. Finally, it outlines the architecture of the Archimedes system used by Palo Alto Networks for ingesting, storing, and querying cloud resource configuration and event data in a Neo4j graph database to generate alerts.