Conventional computer and network security intelligence processes and approaches typically process network architecture and security information independently of each other. Current approaches to managing security intelligence data often address both threat and malicious behavior at the individual computer level, tracked by the Internet Protocol (IP) address. For example, important facts, observed behavior, and other indications that are tracked by security organizations are only tracked with respect to individual IP addresses. Thus, descriptive information is only associated with a particular IP address, and the information does not relate to other network entities.