Rule-based network-threat detection

What is claimed is: 1. A method for minimizing latency between when a network threat is detected by a packet-filtering device and when the network threat is included in an ordered list of network threats that is maintained by a second device different from the packet-filtering device and associated with an administrator of a protected network, wherein the packet-filtering device provides an interface across a boundary between the protected network and an unprotected network, the method comprising: receiving, by the packet-filtering device and from a rule provider device different from the packet-filtering device, a plurality of packet-filtering rules to be applied, by the packet-filtering device, to all network traffic traversing the boundary, wherein the plurality of packet-filtering rules were generated based on a plurality of network-threat-intelligence reports supplied by a plurality of independent network-threat-intelligence providers, wherein each network-threat-intelligence report comprises one or more network threat indicators each comprising at least one respective network address that has been previously determined, by one or more of the plurality of independent network-threat-intelligence providers, to be associated with a potential network threat, and wherein a first packet-filtering rule of the plurality of packet-filtering rules specifies: one or more first packet-matching criteria corresponding to one or more first network-threat indicators associated with a first potential network threat; at least one first network-threat-intelligence report that supplied the first network-threat indicators; and at least one first network-threat-intelligence provider that supplied the first network-threat-intelligence report; filtering, by the packet-filtering device, a plurality of packets based on comparing each packet of the plurality of packets to packet-matching criteria specified by the plurality of packet-filtering rules, wherein filtering the plurality of packets comprises filtering a first packet corresponding to the one or more first network-threat indicators associated with the first potential network threat; generating, by the packet-filtering device and based on filtering the first packet corresponding to the one or more first network-threat indicators associated with the first potential network threat, a first log entry corresponding to the first potential network threat when the filtered first packet corresponding to the first potential network threat is filtered by the packet-filtering device by: responsive to a determination that the filtered first packet matches the first packet-matching criteria of the first packet-filtering rule, determining, by the packet-filtering device, a first score for the first log entry based on: the first network-threat-intelligence provider specified by the first packet-filtering rule indicated by the first log entry, and a type of threat indicated by the first network-threat-intelligence report specified by the first packet-filtering rule indicated by the first log entry; and wherein the first log entry comprises: a first indication of the first packet-filtering rule; a second indication of the filtered first packet; and the first score; causing at least a portion of the first log entry to be added to the ordered list of network threats by sending, by the packet-filtering device and to the second device, the at least the portion of the first log entry, wherein an ordering of the ordered list of network threats is determined based on the first score of the first log entry and a second score of a second log entry. 2. The method of claim 1 , further comprising: receiving, by the packet-filtering device, from the rule provider device, and subsequent to sending the first log entry, an update to the first packet-filtering rule. 3. The method of claim 1 , further comprising causing display of the ordered list of network threats by causing a user device to display a user interface that comprises the ordered list of network threats. 4. The method of claim 1 , wherein the plurality of packets is a first plurality of packets, and wherein generating the first log entry is performed before receiving a subsequent plurality of packets different from the first plurality of packets. 5. The method of claim 1 , wherein the first log entry further comprises third indication of whether the packet-filtering device prevented the filtered first packet from continuing toward its destination or allowed the filtered first packet to continue to its destination. 6. The method of claim 1 , wherein the first log entry further comprises a fourth indication of one or more of: a type of threat, geographic information, or an actor associated with the filtered first packet. 7. The method of claim 1 , further comprising: updating, based on the first log entry, a third log entry in a second list, wherein the third log entry consolidates a plurality of log entries. 8. The method of claim 1 , wherein determining the first score is further based on a count of the network-threat-intelligence providers that provided a network-threat indicator associated with the first packet-filtering rule. 9. The method of claim 1 , wherein the first packet-filtering rule was generated based on two or more network-threat-intelligence reports supplied by at least two different network-threat-intelligence providers. 10. The method of claim 1 , further comprising: sending, by the packet-filtering device and to the rule provider device, the first log entry. 11. A packet-filtering device, providing an interface across a boundary between a protected network and an unprotected network, configured to minimize latency between when a network threat is detected by the packet-filtering device and when the network threat is included in an ordered list of network threats that is maintained by a second device different from the packet-filtering device and associated with an administrator of the protected network, the packet-filtering device comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the packet-filtering device to: receive, from a rule provider device different from the packet-filtering device, a plurality of packet-filtering rules to be applied, by the packet-filtering device, to all network traffic traversing the boundary, wherein the plurality of packet-filtering rules were generated based on a plurality of network-threat-intelligence reports supplied by a plurality of independent network-threat-intelligence providers, wherein each network-threat-intelligence report comprises one or more network threat indicators each comprising at least one respective network address that has been previously determined, by one or more of the plurality of independent network-threat-intelligence providers, to be associated with a potential network threat, and wherein a first packet-filtering rule of the plurality of packet-filtering rules specifies: one or more first packet-matching criteria corresponding to one or more first network-threat indicators associated with a first potential network threat; at least one first network-threat-intelligence report that supplied the first network-threat indicators; and at least one first network-threat-intelligence provider that supplied the first network-threat-intelligence report; filter a plurality of packets based on comparing each packet of the plurality of packets to packet-matching criteria specified by the plurality of packet-filtering rules, wherein filtering the plurality of packets comprises filtering a first packet corresponding to the one or more first network-threat indicators a