Rule-based network-threat detection

What is claimed is: 1. A method for minimizing latency between when a network threat is detected by a packet-filtering device and when the network threat is included in an ordered list of network threats, wherein the packet-filtering device provides an interface across a boundary between a protected network and an unprotected network, the method comprising: receiving, by the packet-filtering device and from a rule provider device in the unprotected network outside of the boundary, a plurality of packet-filtering rules to be applied, by the packet-filtering device, to all network traffic traversing the boundary, wherein the plurality of packet-filtering rules were generated based on a plurality of network-threat-intelligence reports supplied by a plurality of independent network-threat-intelligence providers, wherein each network-threat-intelligence report comprises one or more network threat indicators each comprising at least one respective network address that has been previously determined, by one or more of the plurality of independent network-threat-intelligence providers, to be associated with a potential network threat, and wherein a first packet-filtering rule of the plurality of packet-filtering rules specifies: one or more first packet-matching criteria corresponding to one or more first network-threat indicators associated with a first potential network threat; at least one first network-threat-intelligence report that supplied the first network-threat indicators; and at least one first network-threat-intelligence provider that supplied the first network-threat-intelligence report; filtering, by the packet-filtering device, a plurality of packets based on comparing each packet of the plurality of packets to packet-matching criteria specified by the plurality of packet-filtering rules, wherein filtering the plurality of packets comprises filtering a first packet corresponding to the one or more first network-threat indicators associated with the first potential network threat; generating, by the packet-filtering device and based on filtering the first packet corresponding to the one or more first network-threat indicators associated with the first potential network threat, a first log entry corresponding to the first potential network threat when the filtered first packet corresponding to the first potential network threat is filtered by the packet-filtering device by: responsive to a determination that the filtered first packet matches the first packet-matching criteria of the first packet-filtering rule, determining, by the packet-filtering device, a first score for the first log entry based on: the first network-threat-intelligence provider specified by the first packet-filtering rule indicated by the first log entry, and a type of threat indicated by the first network-threat-intelligence report specified by the first packet-filtering rule indicated by the first log entry; and wherein the first log entry comprises: a first indication of the first packet-filtering rule; a second indication of the filtered first packet; and the first score; causing at least a portion of the first log entry to be added to the ordered list of network threats, wherein an ordering of the ordered list of network threats is determined based on the first score of the first log entry and a second score of a second log entry; and causing display of the ordered list of network threats. 2. The method of claim 1 , wherein causing the at least the portion of the first log entry to be added to the ordered list of network threats comprises: causing a second device, associated with an administrator of the protected network and different from the packet-filtering device, to add the at least the portion of the first log entry to the ordered list of network threats by sending, to the second device, the at least the portion of the first log entry. 3. The method of claim 1 , wherein causing the at least the portion of display of the ordered list of network threats comprises causing a user device to display a user interface that comprises the ordered list of network threats. 4. The method of claim 1 , wherein the plurality of packets is a first plurality of packets, and wherein generating the first log entry is performed before receiving a subsequent plurality of packets different from the first plurality of packets. 5. The method of claim 1 , wherein the first log entry further comprises a third indication of whether the packet-filtering device prevented the filtered first packet from continuing toward its destination or allowed the filtered first packet to continue to its destination. 6. The method of claim 1 , wherein the first log entry further comprises a fourth indication of one or more of: a type of threat, geographic information, or an actor associated with the filtered first packet. 7. The method of claim 1 , further comprising: based on the first log entry, causing updating of a third log entry in a second list, wherein the third log entry consolidates a plurality of log entries. 8. The method of claim 1 , wherein determining the first score is further based on a count of the network-threat-intelligence providers that provided a network-threat indicator associated with the first packet-filtering rule. 9. The method of claim 1 , wherein the first packet-filtering rule was generated based on two or more network-threat-intelligence reports supplied by at least two different network-threat-intelligence providers. 10. The method of claim 1 , further comprising: sending, by the packet-filtering device and to the rule provider device, the first log entry. 11. A packet-filtering device, providing an interface across a boundary between a protected network and an unprotected network, configured to minimize latency between when a network threat is detected by the packet-filtering device and when the network threat is included in an ordered list of network threats, the packet-filtering device comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the packet-filtering device to: receive, from a rule provider device in the unprotected network outside of the boundary, a plurality of packet-filtering rules to be applied, by the packet-filtering device, to all network traffic traversing the boundary, wherein the plurality of packet-filtering rules were generated based on a plurality of network-threat-intelligence reports supplied by a plurality of independent network-threat-intelligence providers, wherein each network-threat-intelligence report comprises one or more network threat indicators each comprising at least one respective network address that has been previously determined, by one or more of the plurality of independent network-threat-intelligence providers, to be associated with a potential network threat, and wherein a first packet-filtering rule of the plurality of packet-filtering rules specifies: one or more first packet-matching criteria corresponding to one or more first network-threat indicators associated with a first potential network threat; at least one first network-threat-intelligence report that supplied the first network-threat indicators; and at least one first network-threat-intelligence provider that supplied the first network-threat-intelligence report; filter a plurality of packets based on comparing each packet of the plurality of packets to packet-matching criteria specified by the plurality of packet-filtering rules, wherein filtering the plurality of packets comprises filtering a first packet corresponding to the one or more first network-threat indicators associated with the first potential netwo