Maintaining the security of a computer system may require responding to many different types of malicious activity. Evidence of malicious activity may come from multiple sources, and may come in many different formats. The security of the computer system may be monitored by individuals, such as, for example, cyber analysts. Cyber analysts may review evidence of malicious activity to determine how to strengthen the security of a computer system. They may attempt to identify the targets of the malicious activity, the actors behind the malicious activity, unique characteristics of the malicious activity, and whether any countermeasures to mitigate the malicious activity are in place. The cyber analyst may also decide that some action needs to be taken in response to the malicious activity.