A lot of research was done about clustering attacks of different types using many Machine Learning algorithms, with high rates of success. These were mainly done from the comfort of a research lab, with specific datasets and no performance limitations. In this session I will share my experience with dealing with clustering of attacks in near real-time scenarios where performance is a key factor, and where the reality punches lab statistics in the face. I will discuss some of the challenges we experienced during the research like: 1) Applying a clustering algorithm to a stream of data. 2) Extracting meaningful features from limited data. 3) Translating different features into something we can calculate distance from.