This paper describes a distributed anomaly detection approach designed to accurately track actions performed by adversaries across a network. The illustrated approach involves running multiple machine learning models on both endpoints and the network as well as on a centralized backend.