Rule-based network-threat detection

The invention claimed is: 1. A method for minimizing latency between when packets corresponding to a network threat cross a boundary between a protected network and an unprotected network and when the packets corresponding to the network threat are included in an ordered list of network threats, the method comprising: receiving, by a packet-filtering device at the boundary and from a rule provider device, a plurality of packet-filtering rules generated based on a plurality of network-threat-intelligence reports supplied by a plurality of independent network-threat-intelligence providers, wherein each network-threat-intelligence report comprises one or more network threat indicators each comprising at least one respective network address previously determined by one or more of the plurality of independent network-threat-intelligence providers to be associated with a potential network threat, and wherein a first packet-filtering rule of the plurality of packet-filtering rules specifies: one or more first packet-matching criteria corresponding to one or more first network-threat indicators associated with a first potential network threat; at least one first network-threat-intelligence report that supplied the first network-threat indicators; and at least one first network-threat-intelligence provider that supplied the first network-threat-intelligence report; filtering, by the packet-filtering device, a plurality of packets based on comparing each packet of the plurality of packets to packet-matching criteria specified by the plurality of packet-filtering rules; generating, by the packet-filtering device and based on the filtering, a first log entry corresponding to the first potential network threat when a packet corresponding to the first potential network threat is received at the packet-filtering device, by: responsive to a determination that a first packet of the plurality of packets matches the first packet-matching criteria of the first packet-filtering rule, generating a first log entry corresponding to the first packet that comprises: an indication of the first packet-filtering rule; and an indication of the first packet; determining, by the packet-filtering device, a first score for the first log entry based on: the first network-threat-intelligence provider specified by the first packet-filtering rule indicated by the first log entry, and a type of threat indicated by the first network-threat-intelligence report specified by the first packet-filtering rule indicated by the first log entry; and adding the first score to the first log entry; causing the first log entry to be added to the ordered list of network threats, wherein an ordering of the ordered list of network threats is determined based on the first score of the first log entry and a second score of a second log entry; and providing the ordered list of network threats, including the first log entry and the second log entry, to a user of a user device. 2. The method of claim 1 , further comprising: reconfiguring, based on user input corresponding to a display of the ordered list, the first packet-filtering rule. 3. The method of claim 1 , wherein providing the ordered list of network threats comprises causing the user device to display a user interface that comprises the ordered list of network threats. 4. The method of claim 1 , wherein the plurality of packets is a first plurality of packets, and wherein generating the first log entry is performed before receiving a second plurality of packets different from the first plurality of packets. 5. The method of claim 1 , wherein the first log entry further comprises an indication of whether the packet-filtering device prevented the first packet from continuing toward its destination or allowed the first packet to continue to its destination. 6. The method of claim 1 , wherein the first log entry further comprises indications of one or more of: the type of threat indicated by the first network-threat-intelligence report, geographic information, or an actor associated with the first packet. 7. The method of claim 1 , further comprising: updating, based on the first log entry, a third log entry in a second list, wherein the third log entry consolidates a plurality of log entries. 8. The method of claim 1 , wherein determining the first score is further based on a count of the network-threat-intelligence providers that provided the first packet-filtering rule. 9. The method of claim 1 , wherein the determining the first score is further based on a number of the plurality of packets that match the first packet-matching criteria. 10. The method of claim 1 , wherein the first packet-filtering rule was generated based on two or more network-threat-intelligence reports supplied by at least two different network-threat-intelligence providers. 11. The method of claim 1 , wherein the indication of the first packet of the first log entry comprises data derived from the first packet comprising one or more of: a source address, a destination address, a port number, a protocol type, a domain name, a Uniform Resource Locator (URL), or a Uniform Resource Identifier (URI). 12. A packet-filtering device located at a boundary between a protected network and an unprotected network and configured to minimize latency between when packets corresponding to a network threat cross the boundary and when the packets corresponding to the network threat are included in an ordered list of network threats, the packet-filtering device comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the packet-filtering device to: receive, from a rule provider device, a plurality of packet-filtering rules generated based on a plurality of network-threat-intelligence reports supplied by a plurality of independent network-threat-intelligence providers, wherein each network-threat-intelligence report comprises one or more network threat indicators each comprising at least one respective network address previously determined by one or more of the plurality of independent network-threat-intelligence providers to be associated with a potential network threat, and wherein a first packet-filtering rule of the plurality of packet-filtering rules specifies: one or more first packet-matching criteria corresponding to one or more first network-threat indicators associated with a first potential network threat; at least one first network-threat-intelligence report that supplied the first network-threat indicators; and at least one first network-threat-intelligence provider that supplied the first network-threat-intelligence report; filter a plurality of packets based on comparing each packet of the plurality of packets to packet-matching criteria specified by the plurality of packet-filtering rules; generate, based on the filtering, a first log entry corresponding to the first potential network threat when a packet corresponding to the first potential network threat is received at the packet-filtering device, by: responsive to a determination that a first packet of the plurality of packets matches the first packet-matching criteria of the first packet-filtering rule, generating a first log entry corresponding to the first packet that comprises: an indication of the first packet-filtering rule; and an indication of the first packet; determining a first score for the first log entry based on: the first network-threat-intelligence provider specified by the first packet-filtering rule indicated by the first log entry, and a type of threat indicated by the first network-threat-intelligence report specif