Hey, author of Grapl here. Fraud and abuse use cases were some of the inspiration for Grapl, which is more focused on detecting malware.
In an event based detection system you’re often looking at single events in isolation. To build signature this leads to focusing on very specific properties of the events. This is problematic for a number of reasons - it lacks context (higher FP rate) and tends to focus on more attacker controlled behavior (easier to bypass).
Graphs give a more behavioral view of your data. You can see how your events connect together, the relationships between the entities that the events refer to, etc. This gives much more context to your detection logic, decreasing false positives, and allows you to avoid hyper specific properties, giving more resilience to your logic.
I’m not sure if you have any investigation use cases, but this is another area where graphs truly shine. You can trivially pull in context by just expanding the graph outwards, which is an incredible capability.
I’m not an expert in fraud and abuse by any means, and I’m not sure if you’re referring to financial fraud or some other type, so I’ll avoid making specific detection recommendations, but there are quite a few papers on applying graph analytics to the space.