This talk describes, from an architectural point of view, how to exploit the HDP + Nifi technological platform aimed at researching, exploiting and targeting events related to Cyber Security. The purpose of the system is to create a knowledge base related to the events, actors and operating methods with which the cyber attacks happened and may happen, collecting both real-time data from social networks and web pages or literature material on such episodes in batch modality. The process focuses text and graph analysis at scale thanks to Spark engine Metron and Kafka, on a complexly integrated tech stack, that enhances the capabilities of the algorithms and results to offer a flexible solution to the analysts. The system supports the user in determining the motivations and eventually the actual executors of the attacks and, hopefully, the instigators of the same, also thanks to a smart representation of data stored on a graph NoSQL database. A further aim of the system will be to determine, in a predictive way, the "symptoms" or the processes connected to the attacks.