Organizations oftentimes deploy security operations to monitor network traffic, correlate traffic against threat indicators, and as a result, take action to block potential threats or create alerts on activity related to such threats. For example, an attack sequence may begin with a human actor launching a spam or phishing campaign designed to deceive a user into clicking on a particular network address or opening a potentially malicious file. Clicking on the file or link may result in the installation of malicious software designed to control the host machine. Once under control, the compromised host may engage in various malicious behaviors, including dissemination for phishing spam, scanning of internal and external networks for vulnerable hosts, ex-filtration of sensitive data from the internal net to the controller's infrastructure, deployment of ransomware, etc.